Bodo Moeller
16602b5cd5
Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
...
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h).
Reviewed-by: emilia@openssl.org
2014-08-13 17:37:19 +02:00
Bodo Moeller
0fe73d6c36
Simplify and fix ec_GFp_simple_points_make_affine
...
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
2014-08-01 17:18:14 +02:00
Billy Brumley
cba11f57ce
"EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
...
PR#2569
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-21 22:18:40 +01:00
Libor Krystek
8e3231642b
Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370
2014-06-03 23:15:58 +01:00
David Ramos
16ba70746b
Double free in i2o_ECPublicKey
...
PR: 3338
2014-05-04 00:46:20 +01:00
mancha
e14f14d36e
Fix eckey_priv_encode()
...
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-26 07:59:13 +01:00
Dr. Stephen Henson
2514fa79ac
Add functions returning security bits.
...
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
f9b6c0ba4c
Fix for CVE-2014-0076
...
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
dd274b1c1c
Fix for some platforms where "char" is unsigned.
2013-11-09 15:09:23 +00:00
Bodo Moeller
ca567a03ad
Fix overly lenient comparisons:
...
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
2013-09-16 12:59:21 +02:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
e61f5d55bc
Algorithm parameter support.
...
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
88e20b8584
Add support for ECDH KARI.
...
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
25af7a5dbc
Add support for X9.62 KDF.
...
Add X9.62 KDF to EC EVP_PKEY_METHOD.
2013-07-17 21:45:00 +01:00
Adam Langley
190c615d43
Make `safe' (EC)DSA nonces the default.
...
This change updates 8a99cb29
2013-07-15 12:57:48 +01:00
Dr. Stephen Henson
810639536c
Add control to retrieve signature MD.
2013-06-21 21:33:00 +01:00
Adam Langley
8a99cb29d1
Add secure DSA nonce flag.
...
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Matt Caswell
94782e0e9c
Make binary curve ASN.1 work in FIPS mode.
...
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Bodo Möller
f11d0c7908
Fix EC_KEY initialization race.
...
Submitted by: Adam Langley
2012-10-05 20:50:11 +00:00
Dr. Stephen Henson
24edfa9df9
enhance EC method to support setting curve type when generating keys and add parameter encoding option
2012-09-11 13:54:09 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
b36bab7812
PR: 2239
...
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>
Add Brainpool curves from RFC5639.
Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Dr. Stephen Henson
64095ce9d7
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Andy Polyakov
713f49119f
ec_pmeth.c: fix typo in commentary.
...
PR: 2677
Submitted by: Annue Yousar
2012-01-12 13:22:51 +00:00
Dr. Stephen Henson
d674bb4bc8
In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order
2011-11-16 13:28:35 +00:00
Dr. Stephen Henson
32cf5baeae
PR: 2632
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:43:34 +00:00
Dr. Stephen Henson
5fd722600b
Check for selftest failure in various places.
2011-10-22 17:24:27 +00:00
Bodo Möller
e0d6132b8c
Fix warnings.
...
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
...
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)
Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Andy Polyakov
03e389cf04
Allow for dynamic base in Win64 FIPS module.
2011-09-14 20:48:49 +00:00
Bodo Möller
ae53b299fa
make update
2011-09-05 09:46:15 +00:00
Dr. Stephen Henson
3699ec6056
recognise ecdsaWithSHA1 OID
2011-07-28 14:40:01 +00:00
Dr. Stephen Henson
9945b460e2
Give parameters names in prototypes.
2011-06-17 16:47:41 +00:00
Andy Polyakov
62f29eb1cf
spacrv9cap.c: addenum to recent EC optimizations.
2011-05-23 08:14:32 +00:00
Andy Polyakov
d8ea368c41
ec_cvt.c: ARM comparison results were wrong, clarify the background.
2011-05-21 08:40:18 +00:00
Andy Polyakov
fdf6dac859
ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see
...
commentary for details].
2011-05-20 20:31:37 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Richard Levitte
171edf7ff4
Error discrepancy corrected.
2011-04-24 08:59:15 +00:00
Dr. Stephen Henson
cac4fb58e0
Add PRNG security strength checking.
2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
8c7096835b
Use 0 for tbslen to perform strlen.
2011-04-19 11:10:54 +00:00
Dr. Stephen Henson
a6311f856b
Remove several of the old obsolete FIPS_corrupt_*() functions.
2011-04-14 11:30:51 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Richard Levitte
5d0137aa14
make update
2011-03-25 09:30:52 +00:00
Richard Levitte
30fafdebf3
* Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl:
...
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have
disabled by default. If we don't do it this way, it screws up
libeay.num.
* util/libeay.num: make update
2011-03-25 09:29:46 +00:00
Richard Levitte
c6dbe90895
make update
2011-03-24 22:59:02 +00:00
Richard Levitte
487b023f3d
make update (1.1.0-dev)
...
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
1acc24a8ba
Make no-ec2m work again.
2011-03-10 01:00:30 +00:00
