Dr. Stephen Henson
f422a51486
Remove old ASN.1 code.
...
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.
Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Matt Caswell
5e5d53d341
Fix a failure to NULL a pointer freed on error.
...
Reported by the LibreSSL project as a follow on to CVE-2015-0209
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Andy Polyakov
9fbbdd73c5
Avoid reading an unused byte after the buffer
...
Other curves don't have this problem.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-14 18:23:41 +01:00
Rich Salz
10bf4fc2c3
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
...
Suggested by John Foley <foleyj@cisco.com>.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Matt Caswell
535bc8faf6
Remove pointless free, and use preferred way of calling d2i_* functions
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:24 +00:00
Matt Caswell
9e442d4850
Fix a failure to NULL a pointer freed on error.
...
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:07 +00:00
Dr. Stephen Henson
86f300d385
Use named curve parameter encoding by default.
...
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.
Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-19 14:44:46 +00:00
Andy Polyakov
7a6c9a2e96
Add ec/asm/ecp_nistz256-armv4.pl module.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:34:18 +01:00
Andy Polyakov
5afc296aa6
ec/ecp_nistz256.c: fix compiler warnings.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:04:28 +01:00
Andy Polyakov
5029291722
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 21:52:25 +01:00
Andy Polyakov
aa9db2d292
Add ec/asm/ecp_nistz256-x86.pl module.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:19:16 +01:00
Rich Salz
6f91b017bb
Live code cleanup: remove #if 1 stuff
...
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Rich Salz
c8fa2356a0
Dead code cleanup: crypto/ec,ecdh,ecdsa
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:56:47 -05:00
Rich Salz
9ccc00ef6e
Dead code cleanup: #if 0 dropped from tests
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Rich Salz
49b05c7d50
Rename index to idx to avoid symbol conflicts.
...
Picky compilers with old index() string functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:23:01 -05:00
Rich Salz
a00ae6c46e
OPENSSL_NO_xxx cleanup: many removals
...
The following compile options (#ifdef's) are removed:
OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
This diff is big because of updating the indents on preprocessor lines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Matt Caswell
35a1cc90bc
More comment realignment
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5
Re-align some comments after running the reformat script.
...
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6
Move more comments that confuse indent
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
20728adc8f
ec/ecp_nistz256.c: further harmonization with latest rules.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
58d47cf004
ec/ecp_nistz256.c: harmonize with latest indent script.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
b853717fc4
Fix strange formatting by indent
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
dbd87ffc21
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
e636e2acd7
Fix source where indent will not be able to cope
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
23a22b4cf7
More comments
...
Conflicts:
crypto/dsa/dsa_vrf.c
crypto/ec/ec2_smpl.c
crypto/ec/ecp_smpl.c
Conflicts:
demos/bio/saccept.c
ssl/d1_clnt.c
Conflicts:
bugs/dggccbug.c
demos/tunala/cb.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215
Further comment changes for reformat (master)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9
Cleanup OPENSSL_NO_xxx, part 1
...
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Matt Caswell
3a83462dfe
Further comment amendments to preserve formatting prior to source reformat
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
9e557ab262
ecp_nistz256-x86_64.pl: fix occasional failures.
...
RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2015-01-04 23:18:04 +01:00
Tim Hudson
1d97c84351
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Rich Salz
e03b29871b
RT3548: Remove outdated platforms
...
This commit removes all mention of NeXT and NextStep.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 21:11:09 -05:00
Matt Caswell
53e95716f5
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
...
Introduce use of DECLARE_DEPRECATED
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Emilia Kasper
b597aab84e
Build fixes
...
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318ece
)
2014-12-17 14:31:05 +01:00
Matt Caswell
af6e2d51bf
Add OPENSSL_NO_ECDH guards
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:45 +00:00
Matt Caswell
5784a52145
Implement internally opaque bn access from ec
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Dr. Stephen Henson
73e45b2dd1
remove OPENSSL_FIPSAPI
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f
remove FIPS module code from crypto/ecdsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9
Remove fips_constseg references.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Matt Caswell
8d02bebddf
When using EVP_PKEY_derive with a KDF set, a negative error from
...
ECDH_compute_key is silently ignored and the KDF is run on duff data
Thanks to github user tomykaira for the suggested fix.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-20 15:20:37 +00:00
Matt Caswell
e04d426bf9
Fix free of garbage pointer. PR#3595
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-12 20:26:31 +00:00
Andy Polyakov
c381b63764
ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-29 10:57:46 +01:00
Andy Polyakov
3ff08e1dde
ecp_nistz256 update.
...
