Commit graph

642 commits

Author SHA1 Message Date
Matt Caswell
f063e30fe9 RT3065: automatically generate a missing EC public key
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Adam Langley
0388ac4c99 RT3065: ec_private_key_dont_crash
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:34 +02:00
Laszlo Papp
09ec8c8e89 PR2490: Remove unused local variable bn ecp_nist.c
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-20 16:36:20 -04:00
Martin Olsson
1afd7fa97c RT2513: Fix typo's paramter-->parameter
I also found a couple of others (padlock and signinit)
and fixed them.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-19 11:09:33 -04:00
Bodo Moeller
16602b5cd5 Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
2014-08-13 17:37:19 +02:00
Bodo Moeller
0fe73d6c36 Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).

Reviewed-by: emilia@openssl.org
2014-08-01 17:18:14 +02:00
Billy Brumley
cba11f57ce "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-21 22:18:40 +01:00
Libor Krystek
8e3231642b Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 2014-06-03 23:15:58 +01:00
David Ramos
16ba70746b Double free in i2o_ECPublicKey
PR: 3338
2014-05-04 00:46:20 +01:00
mancha
e14f14d36e Fix eckey_priv_encode()
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-26 07:59:13 +01:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits.
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
dd274b1c1c Fix for some platforms where "char" is unsigned. 2013-11-09 15:09:23 +00:00
Bodo Moeller
ca567a03ad Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope
2013-09-16 12:59:21 +02:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64 Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
e61f5d55bc Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
88e20b8584 Add support for ECDH KARI.
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
25af7a5dbc Add support for X9.62 KDF.
Add X9.62 KDF to EC EVP_PKEY_METHOD.
2013-07-17 21:45:00 +01:00
Adam Langley
190c615d43 Make `safe' (EC)DSA nonces the default.
This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.

In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
2013-07-15 12:57:48 +01:00
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Adam Langley
8a99cb29d1 Add secure DSA nonce flag.
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Matt Caswell
94782e0e9c Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Bodo Möller
f11d0c7908 Fix EC_KEY initialization race.
Submitted by: Adam Langley
2012-10-05 20:50:11 +00:00
Dr. Stephen Henson
24edfa9df9 enhance EC method to support setting curve type when generating keys and add parameter encoding option 2012-09-11 13:54:09 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
b36bab7812 PR: 2239
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>

Add Brainpool curves from RFC5639.

Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Dr. Stephen Henson
64095ce9d7 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Andy Polyakov
713f49119f ec_pmeth.c: fix typo in commentary.
PR: 2677
Submitted by: Annue Yousar
2012-01-12 13:22:51 +00:00
Dr. Stephen Henson
d674bb4bc8 In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order 2011-11-16 13:28:35 +00:00
Dr. Stephen Henson
32cf5baeae PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:43:34 +00:00
Dr. Stephen Henson
5fd722600b Check for selftest failure in various places. 2011-10-22 17:24:27 +00:00
Bodo Möller
e0d6132b8c Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
3699ec6056 recognise ecdsaWithSHA1 OID 2011-07-28 14:40:01 +00:00
Dr. Stephen Henson
9945b460e2 Give parameters names in prototypes. 2011-06-17 16:47:41 +00:00
Andy Polyakov
62f29eb1cf spacrv9cap.c: addenum to recent EC optimizations. 2011-05-23 08:14:32 +00:00
Andy Polyakov
d8ea368c41 ec_cvt.c: ARM comparison results were wrong, clarify the background. 2011-05-21 08:40:18 +00:00
Andy Polyakov
fdf6dac859 ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
commentary for details].
2011-05-20 20:31:37 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Richard Levitte
171edf7ff4 Error discrepancy corrected. 2011-04-24 08:59:15 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
8c7096835b Use 0 for tbslen to perform strlen. 2011-04-19 11:10:54 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Richard Levitte
5d0137aa14 make update 2011-03-25 09:30:52 +00:00
Richard Levitte
30fafdebf3 * Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
  disabled by default.  If we don't do it this way, it screws up
  libeay.num.
* util/libeay.num: make update
2011-03-25 09:29:46 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Richard Levitte
487b023f3d make update (1.1.0-dev)
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
1acc24a8ba Make no-ec2m work again. 2011-03-10 01:00:30 +00:00
Dr. Stephen Henson
b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
0fbf8f447b Add pairwise consistency test to EC. 2011-02-15 16:58:28 +00:00
Dr. Stephen Henson
c966120412 Don't use FIPS api for ec2_oct.c 2011-02-14 16:55:28 +00:00
Dr. Stephen Henson
84b08eee4b Reorganise ECC code for inclusion in FIPS module.
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.
2011-02-14 16:52:12 +00:00
Dr. Stephen Henson
bf2546f947 Use BN_nist_mod_func to avoid need to peek error queue. 2011-02-14 16:45:28 +00:00
Dr. Stephen Henson
c9a90645a5 Disable some functions in headers with no-ec2m 2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
65847ca378 For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
completes without linker errors.
2011-02-03 13:00:08 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
6e0375d504 revert Makefile change 2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
fef1c40bf1 New function EC_KEY_set_affine_coordinates() this performs all the
NIST PKV tests.
2011-01-24 16:07:40 +00:00
Dr. Stephen Henson
a428ac4750 check EC public key isn't point at infinity 2011-01-24 15:04:34 +00:00
Dr. Stephen Henson
0aa1aedbce PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:41:34 +00:00
Dr. Stephen Henson
dd616752a1 oops, revert mistakenly committed EC changes 2011-01-19 14:42:42 +00:00
Dr. Stephen Henson
198ce9a611 Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:35:53 +00:00
Ben Laurie
c13d7c0296 Fix warning. 2011-01-09 17:50:06 +00:00
Ben Laurie
5df2a2497a Fix warnings. 2010-09-05 16:34:49 +00:00
Bodo Möller
396cb5657b More C language police work. 2010-08-27 13:17:59 +00:00
Bodo Möller
eb8ef241eb C conformity fixes: Move declarations before statements in all blocks. 2010-08-27 12:07:35 +00:00
Bodo Möller
1b5af90b45 C conformity fixes:
- Move declarations before statements in all blocks.
- Where 64-bit type is required, use it explicitly (not 1l).
2010-08-27 11:29:30 +00:00
Bodo Möller
76af94eb27 (formatting error) 2010-08-26 14:40:11 +00:00
Bodo Möller
04daec862c New 64-bit optimized implementation EC_GFp_nistp224_method().
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:55 +00:00
Bodo Möller
c94f7f657b ECC library bugfixes.
Submitted by: Emilia Kasper (Google)
2010-08-26 12:11:01 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Bodo Möller
2d9dcd4ff0 Always check bn_wexpend() return values for failure (CVE-2009-3245).
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Dr. Stephen Henson
fed8dbf46d PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Andy Polyakov
194274cb68 ec_mult.c: fix C4334 win64 compiler warning. 2009-05-02 11:18:44 +00:00
Ben Laurie
57a6ac7c4f Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) 2008-12-27 02:15:16 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
ea71ec1b11 ec2_mult.c readability update. 2008-10-28 13:53:51 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
156ee88285 Indicate support for digest init ctrl. 2008-05-02 11:24:40 +00:00
Andy Polyakov
ba6f95e81b Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
platforms.
2008-04-24 10:04:26 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Andy Polyakov
1c56e95e28 Compress and more aggressively constify ec_curve.c [the latter is
achieved by minimizing link relocations].
2007-08-31 09:36:43 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
3b2eead381 Fix duplicate error number. 2007-04-05 17:09:43 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Dr. Stephen Henson
8bdcef40e4 New function to dup EVP_PKEY_CTX. This will be needed to make new signing
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412 Use size_t for new crypto size parameters. 2006-05-24 12:33:46 +00:00
Richard Levitte
7e76e56387 Someone made a mistake, and some function and reason codes got
duplicate numbers.  Renumbering.
2006-05-12 15:27:52 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
a4e75b3dfd Correct copyright notice... this doesn't contain any SSLeay code. 2006-04-24 00:07:26 +00:00
Nils Larsch
930b0c4b8a make local function static 2006-04-20 09:53:49 +00:00
Dr. Stephen Henson
d202709808 Add OID cross reference table.
Fix some typos in GOST OIDs.

