aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/ec
Commit message (Collapse)AuthorAgeFilesLines
...
* Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson2016-08-163-4/+4
| | | | | | | | Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove old EC based X25519 code.Dr. Stephen Henson2016-08-134-344/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add encoded points to other EC curves too.Dr. Stephen Henson2016-08-131-0/+7
| | | | | | | | Add encoded point ctrl support for other curves: this makes it possible to handle X25519 and other EC curve point encoding in a similar way for TLS. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add point ctrls to X25519Dr. Stephen Henson2016-08-131-8/+33
| | | | | | | Add ctrl operations to set or retrieve encoded point in EVP_PKEY structures containing X25519 keys. Reviewed-by: Rich Salz <rsalz@openssl.org>
* add to build.infoDr. Stephen Henson2016-08-131-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* make errorsDr. Stephen Henson2016-08-131-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* X25519 public key methodsDr. Stephen Henson2016-08-131-0/+348
| | | | | | | Add X25519 methods to match current key format defined in draft-ietf-curdle-pkix-02 Reviewed-by: Rich Salz <rsalz@openssl.org>
* spelling fixes, just comments and readme.klemens2016-08-051-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* Fix some style issues...FdaSilvaYY2016-08-021-1/+1
| | | | | | | extra spacing and 80 cols Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1366)
* Const EC_KEY_dupRichard J. Moore2016-08-011-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify EC_KEY_*_oct2priv() input bufferFdaSilvaYY2016-07-253-6/+7
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Check for errors allocating the error strings.Kurt Roeckx2016-07-201-1/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
* Don't allocate r/s in DSA_SIG and ECDSA_SIGDr. Stephen Henson2016-07-203-1/+25
| | | | | | | | | To avoid having to immediately free up r/s when setting them don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new(). RT#4590 Reviewed-by: Richard Levitte <levitte@openssl.org>
* fix memory leaksMiroslav Franc2016-07-161-0/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1313)
* Fix ASN.1 private encode of EC_KEY to not change the input keyRichard Levitte2016-07-151-15/+9
| | | | | | RT#4611 Reviewed-by: Stephen Henson <steve@openssl.org>
* check return values for EVP_Digest*() APIsDr. Stephen Henson2016-07-151-1/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix printing private EC_KEYAlessandro Ghedini2016-07-011-1/+1
| | | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1273)
* Whitespace cleanup in cryptoFdaSilvaYY2016-06-291-1/+0
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* RT2680: Public EC key is shown as privateRich Salz2016-06-262-24/+13
| | | | | | | Re-implemented as suggested by Steve Henson. Also change ECParameters_print the same way. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Make x25519_compute_key() return a booleanhuangqinjin2016-06-231-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Make ossl_ecdh_compute_key() return a booleanhuangqinjin2016-06-231-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Make DSA_SIG and ECDSA_SIG getters const.Emilia Kasper2016-06-201-1/+1
| | | | | | | | | | Reorder arguments to follow convention. Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0. This complements GH1193 which adds non-const setters. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Useless includesFdaSilvaYY2016-06-182-4/+0
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
* Ensure that NULL r and s parameters cannot be set on DSA_SIG/ECDSA_SIGs.TJ Saunders2016-06-131-0/+2
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
* Reorder the setter arguments to more consistently match that of other APIs,TJ Saunders2016-06-131-1/+1
| | | | | | | | per review comments. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
* Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.TJ Saunders2016-06-131-0/+9
| | | | | | | | | | | | | | | SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given the R and S values, and the data to be signed, by the client. Thus in order to validate these signatures, SSH2 implementations will digest and sign the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects. Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting those R and S values in these objects, which makes using OpenSSL for such SSH2 implementations much more difficult. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
* RT 4242: reject invalid EC point coordinatesEmilia Kasper2016-06-093-14/+26
