summaryrefslogtreecommitdiffstats
path: root/crypto/ec (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix free of garbage pointer. PR#3595Matt Caswell2014-11-121-3/+4
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.Andy Polyakov2014-10-291-2/+3
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* ecp_nistz256 update.Andy Polyakov2014-10-233-105/+207
| | | | | | | | | | | | | | | Facilitate switch to custom scatter-gather routines. This modification does not change algorithms, only makes it possible to implement alternative. This is achieved by a) moving precompute table to assembly (perlasm parses ecp_nistz256_table.c and is free to rearrange data to match gathering algorithm); b) adhering to explicit scatter subroutine (which for now is simply a memcpy). First implementations that will use this option are 32-bit assembly implementations, ARMv4 and x86, where equivalent of current read-whole-table-select-single-value algorithm is too time-consuming. [On side note, switching to scatter-gather on x86_64 would allow to improve server-side ECDSA performance by ~5%]. Reviewed-by: Bodo Moeller <bodo@openssl.org>
* crypto/ecp_nistz256.c: harmonize error codes.Andy Polyakov2014-09-213-45/+47
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Fix warning.Dr. Stephen Henson2014-09-201-2/+3
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add ECP_NISTZ256 by Shay Gueron, Intel Corp.Andy Polyakov2014-09-128-4/+16201
| | | | | | RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Reserve option to use BN_mod_exp_mont_consttime in ECDSA.Andy Polyakov2014-09-123-0/+88
| | | | | | | Submitted by Shay Gueron, Intel Corp. RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT2626: Change default_bits from 1K to 2KKurt Roeckx2014-09-081-1/+1
| | | | | | | | | | This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Configure: add configuration for crypto/ec/asm extensions.Andy Polyakov2014-08-301-1/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fixed double inclusion of string.hMatt Caswell2014-08-291-1/+0
| | | | | | PR2693 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Explicitly check for empty ASN.1 strings in d2i_ECPrivateKeyEmilia Kasper2014-08-271-3/+9
| | | | | | | | The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer when the buffer length is 0. Change this to verify explicitly that the ASN.1 string has positive length. Reviewed-by: Dr Stephen Henson <steve@openssl.org>
* RT3065: automatically generate a missing EC public keyMatt Caswell2014-08-271-8/+19
| | | | | | | When d2i_ECPrivateKey reads a private key with a missing (optional) public key, generate one automatically from the group and private key. Reviewed-by: Dr Stephen Henson <steve@openssl.org>
* RT3065: ec_private_key_dont_crashAdam Langley2014-08-272-7/+10
| | | | | | | | | | | | | This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -----BEGIN EC PRIVATE KEY----- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -----END EC PRIVATE KEY----- Reviewed-by: Dr Stephen Henson <steve@openssl.org>
* PR2490: Remove unused local variable bn ecp_nist.cLaszlo Papp2014-08-201-2/+0
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* RT2513: Fix typo's paramter-->parameterMartin Olsson2014-08-191-1/+1
| | | | | | | I also found a couple of others (padlock and signinit) and fixed them. Reviewed-by: Emilia Kasper <emilia@openssl.org>
* Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) andBodo Moeller2014-08-133-5/+6
| | | | | | group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by: emilia@openssl.org
* Simplify and fix ec_GFp_simple_points_make_affineBodo Moeller2014-08-012-112/+125
| | | | | | (which didn't always handle value 0 correctly). Reviewed-by: emilia@openssl.org
* "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".Billy Brumley2014-07-211-1/+1
| | | | | | PR#2569 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370Libor Krystek2014-06-041-1/+1
|
* Double free in i2o_ECPublicKeyDavid Ramos2014-05-041-2/+5
| | | | PR: 3338
* Fix eckey_priv_encode()mancha2014-04-261-0/+1
| | | | Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
* Add functions returning security bits.Dr. Stephen Henson2014-03-281-0/+17
| | | | | Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57.
