Commit graph

89 commits

Author SHA1 Message Date
Dr. Stephen Henson
1e368ab08f Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:43:47 +00:00
Dr. Stephen Henson
6d12b1f82b check buffer is larger enough before overwriting 2011-04-06 18:07:12 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
b172352b52 PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:16 +00:00
Ben Laurie
4e92353d23 Make it build, plus make depend. 2009-09-27 14:04:33 +00:00
Dr. Stephen Henson
cf51a0dccb Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
2009-09-09 12:07:41 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy.
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
7d610299c9 Should reject signatures that we can't properly verify
and couldn't generate
(as pointed out by Ernst G Giessmann)
2007-11-19 07:25:28 +00:00
Bodo Möller
5c676c47cd The hash length check wasn't strict enough,
as pointed out by Ernst G Giessmann
2007-11-16 13:00:57 +00:00
Dr. Stephen Henson
14346b3456 Fix warnings: C++ comments and computed value not used. 2007-07-04 12:56:33 +00:00
Dr. Stephen Henson
4a0d3530e0 Update from HEAD. 2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
115fc340cb Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
Nils Larsch
aa145866f9 return an error if the supplied precomputed values lead to an invalid signature 2006-10-04 19:55:03 +00:00
Nils Larsch
58828ae573 fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman 2006-02-13 08:22:39 +00:00
Nils Larsch
22d1087e16 backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
Andy Polyakov
99237262d4 Missing CFLAG in couple of depend: targets [from HEAD].
PR: 1247
Submitted by: Doug Kaufman
2005-12-18 19:02:22 +00:00
Nils Larsch
f95d097359 fix typo 2005-07-17 21:05:11 +00:00
Nils Larsch
4913b88f70 make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
	make all test
work again (+ make update)

PR: 1159
2005-07-16 11:13:10 +00:00
Richard Levitte
8bdbf50772 Wrap the inclusion of openssl/engine.h with a protective check for
the absence of OPENSSL_NO_ENGINE.
2005-06-23 22:08:41 +00:00
Nils Larsch
aff2922f9a fix typo, add prototype 2005-05-20 23:01:31 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary:
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name:
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
6a50d0a422 hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis
for ecdh)
2005-04-29 15:56:06 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
a0bee97e55 more const 2005-04-22 21:57:36 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
58ae65cd1a Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Geoff Thorpe
0210065bbd Quick fix.
Submitted by: Nils Larsch
2004-07-16 03:24:51 +00:00
Geoff Thorpe
b3b6720944 Correct the return codes for ecdsatest.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-14 23:37:32 +00:00
Geoff Thorpe
0f814687b9 Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Geoff Thorpe
3a87a9b9db Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
Geoff Thorpe
c6700d2746 A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:32:53 +00:00
Ulf Möller
a9f2330f43 Skip a curve with generator of non-prime order.
Submitted by: Nils Larsch
2003-12-06 11:41:22 +00:00
Ulf Möller
31182ad39b re-enable the test, keeping the original method for RAND_pseudo_bytes
which is used by BN_DEBUG_RAND
Submitted by: Nils Larsch
2003-11-16 19:33:31 +00:00
Ulf Möller
ac9c6e10a4 The x9.62 tests replace the PRNG with specific numbers,
so don't run them if BN_DEBUG_RAND is defined.

Also, fix another small bug.

Submitted by: Nils Larsch
2003-11-16 12:24:45 +00:00
Richard Levitte
d1465bac90 make update 2003-05-01 04:10:32 +00:00
Richard Levitte
3b6aa36c77 Make sure we get the definition of OPENSSL_NO_ECDSA. 2003-03-20 23:22:31 +00:00
Richard Levitte
78951e7711 Make sure we get the definition of OPENSSL_NO_ERR. 2003-03-20 23:19:41 +00:00
Lutz Jänicke
a74333f905 Fix initialization sequence to prevent freeing of unitialized objects.
Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459
2003-01-15 14:54:59 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Bodo Möller
2b32b28191 Don't compute timings here, we can do this elsewhere.
Include X9.62 signature examples.

Submitted by: Nils Larsch
2002-12-04 17:38:40 +00:00