Facilitate switch to custom scatter-gather routines. This modification
does not change algorithms, only makes it possible to implement
alternative. This is achieved by a) moving precompute table to assembly
(perlasm parses ecp_nistz256_table.c and is free to rearrange data to
match gathering algorithm); b) adhering to explicit scatter subroutine
(which for now is simply a memcpy). First implementations that will use
this option are 32-bit assembly implementations, ARMv4 and x86, where
equivalent of current read-whole-table-select-single-value algorithm
is too time-consuming. [On side note, switching to scatter-gather on
x86_64 would allow to improve server-side ECDSA performance by ~5%].
Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-10-23 16:08:44 +02:00
Andy Polyakov
be07ae9b10
crypto/ecp_nistz256.c: harmonize error codes.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-21 15:56:02 +02:00
Dr. Stephen Henson
16e5b45f72
Fix warning.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-20 00:08:56 +01:00
Andy Polyakov
4d3fa06fce
Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
...
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:37:41 +02:00
Andy Polyakov
f54be179aa
Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
...
Submitted by Shay Gueron, Intel Corp.
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:13:20 +02:00
Kurt Roeckx
44e0c2bae4
RT2626: Change default_bits from 1K to 2K
...
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-08 17:21:04 -04:00
Andy Polyakov
6019cdd327
Configure: add configuration for crypto/ec/asm extensions.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-30 19:22:51 +02:00
Matt Caswell
13be7da81f
Fixed double inclusion of string.h
...
PR2693
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-29 21:42:54 +01:00
Emilia Kasper
f34a57202b
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
...
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Matt Caswell
f063e30fe9
RT3065: automatically generate a missing EC public key
...
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Adam Langley
0388ac4c99
RT3065: ec_private_key_dont_crash
...
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:
-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:34 +02:00
Laszlo Papp
09ec8c8e89
PR2490: Remove unused local variable bn ecp_nist.c
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-20 16:36:20 -04:00
Martin Olsson
1afd7fa97c
RT2513: Fix typo's paramter-->parameter
...
I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-19 11:09:33 -04:00
Bodo Moeller
16602b5cd5
Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
...
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h).
Reviewed-by: emilia@openssl.org
2014-08-13 17:37:19 +02:00
Bodo Moeller
0fe73d6c36
Simplify and fix ec_GFp_simple_points_make_affine
...
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
2014-08-01 17:18:14 +02:00
Billy Brumley
cba11f57ce
"EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
...
PR#2569
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-21 22:18:40 +01:00
Libor Krystek
8e3231642b
Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370
2014-06-03 23:15:58 +01:00
David Ramos
16ba70746b
Double free in i2o_ECPublicKey
...
PR: 3338
2014-05-04 00:46:20 +01:00
mancha
e14f14d36e
Fix eckey_priv_encode()
...
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-26 07:59:13 +01:00
Dr. Stephen Henson
2514fa79ac
Add functions returning security bits.
...
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c
Fix for CVE-2014-0076
...
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483
)
Conflicts:
CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
dd274b1c1c
Fix for some platforms where "char" is unsigned.
2013-11-09 15:09:23 +00:00
Bodo Moeller
ca567a03ad
Fix overly lenient comparisons:
...
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
2013-09-16 12:59:21 +02:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
e61f5d55bc
Algorithm parameter support.
...
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
88e20b8584
Add support for ECDH KARI.
...
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
25af7a5dbc
Add support for X9.62 KDF.
...
Add X9.62 KDF to EC EVP_PKEY_METHOD.
2013-07-17 21:45:00 +01:00
Adam Langley
190c615d43
Make `safe' (EC)DSA nonces the default.
...
This change updates 8a99cb29
to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.
In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
2013-07-15 12:57:48 +01:00
Dr. Stephen Henson
810639536c
Add control to retrieve signature MD.
2013-06-21 21:33:00 +01:00
Adam Langley
8a99cb29d1
Add secure DSA nonce flag.
...
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Matt Caswell
94782e0e9c
Make binary curve ASN.1 work in FIPS mode.
...
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Bodo Möller
f11d0c7908
Fix EC_KEY initialization race.
...
Submitted by: Adam Langley
2012-10-05 20:50:11 +00:00
Dr. Stephen Henson
24edfa9df9
enhance EC method to support setting curve type when generating keys and add parameter encoding option
2012-09-11 13:54:09 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
b36bab7812
PR: 2239
...
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>
Add Brainpool curves from RFC5639.
Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Dr. Stephen Henson
64095ce9d7
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Andy Polyakov
713f49119f
ec_pmeth.c: fix typo in commentary.
...
