Age | Commit message (Collapse) | Author |
|
|
|
Submitted by: Emilia Kasper
|
|
|
|
can switch between modes.
|
|
|
|
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
|
|
New option to disable characteristic two fields in EC code.
Make no-ec2m work on Win32 build.
|
|
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
|
|
|
|
|
|
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
|
|
|
|
possible PRNG state duplication.
|
|
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
|
|
|
|
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
|
|
version some time soon.
|
|
|
|
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
|
|
and couldn't generate
(as pointed out by Ernst G Giessmann)
|
|
as pointed out by Ernst G Giessmann
|
|
|
|
|
|
|
|
|
|
thanks to Lucas Newman
|
|
Submitted by: David Hartman <david_hartman@symantec.com>
|
|
PR: 1247
Submitted by: Doug Kaufman
|
|
|
|
|
|
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
|
|
the absence of OPENSSL_NO_ENGINE.
|
|
|
|
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
|
|
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
|
|
|
|
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
|
|
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
|
|
for ecdh)
|
|
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
|
|
|
|
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
|
|
|
|
|
|
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
|
|
Reported by: Maxim Masiutin
Submitted by: Nils Larsch
|
|
Submitted by: Nils Larsch
|
|
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
|
|
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
|
|
tree. This further reduces header interdependencies, and makes some
associated cleanups.
|