* Fix for CVE-2014-0076Dr. Stephen Henson2014-03-121-11/+16
| | | | | | | | | | | | | | | Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29) Conflicts: CHANGES
* make dependDr. Stephen Henson2014-02-191-15/+16
|
* Fix for some platforms where "char" is unsigned.Dr. Stephen Henson2013-11-091-1/+1
|
* Fix overly lenient comparisons:Bodo Moeller2013-09-161-5/+5
| | | | | | | | | | | | | - EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope
* misspellings fixes by https://github.com/vlajos/misspell_fixerVeres Lajos2013-09-051-25/+25
|
* Add KDF for DH.Dr. Stephen Henson2013-08-051-60/+18
| | | | | | | | Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the same structure is used by DH and ECDH. Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers without the need to use ASN1.
* Algorithm parameter support.Dr. Stephen Henson2013-08-051-1/+13
| | | | | Check and set AlgorithmIdenfier parameters for key wrap algorithms. Currently these just set parameters to NULL.
* Add support for ECDH KARI.Dr. Stephen Henson2013-07-174-2/+402
| | | | | | Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1 method decode/encode the appropriate parameters from the CMS ASN1 data and send appropriate data to the EC public key method.
* Add support for X9.62 KDF.Dr. Stephen Henson2013-07-172-4/+241
| | | | Add X9.62 KDF to EC EVP_PKEY_METHOD.
* Make `safe' (EC)DSA nonces the default.Adam Langley2013-07-153-24/+0
| | | | | | | | | This change updates 8a99cb29 to make the generation of (EC)DSA nonces using the message digest the default. It also reverts the changes to (EC)DSA_METHOD structure. In addition to making it the default, removing the flag from EC_KEY means that FIPS modules will no longer have an ABI mismatch.
* Add control to retrieve signature MD.Dr. Stephen Henson2013-06-211-0/+4
|
* Add secure DSA nonce flag.Adam Langley2013-06-133-0/+24
| | | | | | This change adds the option to calculate (EC)DSA nonces by hashing the message and private key along with entropy to avoid leaking the private key if the PRNG fails.
* Make binary curve ASN.1 work in FIPS mode.Matt Caswell2013-03-262-3/+5
| | | | | | Don't check for binary curves by checking methods: the values will be different in FIPS mode as they are redirected to the validated module version.
* Fix EC_KEY initialization race.Bodo Möller2012-10-052-3/+20
| | | | Submitted by: Adam Langley
* enhance EC method to support setting curve type when generating keys and add ↵Dr. Stephen Henson2012-09-112-5/+41
| | | | parameter encoding option
* Version skew reduction: trivia (I hope).Ben Laurie2012-06-041-0/+5
|
* PR: 2239Dr. Stephen Henson2012-04-221-0/+443
| | | | | | | | Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de> Add Brainpool curves from RFC5639. Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
* Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convertDr. Stephen Henson2012-02-214-2/+63
| | | | | between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves.
* ec_pmeth.c: fix typo in commentary.Andy Polyakov2012-01-121-1/+1
| | | | | PR: 2677 Submitted by: Annue Yousar
* In EC_KEY_set_public_key_affine_coordinates include explicit check to see ↵Dr. Stephen Henson2011-11-161-3/+5
| | | | passed components do not exceed field order
* PR: 2632Dr. Stephen Henson2011-10-261-1/+1
| | | | | | | | Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Return -1 immediately if not affine coordinates as BN_CTX has not been set up.
* Check for selftest failure in various places.Dr. Stephen Henson2011-10-221-0/+8
|
* Fix warnings.Bodo Möller2011-10-198-67/+86
| | | | Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
* Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 andBodo Möller2011-10-1810-614/+5286
| | | | | | | NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.) Submitted by: Google Inc.
* Allow for dynamic base in Win64 FIPS module.Andy Polyakov2011-09-142-0/+61
|
* make updateBodo Möller2011-09-051-53/+33
|
* recognise ecdsaWithSHA1 OIDDr. Stephen Henson2011-07-281-0/+1
|
* Give parameters names in prototypes.Dr. Stephen Henson2011-06-171-10/+10
|