PR: 2677
Submitted by: Annue Yousar
2012-01-12 13:22:51 +00:00
Dr. Stephen Henson
d674bb4bc8
In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order
2011-11-16 13:28:35 +00:00
Dr. Stephen Henson
32cf5baeae
PR: 2632
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:43:34 +00:00
Dr. Stephen Henson
5fd722600b
Check for selftest failure in various places.
2011-10-22 17:24:27 +00:00
Bodo Möller
e0d6132b8c
Fix warnings.
...
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
...
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)
Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Andy Polyakov
03e389cf04
Allow for dynamic base in Win64 FIPS module.
2011-09-14 20:48:49 +00:00
Bodo Möller
ae53b299fa
make update
2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
3699ec6056
recognise ecdsaWithSHA1 OID
2011-07-28 14:40:01 +00:00
Dr. Stephen Henson
9945b460e2
Give parameters names in prototypes.
2011-06-17 16:47:41 +00:00
Andy Polyakov
62f29eb1cf
spacrv9cap.c: addenum to recent EC optimizations.
2011-05-23 08:14:32 +00:00
Andy Polyakov
d8ea368c41
ec_cvt.c: ARM comparison results were wrong, clarify the background.
2011-05-21 08:40:18 +00:00
Andy Polyakov
fdf6dac859
ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
...
commentary for details].
2011-05-20 20:31:37 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Richard Levitte
171edf7ff4
Error discrepancy corrected.
2011-04-24 08:59:15 +00:00
Dr. Stephen Henson
cac4fb58e0
Add PRNG security strength checking.
2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
8c7096835b
Use 0 for tbslen to perform strlen.
2011-04-19 11:10:54 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Richard Levitte
5d0137aa14
make update
2011-03-25 09:30:52 +00:00
Richard Levitte
30fafdebf3
* Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:
...
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
disabled by default. If we don't do it this way, it screws up
libeay.num.
* util/libeay.num: make update
2011-03-25 09:29:46 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
487b023f3d
make update (1.1.0-dev)
...
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
1acc24a8ba
Make no-ec2m work again.
2011-03-10 01:00:30 +00:00
Dr. Stephen Henson
b7056b6414
Update dependencies.
2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
0fbf8f447b
Add pairwise consistency test to EC.
2011-02-15 16:58:28 +00:00
Dr. Stephen Henson
c966120412
Don't use FIPS api for ec2_oct.c
2011-02-14 16:55:28 +00:00
Dr. Stephen Henson
84b08eee4b
Reorganise ECC code for inclusion in FIPS module.
...
Move compression, point2oct and oct2point functions into separate files.
Add a flags field to EC_METHOD.
Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct
functions (all existing methods do this). This removes dependencies from
EC_METHOD while keeping original functionality.
2011-02-14 16:52:12 +00:00
Dr. Stephen Henson
bf2546f947
Use BN_nist_mod_func to avoid need to peek error queue.
2011-02-14 16:45:28 +00:00
Dr. Stephen Henson
c9a90645a5
Disable some functions in headers with no-ec2m
2011-02-12 17:38:06 +00:00
Dr. Stephen Henson
b331016124
New option to disable characteristic two fields in EC code.
2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
65847ca378
For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build
...
completes without linker errors.
2011-02-03 13:00:08 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
6e0375d504
revert Makefile change
2011-01-25 12:15:10 +00:00
Dr. Stephen Henson
fef1c40bf1
New function EC_KEY_set_affine_coordinates() this performs all the
...
NIST PKV tests.
2011-01-24 16:07:40 +00:00
Dr. Stephen Henson
a428ac4750
check EC public key isn't point at infinity
2011-01-24 15:04:34 +00:00
Dr. Stephen Henson
0aa1aedbce
PR: 1612
...
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:41:34 +00:00
Dr. Stephen Henson
dd616752a1
oops, revert mistakenly committed EC changes
2011-01-19 14:42:42 +00:00
Dr. Stephen Henson
198ce9a611
Add additional parameter to dsa_builtin_paramgen to output the generated
...
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:35:53 +00:00
Ben Laurie
c13d7c0296
Fix warning.
2011-01-09 17:50:06 +00:00
Ben Laurie
5df2a2497a
Fix warnings.
2010-09-05 16:34:49 +00:00
Bodo Möller
396cb5657b
More C language police work.
2010-08-27 13:17:59 +00:00
Bodo Möller
eb8ef241eb
C conformity fixes: Move declarations before statements in all blocks.
2010-08-27 12:07:35 +00:00
Bodo Möller
1b5af90b45
C conformity fixes:
...
- Move declarations before statements in all blocks.
- Where 64-bit type is required, use it explicitly (not 1l).
2010-08-27 11:29:30 +00:00
Bodo Möller
76af94eb27
(formatting error)
2010-08-26 14:40:11 +00:00
Bodo Möller
04daec862c
New 64-bit optimized implementation EC_GFp_nistp224_method().
