openbsd/src/lib/libcrypto/ecdh, branch libressl-v4.1.2

Simplify ECDH_size() by using BN_num_bytes()

2025-02-17T09:25:45+00:00

ok jsing

Remove some unneeded includes from ecdh.c

2023-07-28T09:31:21+00:00

Pull up zeroing of out; drop unnecessary check

2023-07-28T09:30:22+00:00

Move the zeroing of the output buffer a few lines up and remove an unnecessary check. requested/ok jsing

Rename buflen to buf_len, use calloc/freezero

2023-07-28T09:29:24+00:00

Some cosmetic tweaks in ecdh_compute_key(). Rename buflen to buf_len to match out_len, use calloc() and freezero(). ok jsing

Move KDF handling to ECDH_compute_key()

2023-07-28T09:28:37+00:00

In OpenSSL e2285d87, the KDF handling was moved from the compute_key() method into the public API. A consequence of this change is that the ECDH_compute_key() API no longer returns -1 for some errors. Existing checks for <= 0 are safe as are those checking for the exact length as return value, which is all what the ecosystem seems to be doing. ok jsing

Merge ecdh.h into ec.h

2023-07-28T09:25:12+00:00

The remaining two ECDH interfaces are relocated into ec.h. ecdh.h remains. It does nothing but include ec.h. ok jsing

Excise ECDH_METHOD

2023-07-28T09:22:26+00:00

Unlike ECDSA_METHOD, this has been unused forever but kind of needed to stay for symmetry with ECDSA_METHOD. Now we can finally take it behind the barn and remove its tendrils into ENGINE. ok jsing

Remove ECDH errors

2023-07-28T09:19:59+00:00

Much like the ECDSA errors, the ECDH errors have been unused for a while. Garbage collect them. ok jsing

Fix two EC_POINT_is_on_curve() checks

2023-07-24T17:08:53+00:00

This API can fail for various reasons, in which case it returns -1, so you need to check if (EC_POINT_is_on_curve_checks(...) <= 0). ok miod

Revert accidental addition of cofactor ECDH support

2023-07-12T08:54:18+00:00

This snuck in with ech_key.c r1.33 because I committed from a dirty tree.