Commit graph

687 commits

Author SHA1 Message Date
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Tim Hudson
82f52631b2 Fix EC_KEY_print so it prints out private key information
even when the public key is not present in an EC_KEY

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-09-10 06:53:33 +10:00
David Woodhouse
978ecbb08b Avoid EVP_PKEY_cmp() crash on EC keys without public component
Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.

Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.

GH: 1532

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
(cherry picked from commit 92ed7fa575)
2016-09-07 13:57:48 -04:00
Andy Polyakov
d8f432aa97 Add ecp_nistz256-ppc64 module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:32 +02:00
Rich Salz
d196305aa0 Remove comment tags from structs (coding style)
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-29 09:07:38 -04:00
Rich Salz
66117ab0f6 Use uppercase name for PCT_ enum
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-29 09:06:24 -04:00
Andy Polyakov
d3034d31e7 ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 17:13:09 +02:00
Andy Polyakov
c74aea8d6c ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
RT#4625

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:55:11 +01:00
Andy Polyakov
e3057a57ca ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
RT#4625

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:55:02 +01:00
Andy Polyakov
dfde4219fd ec/asm/ecp_nistz256-*.pl: addition to perform stricter reduction.
Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:44:56 +01:00
Andy Polyakov
b62b2454fa ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:44:48 +01:00
Kazuki Yamaguchi
0110a47036 Fix a memory leak in EC_GROUP_get_ecparameters()
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:03 +01:00
Andy Polyakov
2e929e538c ecp_nistz256.c: get is_one on 32-bit platforms right.
Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-21 22:16:48 +02:00
Dr. Stephen Henson
60c2587369 constify i2o_ECPublicKey
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:44:18 +01:00
Dr. Stephen Henson
245c6bc33b Constify private key decode.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
ac4e257747 constify X509_ALGOR_get0()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
17ebf85abd Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:35 +01:00
Dr. Stephen Henson
bc7bfb83b7 Remove old EC based X25519 code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
3bca6c2731 Add encoded points to other EC curves too.
Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
5d6aaf8a9d Add point ctrls to X25519
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
873feeb9cf add to build.info
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
59bf0f031f make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
756b198d24 X25519 public key methods
Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
FdaSilvaYY
700b814549 Fix some style issues...
extra spacing and 80 cols

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1366)
2016-08-02 09:59:23 +02:00
Richard J. Moore
4a9a0d9bcb Const EC_KEY_dup
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
FdaSilvaYY
25d57dc71b Constify EC_KEY_*_oct2priv() input buffer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
8cc44d970c Don't allocate r/s in DSA_SIG and ECDSA_SIG
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-20 14:02:54 +01:00
Miroslav Franc
563c1ec618 fix memory leaks
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1313)
2016-07-16 12:32:34 -04:00
Richard Levitte
b8a7bd83e6 Fix ASN.1 private encode of EC_KEY to not change the input key
RT#4611

