Commit graph

666 commits

Author SHA1 Message Date
Dr. Stephen Henson
3475bc9675 Add set methods.
Add set_group, set_public and set_private methods. An EC_KEY_METHOD can use
these to perform any appropriate operation when the key components are set,
such as caching data in some more convenient ENGINE specific format or
returning an error if the parameters are invalid or the operation is
not supported.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
ea0392b921 EC_KEY_METHOD copy support
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
0d6ff6d3d1 EC_KEY_METHOD init and finish support
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
5196641617 ENGINE fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
53e3189d0c make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
a22a7e7089 Add compute key support to EC_KEY_METHOD
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
647b223875 Adapt ecdh_compute_key
Rename ecdh_compute_key into ossl_ecdh_compute_key and modify it
to use EC error codes. Remove superfluous old ECDH functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
168e8374ee move ECDH implementation to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
768c53e1b6 Move ECDH_KDF_X9_62 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
5a6a1029d2 EC_KEY_METHOD keygen support.
Add keygen to EC_KEY_METHOD. Redirect EC_KEY_generate_key through
method and set the current EC key generation function as the default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
d2fa70d82b make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
28572b577c Support for EC_KEY_METHOD.
Add EC_KEY_METHOD. This is part of the EC revision and will make EC behave
more like other algorithms. Specifically:

EC_KEY_METHOD is part of EC_KEY.
It is part of ENGINE.
Default or key specific implementations can be provided to redirect some
or all operations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Andy Polyakov
a285992763 ARMv4 assembly pack: allow Thumb2 even in iOS build,
and engage it in most modules.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-07 12:06:06 +01:00
Andy Polyakov
76eba0d94b x86_64 assembly pack: tune clang version detection.
RT#4142

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-23 16:00:06 +01:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Dr. Stephen Henson
b8fb59897b Rebuild error source files.
Rebuild error source files: the new mkerr.pl functionality will now
pick up and translate static function names properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-05 15:48:37 +00:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Andy Polyakov
8be7438f16 Rationalize .gitignore and harmonize pair of Makefiles.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:02:35 +02:00
Andy Polyakov
11208dcfb9 ARMv4 assembly pack: implement support for Thumb2.
As some of ARM processors, more specifically Cortex-Mx series, are
Thumb2-only, we need to support Thumb2-only builds even in assembly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-25 13:34:02 +02:00
Kurt Roeckx
a46c9789ce d2i: don't update input pointer on failure
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
MR #1005
2015-09-14 23:53:03 +02:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Rich Salz
64b25758ed remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:26:34 -04:00
David Bar
e968561d5e RT3674: Make no-cms build work.
Also has changes from from David Woodhouse <David.Woodhouse@intel.com>
and some tweaks from me.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 14:45:15 -04:00
Rich Salz
b51bce9420 Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02 22:05:37 -04:00
Rich Salz
fbfcb22439 RT3999: Remove sub-component version strings
Especially since after the #ifdef cleanups this is not useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:13:32 -04:00
Matt Caswell
8d11b7c7ee Fix warning when compiling with no-ec2m
EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-08-03 20:34:40 +01:00
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Matt Caswell
68886be7e2 EC_POINT_is_on_curve does not return a boolean
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-06-10 10:43:53 +01:00
Peter Dettman
88f4c6f3d2 Fix build errors with enable-ec_nistp_64_gcc_128
RT 3871

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-29 12:40:53 +02:00
Billy Brumley
71f6130b7a fix copy paste error in ec_GF2m function prototypes
RT#3858

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-26 10:12:22 +02:00
Richard Levitte
0f539dc1a2 Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-22 18:44:33 +02:00
Richard Levitte
a3aadb2d9c make depend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:38:31 +02:00
Richard Levitte
b39fc56061 Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Andy Polyakov
d38f1b39f1 bn/asm/armv8-mont.pl: boost performance.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 17:14:00 +02:00
Rich Salz
75ebbd9aa4 Use p==NULL not !p (in if statements, mainly)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
b6eb9827a6 Add OSSL_NELEM macro.
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an
array.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 12:53:08 +01:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01 14:37:16 -04:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Matt Caswell
3deeeeb61b Add sanity check to print_bin function
Add a sanity check to the print_bin function to ensure that the |off|
argument is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
222561fe8e free NULL cleanup 5a
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:33:59 -04:00
Rich Salz
2ace745022 free NULL cleanup 8
Do not check for NULL before calling a free routine.  This addresses:
    ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free
    ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free
    ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free
    ASN1_UTCTIME_free M_ASN1_free_of