Update dependencies.
2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71 Provisional support for EC pkey method, supporting ECDH and ECDSA. 2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
e42633140e Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. 2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
bd50e31325 Typo. 2006-03-23 14:08:33 +00:00
Dr. Stephen Henson
b2c0518e6a Fix bug in DSA, EC methods. 2006-03-23 14:04:39 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b Transfer parameter handling and key comparison to algorithm methods. 2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Nils Larsch
eeb821f707 fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() 2006-03-14 22:48:41 +00:00
Nils Larsch
47d5566646 fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() 2006-03-13 23:14:57 +00:00
Nils Larsch
bbab9b61dd remove unnecessary check 2006-02-08 18:52:43 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
a13c20f603 Further TLS extension updates
Submitted by: Peter Sylvester
2006-01-09 19:49:05 +00:00
Bodo Möller
51eb1b81f6 Avoid contradictive error code assignments.
"make errors".
2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8 Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) 2006-01-08 19:42:30 +00:00
Bodo Möller
67c03ff185 comment 2005-12-13 05:46:33 +00:00
Bodo Möller
6f44d4d247 deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-16 04:07:43 +00:00
Bodo Möller
8dee9f844f deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-15 21:08:38 +00:00
Nils Larsch
ba12070f7e add some doxygen comments 2005-09-19 08:10:10 +00:00
Bodo Möller
2238e8e477 correct+extend publication info 2005-09-12 01:39:46 +00:00
Nils Larsch
137023dd0c fix function name in error 2005-09-03 08:01:08 +00:00
Nils Larsch
8215e7a938 fix warnings when building openssl with the following compiler options:
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
        -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
        -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
        -Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Andy Polyakov
ff82bf3b07 Pedantic polish to WCE-specific #if clause in ectest.c 2005-08-11 08:42:46 +00:00
Andy Polyakov
0491e05833 Final(?) WinCE update. 2005-08-07 22:21:49 +00:00
Nils Larsch
b3b72cd92c remove OPENSSL_NO_ASM dependency 2005-06-28 15:05:02 +00:00
Nils Larsch
bbbd67108f fix typo, add prototype 2005-05-20 22:55:10 +00:00
Nils Larsch
8712009778 simplify EC_KEY_dup 2005-05-17 12:23:16 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary:
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name:
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Nils Larsch
7dc17a6cf0 give EC_GROUP_*_nid functions a more meaningful name
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
ad0db060b1 More overwritten stuff... 2005-04-12 16:36:36 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Nils Larsch
37942fab51 include limits.h for UINT_MAX etc. 2005-04-11 20:59:58 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Nils Larsch
c2e40d0f9a remove unused recp method 2005-04-04 18:15:59 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Bodo Möller
80c808b90b Fix typo
PR: 1017
Submitted by: ciresh@yahoo.com
Reviewed by: Nils Larsch
2005-03-09 19:08:02 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
7f5b4dd1e8 Using Horner's algorithm to evaluate the ec polynomial
(suggested by Adam Young <ayoung@cigital.com>)

Submitted by: Nils Larsch
2004-07-16 03:24:19 +00:00
Geoff Thorpe
ace3ebd661 Improve error handling if decompression of an ec point fails, and cleanup
ec_curve.c (unify comments, etc).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller, Geoff Thorpe
2004-07-06 15:50:04 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
ca982e4870 Fix realloc usage in ec_curve.c
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-05-04 20:08:55 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Geoff Thorpe
5148710994 Adds warnings about two curves and fixes the "seed" value for two other
curves.

Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Richard Levitte
560f7abb7e Make sure we use unsigned constants, or come compilers may complain. 2004-03-15 22:33:19 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero().
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
2004-03-13 23:57:20 +00:00
Andy Polyakov
7f24b1c3e9 Get rid of bogus warning when compiling with Sun vendor compiler. 2004-01-24 16:31:21 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
0d78bc3356 Add IPSec/IKE/Oakley curves.
PR: 768
Submitted by: Vadim Fedukovich <vf@unity.net>
2003-11-29 09:25:59 +00:00
Geoff Thorpe
37af03d311 General improvements to the ec_asn1.c code. This squashes at least one bug
(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:09:18 +00:00
Geoff Thorpe
6bcd3f903a Comments out some unimplemented functions instead of redeclaring them. 2003-10-29 04:42:29 +00:00
Bodo Möller
968766cad8 updates for draft-ietf-tls-ecc-03.txt
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Bodo Möller
652ae06bad add test for secp160r1
add code for kP+lQ timings

