1. 28 9月, 2019 1 次提交
  2. 28 5月, 2019 1 次提交
  3. 19 3月, 2019 1 次提交
  4. 14 11月, 2018 1 次提交
  5. 17 4月, 2018 1 次提交
  6. 05 4月, 2018 1 次提交
    • M
      Pick a q size consistent with the digest for DSA param generation · d54897cf
      Matt Caswell 提交于
      There are two undocumented DSA parameter generation options available in
      the genpkey command line app:
      dsa_paramgen_md and dsa_paramgen_q_bits.
      
      These can also be accessed via the EVP API but only by using
      EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str() directly. There are no
      helper macros for these options.
      
      dsa_paramgen_q_bits sets the length of q in bits (default 160 bits).
      dsa_paramgen_md sets the digest that is used during the parameter
      generation (default SHA1). In particular the output length of the digest
      used must be equal to or greater than the number of bits in q because of
      this code:
      
                  if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
                      goto err;
                  if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
                      goto err;
                  for (i = 0; i < qsize; i++)
                      md[i] ^= buf2[i];
      
                  /* step 3 */
                  md[0] |= 0x80;
                  md[qsize - 1] |= 0x01;
                  if (!BN_bin2bn(md, qsize, q))
                      goto err;
      
      qsize here is the number of bits in q and evpmd is the digest set via
      dsa_paramgen_md. md and buf2 are buffers of length SHA256_DIGEST_LENGTH.
      buf2 has been filled with qsize bits of random seed data, and md is
      uninitialised.
      
      If the output size of evpmd is less than qsize then the line "md[i] ^=
      buf2[i]" will be xoring an uninitialised value and the random seed data
      together to form the least significant bits of q (and not using the
      output of the digest at all for those bits) - which is probably not what
      was intended. The same seed is then used as an input to generating p. If
      the uninitialised data is actually all zeros (as seems quite likely)
      then the least significant bits of q will exactly match the least
      significant bits of the seed.
      
      This problem only occurs if you use these undocumented and difficult to
      find options and you set the size of q to be greater than the message
      digest output size. This is for parameter generation only not key
      generation. This scenario is considered highly unlikely and
      therefore the security risk of this is considered negligible.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5800)
      d54897cf
  7. 14 6月, 2017 1 次提交
  8. 14 11月, 2016 1 次提交
  9. 21 9月, 2016 1 次提交
  10. 18 5月, 2016 1 次提交
  11. 28 4月, 2016 1 次提交
  12. 21 3月, 2016 1 次提交
  13. 08 2月, 2016 1 次提交
  14. 06 2月, 2016 1 次提交
  15. 27 1月, 2016 1 次提交
    • R
      Remove /* foo.c */ comments · 34980760
      Rich Salz 提交于
      This was done by the following
              find . -name '*.[ch]' | /tmp/pl
      where /tmp/pl is the following three-line script:
              print unless $. == 1 && m@/\* .*\.[ch] \*/@;
              close ARGV if eof; # Close file to reset $.
      
      And then some hand-editing of other files.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      34980760
  16. 08 12月, 2015 2 次提交
  17. 10 11月, 2015 1 次提交
  18. 24 10月, 2015 2 次提交
  19. 08 10月, 2015 1 次提交
  20. 01 9月, 2015 1 次提交
  21. 28 8月, 2015 1 次提交
  22. 14 5月, 2015 1 次提交
  23. 01 5月, 2015 2 次提交
  24. 25 3月, 2015 1 次提交
  25. 28 1月, 2015 1 次提交
    • R
      OPENSSL_NO_xxx cleanup: SHA · 474e469b
      Rich Salz 提交于
      Remove support for SHA0 and DSS0 (they were broken), and remove
      the ability to attempt to build without SHA (it didn't work).
      For simplicity, remove the option of not building various SHA algorithms;
      you could argue that SHA_224/256/384/512 should be kept, since they're
      like crypto algorithms, but I decided to go the other way.
      So these options are gone:
      	GENUINE_DSA         OPENSSL_NO_SHA0
      	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
      	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
      	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      474e469b
  26. 22 1月, 2015 1 次提交
  27. 08 12月, 2014 3 次提交
  28. 26 11月, 2011 1 次提交
  29. 25 11月, 2011 1 次提交
  30. 16 10月, 2011 1 次提交
  31. 15 9月, 2011 1 次提交
  32. 27 8月, 2011 1 次提交
  33. 26 8月, 2011 1 次提交
  34. 11 5月, 2011 1 次提交
  35. 24 4月, 2011 1 次提交