Dr. Stephen Henson
2fffc29bd1
make timing attack protection unconditional
2011-09-01 14:23:31 +00:00
Dr. Stephen Henson
e82d6a2019
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:43:05 +00:00
Dr. Stephen Henson
7805e23588
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:33 +00:00
Bodo Möller
4726fcfc25
Should reject signatures that we can't properly verify
...
and couldn't generate
(as pointed out by Ernst G Giessmann)
2007-11-19 07:25:55 +00:00
Bodo Möller
da989402f2
The hash length check wasn't strict enough,
...
as pointed out by Ernst G Giessmann
2007-11-16 13:01:14 +00:00
Nils Larsch
2fc281d01f
return an error if the supplied precomputed values lead to an invalid signature
2006-10-04 19:37:17 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Nils Larsch
6a50d0a422
hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis
...
for ecdh)
2005-04-29 15:56:06 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Nils Larsch
a0bee97e55
more const
2005-04-22 21:57:36 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
c6700d2746
A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:32:53 +00:00
Lutz Jänicke
a74333f905
Fix initialization sequence to prevent freeing of unitialized objects.
...
Submitted by: Nils Larsch <nla@trustcenter.de>
PR: 459
2003-01-15 14:54:59 +00:00
Bodo Möller
b53e44e572
implement and use new macros BN_get_sign(), BN_set_sign()
...
Submitted by: Nils Larsch
2002-11-04 13:17:22 +00:00
Bodo Möller
14a7cfb32a
use a generic EC_KEY structure (EC keys are not ECDSA specific)
...
Submitted by: Nils Larsch
2002-08-07 10:49:54 +00:00
Bodo Möller
0bee0e6294
Use SEC1 format for EC private keys.
...
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.
Submitted by: Nils Larsch <nlarsch@compuserve.de>
2002-07-26 08:41:04 +00:00
Bodo Möller
532203cdb0
remove unnecessary calls to EC_POINT_copy()
2002-06-10 11:02:55 +00:00
Bodo Möller
3613e6fc57
simplifications
...
Submitted by: Nils Larsch
2002-02-20 13:08:17 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00