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Reviewed by: Bodo Moeller
2003-07-22 10:39:10 +00:00
Bodo Möller
ada0e717fa new function EC_GROUP_cmp() (used by EVP_PKEY_cmp())
Submitted by: Nils Larsch
2003-07-21 13:43:28 +00:00
Richard Levitte
163f5b236c Correct signedness 2003-05-21 14:21:26 +00:00
Richard Levitte
513c01a591 Make sure EC_window_bits_for_scalar_size() returns a size_t 2003-05-21 08:40:06 +00:00
Richard Levitte
87c9c659de Make sure we get the definition of OPENSSL_NO_EC. 2003-03-20 23:22:06 +00:00
Bodo Möller
155bd1137e add Certicom licensing e-mail address 2003-02-27 12:25:35 +00:00
Bodo Möller
f2aa055ec6 treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c) 2003-02-21 16:06:39 +00:00
Bodo Möller
62e3163b1b ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.

This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).

Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Bodo Möller
fbbfd86b67 typo
PR: 511
Submitted by: Eric Cronin
2003-02-19 16:29:47 +00:00
Bodo Möller
ba729265a8 Allow EC_GROUP objects to share precomputation for improved memory
efficiency (EC_PRE_COMP objects are now constant once completed).

Extend 'extra_data' API to support arbitrarily many slots (although we
need only one at the moment).

Modify EC internal 'extra_data' API: EC_GROUP_[clear_]free_extra_data
now frees only a single slot (the previous functions are available as
EC_GROUP_[clear_]free_all_extra_data).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-12 18:30:16 +00:00
Richard Levitte
28f573a28d Make sure memcpy() is properly declared by including string.h. 2003-02-10 11:14:35 +00:00
Bodo Möller
e2c9c91b5b fix EC_GROUP_copy for EC_GFp_nist_method()
Submitted by: Nils Larsch
2003-02-08 19:51:37 +00:00
Bodo Möller
65b254e8c0 remove debugging leftovers 2003-02-08 15:56:05 +00:00
Bodo Möller
82871eaa17 comment 2003-02-07 11:54:57 +00:00
Bodo Möller
24893ca999 typo 2003-02-06 19:32:06 +00:00
Bodo Möller
37c660ff9b implement fast point multiplication with precomputation
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-06 19:25:12 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Bodo Möller
bd1217a176 simplify
Submitted by: Nils Larsch
2003-01-28 13:08:21 +00:00
Bodo Möller
82516e3baf cofactor is optional in parameter encodings
Submitted by: Nils Larsch
2003-01-25 15:28:49 +00:00
Bodo Möller
9b3f03d5a2 fix warnings
Submitted by: Nils Larsch
2003-01-21 09:53:14 +00:00
Bodo Möller
d745af4b0c avoid potential confusion about curves (prime192v1 and prime256v1 are
also known as secp192r1 and secp256r1, respectively)

Submitted by: Nils Larsch, Bodo Moeller
2003-01-16 16:05:23 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Richard Levitte
55f78baf32 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Bodo Möller
15994b034a rename some functions to improve consistency
Submitted by: Sheueling Chang
2002-11-23 18:16:09 +00:00
Bodo Möller
922fa76e26 add a comment 2002-11-22 09:25:35 +00:00
Bodo Möller
137445140b Make ec_GFp_simple_point_get_affine_coordinates() faster
for Montgomery representations.

