openbsd/src/lib/libcrypto/ec, branch libressl-v3.7.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.7.0 2022-11-26T16:08:57+00:00 Make internal header file names consistent 2022-11-26T16:08:57+00:00 tb 2022-11-26T16:08:57+00:00 urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook Merge the second y_bit check into the first one where it belongs 2022-11-24T16:35:32+00:00 tb 2022-11-24T16:35:32+00:00 urn:sha1:cf3a5be6cf84070680e94e6df708c8310f8efaa3 suggested by jsing Simplify y_bit handling in compressed coordinates 2022-11-24T16:34:13+00:00 tb 2022-11-24T16:34:13+00:00 urn:sha1:833e1d7e12afb3ff8037f9cfbe7e6ffb31dc5a61 If y_bit is set for a zero y, something is wrong and we can error directly. No need to run the non-trivial BN_kronecker() to check if BN_mod_sqrt() lied or not, only to set a more specific error code. ok jsing Clean up EC_METHOD and EC_GROUP definitions 2022-11-24T16:29:09+00:00 tb 2022-11-24T16:29:09+00:00 urn:sha1:703ef4d4e65c0c035afd95b2f929058f2493b060 Remove obvious comments, wrap long lines and general KNF cleanup. Format and rephrase the more important comments. Discussed with jsing Change bn_expand()/bn_wexpand() to indicate failure/success via 0/1. 2022-11-24T01:30:01+00:00 jsing 2022-11-24T01:30:01+00:00 urn:sha1:fb8d4760ac6775963983a2690ca829edbf8324c4 Currently bn_expand()/bn_wexpand() return a BIGNUM *, however none of the callers use this (and many already treat it as a true/false value). Change these functions to return 0 on failure and 1 on success, revising callers that test against NULL in the process. ok tb@ Call bn_expand() rather than handrolling an equivalent. 2022-11-24T01:24:37+00:00 jsing 2022-11-24T01:24:37+00:00 urn:sha1:5fe0bca4c4dce3311d4a51415b3cb0f2f8a480a4 The current code manually calculates words from bits and then calls bn_wexpand() - call bn_expand() with bits instead. ok tb@ Fix leaks in ecx_set_{priv,pub}_key() 2022-11-23T07:37:06+00:00 tb 2022-11-23T07:37:06+00:00 urn:sha1:633b0eb3e13dc0d12957fc51e10fc9932f31a784 When ecx_key_set_{priv,pub}() fails, ecx_key is leaked. CID 377014 From jsing Remove bn_* defines/prototypes. 2022-11-23T02:13:24+00:00 jsing 2022-11-23T02:13:24+00:00 urn:sha1:41670669dfdb059f3bb035d2ddb3a0d5bbebaf27 These now come directly via bn_lcl.h. ok tb@ Fix some whitespace and comment formatting 2022-11-22T21:54:01+00:00 tb 2022-11-22T21:54:01+00:00 urn:sha1:ae3a9d7c2552ee723387fc23b27aeb817536d498 Fix an annoying quirk in the EC code 2022-11-19T07:29:29+00:00 tb 2022-11-19T07:29:29+00:00 urn:sha1:6d17e444a831167b313a7a4551c81554a139c837 Dealing with elliptic curves makes some people think that it would be kind of neat to multiply types with variable names. Sometimes. Only in function definitions.