...
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).
Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:55 +00:00
Bodo Möller
c94f7f657b
ECC library bugfixes.
...
Submitted by: Emilia Kasper (Google)
2010-08-26 12:11:01 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Bodo Möller
2d9dcd4ff0
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Dr. Stephen Henson
fed8dbf46d
PR: 2118
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org
Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Andy Polyakov
194274cb68
ec_mult.c: fix C4334 win64 compiler warning.
2009-05-02 11:18:44 +00:00
Ben Laurie
57a6ac7c4f
Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129)
2008-12-27 02:15:16 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Andy Polyakov
ea71ec1b11
ec2_mult.c readability update.
2008-10-28 13:53:51 +00:00
Andy Polyakov
6bf24568bc
Fix EC_KEY_check_key.
2008-09-23 17:33:11 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
156ee88285
Indicate support for digest init ctrl.
2008-05-02 11:24:40 +00:00
Andy Polyakov
ba6f95e81b
Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
...
platforms.
2008-04-24 10:04:26 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Andy Polyakov
1c56e95e28
Compress and more aggressively constify ec_curve.c [the latter is
...
achieved by minimizing link relocations].
2007-08-31 09:36:43 +00:00
Bodo Möller
19f6c524bf
Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
2007-05-22 09:47:43 +00:00
Ben Laurie
3b2eead381
Fix duplicate error number.
2007-04-05 17:09:43 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Nils Larsch
06e2dd037e
add support for ecdsa-with-sha256 etc.
2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4
Fix the BIT STRING encoding of EC points or parameter seeds
...
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Bodo Möller
5e3225cc44
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Dr. Stephen Henson
786aa98da1
Use correct pointer types for various functions.
2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Bodo Möller
c4e7870ac1
Change array representation of binary polynomials to make GF2m part of
...
the BN library more generally useful.
Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Dr. Stephen Henson
8bdcef40e4
New function to dup EVP_PKEY_CTX. This will be needed to make new signing
...
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412
Use size_t for new crypto size parameters.
2006-05-24 12:33:46 +00:00
Richard Levitte
7e76e56387
Someone made a mistake, and some function and reason codes got
...
duplicate numbers. Renumbering.
2006-05-12 15:27:52 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
a4e75b3dfd
Correct copyright notice... this doesn't contain any SSLeay code.
2006-04-24 00:07:26 +00:00
Nils Larsch
930b0c4b8a
make local function static
2006-04-20 09:53:49 +00:00
Dr. Stephen Henson
d202709808
Add OID cross reference table.
...
Fix some typos in GOST OIDs.
Update dependencies.
2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71
Provisional support for EC pkey method, supporting ECDH and ECDSA.
2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
3e4585c8fd
New utility pkeyparam. Enhance and bugfix algorithm specific parameter
...
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
e42633140e
Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
bd50e31325
Typo.
2006-03-23 14:08:33 +00:00
Dr. Stephen Henson
b2c0518e6a
Fix bug in DSA, EC methods.
2006-03-23 14:04:39 +00:00
Dr. Stephen Henson
d82e2718e2
Add information and pem strings. Update dependencies.
2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff
Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
...
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be
Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
...
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c
Gather printing routines into EVP_PKEY_ASN1_METHOD.
2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b
Transfer parameter handling and key comparison to algorithm methods.
2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
67b6f1ca88
fix problems found by coverity: remove useless code
2006-03-15 17:45:43 +00:00
Nils Larsch
eeb821f707
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
2006-03-14 22:48:41 +00:00
Nils Larsch
47d5566646
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
2006-03-13 23:14:57 +00:00
Nils Larsch
bbab9b61dd
remove unnecessary check
2006-02-08 18:52:43 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
a13c20f603
Further TLS extension updates
...
Submitted by: Peter Sylvester
2006-01-09 19:49:05 +00:00
Bodo Möller
51eb1b81f6
Avoid contradictive error code assignments.
...
"make errors".
2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:42:30 +00:00
Bodo Möller
67c03ff185
comment
2005-12-13 05:46:33 +00:00
Bodo Möller
6f44d4d247
deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
2005-11-16 04:07:43 +00:00
Bodo Möller
8dee9f844f
deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
2005-11-15 21:08:38 +00:00
Nils Larsch
ba12070f7e
add some doxygen comments
2005-09-19 08:10:10 +00:00
Bodo Möller
2238e8e477
correct+extend publication info
2005-09-12 01:39:46 +00:00
Nils Larsch
137023dd0c
fix function name in error
2005-09-03 08:01:08 +00:00
Nils Larsch
8215e7a938
fix warnings when building openssl with the following compiler options:
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Andy Polyakov
ff82bf3b07
Pedantic polish to WCE-specific #if clause in ectest.c
2005-08-11 08:42:46 +00:00
Andy Polyakov
0491e05833
Final(?) WinCE update.
