summaryrefslogtreecommitdiffstats
path: root/crypto/ecdsa
AgeCommit message (Collapse)Author
2015-03-25free NULL cleanup.Rich Salz
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free, EC_POINT_clear_free, EC_POINT_free Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-25free NULL cleanupRich Salz
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25RAND_bytes updatesMatt Caswell
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-24make dependDr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-15Update ordinals, fix error message.Dr. Stephen Henson
Update error messages to say "EC is disabled" these can then be picked up by mkdef.pl. Update ordinals. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-11Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_ECRich Salz
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-02Dead code cleanup: crypto/ec,ecdh,ecdsaRich Salz
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-27OPENSSL_NO_xxx cleanup: SHARich Salz
Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-13Fix warning where BIO_FLAGS_UPLINK was being redefined.Matt Caswell
This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-12make updateMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-05Fix various certificate fingerprint issues.Dr. Stephen Henson
By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-30mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-18Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATEDMatt Caswell
Introduce use of DECLARE_DEPRECATED Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08remove OPENSSL_FIPSAPIDr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08remove FIPS module code from crypto/ecdsaDr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08Remove OPENSSL_FIPSCANISTER code.Dr. Stephen Henson
OPENSSL_FIPSCANISTER is only set if the fips module is being built (as opposed to being used). Since the fips module wont be built in master this is redundant. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08Remove fipscanister build functionality from makefiles.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28Remove all .cvsignore filesRich Salz
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-12Reserve option to use BN_mod_exp_mont_consttime in ECDSA.Andy Polyakov
Submitted by Shay Gueron, Intel Corp. RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-18RT2492: Remove extra NULL check.Laszlo Papp
2014-07-01Accessor functions for app_data in ECDSA_METHODDr. Stephen Henson
2014-02-19make dependDr. Stephen Henson
2013-09-18Add functions to set ECDSA_METHOD structure.Dr. Stephen Henson
Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
2013-07-19Make ecdsatest work with nonces.Dr. Stephen Henson
Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this avoids the nonce generation which would otherwise break the test. Reinstate ecdsatest.
2013-07-17Avoid need to change function code.Dr. Stephen Henson
Keep original function names for nonce versions so we don't have to change error function codes.
2013-07-15Make `safe' (EC)DSA nonces the default.Adam Langley
This change updates 8a99cb29 to make the generation of (EC)DSA nonces using the message digest the default. It also reverts the changes to (EC)DSA_METHOD structure. In addition to making it the default, removing the flag from EC_KEY means that FIPS modules will no longer have an ABI mismatch.
2013-06-13Add secure DSA nonce flag.Adam Langley
This change adds the option to calculate (EC)DSA nonces by hashing the message and private key along with entropy to avoid leaking the private key if the PRNG fails.
2012-10-05Fix EC_KEY initialization race.Bodo Möller
Submitted by: Adam Langley
2012-01-10fix warning (revert original patch)Dr. Stephen Henson
2011-12-07Initial experimental support for X9.42 DH parameter format to handleDr. Stephen Henson
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-02Fix ecdsatest.c.Bodo Möller
Submitted by: Emilia Kasper
2011-11-14Fix some warnings caused by __owur. Temporarily (I hope) remove the moreBen Laurie
aspirational __owur annotations.
2011-11-05Add single call public key sign and verify functions.Dr. Stephen Henson
2011-10-22Check for selftest failure in various places.Dr. Stephen Henson
2011-09-05make updateBodo Möller
2011-09-01make timing attack protection unconditionalDr. Stephen Henson
2011-06-08Set flags in ECDH and ECDSA methods for FIPS.Dr. Stephen Henson
2011-05-25Fix the ECDSA timing attack mentioned in the paper at:Dr. Stephen Henson
http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
2011-04-23Add PRNG security strength checking.Dr. Stephen Henson
2011-04-06Only use fake rand once per operation. This stops the ECDr. Stephen Henson
pairwise consistency test interfering with the test.
2011-04-06check buffer is larger enough before overwritingDr. Stephen Henson
2011-03-24make updateRichard Levitte
2011-03-12Add SRP support.Ben Laurie
2011-02-21Update dependencies.Dr. Stephen Henson
2011-02-14Add ECDSA functionality to fips module. Initial very incomplete versionDr. Stephen Henson
of algorithm test program.
2011-02-12New option to disable characteristic two fields in EC code.Dr. Stephen Henson
2011-01-26Change AR to ARX to allow exclusion of fips object modulesDr. Stephen Henson
2010-06-12Fix warnings.Ben Laurie
2009-12-01PR: 1432Dr. Stephen Henson
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org Approved by: steve@openssl.org Truncate hash if it is too large: as required by FIPS 186-3.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 19:50:06 +0000