summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* cryptlib.h: adjust header guard for upcoming surgerytb2024-11-0514-16/+16
| | | | | | | | It is gross that an internal detail leaked into a public header, but, hey, it's openssl. No hack is too terrible to appear in this library. opensslconf.h needs major pruning but the day that happens is not today. ok jsing
* crypto_local.h is empty, so cryptlib.c doesn't need it right now.tb2024-11-041-2/+1
|
* Rewrite EC_POINT_new() and EC_POINT_dup()tb2024-11-041-27/+34
| | | | | | | | Like most of the code in this file that hasn't been overhauled, these are just terrible. As jsing points out, we will need to ensure that finish() works on a not fully initialized point. That's currently safe. ok jsing
* ec tests: allow linking against eopenssltb2024-11-042-3/+16
|
* affine coordinates: the intention was to move the check, not to copy it...tb2024-11-031-6/+1
| | | | | So... zap the now redundant check. Should have been committed along with ec_lib.c -r1.77
* Move point at infinity check to API boundarytb2024-11-031-2/+7
| | | | | | | | Since we only consider standard affine coordinates, the point at infinity must be excluded. Check at the API boundary that the point isn't the point at infinity rather than hiding this check somewhere in a method. ok jsing
* Add regress coverage for BN_bn2binpad() and BN_bn2lebinpad().jsing2024-11-031-3/+137
|
* Add some additional BN conversion test cases.jsing2024-11-031-3/+21
|
* d2i_ECPKParameters(): unify return statement with rest of filetb2024-11-021-2/+3
|
* netcat: drop caddr_t cast. It's not needed and not portable.tb2024-11-021-2/+2
| | | | From Jonas 'Sortie' Termansen
* ec_convert: remove _OCT also from the macro namestb2024-11-021-24/+24
|
* Fix includes in ec_lib and ecp_smpltb2024-11-022-2/+11
|
* Merge compressed coordinate setting back into ecp_smpl and ec_libtb2024-11-025-286/+140
| | | | The reason these were in separate files was FIPS. Not our problem.
* ec_asn1_test: I somehow managed to commit the version without freezero...tb2024-11-021-3/+4
|
* Assert assumption on CRYPTO_THREADIDtb2024-11-021-1/+2
| | | | | | | | This type has been opaque for a while, and nobody should be able to call this function with id != NULL. If they do, we want to know and it should be noisy. suggested by/ok jsing
* Rewrite/clean up ec_GFp_simple_set_compressed_coordinates()tb2024-11-021-62/+48
| | | | | | | | | | | | | | The biggest change here is that the computation is now performed in the Montgomery domain if we have a Montgomery curve. This avoids constant checking whether need to use plain field operations or whether we can use curve-specific ones. Use a few better variable names and stop attempting to figure out whether the operation failed due to an error in BN_mod_sqrt() or a bad point. All in all this only shaves off 10 lines, but it is astounding what a few tweaks can do to code that looked like Rome in 455 AD. with/ok jsing
* Bye bye CRYPTO_THREADIDtb2024-11-022-37/+2
| | | | | | | | After we ripped it out of RSA blinding and finally the error stack, it can go play in the attic with ENGINE and all the other abominations from this particular keyboard. ok jsing
* Inline last uses of CRYPTO_THREADID in err/tb2024-11-022-19/+10
| | | | | | | | This is another Thorpian obfuscation scheme hiding nasty casts of pthread_t to unsigned long and comparing them. We can do this in a less underhanded way by calling the portable functions directly. ok jsing
* sort includestb2024-11-021-2/+2
|
* More include sweeping in cms.tb2024-11-013-17/+26
|
* Fix includes in cms_env.ctb2024-11-011-9/+10
|
* Drop some pointless parenthesestb2024-11-012-9/+9
|
* Only include cryptlib.h where it's neededtb2024-11-015-25/+31
| | | | Clean up the other includes while there.