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 11:31:07 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Emilia Kasper
5956b110e3 NISTZ256: owur'ize.
__owur'ize static methods to catch calling errors within the module.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-28 12:49:40 +02:00
Emilia Kasper
6038354cf8 NISTZ256: use EC_POINT API and check errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 19:44:43 +02:00
Emilia Kasper
a4d5269e6d NISTZ256: don't swallow malloc errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-27 18:03:38 +02:00
Emilia Kasper
4446044a79 NISTZ256: set Z_is_one to boolean 0/1 as is customary.
Cosmetic, no real effect.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:49:25 +02:00
Emilia Kasper
e22d2199e2 Error checking and memory leak fixes in NISTZ256.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:21:48 +02:00
Emilia Kasper
53dd4ddf71 Fix error checking and memory leaks in NISTZ256 precomputation.
Thanks to Brian Smith for reporting these issues.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-24 17:45:13 +02:00
Emilia Kasper
c028254b12 Correctly set Z_is_one on the return value in the NISTZ256 implementation.
Also add a few comments about constant-timeness.

Thanks to Brian Smith for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-24 17:33:21 +02:00
Andy Polyakov
5557d5f2e2 Add ec/asm/ecp_nistz256-sparcv9.pl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-21 09:37:44 +02:00
Andy Polyakov
313e6ec11f Add assembly support for 32-bit iOS.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-20 15:06:22 +02:00
Andy Polyakov
e1613e7c0c Add ecp_nistz256-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-20 14:56:06 +02:00
Andy Polyakov
4eb504aedf crypto/ec/ecp_nistp[224|521].c: fix formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 14:45:52 +02:00
Andy Polyakov
ace8f54691 ec/ecp_nistp*.c: fix SEGVs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 14:45:21 +02:00
Rich Salz
e0e920b1a0 free NULL cleanup 9
Ongoing work to skip NULL check before calling free routine.  This gets:
    ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free
    nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free
    PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free
    PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free
    SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free
    ssl_sess_cert_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-04-11 16:32:54 -04:00
Rich Salz
a38537721d Fix memory leak
It should have freed them when != NULL, not when == NULL.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
2015-04-11 20:31:29 +02:00
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Douglas E Engert
30cd4ff294 Ensure EC private keys retain leading zeros
RFC5915 requires the use of the I2OSP primitive as defined in RFC3447
for storing an EC Private Key. This converts the private key into an
OCTETSTRING and retains any leading zeros. This commit ensures that those
leading zeros are present if required.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-31 16:33:29 +01:00
Andy Polyakov
f0e6871df2 ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:59:27 +01:00
Rich Salz
c5ba2d9904 free NULL cleanup
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 10:54:15 -04:00
Rich Salz
8fdc3734c0 free NULL cleanup.
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-25 18:35:24 -04:00
Dr. Stephen Henson
86d20cb6fd make depend
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:05:05 +00:00
Dr. Stephen Henson
27af42f9ac Move some EVP internals to evp_int.h
Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:03:36 +00:00
Dr. Stephen Henson
5fe736e5fc Move some ASN.1 internals to asn1_int.h
Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:03:36 +00:00
Rich Salz
0dfb9398bb free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 07:52:24 -04:00
Dr. Stephen Henson
f422a51486 Remove old ASN.1 code.
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.

Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Matt Caswell
5e5d53d341 Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Andy Polyakov
9fbbdd73c5 Avoid reading an unused byte after the buffer
Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-14 18:23:41 +01:00
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Matt Caswell
535bc8faf6 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:24 +00:00
Matt Caswell
9e442d4850 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:07 +00:00
Dr. Stephen Henson
86f300d385 Use named curve parameter encoding by default.
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.

Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-19 14:44:46 +00:00
Andy Polyakov
7a6c9a2e96 Add ec/asm/ecp_nistz256-armv4.pl module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:34:18 +01:00
Andy Polyakov
5afc296aa6 ec/ecp_nistz256.c: fix compiler warnings.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:04:28 +01:00
Andy Polyakov
5029291722 ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 21:52:25 +01:00
Andy Polyakov
aa9db2d292 Add ec/asm/ecp_nistz256-x86.pl module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:19:16 +01:00
Rich Salz
6f91b017bb Live code cleanup: remove #if 1 stuff
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Rich Salz
c8fa2356a0 Dead code cleanup: crypto/ec,ecdh,ecdsa
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:56:47 -05:00
Rich Salz
9ccc00ef6e Dead code cleanup: #if 0 dropped from tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Rich Salz
49b05c7d50 Rename index to idx to avoid symbol conflicts.
Picky compilers with old index() string functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:23:01 -05:00
Rich Salz
a00ae6c46e OPENSSL_NO_xxx cleanup: many removals
The following compile options (#ifdef's) are removed:
    OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
    OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
    OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
    OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY

This diff is big because of updating the indents on preprocessor lines.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Matt Caswell
35a1cc90bc More comment realignment
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5 Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6 Move more comments that confuse indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
20728adc8f ec/ecp_nistz256.c: further harmonization with latest rules.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
58d47cf004 ec/ecp_nistz256.c: harmonize with latest indent script.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
b853717fc4 Fix strange formatting by indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
dbd87ffc21 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
e636e2acd7 Fix source where indent will not be able to cope
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
23a22b4cf7 More comments
Conflicts:
	crypto/dsa/dsa_vrf.c
	crypto/ec/ec2_smpl.c
	crypto/ec/ecp_smpl.c

Conflicts:
	demos/bio/saccept.c
	ssl/d1_clnt.c

Conflicts:
	bugs/dggccbug.c
	demos/tunala/cb.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215 Further comment changes for reformat (master)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
9e557ab262 ecp_nistz256-x86_64.pl: fix occasional failures.
RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2015-01-04 23:18:04 +01:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Rich Salz
e03b29871b RT3548: Remove outdated platforms
This commit removes all mention of NeXT and NextStep.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 21:11:09 -05:00
Matt Caswell
53e95716f5 Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Emilia Kasper
b597aab84e Build fixes
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318ece)
2014-12-17 14:31:05 +01:00
Matt Caswell
af6e2d51bf Add OPENSSL_NO_ECDH guards
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:45 +00:00
Matt Caswell
5784a52145 Implement internally opaque bn access from ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f remove FIPS module code from crypto/ecdsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9 Remove fips_constseg references.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Matt Caswell
8d02bebddf When using EVP_PKEY_derive with a KDF set, a negative error from
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-20 15:20:37 +00:00
Matt Caswell
e04d426bf9 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-12 20:26:31 +00:00
Andy Polyakov
c381b63764 ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-29 10:57:46 +01:00
Andy Polyakov
3ff08e1dde ecp_nistz256 update.
Facilitate switch to custom scatter-gather routines. This modification
does not change algorithms, only makes it possible to implement
alternative. This is achieved by a) moving precompute table to assembly
(perlasm parses ecp_nistz256_table.c and is free to rearrange data to
match gathering algorithm); b) adhering to explicit scatter subroutine
(which for now is simply a memcpy). First implementations that will use
this option are 32-bit assembly implementations, ARMv4 and x86, where
equivalent of current read-whole-table-select-single-value algorithm
is too time-consuming. [On side note, switching to scatter-gather on
x86_64 would allow to improve server-side ECDSA performance by ~5%].

Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-10-23 16:08:44 +02:00
Andy Polyakov
be07ae9b10 crypto/ecp_nistz256.c: harmonize error codes.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-21 15:56:02 +02:00
Dr. Stephen Henson
16e5b45f72 Fix warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-20 00:08:56 +01:00
Andy Polyakov
4d3fa06fce Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:37:41 +02:00
Andy Polyakov
f54be179aa Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:13:20 +02:00
Kurt Roeckx
44e0c2bae4 RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-08 17:21:04 -04:00
Andy Polyakov
6019cdd327 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-30 19:22:51 +02:00
Matt Caswell
13be7da81f Fixed double inclusion of string.h
PR2693

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-29 21:42:54 +01:00
Emilia Kasper
f34a57202b Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Matt Caswell
f063e30fe9 RT3065: automatically generate a missing EC public key
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Adam Langley
0388ac4c99 RT3065: ec_private_key_dont_crash
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:34 +02:00
Laszlo Papp
09ec8c8e89 PR2490: Remove unused local variable bn ecp_nist.c
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-20 16:36:20 -04:00
Martin Olsson
1afd7fa97c RT2513: Fix typo's paramter-->parameter
I also found a couple of others (padlock and signinit)
and fixed them.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-19 11:09:33 -04:00
Bodo Moeller
16602b5cd5 Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
2014-08-13 17:37:19 +02:00
Bodo Moeller
0fe73d6c36 Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).