2005-08-07 22:21:49 +00:00
Nils Larsch
b3b72cd92c
remove OPENSSL_NO_ASM dependency
2005-06-28 15:05:02 +00:00
Nils Larsch
bbbd67108f
fix typo, add prototype
2005-05-20 22:55:10 +00:00
Nils Larsch
8712009778
simplify EC_KEY_dup
2005-05-17 12:23:16 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Nils Larsch
7dc17a6cf0
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Nils Larsch
fcb41c0ee8
rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
...
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
ad0db060b1
More overwritten stuff...
2005-04-12 16:36:36 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Nils Larsch
37942fab51
include limits.h for UINT_MAX etc.
2005-04-11 20:59:58 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Nils Larsch
c2e40d0f9a
remove unused recp method
2005-04-04 18:15:59 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Bodo Möller
80c808b90b
Fix typo
...
PR: 1017
Submitted by: ciresh@yahoo.com
Reviewed by: Nils Larsch
2005-03-09 19:08:02 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
7f5b4dd1e8
Using Horner's algorithm to evaluate the ec polynomial
...
(suggested by Adam Young <ayoung@cigital.com>)
Submitted by: Nils Larsch
2004-07-16 03:24:19 +00:00
Geoff Thorpe
ace3ebd661
Improve error handling if decompression of an ec point fails, and cleanup
...
ec_curve.c (unify comments, etc).
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller, Geoff Thorpe
2004-07-06 15:50:04 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
ca982e4870
Fix realloc usage in ec_curve.c
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-05-04 20:08:55 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Geoff Thorpe
5148710994
Adds warnings about two curves and fixes the "seed" value for two other
...
curves.
Submitted by: Nils Larsch
2004-03-25 03:03:52 +00:00
Richard Levitte
560f7abb7e
Make sure we use unsigned constants, or come compilers may complain.
2004-03-15 22:33:19 +00:00
Geoff Thorpe
b6358c89a1
Convert openssl code not to assume the deprecated form of BN_zero().
...
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.
Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
2004-03-13 23:57:20 +00:00
Andy Polyakov
7f24b1c3e9
Get rid of bogus warning when compiling with Sun vendor compiler.
2004-01-24 16:31:21 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
0d78bc3356
Add IPSec/IKE/Oakley curves.
...
PR: 768
Submitted by: Vadim Fedukovich <vf@unity.net>
2003-11-29 09:25:59 +00:00
Geoff Thorpe
37af03d311
General improvements to the ec_asn1.c code. This squashes at least one bug
...
(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:09:18 +00:00
Geoff Thorpe
6bcd3f903a
Comments out some unimplemented functions instead of redeclaring them.
2003-10-29 04:42:29 +00:00
Bodo Möller
968766cad8
updates for draft-ietf-tls-ecc-03.txt
...
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Bodo Möller
652ae06bad
add test for secp160r1
...
add code for kP+lQ timings
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Reviewed by: Bodo Moeller
2003-07-22 10:39:10 +00:00
Bodo Möller
ada0e717fa
new function EC_GROUP_cmp() (used by EVP_PKEY_cmp())
...
Submitted by: Nils Larsch
2003-07-21 13:43:28 +00:00
Richard Levitte
163f5b236c
Correct signedness
2003-05-21 14:21:26 +00:00
Richard Levitte
513c01a591
Make sure EC_window_bits_for_scalar_size() returns a size_t
2003-05-21 08:40:06 +00:00
Richard Levitte
87c9c659de
Make sure we get the definition of OPENSSL_NO_EC.
2003-03-20 23:22:06 +00:00
Bodo Möller
155bd1137e
add Certicom licensing e-mail address
2003-02-27 12:25:35 +00:00
Bodo Möller
f2aa055ec6
treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c)
2003-02-21 16:06:39 +00:00
Bodo Möller
62e3163b1b
ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
...
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.
This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).
Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Bodo Möller
fbbfd86b67
typo
...
PR: 511
Submitted by: Eric Cronin
2003-02-19 16:29:47 +00:00
Bodo Möller
ba729265a8
Allow EC_GROUP objects to share precomputation for improved memory
...
efficiency (EC_PRE_COMP objects are now constant once completed).
Extend 'extra_data' API to support arbitrarily many slots (although we
need only one at the moment).
Modify EC internal 'extra_data' API: EC_GROUP_[clear_]free_extra_data
now frees only a single slot (the previous functions are available as
EC_GROUP_[clear_]free_all_extra_data).
