aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/ecdsa
Commit message (Collapse)AuthorAgeFilesLines
* free NULL cleanup.Rich Salz2015-03-252-12/+6
| | | | | | | This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free, EC_POINT_clear_free, EC_POINT_free Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* free NULL cleanupRich Salz2015-03-251-2/+1
| | | | | | | This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
* RAND_bytes updatesMatt Caswell2015-03-251-2/+1
| | | | | | | Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
* make dependDr. Stephen Henson2015-03-241-7/+6
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Update ordinals, fix error message.Dr. Stephen Henson2015-03-151-1/+1
| | | | | | | | | Update error messages to say "EC is disabled" these can then be picked up by mkdef.pl. Update ordinals. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_ECRich Salz2015-03-112-3/+3
| | | | | | Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: Matt Caswell <matt@openssl.org>
* Dead code cleanup: crypto/ec,ecdh,ecdsaRich Salz2015-02-023-15/+0
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* OPENSSL_NO_xxx cleanup: SHARich Salz2015-01-271-4/+1
| | | | | | | | | | | | | | | Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-229-1293/+1233
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix warning where BIO_FLAGS_UPLINK was being redefined.Matt Caswell2015-01-131-1/+1
| | | | | | This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov <appro@openssl.org>
* make updateMatt Caswell2015-01-121-6/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix various certificate fingerprint issues.Dr. Stephen Henson2015-01-051-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-301-2/+4
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATEDMatt Caswell2014-12-181-1/+1
| | | | | | Introduce use of DECLARE_DEPRECATED Reviewed-by: Rich Salz <rsalz@openssl.org>
* remove OPENSSL_FIPSAPIDr. Stephen Henson2014-12-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* remove FIPS module code from crypto/ecdsaDr. Stephen Henson2014-12-082-42/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove OPENSSL_FIPSCANISTER code.Dr. Stephen Henson2014-12-081-29/+0
| | | | | | | OPENSSL_FIPSCANISTER is only set if the fips module is being built (as opposed to being used). Since the fips module wont be built in master this is redundant. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove fipscanister build functionality from makefiles.Dr. Stephen Henson2014-12-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove all .cvsignore filesRich Salz2014-11-281-2/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Reserve option to use BN_mod_exp_mont_consttime in ECDSA.Andy Polyakov2014-09-121-5/+31
| | | | | | | Submitted by Shay Gueron, Intel Corp. RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT2492: Remove extra NULL check.Laszlo Papp2014-08-181-2/+1
|
* Accessor functions for app_data in ECDSA_METHODDr. Stephen Henson2014-07-013-1/+24
|
* make dependDr. Stephen Henson2014-02-191-2/+3
|
* Add functions to set ECDSA_METHOD structure.Dr. Stephen Henson2013-09-184-0/+125
| | | | | Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
* Make ecdsatest work with nonces.Dr. Stephen Henson2013-07-191-1/+9
| | | | | | | Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this avoids the nonce generation which would otherwise break the test. Reinstate ecdsatest.
* Avoid need to change function code.Dr. Stephen Henson2013-07-171-9/+9
| | | | | Keep original function names for nonce versions so we don't have to change error function codes.
* Make `safe' (EC)DSA nonces the default.Adam Langley2013-07-155-22/+19
| | | | | | | | | This change updates 8a99cb29 to make the generation of (EC)DSA nonces using the message digest the default. It also reverts the changes to (EC)DSA_METHOD structure. In addition to making it the default, removing the flag from EC_KEY means that FIPS modules will no longer have an ABI mismatch.
* Add secure DSA nonce flag.Adam Langley2013-06-135-14/+42
| | | | | | This change adds the option to calculate (EC)DSA nonces by hashing the message and private key along with entropy to avoid leaking the private key if the PRNG fails.
* Fix EC_KEY initialization race.Bodo Möller2012-10-051-2/+9
| | | | Submitted by: Adam Langley
* fix warning (revert original patch)Dr. Stephen Henson2012-01-101-8/+8
|
* Initial experimental support for X9.42 DH parameter format to handleDr. Stephen Henson2011-12-071-2/+3
| | | | RFC5114 parameters and X9.42 DH public and private keys.
* Fix ecdsatest.c.Bodo Möller2011-12-021-7/+78
| | | | Submitted by: Emilia Kasper
* Fix some warnings caused by __owur. Temporarily (I hope) remove the moreBen Laurie2011-11-141-3/+4
| | | | aspirational __owur annotations.
* Add single call public key sign and verify functions.Dr. Stephen Henson2011-11-051-0/+5
|
* Check for selftest failure in various places.Dr. Stephen Henson2011-10-221-0/+16
|
* make updateBodo Möller2011-09-051-2/+2
|
* make timing attack protection unconditionalDr. Stephen Henson2011-09-011-2/+0
|
* Set flags in ECDH and ECDSA methods for FIPS.Dr. Stephen Henson2011-06-082-1/+9
|
* Fix the ECDSA timing attack mentioned in the paper at:Dr. Stephen Henson2011-05-251-0/+10
| | | | | | | http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
* Add PRNG security strength checking.Dr. Stephen Henson2011-04-231-0/+10
|
* Only use fake rand once per operation. This stops the ECDr. Stephen Henson2011-04-061-1/+8
| | | | pairwise consistency test interfering with the test.
* check buffer is larger enough before overwritingDr. Stephen Henson2011-04-061-3/+2
|
* make updateRichard Levitte2011-03-241-2/+2
|
* Add SRP support.Ben Laurie2011-03-121-2/+2
|
* Update dependencies.Dr. Stephen Henson2011-02-211-2/+2
|
* Add ECDSA functionality to fips module. Initial very incomplete versionDr. Stephen Henson2011-02-142-1/+43
| | | | of algorithm test program.
* New option to disable characteristic two fields in EC code.Dr. Stephen Henson2011-02-122-2/+6
|
* Change AR to ARX to allow exclusion of fips object modulesDr. Stephen Henson2011-01-261-1/+1
|
* Fix warnings.Ben Laurie2010-06-121-2/+0
|
* PR: 1432Dr. Stephen Henson2009-12-011-30/+24
| | | | | | | Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org Approved by: steve@openssl.org Truncate hash if it is too large: as required by FIPS 186-3.
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-13 03:22:30 +0000