Submitted by: Sheueling Chang, Bodo Moeller
2002-11-20 10:53:33 +00:00
Bodo Möller
a2dbcf3644 remove redundant functions 2002-11-18 14:37:35 +00:00
Bodo Möller
4663355496 use consistent order of function definitions 2002-11-18 14:33:39 +00:00
Richard Levitte
b4b82ab465 I forgot this is compiled in test/, not crypto/ec/... 2002-11-16 10:10:39 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Bodo Möller
acce40c585 this method does not need field_data1 2002-11-15 12:43:15 +00:00
Richard Levitte
af67804bef make update 2002-11-14 23:56:12 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
d742bd882e do tests with all built-in curves
Submitted by: Nils Larsch
2002-11-11 10:25:12 +00:00
Bodo Möller
97a06ad9ef corrections to built-in curves
Submitted by: Nils Larsch
2002-11-11 10:24:52 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign()
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Richard Levitte
62dd6f161a The #else part of the conditionals have two statements, so they need
to be surrounded with braces, or the surrounding if..else will fail
miserably in case the #else part is compiled.
2002-10-29 09:42:59 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Bodo Möller
f72ed6153b remove superfluous code
Submitted by: Nils Larsch
2002-10-28 13:19:08 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
4c8f79a33e make sure 'neg' flag (which does not really matter for GF(2^m), but
could cause confusion for ECDSA) is set to zero

Submitted by: Sheueling Chang
2002-09-16 13:52:48 +00:00
Bodo Möller
65b1d31df5 change API for looking at the internal curve list
Submitted by: Nils Larsch
2002-09-02 07:08:33 +00:00
Bodo Möller
34f1f2a81c less specific interface for EC_GROUP_get_basis_type
Submitted by: Nils Larsch, Bodo Moeller
2002-08-26 18:08:53 +00:00
Bodo Möller
8aefe253a7 move EC_GROUP_get_basis_type() from ec_lib.c to ec_asn1.c 2002-08-26 11:33:13 +00:00
Bodo Möller
7e31164ae0 ASN1 for binary curves
Submitted by: Nils Larsch
2002-08-26 11:25:54 +00:00
Bodo Möller
7eb18f1237 Simplify handling of named curves: get rid of EC_GROUP_new_by_name(),
EC_GROUP_new_by_nid() should be enough.  This avoids a lot of
redundancy.

Submitted by: Nils Larsch
2002-08-15 09:21:31 +00:00
Richard Levitte
5454829ae6 mem* functions are declared in string.h. 2002-08-10 01:36:14 +00:00
Bodo Möller
41fdcfa71e fix warnings 2002-08-09 11:58:28 +00:00
Bodo Möller
e172d60ddb Add ECDH support.
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a use a generic EC_KEY structure (EC keys are not ECDSA specific)
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Bodo Möller
848c849584 optical changes 2002-08-02 17:25:05 +00:00
Bodo Möller
102c8f47bf typo 2002-08-02 15:28:31 +00:00
Bodo Möller
6fb60a84dd Change BN_mod_sqrt() so that it verifies that the input value is
really the square of the return value.
2002-08-02 14:57:53 +00:00
Bodo Möller
35b73a1f20 Rename implementations of method functions so that they match
the new method names where _GF... suffixes have been removed.

Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.

Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
2002-08-02 14:28:37 +00:00
Bodo Möller
84d7e365a0 ec2_smpt.c must be listed in LIBSRC 2002-08-02 13:50:12 +00:00
Bodo Möller
64c3da230f there is no alternative EC_METHOD for curves over GF(2^m) (yet) 2002-08-02 13:43:26 +00:00
Bodo Möller
7793f30e09 add support for elliptic curves over binary fields
Submitted by: Duglas Stebila <douglas.stebila@sun.com>,
              Sheueling Chang <sheueling.chang@sun.com>

(CHANGES entries by Bodo Moeller)
2002-08-02 13:42:24 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Bodo Möller
0bee0e6294 Use SEC1 format for EC private keys.
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.

Submitted by: Nils Larsch <nlarsch@compuserve.de>
2002-07-26 08:41:04 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
5f3d6f70f6 Implement handling of EC parameter seeds (new functions
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).

New functions ECPKParameters_print(), ECPKParameters_print_fp().

Submitted by: Nils Larsch
2002-06-18 08:38:59 +00:00
Lutz Jänicke
65ee74fbc7 Some more prototype fixes.
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 19:01:52 +00:00
Bodo Möller
254ef80db1 simplify asn1_flag
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Bodo Möller
012c86ab74 move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
and make some appropriate changes to the EC library.

