| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
|
|
| |
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Facilitate switch to custom scatter-gather routines. This modification
does not change algorithms, only makes it possible to implement
alternative. This is achieved by a) moving precompute table to assembly
(perlasm parses ecp_nistz256_table.c and is free to rearrange data to
match gathering algorithm); b) adhering to explicit scatter subroutine
(which for now is simply a memcpy). First implementations that will use
this option are 32-bit assembly implementations, ARMv4 and x86, where
equivalent of current read-whole-table-select-single-value algorithm
is too time-consuming. [On side note, switching to scatter-gather on
x86_64 would allow to improve server-side ECDSA performance by ~5%].
Reviewed-by: Bodo Moeller <bodo@openssl.org>
|
|
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
|
|
| |
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
| |
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Submitted by Shay Gueron, Intel Corp.
RT: 3149
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
This is a more comprehensive fix. It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1. This is from
Kurt's upstream Debian changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
PR2693
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
|
|
| |
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
|
|
|
|
|
| |
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:
-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
|
|
|
|
|
| |
I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
|
|
|
|
|
|
| |
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h).
Reviewed-by: emilia@openssl.org
|
|
|
|
|
|
| |
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
|
|
|
|
|
|
| |
PR#2569
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
PR: 3338
|
|
|
|
| |
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
|
|
|
|
|
| |
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)
Conflicts:
CHANGES
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
|
| |
|
|
|
|
|
|
|
|
| |
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
|
|
|
|
|
| |
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
|
|
|
|
|
|
| |
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
|
|
|
|
| |
Add X9.62 KDF to EC EVP_PKEY_METHOD.
|
|
|
|
|
|
|
|
|
| |
This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.
In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
|
| |
|
|
|
|
|
|
| |
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
|
|
|
|
|
|
| |
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
|
|
|
|
| |
Submitted by: Adam Langley
|
|
|
|
| |
parameter encoding option
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>
Add Brainpool curves from RFC5639.
Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
|
|
|
|
|
| |
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
|
|
|
|
|
| |
PR: 2677
Submitted by: Annue Yousar
|
|
|
|
| |
passed components do not exceed field order
|
|
|
|
|
|
|
|
| |
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
|
| |
|
|
|
|
| |
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
|
|
|
|
|
|
|
| |
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)
Submitted by: Google Inc.
|
| |
|
| |
|
| |
|
| |
|