| | | | | | | | | | | | | | | We already test in EC_POINT_oct2point that points are on the curve. To be on the safe side, move this check to EC_POINT_set_affine_coordinates_* so as to also check point coordinates received through some other method. We do not check projective coordinates, though, as - it's unlikely that applications would be receiving this primarily internal representation from untrusted sources, and - it's possible that the projective setters are used in a setting where performance matters. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Free tempory data on error in ec_wNAF_mul()Matt Caswell2016-06-011-0/+2
| | | | | | | The ec_wNAF_mul() function allocates some temporary storage that it doesn't always free on an error condition. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Parameter copy sanity checks.Dr. Stephen Henson2016-05-311-1/+1
| | | | | | | | | | | | Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by: Richard Levitte <levitte@openssl.org>
* x86_64 assembly pack: tolerate spaces in source directory name.Andy Polyakov2016-05-291-1/+1
| | | | | | [as it is now quoting $output is not required, but done just in case] Reviewed-by: Richard Levitte <levitte@openssl.org>
* SPARC assembly pack: add missing .type directives.Andy Polyakov2016-05-281-0/+35
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove unused error/function codes.Rich Salz2016-05-231-36/+1
| | | | | | | | Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix and simplify error handling in (RSA/EC_kmeth)_new_method()FdaSilvaYY2016-05-231-17/+12
| | | | | | | | Inspired from PR #873. Nearly same as 2bbf0ba. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add OpenSSL copyright to .pl filesRich Salz2016-05-216-6/+48
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Manual fixes after copyright consolidationRich Salz2016-05-171-51/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 05/10Rich Salz2016-05-1718-791/+116
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 06/10Rich Salz2016-05-1716-677/+102
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.cSteven Valdez2016-05-111-1/+3
| | | | | | | RT#4363 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* fix tab-space mixed indentationFdaSilvaYY2016-05-091-3/+3
| | | | | | | No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* few missing allocation failure checks and releases on error pathsJ Mohan Rao Arisankala2016-05-091-0/+1
| | | | | | | | - Missing checks for allocation failure. - releasing memory in few missing error paths Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Document inversion ladder in curve25519Emilia Kasper2016-05-051-11/+42
| | | | | | | | | This demystifies two for-loops that do nothing. They were used to write the ladder in a unified way. Now that the ladder is otherwise commented, remove the dead loops. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove some dead code from EC_GROUP_check()Matt Caswell2016-04-291-5/+0
| | | | | | | EC_GROUP_check() was obtaining a temporary BIGNUM from the BN_CTX, but then not using it. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Avoid a NULL ptr deref if group is not setMatt Caswell2016-04-291-20/+21
| | | | | | | | | | | We should only copy parameters and keys if the group is set. Otherwise they don't really make any sense. Previously we copied the private key regardless of whether the group was set...but if it wasn't a NULL ptr deref could occur. It's unclear whether we could ever get into that situation, but since we were already checking it for the public key we should be consistent. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix EC_KEY_set_private_key() to call key->group->meth->set_private()Kazuki Yamaguchi2016-04-231-2/+2
| | | | | | | | | | | Fix a bug introduced by 6903e2e7e9a4 (Extended EC_METHOD customisation support., 2016-02-01). key->meth->set_private() is wrongly called where it should call key->group->meth->set_private(). PR#4517 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Remove --classic build entirelyRichard Levitte2016-04-201-73/+0
| | | | | | | | The Unix build was the last to retain the classic build scheme. The new unified scheme has matured enough, even though some details may need polishing. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix the spelling of "implement".Shlomi Fish2016-04-143-3/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT 4393: Call EC_GROUP_order_bits in priv2opt.David Benjamin2016-03-291-1/+1
| | | | | | | | The private key is a scalar and should be sized by the order, not the degree. See RFC 5915. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Remove the remainder of util/mk1mf.pl and companion scriptsRichard Levitte2016-03-211-3/+0
| | | | | | | This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Remove #error from include files.Rich Salz2016-03-205-15/+5
| | | | | | | | Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
* constify ECDSA_SIG_get0()Dr. Stephen Henson2016-03-191-1/+1
| | | | | | | PR#4436 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>