Submitted by: Nils Larsch
2002-06-10 12:41:18 +00:00
Bodo Möller
458c29175e move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
and make some appropriate changes to the EC library.

Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Bodo Möller
c6c0e4cb32 fix memory leak
Submitted by: Nils Larsch
2002-06-06 10:33:05 +00:00
Bodo Möller
6cbe638294 New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
Submitted by: Nils Larsch
2002-05-30 13:16:03 +00:00
Richard Levitte
02cbedc387 Make sure short aliases are used where required. 2002-05-23 13:52:36 +00:00
Bodo Möller
7711de24f9 accept NULL in 'free' functions 2002-05-21 08:59:57 +00:00
Bodo Möller
b6db386ffd Change internals of the EC library so that the functions
EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are
implemented directly in crypto/ec/ec_lib.c and not dispatched to
methods.

Also fix EC_GROUP_copy to copy the NID.
2002-05-08 11:54:24 +00:00
Bodo Möller
2c8d0dccfc improve wNAF generation 2002-05-05 23:45:09 +00:00
Bodo Möller
f916052eab remove disabled code 2002-04-14 13:28:17 +00:00
Lutz Jänicke
0ae1661ba2 Apply OID fixes for elliptic curves as supplied by
Nils Larsch <nlarsch@compuserve.de>.
2002-04-08 15:49:53 +00:00
Bodo Möller
17d6bb8158 New function EC_GROUP_check_discriminant().
Restructure implementation of EC_GROUP_check().

Submitted by: Nils Larsch
2002-03-20 10:18:07 +00:00
Bodo Möller
af28dd6c75 Fix bugs and typos.
Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-03-18 13:10:45 +00:00
Bodo Möller
4882171df5 EC curve stuff
Submitted by: Nils Larsch
2002-03-08 11:10:40 +00:00
Bodo Möller
709c51c424 fix spacing 2002-03-07 12:21:31 +00:00
Bodo Möller
9bc448546e Add more curves.
Submitted by: Nils Larsch

