Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
  1. 31 7月, 2018 2 次提交
  3. 16 7月, 2018 1 次提交
    • N
      EC2M Lopez-Dahab ladder: use it also for ECDSA verify · 01ad66f8
      Nicola Tuveri 提交于 
      By default `ec_scalar_mul_ladder` (which uses the Lopez-Dahab ladder
implementation) is used only for (k * Generator) or (k * VariablePoint).
ECDSA verification uses (a * Generator + b * VariablePoint): this commit
forces the use of `ec_scalar_mul_ladder` also for the ECDSA verification
path, while using the default wNAF implementation for any other case.

With this commit `ec_scalar_mul_ladder` loses the static attribute, and
is added to ec_lcl.h so EC_METHODs can directly use it.

While working on a new custom EC_POINTs_mul implementation, I realized
that many checks (e.g. all the points being compatible with the given
EC_GROUP, creating a temporary BN_CTX if `ctx == NULL`, check for the
corner case `scalar == NULL && num == 0`) were duplicated again and
again in every single implementation (and actually some
implementations lacked some of the tests).
I thought that it makes way more sense for those checks that are
independent from the actual implementation and should always be done, to
be moved in the EC_POINTs_mul wrapper: so this commit also includes
these changes.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6690)
      01ad66f8
  5. 22 6月, 2018 3 次提交
  7. 19 6月, 2018 1 次提交
    • S
      Implement coordinate blinding for EC_POINT · f667820c
      Sohaib ul Hassan 提交于 
      This commit implements coordinate blinding, i.e., it randomizes the
representative of an elliptic curve point in its equivalence class, for
prime curves implemented through EC_GFp_simple_method,
EC_GFp_mont_method, and EC_GFp_nist_method.

This commit is derived from the patch
https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley.

Coordinate blinding is a generally useful side-channel countermeasure
and is (mostly) free. The function itself takes a few field
multiplicationss, but is usually only necessary at the beginning of a
scalar multiplication (as implemented in the patch). When used this way,
it makes the values that variables take (i.e., field elements in an
algorithm state) unpredictable.

For instance, this mitigates chosen EC point side-channel attacks for
settings such as ECDH and EC private key decryption, for the
aforementioned curves.

For EC_METHODs using different coordinate representations this commit
does nothing, but the corresponding coordinate blinding function can be
easily added in the future to extend these changes to such curves.
Co-authored-by: NNicola Tuveri <nic.tuv@gmail.com>
Co-authored-by: NBilly Brumley <bbrumley@gmail.com>
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6501)
      f667820c
  9. 25 5月, 2018 1 次提交
  11. 27 4月, 2018 1 次提交
  13. 03 4月, 2018 1 次提交
  15. 09 1月, 2018 1 次提交
  17. 08 1月, 2018 1 次提交
  19. 18 10月, 2017 1 次提交
  21. 21 8月, 2017 2 次提交
  23. 20 6月, 2017 1 次提交
  25. 22 9月, 2016 1 次提交
  27. 29 8月, 2016 1 次提交
  29. 29 6月, 2016 1 次提交
  31. 10 6月, 2016 1 次提交
    • E
      RT 4242: reject invalid EC point coordinates · 1e2012b7
      Emilia Kasper 提交于 
      We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      1e2012b7
  33. 18 5月, 2016 1 次提交
  35. 02 3月, 2016 2 次提交
  37. 29 2月, 2016 2 次提交
  39. 04 2月, 2016 1 次提交
  41. 01 2月, 2016 2 次提交
  43. 27 1月, 2016 1 次提交
    • R
      Remove /* foo.c */ comments · 34980760
      Rich Salz 提交于 
      This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      34980760
  45. 14 1月, 2016 3 次提交
  47. 10 11月, 2015 1 次提交
  49. 04 9月, 2015 1 次提交
  51. 11 8月, 2015 1 次提交
  53. 10 6月, 2015 1 次提交
    • M
      EC_POINT_is_on_curve does not return a boolean · 68886be7
      Matt Caswell 提交于 
      The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      68886be7
  55. 05 5月, 2015 1 次提交
    • R
      Use safer sizeof variant in malloc · b4faea50
      Rich Salz 提交于 
      For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      b4faea50
  57. 02 5月, 2015 1 次提交
    • R
      free NULL cleanup -- coda · 25aaa98a
      Rich Salz 提交于 
      After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      25aaa98a
  59. 01 5月, 2015 2 次提交