Reviewed-by: emilia@openssl.org
2014-08-01 17:18:14 +02:00
Billy Brumley
cba11f57ce "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-21 22:18:40 +01:00
Libor Krystek
8e3231642b Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 2014-06-03 23:15:58 +01:00
David Ramos
16ba70746b Double free in i2o_ECPublicKey
PR: 3338
2014-05-04 00:46:20 +01:00
mancha
e14f14d36e Fix eckey_priv_encode()
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-26 07:59:13 +01:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits.
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
dd274b1c1c Fix for some platforms where "char" is unsigned. 2013-11-09 15:09:23 +00:00
Bodo Moeller
ca567a03ad Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope
2013-09-16 12:59:21 +02:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64 Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
e61f5d55bc Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
88e20b8584 Add support for ECDH KARI.
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
25af7a5dbc Add support for X9.62 KDF.
Add X9.62 KDF to EC EVP_PKEY_METHOD.
2013-07-17 21:45:00 +01:00
Adam Langley
190c615d43 Make `safe' (EC)DSA nonces the default.
This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.

In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
2013-07-15 12:57:48 +01:00
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Adam Langley
8a99cb29d1 Add secure DSA nonce flag.
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Matt Caswell
94782e0e9c Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Bodo Möller
f11d0c7908 Fix EC_KEY initialization race.
Submitted by: Adam Langley
2012-10-05 20:50:11 +00:00
Dr. Stephen Henson
24edfa9df9 enhance EC method to support setting curve type when generating keys and add parameter encoding option 2012-09-11 13:54:09 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
b36bab7812 PR: 2239
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>

Add Brainpool curves from RFC5639.

Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Dr. Stephen Henson
64095ce9d7 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Andy Polyakov
713f49119f ec_pmeth.c: fix typo in commentary.
PR: 2677
Submitted by: Annue Yousar
2012-01-12 13:22:51 +00:00
Dr. Stephen Henson
d674bb4bc8 In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order 2011-11-16 13:28:35 +00:00
Dr. Stephen Henson
32cf5baeae PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:43:34 +00:00
Dr. Stephen Henson
5fd722600b Check for selftest failure in various places. 2011-10-22 17:24:27 +00:00
Bodo Möller
e0d6132b8c Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
3699ec6056 recognise ecdsaWithSHA1 OID 2011-07-28 14:40:01 +00:00
Dr. Stephen Henson
9945b460e2 Give parameters names in prototypes. 2011-06-17 16:47:41 +00:00
Andy Polyakov
62f29eb1cf spacrv9cap.c: addenum to recent EC optimizations. 2011-05-23 08:14:32 +00:00
Andy Polyakov
d8ea368c41 ec_cvt.c: ARM comparison results were wrong, clarify the background. 2011-05-21 08:40:18 +00:00
Andy Polyakov
fdf6dac859 ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
commentary for details].
2011-05-20 20:31:37 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Richard Levitte
171edf7ff4 Error discrepancy corrected. 2011-04-24 08:59:15 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
8c7096835b Use 0 for tbslen to perform strlen. 2011-04-19 11:10:54 +00:00
Dr. Stephen Henson
a6311f856b Remove several of the old obsolete FIPS_corrupt_*() functions. 2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Richard Levitte
5d0137aa14 make update 2011-03-25 09:30:52 +00:00
Richard Levitte
30fafdebf3 * Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
  disabled by default.  If we don't do it this way, it screws up
  libeay.num.
* util/libeay.num: make update
2011-03-25 09:29:46 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Richard Levitte
487b023f3d make update (1.1.0-dev)
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
1acc24a8ba Make no-ec2m work again. 2011-03-10 01:00:30 +00:00
Dr. Stephen Henson
b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
0fbf8f447b Add pairwise consistency test to EC. 2011-02-15 16:58:28 +00:00
Dr. Stephen Henson
c966120412 Don't use FIPS api for ec2_oct.c 2011-02-14 16:55:28 +00:00
Dr. Stephen Henson
84b08eee4b Reorganise ECC code for inclusion in FIPS module.
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.
2011-02-14 16:52:12 +00:00
Dr. Stephen Henson
bf2546f947 Use BN_nist_mod_func to avoid need to peek error queue. 2011-02-14 16:45:28 +00:00
Dr. Stephen Henson
c9a90645a5 Disable some functions in headers with no-ec2m 2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
65847ca378 For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
completes without linker errors.
2011-02-03 13:00:08 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
6e0375d504 revert Makefile change 2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
fef1c40bf1 New function EC_KEY_set_affine_coordinates() this performs all the
NIST PKV tests.
2011-01-24 16:07:40 +00:00
Dr. Stephen Henson
a428ac4750 check EC public key isn't point at infinity 2011-01-24 15:04:34 +00:00
Dr. Stephen Henson
0aa1aedbce PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:41:34 +00:00
Dr. Stephen Henson
dd616752a1 oops, revert mistakenly committed EC changes 2011-01-19 14:42:42 +00:00
Dr. Stephen Henson
198ce9a611 Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:35:53 +00:00
Ben Laurie
c13d7c0296 Fix warning. 2011-01-09 17:50:06 +00:00
Ben Laurie
5df2a2497a Fix warnings. 2010-09-05 16:34:49 +00:00
Bodo Möller
396cb5657b More C language police work. 2010-08-27 13:17:59 +00:00
Bodo Möller
eb8ef241eb C conformity fixes: Move declarations before statements in all blocks. 2010-08-27 12:07:35 +00:00
Bodo Möller
1b5af90b45 C conformity fixes:
- Move declarations before statements in all blocks.
- Where 64-bit type is required, use it explicitly (not 1l).
2010-08-27 11:29:30 +00:00
Bodo Möller
76af94eb27 (formatting error) 2010-08-26 14:40:11 +00:00
Bodo Möller
04daec862c New 64-bit optimized implementation EC_GFp_nistp224_method().
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:55 +00:00
Bodo Möller
c94f7f657b ECC library bugfixes.
Submitted by: Emilia Kasper (Google)
2010-08-26 12:11:01 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Bodo Möller
2d9dcd4ff0 Always check bn_wexpend() return values for failure (CVE-2009-3245).
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Dr. Stephen Henson
fed8dbf46d PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Andy Polyakov
194274cb68 ec_mult.c: fix C4334 win64 compiler warning. 2009-05-02 11:18:44 +00:00
Ben Laurie
57a6ac7c4f Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) 2008-12-27 02:15:16 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
ea71ec1b11 ec2_mult.c readability update. 2008-10-28 13:53:51 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
156ee88285 Indicate support for digest init ctrl. 2008-05-02 11:24:40 +00:00
Andy Polyakov
ba6f95e81b Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
platforms.
2008-04-24 10:04:26 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Andy Polyakov
1c56e95e28 Compress and more aggressively constify ec_curve.c [the latter is
achieved by minimizing link relocations].
2007-08-31 09:36:43 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
3b2eead381 Fix duplicate error number. 2007-04-05 17:09:43 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Dr. Stephen Henson
8bdcef40e4 New function to dup EVP_PKEY_CTX. This will be needed to make new signing
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412 Use size_t for new crypto size parameters. 2006-05-24 12:33:46 +00:00
Richard Levitte
7e76e56387 Someone made a mistake, and some function and reason codes got
duplicate numbers.  Renumbering.
2006-05-12 15:27:52 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
a4e75b3dfd Correct copyright notice... this doesn't contain any SSLeay code. 2006-04-24 00:07:26 +00:00
Nils Larsch
930b0c4b8a make local function static 2006-04-20 09:53:49 +00:00
Dr. Stephen Henson
d202709808 Add OID cross reference table.
Fix some typos in GOST OIDs.

Update dependencies.
2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71 Provisional support for EC pkey method, supporting ECDH and ECDSA. 2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
e42633140e Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. 2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
bd50e31325 Typo. 2006-03-23 14:08:33 +00:00
Dr. Stephen Henson
b2c0518e6a Fix bug in DSA, EC methods. 2006-03-23 14:04:39 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b Transfer parameter handling and key comparison to algorithm methods. 2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00