Remove unnecessary 'const'.
2002-03-07 12:14:03 +00:00
Bodo Möller
36c194638e add SECG OIDs
Submitted by: Nils Larsch
2002-03-06 13:47:32 +00:00
Bodo Möller
45fb737950 reference counting for EC_GROUP structures is not needed (at the
moment at least), so remove it
2002-03-06 09:46:17 +00:00
Bodo Möller
d009bcbfb6 bugfix: allocate sufficiently large buffer
Submitted by: Nils Larsch
2002-02-20 11:59:42 +00:00
Bodo Möller
8f06b00373 make it possible to disable memory checking for timings 2002-02-14 14:41:13 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
60d8bae30d some modifications to named curve support 2002-02-13 17:57:52 +00:00
Bodo Möller
945e15a253 add support for named curves
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 17:22:59 +00:00
Richard Levitte
b77fcddb6b Apply a small patch from Oscar Jacobsson <oscar@jacobsson.org> that
makes things more compilable with VC++.
2002-01-26 04:50:41 +00:00
Bodo Möller
1226c472b7 oops 2001-12-17 19:26:43 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Bodo Möller
c05940edc7 comment 2001-11-22 11:08:38 +00:00
Bodo Möller
e71adb85c5 avoid stupid compiler warning 2001-11-16 11:37:36 +00:00
Bodo Möller
b19941ab05 comment 2001-11-16 06:22:21 +00:00
Bodo Möller
752938daab use a more interesting test case 2001-11-16 06:22:05 +00:00
Bodo Möller
c78515f55e comments etc. 2001-11-15 22:35:41 +00:00
Bodo Möller
3ba1f11147 Improve EC efficiency. 2001-11-15 22:32:11 +00:00
Richard Levitte
37da54b10e The #error message must match a very specific regexp (see mkdef.pl,
currently line 470).
2001-09-26 15:18:32 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Bodo Möller
9c10b2c8d3 For consistency with the terminology used in my SAC2001 paper, avoid
the term "simultaneous multiplication" (which -- acording to the
paper, at least -- applies only to certain methods which we don't use
here)
2001-07-10 11:41:29 +00:00
Bodo Möller
56a106115f comment change 2001-07-10 11:28:53 +00:00
Bodo Möller
e3a4f8b84c Precomputation will not necessarily be LIm-Lee precomputation. 2001-07-10 10:04:05 +00:00
Bodo Möller
b8e2f83ae6 Call ENGINE_cleanup() to avoid memory leak. 2001-07-04 20:55:36 +00:00
Richard Levitte
1f0af2c073 len is a size_t, which is an unsigned integer. Therefore, some
compilers will complain against the check for less than zero.
2001-05-14 11:56:47 +00:00
Bodo Möller
413a4a0461 Fix warnings. 2001-04-03 14:03:47 +00:00
Richard Levitte
8a2908a24a Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to
be "#if 0"'d, or they will (re)appear as existing functions in
util/libeay.num.
2001-03-21 12:34:34 +00:00
Bodo Möller
26fbabf3d1 Increase boundaries in EC_window_bits_for_scalar_size table. 2001-03-20 11:16:12 +00:00
Bodo Möller
37cdcb4d8a Table for window sizes. 2001-03-19 22:38:24 +00:00
Bodo Möller
4f69172d25 Completely remove mont2 stuff.
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
63c43dcc59 avoid infinite loop 2001-03-15 11:31:37 +00:00
Richard Levitte
37a92e9ce4 make update. 2001-03-13 21:47:23 +00:00
Bodo Möller
194dd04699 Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult,
which indicate its purpose more clearly.
2001-03-12 07:26:23 +00:00
Bodo Möller
5b054c6955 EC_METHOD based on bn_mont2 (not used in the library) 2001-03-11 17:43:07 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Bodo Möller
6017e604f8 Timings are not supposed to be enabled by default ... 2001-03-11 12:30:52 +00:00
Bodo Möller
3837491174 Add functions EC_POINT_mul and EC_GROUP_precompute.
The latter does nothing for now, but its existence means
that applications can request precomputation when appropriate.
2001-03-11 12:27:24 +00:00
Bodo Möller
86a921af06 handle negative scalars correctly when doing point multiplication 2001-03-11 08:44:50 +00:00
Bodo Möller
616df35633 use fflush 2001-03-11 08:27:11 +00:00
Bodo Möller
e44fcedadf Change timing output: We don't have "exponents" here, curves are
considered additive
2001-03-10 23:49:06 +00:00
Bodo Möller
6f8f443170 comment and error code update 2001-03-10 23:37:52 +00:00
Bodo Möller
d18af3f37e Remove files from Lenka's EC implementation. 2001-03-10 23:26:41 +00:00
Bodo Möller
48fe4d6233 More EC stuff, including EC_POINTs_mul() for simultaneous scalar
multiplication of an arbitrary number of points.
2001-03-10 23:18:35 +00:00
Dr. Stephen Henson
24a93e6cdd In crypto/ec #if 0 out structures which reference (currently)
non existent functions because this breaks shared libraries.
2001-03-10 12:37:01 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Bodo Möller
42909e3968 Fix ec_GFp_simple_cmp.
Use example group from Annex I of X9.62 in ectest.c.
2001-03-08 22:52:49 +00:00
Bodo Möller
156e85578d Implement EC_GFp_mont_method. 2001-03-08 20:55:16 +00:00
Bodo Möller
bb62a8b0c5 More method functions for elliptic curves,
and an ectest.c that actually tests something.
2001-03-08 19:14:52 +00:00
Richard Levitte
0e99546424 Some EC function names are really long. Make aliases for VMS on VAX. 2001-03-08 17:20:31 +00:00
Bodo Möller
3285076c8e Integrate ec_err.[co].
"make depend"
2001-03-08 12:30:12 +00:00
Bodo Möller
de10f6900d Sort openssl.ec, the configuration file for mkerr.pl.
Change mkerr.pl so that it puts the ERR_load_..._strings()
prototype in header files that it writes.
2001-03-08 12:14:25 +00:00
Bodo Möller
adfe54b7be Integrate ectest.c (which does not yet do anything). 2001-03-08 11:59:48 +00:00
Bodo Möller
91f29a38a0 Let EC_POINT_copy do nothing if dest==src 2001-03-08 11:18:06 +00:00
Bodo Möller
1d5bd6cf71 More 'TODO' items. 2001-03-08 11:16:33 +00:00
Bodo Möller
226cc7ded4 More method functions for EC_GFp_simple_method. 2001-03-08 01:23:28 +00:00
Bodo Möller
e869d4bd32 More method functions. 2001-03-07 20:56:48 +00:00
Bodo Möller
60428dbf0a Some actual method functions (not enough yet to use the EC library, though),
including EC arithmetics derived from Lenka Fibikova's code (with some
additional optimizations).
2001-03-07 19:54:35 +00:00
Bodo Möller
f1f25544e0 ..._init functions are method-specific too
(they can't do much useful, but they will have to set pointers
to NULL)
2001-03-07 09:53:41 +00:00
Bodo Möller
2e0db07627 Optimized EC_METHODs need specific 'set_curve' and 'free' functions. 2001-03-07 09:48:38 +00:00
Bodo Möller
58fc62296f The next bunch of vaporware. 2001-03-07 09:29:45 +00:00
Bodo Möller
df9cc1535e extra_data 'mixin'.
(This will be used for Lim/Lee precomputation data.)
2001-03-07 09:03:32 +00:00
Bodo Möller
c4b36ff474 Oops ... 2001-03-07 01:41:20 +00:00
Bodo Möller
f418f8c17c In clear_free, clear the complete structure just in case
the method misses something.
2001-03-07 01:37:54 +00:00
Bodo Möller
0657bf9c14 Implement dispatcher for EC_GROUP and EC_POINT method functions.
Initial EC_GROUP_new_curve_GFp implementation.
2001-03-07 01:17:05 +00:00
Bodo Möller
5b438e9b0f Add a few 'const's 2001-03-06 22:30:03 +00:00
Bodo Möller
774530f412 'is_at_infinity' tests don't need a BN_CTX. 2001-03-06 08:55:33 +00:00
Bodo Möller
fb171e534e New function declarations. 2001-03-06 07:01:51 +00:00
Bodo Möller
7d7db13e67 Add BN_CTX arguments where appropriate.
Rename 'EC_GROUP_set'-related functions to names similar to 'EC_GROUP_set_curve'
because they don't care about the generator.

