wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11483 commits 20 branches 302 tags 153 MiB
Commit graph

334 commits

Author SHA1 Message Date
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls. 
New functionality to allow default DRBG type to be set during compilation
or during runtime.
 2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
572712d82a recognise ecdsaWithSHA1 OID 2011-07-28 14:42:53 +00:00
Dr. Stephen Henson
6342b6e332 Redirection of ECDSA, ECDH operations to FIPS module. 
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
 2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
59bc67052b Add flags field to EC_KEY structure (backport from HEAD). 2011-06-06 13:18:03 +00:00
Dr. Stephen Henson
c090562828 Make no-ec2m work again (backport from HEAD). 2011-06-06 13:00:30 +00:00
Dr. Stephen Henson
69e2ec63c5 Reorganise ECC code so it can use FIPS module. 
Move compression, point2oct and oct2point functions into separate files.

Add a flags field to EC_METHOD.

Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions
(all existing methods do this). This removes dependencies from EC_METHOD while
keeping original functionality.

Backport from HEAD with minor changes.
 2011-06-06 12:54:51 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
e24b01cc6f Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by 
default. If we don't do it this way, it screws up libeay.num.
(update from HEAD, original from levitte).
 2011-05-12 13:10:27 +00:00
Dr. Stephen Henson
947f4e90c3 New function EC_KEY_set_affine_coordinates() this performs all the 
NIST PKV tests.
 2011-01-24 16:09:57 +00:00
Dr. Stephen Henson
d184c7b271 check EC public key isn't point at infinity 2011-01-24 15:07:47 +00:00
Dr. Stephen Henson
913488c066 PR: 1612 
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
 2011-01-24 14:41:49 +00:00
Dr. Stephen Henson
945ba0300d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:56:25 +00:00
Bodo Möller
4705ff7d6d More C language police work. 2010-08-27 13:17:58 +00:00
Bodo Möller
74b5feea7b C conformity fixes: Move declarations before statements in all blocks. 2010-08-27 12:07:12 +00:00
Bodo Möller
11a36aa96f C conformity fixes: 
- Move declarations before statements in all blocks.
- Where 64-bit type is required, use it explicitly (not 1l).
 2010-08-27 11:29:09 +00:00
Bodo Möller
42ecf418f5 (formatting error) 2010-08-26 14:38:49 +00:00
Bodo Möller
48ce525d16 New 64-bit optimized implementation EC_GFp_nistp224_method(). 
Binary compatibility is not affected as this will only be
compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
 2010-08-26 14:29:27 +00:00
Bodo Möller
82281ce47d ECC library bugfixes. 
Submitted by: Emilia Kapser (Google)
 2010-08-26 12:10:57 +00:00
Bodo Möller
7fe747d1eb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:30 +00:00
Dr. Stephen Henson
9117b9d17a PR: 2118 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
 2009-11-30 13:53:42 +00:00
Andy Polyakov
27c7e53882 ec_mult.c: update from HEAD (Win64 compile warnings). 2009-05-05 19:23:45 +00:00
Ben Laurie
57a6ac7c4f Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) 2008-12-27 02:15:16 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
ea71ec1b11 ec2_mult.c readability update. 2008-10-28 13:53:51 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
156ee88285 Indicate support for digest init ctrl. 2008-05-02 11:24:40 +00:00
Andy Polyakov
ba6f95e81b Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit 
platforms.
 2008-04-24 10:04:26 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Andy Polyakov
1c56e95e28 Compress and more aggressively constify ec_curve.c [the latter is 
achieved by minimizing link relocations].
 2007-08-31 09:36:43 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
3b2eead381 Fix duplicate error number. 2007-04-05 17:09:43 +00:00
Dr. Stephen Henson
560b79cbff Constify version strings and some structures. 2007-01-21 13:07:17 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds 
(need to prevent the removal of trailing zero bits).
 2006-12-19 15:11:37 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
 2006-09-28 13:45:34 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl. 
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
 2006-07-10 18:36:55 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of 
the BN library more generally useful.

