- Remove OPENSSL_X25519_X86_64 which never worked, because we don't have
the assembly.
- Also remove OPENSSL_SMALL (which should have been
OPENSSL_SMALL_FOOTPRINT) which isn't a priority at the moment.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Handle KDF in ECDH_compute_key instead of requiring each implementation
support it. This modifies the compute_key method: now it allocates and
populates a buffer containing the shared secret.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal
or inappropriate. Add an "custom_data" field which curves can populate with
a custom structure to suit their needs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add support for optional overrides of various private key operations
in EC_METHOD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
In EC_KEY_priv2buf(), check for pbuf sanity.
If invoked with NULL, gracefully returns the key length.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Simplifies calling code. Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This takes us away from the idea that we know exactly how our static
libraries are going to get used. Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.
On the other hand, we also have greater control of when the shared
library cflags. They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.
With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: Rich Salz <rsalz@openssl.org>
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was. Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It seems that on some platforms, the perlasm scripts call the C
compiler for certain checks. These scripts need the environment
variable CC to have the C compiler command.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key
equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert
between the private key octet format and EC_KEY.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Those even order that do not play nicely with Montgomery arithmetic
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files. They have been generated from the
Makefiles in the same directories. Things that are platform specific
will appear in later commits.
Reviewed-by: Andy Polyakov <appro@openssl.org>
d2i_ECPrivateKey always caculates the public key so there is
no need to caculate it again in eckey_priv_decode().
Reviewed-by: Rich Salz <rsalz@openssl.org>
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
During precomputation if the group given is well known then we memcpy a
well known precomputation. However we go the wrong label in the code and
don't store the data properly. Consequently if we call have_precompute_mult
the data isn't there and we return 0.
RT#3600
Reviewed-by: Richard Levitte <levitte@openssl.org>
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov.
Had to add various exdata calls to init/copy/free the exdata.
Had to remove const from some EC functions because exdata isn't
const-correct. :(
Also remove EC_EXTRA_DATA and use a union to hold the possible
pre-computed values and an enum to tell which value is in the
union. (Rich Salz)
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
(Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.
New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Make EVP_PKEY_copy_parameters() work if the destination has no type
(e.g. if obtained from EVP_PKEY_new()) or the underlying key is NULL.
This is useful where we want to copy the parameters from an existing
key to a new key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Rename ENGINE _EC_KEY functions to _EC.
Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy
ec_meth.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add set_group, set_public and set_private methods. An EC_KEY_METHOD can use
these to perform any appropriate operation when the key components are set,
such as caching data in some more convenient ENGINE specific format or
returning an error if the parameters are invalid or the operation is
not supported.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rename ecdh_compute_key into ossl_ecdh_compute_key and modify it
to use EC error codes. Remove superfluous old ECDH functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add keygen to EC_KEY_METHOD. Redirect EC_KEY_generate_key through
method and set the current EC key generation function as the default.
Reviewed-by: Richard Levitte <levitte@openssl.org>