Add new functions.
2001-03-06 06:20:20 +00:00
Bodo Möller
24b8dc9a55 Add EC_GROUP_new_GFp prototype. 2001-03-05 22:29:57 +00:00
Bodo Möller
d8c79c7f72 Change comments. 2001-03-05 21:59:03 +00:00
Bodo Möller
3a12ce0137 Some declarations that outline what I intend to implement. 2001-03-05 21:54:39 +00:00
Bodo Möller
62763f682b Another file I had forgotten to add. 2001-03-05 20:32:41 +00:00
Bodo Möller
38e3c5815c Add yet another (still empty) source code file that I forgot. 2001-03-05 20:31:49 +00:00
Bodo Möller
f8fe20e0d9 Add more EC vaporware (empty source code files I missed in my
previous commit).
2001-03-05 20:14:00 +00:00
Bodo Möller
65e8167079 Move ec.h to ec2.h because it is not compatible with what we will use.
Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".
2001-03-05 20:13:37 +00:00
Bodo Möller
786e0c2424 EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary.
The computations for which h was used can be done more efficiently
by using BN_rshift1.
2001-03-03 15:31:34 +00:00
Bodo Möller
db5bda670f Changes to Lenka's Montgomery implementation.
Submitted by: Lenka Fibikova
2000-11-30 17:35:17 +00:00
Bodo Möller
946cd9a540 Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos).

Change indentation to "EAY" style.
2000-11-26 19:13:52 +00:00
Bodo Möller
5acaa49504 More BN_mod_... functions. 2000-11-26 18:31:32 +00:00
Bodo Möller
6cc5e19d47 Remove CR at line ends. 2000-11-26 12:55:19 +00:00
Bodo Möller
7e0c5264e7 Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation.
These new files will not be included literally in OpenSSL, but I intend
to integrate most of their contents.  Most file names will change,
and when the integration is done, the superfluous files will be deleted.

Submitted by: Lenka Fibikova <fibikova@exp-math.uni-essen.de>
2000-11-26 12:12:35 +00:00