Andy Polyakov
9fbbdd73c5
Avoid reading an unused byte after the buffer
...
Other curves don't have this problem.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-14 18:23:41 +01:00
Rich Salz
10bf4fc2c3
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
...
Suggested by John Foley <foleyj@cisco.com>.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Matt Caswell
535bc8faf6
Remove pointless free, and use preferred way of calling d2i_* functions
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:24 +00:00
Matt Caswell
9e442d4850
Fix a failure to NULL a pointer freed on error.
...
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:07 +00:00
Dr. Stephen Henson
86f300d385
Use named curve parameter encoding by default.
...
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.
Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-19 14:44:46 +00:00
Andy Polyakov
7a6c9a2e96
Add ec/asm/ecp_nistz256-armv4.pl module.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:34:18 +01:00
Andy Polyakov
5afc296aa6
ec/ecp_nistz256.c: fix compiler warnings.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:04:28 +01:00
Andy Polyakov
5029291722
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 21:52:25 +01:00
Andy Polyakov
aa9db2d292
Add ec/asm/ecp_nistz256-x86.pl module.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:19:16 +01:00
Rich Salz
6f91b017bb
Live code cleanup: remove #if 1 stuff
...
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Rich Salz
c8fa2356a0
Dead code cleanup: crypto/ec,ecdh,ecdsa
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:56:47 -05:00
Rich Salz
9ccc00ef6e
Dead code cleanup: #if 0 dropped from tests
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Rich Salz
49b05c7d50
Rename index to idx to avoid symbol conflicts.
...
Picky compilers with old index() string functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:23:01 -05:00
Rich Salz
a00ae6c46e
OPENSSL_NO_xxx cleanup: many removals
...
The following compile options (#ifdef's) are removed:
OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
This diff is big because of updating the indents on preprocessor lines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 10:06:22 -05:00
Matt Caswell
35a1cc90bc
More comment realignment
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5
Re-align some comments after running the reformat script.
...
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6
Move more comments that confuse indent
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
20728adc8f
ec/ecp_nistz256.c: further harmonization with latest rules.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
58d47cf004
ec/ecp_nistz256.c: harmonize with latest indent script.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
b853717fc4
Fix strange formatting by indent
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
dbd87ffc21
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:08 +00:00
Matt Caswell
e636e2acd7
Fix source where indent will not be able to cope
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
23a22b4cf7
More comments
...
Conflicts:
crypto/dsa/dsa_vrf.c
crypto/ec/ec2_smpl.c
crypto/ec/ecp_smpl.c
Conflicts:
demos/bio/saccept.c
ssl/d1_clnt.c
Conflicts:
bugs/dggccbug.c
demos/tunala/cb.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:06 +00:00
Matt Caswell
c80fd6b215
Further comment changes for reformat (master)
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:19:59 +00:00
Rich Salz
4b618848f9
Cleanup OPENSSL_NO_xxx, part 1
...
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-14 15:57:28 -05:00
Matt Caswell
3a83462dfe
Further comment amendments to preserve formatting prior to source reformat
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-06 15:45:25 +00:00
Andy Polyakov
9e557ab262
ecp_nistz256-x86_64.pl: fix occasional failures.
...
RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2015-01-04 23:18:04 +01:00
Tim Hudson
1d97c84351
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Rich Salz
e03b29871b
RT3548: Remove outdated platforms
...
This commit removes all mention of NeXT and NextStep.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-19 21:11:09 -05:00
Matt Caswell
53e95716f5
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED
...
Introduce use of DECLARE_DEPRECATED
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:14 +00:00
Emilia Kasper
b597aab84e
Build fixes
...
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318ece
)
2014-12-17 14:31:05 +01:00
Matt Caswell
af6e2d51bf
Add OPENSSL_NO_ECDH guards
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:45 +00:00
Matt Caswell
5784a52145
Implement internally opaque bn access from ec
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Dr. Stephen Henson
73e45b2dd1
remove OPENSSL_FIPSAPI
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
dbfbe10a1f
remove FIPS module code from crypto/ecdsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
e4e5bc39f9
Remove fips_constseg references.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Matt Caswell
8d02bebddf
When using EVP_PKEY_derive with a KDF set, a negative error from
...
ECDH_compute_key is silently ignored and the KDF is run on duff data
Thanks to github user tomykaira for the suggested fix.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-20 15:20:37 +00:00
Matt Caswell
e04d426bf9
Fix free of garbage pointer. PR#3595
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-12 20:26:31 +00:00
Andy Polyakov
c381b63764
ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-29 10:57:46 +01:00
Andy Polyakov
3ff08e1dde
ecp_nistz256 update.
...
Facilitate switch to custom scatter-gather routines. This modification
does not change algorithms, only makes it possible to implement
alternative. This is achieved by a) moving precompute table to assembly
(perlasm parses ecp_nistz256_table.c and is free to rearrange data to
match gathering algorithm); b) adhering to explicit scatter subroutine
(which for now is simply a memcpy). First implementations that will use
this option are 32-bit assembly implementations, ARMv4 and x86, where
equivalent of current read-whole-table-select-single-value algorithm
is too time-consuming. [On side note, switching to scatter-gather on
x86_64 would allow to improve server-side ECDSA performance by ~5%].
Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-10-23 16:08:44 +02:00
Andy Polyakov
be07ae9b10
crypto/ecp_nistz256.c: harmonize error codes.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-21 15:56:02 +02:00
Dr. Stephen Henson
16e5b45f72
Fix warning.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-20 00:08:56 +01:00
Andy Polyakov
4d3fa06fce
Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
...
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:37:41 +02:00
Andy Polyakov
f54be179aa
Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
...
Submitted by Shay Gueron, Intel Corp.
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:13:20 +02:00
Kurt Roeckx
44e0c2bae4
RT2626: Change default_bits from 1K to 2K
...
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-08 17:21:04 -04:00
Andy Polyakov
6019cdd327
Configure: add configuration for crypto/ec/asm extensions.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-30 19:22:51 +02:00
Matt Caswell
13be7da81f
Fixed double inclusion of string.h
...
PR2693
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-29 21:42:54 +01:00