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-12 18:30:16 +00:00
Richard Levitte
28f573a28d
Make sure memcpy() is properly declared by including string.h.
2003-02-10 11:14:35 +00:00
Bodo Möller
e2c9c91b5b
fix EC_GROUP_copy for EC_GFp_nist_method()
...
Submitted by: Nils Larsch
2003-02-08 19:51:37 +00:00
Bodo Möller
65b254e8c0
remove debugging leftovers
2003-02-08 15:56:05 +00:00
Bodo Möller
82871eaa17
comment
2003-02-07 11:54:57 +00:00
Bodo Möller
24893ca999
typo
2003-02-06 19:32:06 +00:00
Bodo Möller
37c660ff9b
implement fast point multiplication with precomputation
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2003-02-06 19:25:12 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Bodo Möller
bd1217a176
simplify
...
Submitted by: Nils Larsch
2003-01-28 13:08:21 +00:00
Bodo Möller
82516e3baf
cofactor is optional in parameter encodings
...
Submitted by: Nils Larsch
2003-01-25 15:28:49 +00:00
Bodo Möller
9b3f03d5a2
fix warnings
...
Submitted by: Nils Larsch
2003-01-21 09:53:14 +00:00
Bodo Möller
d745af4b0c
avoid potential confusion about curves (prime192v1 and prime256v1 are
...
also known as secp192r1 and secp256r1, respectively)
Submitted by: Nils Larsch, Bodo Moeller
2003-01-16 16:05:23 +00:00
Geoff Thorpe
e9224c7177
This is a first-cut at improving the callback mechanisms used in
...
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.
This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing. The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones. The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.
There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Richard Levitte
55f78baf32
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
...
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Bodo Möller
15994b034a
rename some functions to improve consistency
...
Submitted by: Sheueling Chang
2002-11-23 18:16:09 +00:00
Bodo Möller
922fa76e26
add a comment
2002-11-22 09:25:35 +00:00
Bodo Möller
137445140b
Make ec_GFp_simple_point_get_affine_coordinates() faster
...
for Montgomery representations.
Submitted by: Sheueling Chang, Bodo Moeller
2002-11-20 10:53:33 +00:00
Bodo Möller
a2dbcf3644
remove redundant functions
2002-11-18 14:37:35 +00:00
Bodo Möller
4663355496
use consistent order of function definitions
2002-11-18 14:33:39 +00:00
Richard Levitte
b4b82ab465
I forgot this is compiled in test/, not crypto/ec/...
2002-11-16 10:10:39 +00:00
Richard Levitte
0bf23d9b20
WinCE patches
2002-11-15 22:37:18 +00:00
Bodo Möller
acce40c585
this method does not need field_data1
2002-11-15 12:43:15 +00:00
Richard Levitte
af67804bef
make update
2002-11-14 23:56:12 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
d742bd882e
do tests with all built-in curves
...
Submitted by: Nils Larsch
2002-11-11 10:25:12 +00:00
Bodo Möller
97a06ad9ef
corrections to built-in curves
...
Submitted by: Nils Larsch
2002-11-11 10:24:52 +00:00
Bodo Möller
b53e44e572
implement and use new macros BN_get_sign(), BN_set_sign()
...
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Bodo Möller
259cdf2af9
Sun has agreed to removing the covenant language from most files.
...
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Richard Levitte
62dd6f161a
The #else part of the conditionals have two statements, so they need
...
to be surrounded with braces, or the surrounding if..else will fail
miserably in case the #else part is compiled.
2002-10-29 09:42:59 +00:00
Bodo Möller
19b8d06a79
clean up new code for NIST primes
...
create new lock CRYPTO_LOCK_BN to avoid race condition
2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117
fast reduction for NIST curves
...
Submitted by: Nils Larsch
2002-10-28 13:23:24 +00:00
Bodo Möller
f72ed6153b
remove superfluous code
...
Submitted by: Nils Larsch
2002-10-28 13:19:08 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
4c8f79a33e
make sure 'neg' flag (which does not really matter for GF(2^m), but
...
could cause confusion for ECDSA) is set to zero
Submitted by: Sheueling Chang
2002-09-16 13:52:48 +00:00
Bodo Möller
65b1d31df5
change API for looking at the internal curve list
...
Submitted by: Nils Larsch
2002-09-02 07:08:33 +00:00
Bodo Möller
34f1f2a81c
less specific interface for EC_GROUP_get_basis_type
...