Submitted by: Douglas Stebila
 2006-06-18 22:00:57 +00:00
Dr. Stephen Henson
8bdcef40e4 New function to dup EVP_PKEY_CTX. This will be needed to make new signing 
functions and EVP_MD_CTX_copy work properly.
 2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412 Use size_t for new crypto size parameters. 2006-05-24 12:33:46 +00:00
Richard Levitte
7e76e56387 Someone made a mistake, and some function and reason codes got 
duplicate numbers.  Renumbering.
 2006-05-12 15:27:52 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
a4e75b3dfd Correct copyright notice... this doesn't contain any SSLeay code. 2006-04-24 00:07:26 +00:00
Nils Larsch
930b0c4b8a make local function static 2006-04-20 09:53:49 +00:00
Dr. Stephen Henson
d202709808 Add OID cross reference table. 
Fix some typos in GOST OIDs.

Update dependencies.
 2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71 Provisional support for EC pkey method, supporting ECDH and ECDSA. 2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter 
functions to support it.
 2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
e42633140e Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. 2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
bd50e31325 Typo. 2006-03-23 14:08:33 +00:00
Dr. Stephen Henson
b2c0518e6a Fix bug in DSA, EC methods. 2006-03-23 14:04:39 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to 
initialize it. Initial support for application added public key ASN1.
 2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be Move algorithm specific print code from crypto/asn1/t_pkey.c to separate 
*_prn.c files in each algorithm directory.
 2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b Transfer parameter handling and key comparison to algorithm methods. 2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public 
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
 2006-03-20 12:22:24 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Nils Larsch
eeb821f707 fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() 2006-03-14 22:48:41 +00:00
Nils Larsch
47d5566646 fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() 2006-03-13 23:14:57 +00:00
Nils Larsch
bbab9b61dd remove unnecessary check 2006-02-08 18:52:43 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup 
Submitted by: David Hartman <david_hartman@symantec.com>
 2006-01-29 23:12:22 +00:00
Bodo Möller
a13c20f603 Further TLS extension updates 
Submitted by: Peter Sylvester
 2006-01-09 19:49:05 +00:00
Bodo Möller
51eb1b81f6 Avoid contradictive error code assignments. 
"make errors".
 2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8 Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) 2006-01-08 19:42:30 +00:00
Bodo Möller
67c03ff185 comment 2005-12-13 05:46:33 +00:00
Bodo Möller
6f44d4d247 deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-16 04:07:43 +00:00
Bodo Möller
8dee9f844f deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-15 21:08:38 +00:00
Nils Larsch
ba12070f7e add some doxygen comments 2005-09-19 08:10:10 +00:00
Bodo Möller
2238e8e477 correct+extend publication info 2005-09-12 01:39:46 +00:00
Nils Larsch
137023dd0c fix function name in error 2005-09-03 08:01:08 +00:00
Nils Larsch
8215e7a938 fix warnings when building openssl with the following compiler options: 
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
        -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
        -Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
        -Wno-unused-parameter -Wuninitialized
 2005-08-28 22:49:57 +00:00
Andy Polyakov
ff82bf3b07 Pedantic polish to WCE-specific #if clause in ectest.c 2005-08-11 08:42:46 +00:00
Andy Polyakov
0491e05833 Final(?) WinCE update. 2005-08-07 22:21:49 +00:00
Nils Larsch
b3b72cd92c remove OPENSSL_NO_ASM dependency 2005-06-28 15:05:02 +00:00
Nils Larsch
bbbd67108f fix typo, add prototype 2005-05-20 22:55:10 +00:00
Nils Larsch
8712009778 simplify EC_KEY_dup 2005-05-17 12:23:16 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary: 
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
 2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name: 
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
 2005-05-10 11:37:47 +00:00
Nils Larsch
7dc17a6cf0 give EC_GROUP_*_nid functions a more meaningful name 
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
 2005-05-08 22:09:12 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms 
for now (it was broken anyway)
 2005-05-03 20:23:33 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes. 
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
 2005-04-26 18:53:22 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign 
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
 2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
ad0db060b1 More overwritten stuff... 2005-04-12 16:36:36 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Nils Larsch
37942fab51 include limits.h for UINT_MAX etc. 2005-04-11 20:59:58 +00:00