wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10119 commits 20 branches 302 tags 153 MiB
Commit graph

291 commits

Author SHA1 Message Date
Richard Levitte
70505bc334 For OpenVMS, use inttypes.h instead of stdint.h 2012-03-01 21:29:16 +00:00
Dr. Stephen Henson
cb29d8c11f only include string.h once 2012-01-24 22:58:46 +00:00
Andy Polyakov
17674bfdf7 ec_cvt.c: performance update from HEAD. 2011-11-14 21:14:53 +00:00
Dr. Stephen Henson
a8d72c79db PR: 2632 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
 2011-10-26 16:43:23 +00:00
Bodo Möller
3d520f7c2d Fix warnings. 
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
 2011-10-19 08:58:35 +00:00
Bodo Möller
9c37519b55 Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and 
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
 2011-10-18 19:43:54 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls. 
New functionality to allow default DRBG type to be set during compilation
or during runtime.
 2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
572712d82a recognise ecdsaWithSHA1 OID 2011-07-28 14:42:53 +00:00
Dr. Stephen Henson
6342b6e332 Redirection of ECDSA, ECDH operations to FIPS module. 
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
 2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
59bc67052b Add flags field to EC_KEY structure (backport from HEAD). 2011-06-06 13:18:03 +00:00
Dr. Stephen Henson
c090562828 Make no-ec2m work again (backport from HEAD). 2011-06-06 13:00:30 +00:00
Dr. Stephen Henson
69e2ec63c5 Reorganise ECC code so it can use FIPS module. 
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions
(all existing methods do this). This removes dependencies from EC_METHOD while
keeping original functionality.

Backport from HEAD with minor changes.
 2011-06-06 12:54:51 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
e24b01cc6f Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by 
default. If we don't do it this way, it screws up libeay.num.
(update from HEAD, original from levitte).
 2011-05-12 13:10:27 +00:00
Dr. Stephen Henson
947f4e90c3 New function EC_KEY_set_affine_coordinates() this performs all the 
NIST PKV tests.
 2011-01-24 16:09:57 +00:00
Dr. Stephen Henson
d184c7b271 check EC public key isn't point at infinity 2011-01-24 15:07:47 +00:00
Dr. Stephen Henson
913488c066 PR: 1612 
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
 2011-01-24 14:41:49 +00:00
Dr. Stephen Henson
945ba0300d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:56:25 +00:00
Bodo Möller
4705ff7d6d More C language police work. 2010-08-27 13:17:58 +00:00
Bodo Möller
74b5feea7b C conformity fixes: Move declarations before statements in all blocks. 2010-08-27 12:07:12 +00:00
Bodo Möller
11a36aa96f C conformity fixes: 
- Move declarations before statements in all blocks.
- Where 64-bit type is required, use it explicitly (not 1l).
 2010-08-27 11:29:09 +00:00
Bodo Möller
42ecf418f5 (formatting error) 2010-08-26 14:38:49 +00:00
Bodo Möller
48ce525d16 New 64-bit optimized implementation EC_GFp_nistp224_method(). 
Binary compatibility is not affected as this will only be
compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
 2010-08-26 14:29:27 +00:00
Bodo Möller
82281ce47d ECC library bugfixes. 
Submitted by: Emilia Kapser (Google)
 2010-08-26 12:10:57 +00:00
Bodo Möller
7fe747d1eb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:30 +00:00
Dr. Stephen Henson
9117b9d17a PR: 2118 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
 2009-11-30 13:53:42 +00:00
Andy Polyakov
27c7e53882 ec_mult.c: update from HEAD (Win64 compile warnings). 2009-05-05 19:23:45 +00:00
Ben Laurie
57a6ac7c4f Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) 2008-12-27 02:15:16 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
ea71ec1b11 ec2_mult.c readability update. 2008-10-28 13:53:51 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
156ee88285 Indicate support for digest init ctrl. 2008-05-02 11:24:40 +00:00
Andy Polyakov
ba6f95e81b Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit 
platforms.
 2008-04-24 10:04:26 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Andy Polyakov
1c56e95e28 Compress and more aggressively constify ec_curve.c [the latter is 
achieved by minimizing link relocations].
 2007-08-31 09:36:43 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
3b2eead381 Fix duplicate error number. 2007-04-05 17:09:43 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds 
(need to prevent the removal of trailing zero bits).
 2006-12-19 15:11:37 +00:00