Submitted by: Nils Larsch, Bodo Moeller
2002-08-26 18:08:53 +00:00
Bodo Möller
8aefe253a7
move EC_GROUP_get_basis_type() from ec_lib.c to ec_asn1.c
2002-08-26 11:33:13 +00:00
Bodo Möller
7e31164ae0
ASN1 for binary curves
...
Submitted by: Nils Larsch
2002-08-26 11:25:54 +00:00
Bodo Möller
7eb18f1237
Simplify handling of named curves: get rid of EC_GROUP_new_by_name(),
...
EC_GROUP_new_by_nid() should be enough. This avoids a lot of
redundancy.
Submitted by: Nils Larsch
2002-08-15 09:21:31 +00:00
Richard Levitte
5454829ae6
mem* functions are declared in string.h.
2002-08-10 01:36:14 +00:00
Bodo Möller
41fdcfa71e
fix warnings
2002-08-09 11:58:28 +00:00
Bodo Möller
e172d60ddb
Add ECDH support.
...
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-09 08:43:04 +00:00
Bodo Möller
14a7cfb32a
use a generic EC_KEY structure (EC keys are not ECDSA specific)
...
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Bodo Möller
848c849584
optical changes
2002-08-02 17:25:05 +00:00
Bodo Möller
102c8f47bf
typo
2002-08-02 15:28:31 +00:00
Bodo Möller
6fb60a84dd
Change BN_mod_sqrt() so that it verifies that the input value is
...
really the square of the return value.
2002-08-02 14:57:53 +00:00
Bodo Möller
35b73a1f20
Rename implementations of method functions so that they match
...
the new method names where _GF... suffixes have been removed.
Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.
Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
2002-08-02 14:28:37 +00:00
Bodo Möller
84d7e365a0
ec2_smpt.c must be listed in LIBSRC
2002-08-02 13:50:12 +00:00
Bodo Möller
64c3da230f
there is no alternative EC_METHOD for curves over GF(2^m) (yet)
2002-08-02 13:43:26 +00:00
Bodo Möller
7793f30e09
add support for elliptic curves over binary fields
...
Submitted by: Duglas Stebila <douglas.stebila@sun.com>,
Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entries by Bodo Moeller)
2002-08-02 13:42:24 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Bodo Möller
0bee0e6294
Use SEC1 format for EC private keys.
...
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.
Submitted by: Nils Larsch <nlarsch@compuserve.de>
2002-07-26 08:41:04 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
5f3d6f70f6
Implement handling of EC parameter seeds (new functions
...
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).
New functions ECPKParameters_print(), ECPKParameters_print_fp().
Submitted by: Nils Larsch
2002-06-18 08:38:59 +00:00
Lutz Jänicke
65ee74fbc7
Some more prototype fixes.
...
Use DECLARE macros in asn1* instead of direct declaration.
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
2002-06-14 19:01:52 +00:00
Bodo Möller
254ef80db1
simplify asn1_flag
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Bodo Möller
012c86ab74
move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
...
and make some appropriate changes to the EC library.
Submitted by: Nils Larsch
2002-06-10 12:41:18 +00:00
Bodo Möller
458c29175e
move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
...
and make some appropriate changes to the EC library.
Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Bodo Möller
c6c0e4cb32
fix memory leak
...
Submitted by: Nils Larsch
2002-06-06 10:33:05 +00:00
Bodo Möller
6cbe638294
New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
...
Submitted by: Nils Larsch
2002-05-30 13:16:03 +00:00
Richard Levitte
02cbedc387
Make sure short aliases are used where required.
2002-05-23 13:52:36 +00:00
Bodo Möller
7711de24f9
accept NULL in 'free' functions
2002-05-21 08:59:57 +00:00
Bodo Möller
b6db386ffd
Change internals of the EC library so that the functions
...
EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are
implemented directly in crypto/ec/ec_lib.c and not dispatched to
methods.
Also fix EC_GROUP_copy to copy the NID.
2002-05-08 11:54:24 +00:00
Bodo Möller
2c8d0dccfc
improve wNAF generation
2002-05-05 23:45:09 +00:00
Bodo Möller
f916052eab
remove disabled code
2002-04-14 13:28:17 +00:00
Lutz Jänicke
0ae1661ba2
Apply OID fixes for elliptic curves as supplied by
...
Nils Larsch <nlarsch@compuserve.de>.
2002-04-08 15:49:53 +00:00
Bodo Möller
17d6bb8158
New function EC_GROUP_check_discriminant().
...
Restructure implementation of EC_GROUP_check().
Submitted by: Nils Larsch
2002-03-20 10:18:07 +00:00
Bodo Möller
af28dd6c75
Fix bugs and typos.
...
Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-03-18 13:10:45 +00:00
Bodo Möller
4882171df5
EC curve stuff
...
