Dr. Stephen Henson
7c23127fde
Add functions to set ECDSA_METHOD structure.
...
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
(cherry picked from commit 94c2f77a62
)
2013-09-18 01:23:40 +01:00
Bodo Möller
b626f0396c
Fix EC_KEY initialization race.
...
Submitted by: Adam Langley
2012-10-05 20:50:38 +00:00
Ben Laurie
6a4b87eb9d
Fix warning.
2011-12-09 20:15:48 +00:00
Bodo Möller
a0dce9be76
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:40:42 +00:00
Dr. Stephen Henson
4c3c975066
make timing attack protection unconditional
2011-09-01 14:23:22 +00:00
Dr. Stephen Henson
3a5b97b7f1
Don't set default public key methods in FIPS mode so applications
...
can switch between modes.
2011-06-20 19:41:13 +00:00
Dr. Stephen Henson
b6d63b2516
Check fips method flags for ECDH, ECDSA.
2011-06-08 14:01:00 +00:00
Dr. Stephen Henson
6342b6e332
Redirection of ECDSA, ECDH operations to FIPS module.
...
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
f610a516a0
Backport from HEAD:
...
New option to disable characteristic two fields in EC code.
Make no-ec2m work on Win32 build.
2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
6ea8d138d3
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:42:27 +00:00
Dr. Stephen Henson
f2c358c6ce
check buffer is larger enough before overwriting
2011-04-06 18:06:54 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
7805e23588
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:33 +00:00
Dr. Stephen Henson
c90a1ae0c9
make update
2009-10-18 14:44:51 +00:00
Dr. Stephen Henson
1a3914fe0c
Seed PRNG with DSA and ECDSA digests for additional protection against
...
possible PRNG state duplication.
2009-09-09 12:14:36 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Bodo Möller
4726fcfc25
Should reject signatures that we can't properly verify
...
and couldn't generate
(as pointed out by Ernst G Giessmann)
2007-11-19 07:25:55 +00:00
Bodo Möller
da989402f2
The hash length check wasn't strict enough,
...
as pointed out by Ernst G Giessmann
2007-11-16 13:01:14 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Nils Larsch
2fc281d01f
return an error if the supplied precomputed values lead to an invalid signature
2006-10-04 19:37:17 +00:00
Nils Larsch
0c9caf04de
fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman
2006-02-13 08:16:00 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Andy Polyakov
7304956e39
Missing CFLAG in couple of depend: targets.
...
PR: 1247
Submitted by: Doug Kaufman
2005-12-18 19:00:54 +00:00
Nils Larsch
b17ecb642b
cleanup doxygen comments
2005-09-19 08:32:56 +00:00
Nils Larsch
f42e6d24f2
fix typo
2005-07-17 21:04:19 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Richard Levitte
97b708910a
Wrap the inclusion of openssl/engine.h with a protective check for
...
the absence of OPENSSL_NO_ENGINE.
2005-06-23 22:08:47 +00:00
Nils Larsch
bbbd67108f
fix typo, add prototype
2005-05-20 22:55:10 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d
Update util/ck_errf.pl script, and have it run automatically
...
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
6a50d0a422
hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis
...
for ecdh)
2005-04-29 15:56:06 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
a0bee97e55
more const
2005-04-22 21:57:36 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
58ae65cd1a
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
...
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
2004-10-21 00:06:14 +00:00
Geoff Thorpe
0210065bbd
Quick fix.
...
Submitted by: Nils Larsch
2004-07-16 03:24:51 +00:00
Geoff Thorpe
b3b6720944
Correct the return codes for ecdsatest.
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-06-14 23:37:32 +00:00