summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* When describing v3 crypt, be specific as to which machine was simulated.jsg2025-01-091-3/+3
| | | | feedback jmc@ ok deraadt@ schwarze@
* ec_lib.c: zap stray empty line at end of filetb2025-01-091-2/+1
|
* check_discriminant: make the assumptions on p, a, b more explicittb2025-01-091-2/+3
| | | | requested by jsing
* Improve order of things in BN_RECP_CTX_set()tb2025-01-081-3/+4
| | | | + some whitespace cosmetics
* Remove parentheses in return statementstb2025-01-081-8/+8
|
* Add a space after commatb2025-01-081-3/+3
|
* Remove superfluous parenthesestb2025-01-081-13/+13
|
* X509_NAME_print() also fails to indenttb2025-01-081-5/+6
|
* X509_NAME_print: remove lie about multiple lines being usedtb2025-01-071-4/+2
| | | | | | | | | | | | | OpenSSL commit 92ada7cc (2007) removed some dead code with flawed logic attempting to print multiple lines if the line exceeded 80 characters. Said flawed logic was there since the start of the git history importing SSLeay 0.8.1b in 1998 and never worked. Rumor has it that it did work prior to that. Be that as it may, it's just wrongly documented since Henson added the docs in commit 0711be16 (2002). Prompted by OpenSSL issue #18004 by davidben https://github.com/quictls/quictls/pull/168 https://github.com/quictls/quictls/issues/75
* Rewrite TS_ASN1_INTEGER_print_bio()tb2025-01-071-14/+19
| | | | | | | | | | | | | | This eliminates another stupid BN_free(&bn) and uses BIO_printf() rather than a ludicrously silly result dance. In fact it appears that this dance was so hard to grok that OpenSSL misread it and made this function return the value -1 on ASN1_INTEGER_to_BN() failure, a value that it had never returned before. It doesn't matter anyway. The only uses of this function are internal to OpenSSL's code and since TS fully conforms to OpenSSL's high QA standards, no caller checks the return of TS_ASN1_INTEGER_print_bio(). ok jsing
* Remove stale comment about methods and memberstb2025-01-071-6/+1
|
* Check discriminant directly in EC_GROUP_set_discriminant()tb2025-01-073-68/+47
| | | | | | | | | | After possibly decoding a and b in EC_GROUP_get_curve(), this is a pure calculation in GFp and as such doesn't make use of any method-specifics. Let's perform this calculation directly in the public API implementation rather than redirecting through the methods and remove yet another method handler. ok jsing
* unitialized -> uninitializedtb2025-01-061-2/+2
|
* ec_lib: create a garbage bin at the end, throw Jprojective stuff in theretb2025-01-061-19/+24
|
* Inline the last two uses of ec_mont_group_clear()tb2025-01-061-14/+11
|
* typo: slighty -> slightlytb2025-01-061-2/+2
|
* group_copy() is no longer a thing...tb2025-01-061-3/+1
|
* Remove get_order_bits() and get_degree() methodstb2025-01-063-28/+5
| | | | | | | The degree made some sense when EC2M was a thing in libcrypto. Fortunately that's not the case anymore. The order handler never made sense. ok jsing
* More dest -> dst renaming missed in previoustb2025-01-061-8/+8
| | | | requested by jsing
* Rename dest into dsttb2025-01-061-21/+21
| | | | requested by jsing
* Inline the copy handlers in EC_GROUP_copy()tb2025-01-062-51/+19
| | | | | | This is another bit of indirection that makes this code so hard to follow. ok jsing
* Use a slightly more sensible order in ec_local.htb2025-01-061-36/+33
|
* BN_div_recp() can't be static since it is directly exercised by bn_test.ctb2025-01-062-3/+5
|
* fix ugly whitespacetb2025-01-061-4/+4
|
* Revise comments to note that these are Jacobian projective coordinates.jsing2025-01-061-3/+6
|
* Shuffle functions into a more sensible ordertb2025-01-062-42/+39
| | | | | | BN_reciprocal() is only called by BN_div_recp() which in turn is only called by BN_mod_mul_reciprocal(). So use this order and make the first two static.
* Remove indirection for coordinate blinding.jsing2025-01-063-28/+4
| | | | | | | This is usually method specific, so remove the indirection and call the appropriate blinding function directly. ok tb@
* Stop caching one in the Montgomery domaintb2025-01-063-56/+16
| | | | | | | | | | | | This is only used by ec_points_make_affine(), which is only used by the wNAF multiplication, which is only used by ECDSA. We can afford computing that one once per ECDSA verification given the cost of the rest of this. Thus, the field_set_to_one() member disappears from the EC_METHOD and the mont_one member disappears from EC_GROUP and with it all the complications when setting/copying/freeing the group. ok jsing
* Prepare removal accessors for Jprojective coordinatestb2025-01-063-150/+16
| | | | | | | | | | | | | | | | | That the BN-driven EC code uses Jacobian projective coordinates as an optimization is an implementation detail. As such this should never have leaked out of the library as part of the public API. No consumer should ever care and if they do they're doing it wrong. The only port that cares is one of those stupid little perl modules that expose all the things and transform terrible OpenSSL regress tests into similarly horrible Perl. In practice, only affine coordinates matter (perhaps in compressed form). This prunes two more function pointers from EC_GROUP and prepares the removal of the field_set_to_one() method which is now only used in ec_points_make_affine(). ok jsing sthen
* An -> Thetb2025-01-061-2/+2
| | | | | There's only one inverse and in standard affine coordinates it only has one representation.