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-15 15:14:44 +02:00
Dr. Stephen Henson
d166ed8c11 check return values for EVP_Digest*() APIs
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 14:09:05 +01:00
Alessandro Ghedini
a66069dbcd Fix printing private EC_KEY
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1273)
2016-07-01 10:46:21 -04:00
FdaSilvaYY
02e112a885 Whitespace cleanup in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
Rich Salz
dca5eeb4d0 RT2680: Public EC key is shown as private
Re-implemented as suggested by Steve Henson.
Also change ECParameters_print the same way.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-26 17:28:16 -04:00
huangqinjin
51a3b763c3 Make x25519_compute_key() return a boolean
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 17:13:23 +01:00
huangqinjin
65ea288d47 Make ossl_ecdh_compute_key() return a boolean
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 17:13:23 +01:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const.
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 14:58:36 +02:00
FdaSilvaYY
93b8981d89 Useless includes
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
TJ Saunders
bbaa9dd850 Ensure that NULL r and s parameters cannot be set on DSA_SIG/ECDSA_SIGs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
7ca3ea22c1 Reorder the setter arguments to more consistently match that of other APIs,
per review comments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
6a571a18dd Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
Emilia Kasper
1e2012b7ff RT 4242: reject invalid EC point coordinates
We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-09 23:58:20 +02:00
Matt Caswell
0e9eb1a57b Free tempory data on error in ec_wNAF_mul()
The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Dr. Stephen Henson
f72f00d495 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:06:16 +01:00
Andy Polyakov
cfe1d9929e x86_64 assembly pack: tolerate spaces in source directory name.
[as it is now quoting $output is not required, but done just in case]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:51 +02:00
Andy Polyakov
ff823ee89b SPARC assembly pack: add missing .type directives.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-28 22:14:13 +02:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
FdaSilvaYY
11ed851db0 Fix and simplify error handling in (RSA/EC_kmeth)_new_method()
Inspired from PR #873.
Nearly same as 2bbf0ba.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 13:37:02 +01:00
Rich Salz
6aa36e8e5a Add OpenSSL copyright to .pl files
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-21 08:23:39 -04:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
aa6bb1352b Copyright consolidation 05/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 15:38:09 -04:00
Rich Salz
4f22f40507 Copyright consolidation 06/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:04 -04:00
Steven Valdez
2ab851b779 Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
RT#4363

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-11 18:48:48 +01:00
FdaSilvaYY
dccd20d1b5 fix tab-space mixed indentation
No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:09:55 +01:00
J Mohan Rao Arisankala
cb1d435cac few missing allocation failure checks and releases on error paths
- Missing checks for allocation failure.
- releasing memory in few missing error paths

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
Emilia Kasper
0eadff033f Document inversion ladder in curve25519
This demystifies two for-loops that do nothing. They were used to write
the ladder in a unified way. Now that the ladder is otherwise commented,
remove the dead loops.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 18:51:53 +02:00
Matt Caswell
b8c51459aa Remove some dead code from EC_GROUP_check()
EC_GROUP_check() was obtaining a temporary BIGNUM from the BN_CTX, but
then not using it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Matt Caswell
40a8643a37 Avoid a NULL ptr deref if group is not set
We should only copy parameters and keys if the group is set. Otherwise
they don't really make any sense. Previously we copied the private key
regardless of whether the group was set...but if it wasn't a NULL ptr
deref could occur. It's unclear whether we could ever get into that
situation, but since we were already checking it for the public key we
should be consistent.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Kazuki Yamaguchi
acde647fb0 Fix EC_KEY_set_private_key() to call key->group->meth->set_private()
Fix a bug introduced by 6903e2e7e9 (Extended EC_METHOD customisation
support., 2016-02-01). key->meth->set_private() is wrongly called where
it should call key->group->meth->set_private().

PR#4517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-23 04:24:27 +01:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Shlomi Fish
085b386065 Fix the spelling of "implement".
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-14 08:15:27 -04:00
David Benjamin
fe56d8e8a3 RT 4393: Call EC_GROUP_order_bits in priv2opt.
The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-29 20:03:48 +02:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Dr. Stephen Henson
34c2db9b56 constify ECDSA_SIG_get0()
PR#4436

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-19 22:04:38 +00:00
Richard Levitte
f425f9dcff Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Andy Polyakov
ee619197db crypto/*/build.info: make it work on ARM platforms.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:30:57 +01:00
Richard Levitte
a5aa63a456 Fix some assembler generating scripts for better unification
Some of these scripts would recognise an output parameter if it looks
like a file path.  That works both in both the classic and new build
schemes.  Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component).  Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-11 00:54:31 +01:00
Richard Levitte
f0667b1430 Add include directory options for assembler files that include from crypto/
Closes RT#4406

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 20:30:47 +01:00
Richard Levitte
03f880e4fc The typedef ECPARAMETERS is already defined, don't define it anew
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-10 11:29:08 +01:00
Rich Salz
60b350a3ef RT3676: Expose ECgroup i2d functions
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 12:25:21 -05:00
Richard Levitte
5b14d5b5a0 Make sure the effect of "pic" / "no-pic" is used with assembler compilations
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.

Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).

However, ASFLAGS was forgotten.  That's what's corrected with this
change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Andy Polyakov
1a66190888 ec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.
RT#4284

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:21:11 +01:00
Richard Levitte
73d2fb66ef Unified - adapt the generation of ec assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in crypto/ec/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 11:09:26 +01:00
Richard Levitte
e519ecd8d4 Include e_os.h from ec_lcl.h
The EC code recently started using REF_PRINT_COUNT and REF_ASSERT_ISNT.
Those are defined in e_os.h.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 19:55:40 +01:00
Alessandro Ghedini
c001ce3313 Convert CRYPTO_LOCK_X509_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
9b398ef297 Convert CRYPTO_LOCK_EC_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Andy Polyakov
eb77e8886d SPARCv9 assembly pack: unify build rules and argument handling.
Make all scripts produce .S, make interpretation of $(CFLAGS)
pre-processor's responsibility, start accepting $(PERLASM_SCHEME).
[$(PERLASM_SCHEME) is redundant in this case, because there are
no deviataions between Solaris and Linux assemblers. This is
purely to unify .pl->.S handling across all targets.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 15:51:06 +01:00
Rich Salz
a4cb3bc8f2 GH616: Remove dead code
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-05 13:45:40 -05:00
Emilia Kasper
5b7af0dd6c Curve25519: fix const-initialization
Clang is permissive of this, but gcc fails.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 18:13:05 +01:00
Emilia Kasper
b95779846d Curve25519: avoid undefined behaviour
Appease the sanitizer: avoid left shifts of negative values.

This could've been done entirely with casts to uint and back,
but using masks seemed slightly more readable.

There are also implementation-defined signed right shifts in this
code. Those remain.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 12:28:01 +01:00
Emilia Kasper
8185e649f8 Clean up curve25519 build
- Remove OPENSSL_X25519_X86_64 which never worked, because we don't have
  the assembly.
- Also remove OPENSSL_SMALL (which should have been
  OPENSSL_SMALL_FOOTPRINT) which isn't a priority at the moment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-03 16:53:19 +01:00
Dr. Stephen Henson
e9b1c42f75 make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:48:12 +00:00
Dr. Stephen Henson
e2285d878d Handle KDF internally.
Handle KDF in ECDH_compute_key instead of requiring each implementation
support it. This modifies the compute_key method: now it allocates and
populates a buffer containing the shared secret.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:48:12 +00:00
Emilia Kasper
fdfb8c8486 curve25519: add missing const-qualifier
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-02 17:23:36 +01:00
Kurt Roeckx
dc22d6b37e Make k25519Precomp const
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

MR: #2184
2016-03-02 13:39:25 +01:00
Dr. Stephen Henson
83f0e802ab make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Dr. Stephen Henson
9ff9bccc41 Add default operations to EC_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Dr. Stephen Henson
77470e989c Replace overrides.
Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Dr. Stephen Henson
15e58273da remove unused variables
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-29 15:13:31 +00:00
Dr. Stephen Henson
5697291f2d Remove unused code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
0780daa030 Change BORINGSSL defines to OPENSSL
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
244e5f5de6 Initial adaptations for Curve25519 code.
Fix "mixed declarations and code" warnings.
Use OpenSSL headers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Emilia Kasper
df3bde6791 Place under OpenSSL license.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
a90def6b53 Add X25519 code from BoringSSL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
1db3107ada TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:54 +00:00
Dr. Stephen Henson
af4f2ad9dd Add X25519 curve to list
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
4b0555ec9d Add no signing flag.
Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
8dcfdbf510 Add new EC_METHOD for X25519.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00