- 16 7月, 2018 1 次提交
-
-
由 Nicola Tuveri 提交于
for specialized Montgomery ladder implementations PR #6009 and #6070 replaced the default EC point multiplication path for prime and binary curves with a unified Montgomery ladder implementation with various timing attack defenses (for the common paths when a secret scalar is feed to the point multiplication). The newly introduced default implementation directly used EC_POINT_add/dbl in the main loop. The scaffolding introduced by this commit allows EC_METHODs to define a specialized `ladder_step` function to improve performances by taking advantage of efficient formulas for differential addition-and-doubling and different coordinate systems. - `ladder_pre` is executed before the main loop of the ladder: by default it copies the input point P into S, and doubles it into R. Specialized implementations could, e.g., use this hook to transition to different coordinate systems before copying and doubling; - `ladder_step` is the core of the Montgomery ladder loop: by default it computes `S := R+S; R := 2R;`, but specific implementations could, e.g., implement a more efficient formula for differential addition-and-doubling; - `ladder_post` is executed after the Montgomery ladder loop: by default it's a noop, but specialized implementations could, e.g., use this hook to transition back from the coordinate system used for optimizing the differential addition-and-doubling or recover the y coordinate of the result point. This commit also renames `ec_mul_consttime` to `ec_scalar_mul_ladder`, as it better corresponds to what this function does: nothing can be truly said about the constant-timeness of the overall execution of this function, given that the underlying operations are not necessarily constant-time themselves. What this implementation ensures is that the same fixed sequence of operations is executed for each scalar multiplication (for a given EC_GROUP), with no dependency on the value of the input scalar. Co-authored-by: NSohaib ul Hassan <soh.19.hassan@gmail.com> Co-authored-by: NBilly Brumley <bbrumley@gmail.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6690)
-
- 20 6月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6538)
-
- 19 6月, 2018 1 次提交
-
-
由 Sohaib ul Hassan 提交于
This commit implements coordinate blinding, i.e., it randomizes the representative of an elliptic curve point in its equivalence class, for prime curves implemented through EC_GFp_simple_method, EC_GFp_mont_method, and EC_GFp_nist_method. This commit is derived from the patch https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley. Coordinate blinding is a generally useful side-channel countermeasure and is (mostly) free. The function itself takes a few field multiplicationss, but is usually only necessary at the beginning of a scalar multiplication (as implemented in the patch). When used this way, it makes the values that variables take (i.e., field elements in an algorithm state) unpredictable. For instance, this mitigates chosen EC point side-channel attacks for settings such as ECDH and EC private key decryption, for the aforementioned curves. For EC_METHODs using different coordinate representations this commit does nothing, but the corresponding coordinate blinding function can be easily added in the future to extend these changes to such curves. Co-authored-by: NNicola Tuveri <nic.tuv@gmail.com> Co-authored-by: NBilly Brumley <bbrumley@gmail.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6501)
-
- 20 6月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Approved by Oracle. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3585)
-
- 17 7月, 2016 1 次提交
-
-
由 Miroslav Franc 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1313)
-
- 18 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 3月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 2月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 01 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 08 12月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 15 2月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Move compression, point2oct and oct2point functions into separate files. Add a flags field to EC_METHOD. Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions (all existing methods do this). This removes dependencies from EC_METHOD while keeping original functionality.
-
- 27 4月, 2005 1 次提交
-
-
由 Bodo Möller 提交于
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
-
- 07 2月, 2003 1 次提交
-
-
由 Bodo Möller 提交于
Submitted by: Nils Larsch Reviewed by: Bodo Moeller
-
- 18 11月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
-
- 02 8月, 2002 2 次提交
-
-
由 Bodo Möller 提交于
the new method names where _GF... suffixes have been removed. Revert changes to ..._{get/set}_Jprojective_coordinates_...: The current implementation for ECC over binary fields does not use projective coordinates, and if it did, it would not use Jacobian projective coordinates; so it's OK to use the ..._GFp prefix for all this. Add author attributions to some files so that it doesn't look as if Sun wrote all of this :-)
-
由 Bodo Möller 提交于
Submitted by: Duglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com> (CHANGES entries by Bodo Moeller)
-
- 10 6月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
and make some appropriate changes to the EC library. Submitted by: Nils Larsch
-
- 08 5月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are implemented directly in crypto/ec/ec_lib.c and not dispatched to methods. Also fix EC_GROUP_copy to copy the NID.
-
- 20 3月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
Restructure implementation of EC_GROUP_check(). Submitted by: Nils Larsch
-
- 18 3月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
Add some WTLS curves. New function EC_GROUP_check() (this will probably be implemented differently soon). Submitted by: Nils Larsch Reviewed by: Bodo Moeller
-
- 11 3月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
multiplication of an arbitrary number of points.
-
- 09 3月, 2001 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
and an ectest.c that actually tests something.
-
- 08 3月, 2001 3 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
including EC arithmetics derived from Lenka Fibikova's code (with some additional optimizations).
-
- 07 3月, 2001 4 次提交
-
-
由 Bodo Möller 提交于
(they can't do much useful, but they will have to set pointers to NULL)
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
Initial EC_GROUP_new_curve_GFp implementation.
-
- 06 3月, 2001 3 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
previous commit).
-
由 Bodo Möller 提交于
Add EC vaporware: change relevant Makefiles and add some empty source files. "make update".
-
- 04 6月, 1999 1 次提交
-
-
由 Ben Laurie 提交于
-
- 30 1月, 1999 1 次提交
-
-
由 Ben Laurie 提交于
-
- 24 1月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 17 1月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be used but OpenSSL doesn't currently support it. This patch adds several files and a bunch of functions. Of interest is the ASN1_TIME structure and its related functions. At several points certificates, CRLs et al specify that a time can be expressed as a choice of UTCTime and GeneralizedTime. Currently OpenSSL interprets this (wrongly) as UTCTime because GeneralizedTime isn't supported. The ASN1_TIME stuff provides this functionality. Still todo is to trace which cert and CRL points need an ASN1_TIME and modify the utilities appropriately and of course fix all the bugs. Note new OpenSSL copyright in the new file a_time.c. I didn't put it in a_gentm.c because it is a minimally modified form a_utctm.c . Since this adds new files and error codes you will need to do a 'make errors' at the top level to add the new codes.
-