* Print the inverse in affine coordinatestb2025-01-061-8/+3
| | | | | This way we can get rid of the stupidity that is publicly exposed Jprojective coordinates soon.
* Let's use RSA_3 rather than 3tb2025-01-051-2/+2
|
* Move BIGNUMs in EC_GROUP and EC_POINT to the heaptb2025-01-055-194/+208
| | | | | | | | | | | | | | | | | | | | | The only way to get an EC_GROUP or an EC_POINT is by calling the relevant _new() function and to get rid of it, something must call _free(). Thus we can establish the invariant that every group has Weierstrass coefficients p, a, b as well as order and cofactor hanging off it. Similarly, Every point has allocated BIGNUMs for its Jacobian projective coordinates. Unfortunately, a group has the generator as an optional component in addition to seed and montgomery context/one (where optionality makes more sense). This is a mostly mechanical diff and only drops a few silly comments and a couple of unnecessary NULL checks since in our part of the wrold the word invariant has a meaning. This should also appease Coverity who likes to throw fits at calling BN_free() for BIGNUM on the stack (yes, this is actually a thing). ok jsing
* Stop setting RSA_FLAG_SIGN_VERtb2025-01-051-2/+1
| | | | With rsa_sign.c r1.37 this is no longer needed.
* Remove most of the RSA_FLAG_SIGN_VER documentationtb2025-01-052-33/+6
| | | | ok jsing kn
* Stop requiring the RSA_FLAG_SIGN_VERtb2025-01-052-7/+5
| | | | | | | | | | | | | | | | | | | | You can set custom sign and verify handlers on an RSA method (wihch is used to create RSA private and public key handles). However, even if you set them explicitly with RSA_meth_set_{sign,verify}(3), these handlers aren't used for the sake of "backward compatibility" (with what?). In order to use them, you need to opt your objects into using the custom methods you set by setting the RSA_FLAG_SIGN_VER flag. OpenSSL 1.1 dropped this requirement and therefore nobody sets this flag anyore. Like most of the mechanically added accessors, almost nothing uses them, but, as found by kn, the yubco-piv-tool does. This resulted in a public key being passed to rsa_private_encrypt(), which of course doesn't end well. So follow OpenSSL 1.1 and drop this muppetry. This makes kn's problem with yubico-piv-tool go away. ok jsing kn
* rsa_method_test: some consistency tweakstb2025-01-041-6/+5
|
* fix typotb2025-01-041-2/+2
|
* Add some regress coverage for custom RSA methodstb2025-01-042-1/+280
| | | | | This currently only covers sign and verify since other parts are already known to work in practice. Prompted by a bug report by kn
* rsa tests: tidy up the makefiletb2025-01-041-7/+8
|
* termianted -> terminatedtb2025-01-031-2/+2
|
* Fix typo: multipy -> multiplytb2025-01-032-18/+18
| | | | | Reflow the comment to avoid some very unfortunate line wraps. "Note that" is like "literally" a bunch of generally useless noise and best omitted.
* Remove now unnecessary initialization of c and itb2025-01-031-2/+2
|
* Remove unnecessary early return if num == 0tb2025-01-031-4/+1
| | | | Review feedback by jsing
* Make obj_bsearch_ex() resemble libc bsearch() a bit moretb2025-01-031-16/+12
| | | | ok jsing
* Remove some gloriously outdated commentstb2025-01-021-5/+1
| | | | | | | /*#define SSL_HOST_NAME "www.netscape.com" */ /*#define SSL_HOST_NAME "193.118.187.102" */ and /*#define TEST_CERT "client.pem" *//* no default cert. */
* Merge testdsa.h and tesrsa.h into speed.ctb2025-01-023-781/+712
| | | | | | | | | | | | Having constant arrays in a header is just stupid (whether the constants are static or not), and most of the contents of these two headers clearly belongs into a C file. Since the garbage pile that is speed.c was not ugly enough, merge all of it there, since it is the only consumer. discussed with jsing PS: still waiting for that elusive volunteer who reworks libdes's speed.c into something resembling C code.
* Remove some pointless header guards. The headers are in scope.tb2025-01-021-7/+1
|
* Merge s_apps.h into apps.htb2025-01-028-169/+47
| | | | discussed with jsing
* openssl(1) doesn't need 5 .h files: merge timeouts.h into apps.htb2025-01-024-72/+7
| | | | | | This is an extra header for two stupid constants... discussed with jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 19:36:34 +0000