Submitted by: Nils Larsch
2002-03-08 11:10:40 +00:00
Bodo Möller
709c51c424
fix spacing
2002-03-07 12:21:31 +00:00
Bodo Möller
9bc448546e
Add more curves.
...
Submitted by: Nils Larsch
Remove unnecessary 'const'.
2002-03-07 12:14:03 +00:00
Bodo Möller
36c194638e
add SECG OIDs
...
Submitted by: Nils Larsch
2002-03-06 13:47:32 +00:00
Bodo Möller
45fb737950
reference counting for EC_GROUP structures is not needed (at the
...
moment at least), so remove it
2002-03-06 09:46:17 +00:00
Bodo Möller
d009bcbfb6
bugfix: allocate sufficiently large buffer
...
Submitted by: Nils Larsch
2002-02-20 11:59:42 +00:00
Bodo Möller
8f06b00373
make it possible to disable memory checking for timings
2002-02-14 14:41:13 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Bodo Möller
60d8bae30d
some modifications to named curve support
2002-02-13 17:57:52 +00:00
Bodo Möller
945e15a253
add support for named curves
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 17:22:59 +00:00
Richard Levitte
b77fcddb6b
Apply a small patch from Oscar Jacobsson <oscar@jacobsson.org> that
...
makes things more compilable with VC++.
2002-01-26 04:50:41 +00:00
Bodo Möller
1226c472b7
oops
2001-12-17 19:26:43 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Bodo Möller
c05940edc7
comment
2001-11-22 11:08:38 +00:00
Bodo Möller
e71adb85c5
avoid stupid compiler warning
2001-11-16 11:37:36 +00:00
Bodo Möller
b19941ab05
comment
2001-11-16 06:22:21 +00:00
Bodo Möller
752938daab
use a more interesting test case
2001-11-16 06:22:05 +00:00
Bodo Möller
c78515f55e
comments etc.
2001-11-15 22:35:41 +00:00
Bodo Möller
3ba1f11147
Improve EC efficiency.
2001-11-15 22:32:11 +00:00
Richard Levitte
37da54b10e
The #error message must match a very specific regexp (see mkdef.pl,
...
currently line 470).
2001-09-26 15:18:32 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Bodo Möller
9c10b2c8d3
For consistency with the terminology used in my SAC2001 paper, avoid
...
the term "simultaneous multiplication" (which -- acording to the
paper, at least -- applies only to certain methods which we don't use
here)
2001-07-10 11:41:29 +00:00
Bodo Möller
56a106115f
comment change
2001-07-10 11:28:53 +00:00
Bodo Möller
e3a4f8b84c
Precomputation will not necessarily be LIm-Lee precomputation.
2001-07-10 10:04:05 +00:00
Bodo Möller
b8e2f83ae6
Call ENGINE_cleanup() to avoid memory leak.
2001-07-04 20:55:36 +00:00
Richard Levitte
1f0af2c073
len is a size_t, which is an unsigned integer. Therefore, some
...
compilers will complain against the check for less than zero.
2001-05-14 11:56:47 +00:00
Bodo Möller
413a4a0461
Fix warnings.
2001-04-03 14:03:47 +00:00
Richard Levitte
8a2908a24a
Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to
...
be "#if 0"'d, or they will (re)appear as existing functions in
util/libeay.num.
2001-03-21 12:34:34 +00:00
Bodo Möller
26fbabf3d1
Increase boundaries in EC_window_bits_for_scalar_size table.
2001-03-20 11:16:12 +00:00
Bodo Möller
37cdcb4d8a
Table for window sizes.
2001-03-19 22:38:24 +00:00
Bodo Möller
4f69172d25
Completely remove mont2 stuff.
...
It does not appear to be faster than the current Montgomery code
except for very small moduli (somewhere between 192 and 224 bits
in a 64-bit Sun environment, and even less than 192 bits
on 32 bit systems).
2001-03-15 18:17:40 +00:00
Bodo Möller
63c43dcc59
avoid infinite loop
2001-03-15 11:31:37 +00:00
Richard Levitte
37a92e9ce4
make update.
2001-03-13 21:47:23 +00:00
Bodo Möller
194dd04699
Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult,
...
which indicate its purpose more clearly.
2001-03-12 07:26:23 +00:00
Bodo Möller
5b054c6955
EC_METHOD based on bn_mont2 (not used in the library)
2001-03-11 17:43:07 +00:00
Bodo Möller
10654d3a74
Forcibly enable memory leak checking during "make test"
2001-03-11 14:49:46 +00:00
Bodo Möller
6017e604f8
Timings are not supposed to be enabled by default ...
2001-03-11 12:30:52 +00:00