* ec_asn1_test: set compressed coordinates for the "simple" generatortb2024-11-011-3/+3
|
* Also exercise the "simple" version of the builtin curves, not only "mont"tb2024-11-011-27/+124
|
* Clean up PPC CPU capabilities and Montgomery code.jsing2024-11-015-1122/+6
| | | | | | | | | | ppc64-mont.pl (which produces bn_mul_mont_fpu64()) is unused on both powerpc and powerpc64, so remove it. ppccap.c doesn't actually contain anything to do with CPU capabilities - it just provides a bn_mul_mont() that calls bn_mul_mont_int() (which ppc-mont.pl generates). Change ppc-mont.pl to generate bn_mul_mont() directly and remove ppccap.c. ok tb@
* Update cert.pem, ok sthentb2024-11-011-59/+592
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New: CommScope /C=US/O=CommScope/CN=CommScope Public Trust ECC Root-01 /C=US/O=CommScope/CN=CommScope Public Trust ECC Root-02 /C=US/O=CommScope/CN=CommScope Public Trust RSA Root-01 /C=US/O=CommScope/CN=CommScope Public Trust RSA Root-02 Cybertrust Japan Co., Ltd. /C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA12 /C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA14 /C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA15 Deutsche Telekom Security GmbH /C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS ECC Root 2020 /C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS RSA Root 2023 Firmaprofesional SA /C=ES/O=Firmaprofesional SA/2.5.4.97=VATES-A62634068/CN=FIRMAPROFESIONAL CA ROOT-A WEB TrustAsia Technologies, Inc. /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3 /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4 Added to existing: /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA CYBER Root CA Deleted: e-commerce monitoring GmbH /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020
* regen cert.pem after sort order change in format-pem.pltb2024-11-011-953/+953
| | | | ok sthen
* Don't lowercase cert subjects when sorting; combined with perl foreach oversthen2024-11-011-5/+5
| | | | | | | | | | a hash returning entries in random order, the order of "COMODO CA Limited" and "Comodo CA Limited" was switching randomly. This results in a bigger change of sort order now, but means that future changes will then be in a repeatable order. ok tb@
* KNFtb2024-11-011-2/+3
|
* Move point_conversion_t conversion to API boundarytb2024-11-011-23/+33
| | | | | | | | | | | | EC_POINT_oct2point() is the only API that needs detailed knowledge about this incomplete enum. [Arguably, the setters for the EC_KEY and EC_GROUP member of that type would also need to be able to validate what's being set, but they can't since they can't fail.] Anyway. Add a helper that lets EC_POINT_oct2point() translate that enum to its internal representation at the API boundary and add a check that ensures that we only encode the point at infinity as the point at infinity. ok jsing
* Garbage collect field_div() member.tb2024-11-011-3/+1
| | | | It was only used by EC2M.
* sorttb2024-11-011-2/+2
|
* Drop the _oct from the function prefixestb2024-10-311-31/+31
| | | | | | | With the functions living in ec_convert now, the oct makes little sense. And ec_oct_oct2point() was too much for poor jsing to bear. requested by jsing
* Retire the oct2point and point2oct EC_METHOD memberstb2024-10-314-32/+10
| | | | | | | | Both our remaining EC_METHODs use the methods that used to be called ec_GFp_simple_{oct2point,point2oct}() so there's no need for the function pointer indirection. Make the public API call them directly. ok jsing
* Clean up the mess in i2d_EC_PRIVATEKEY()tb2024-10-311-16/+36
| | | | | | | | | | | | | | | | Use a few local variables to make the checks at the start slightly less unappealing. Use those to simplify the conditionals a bit and avoid a particularly silly exit code. ok is set unless ret is 0, so what do you think 'return (ok ? ret : 0);' returns? By the way, ret < 0 is an error as well. While most of the stuff in this file could use a lot more cleanup, I think the first layer of cockroaches has been exterminated and there's even some faint golden glimmer between the turds. Let's shelve the biohazard warnings for now. ok jsing
* Clean up o2i_ECPublicKey()tb2024-10-311-14/+17
| | | | | | | | | | | | | a is a stupid name for an EC_key, so is ret. Pull apart the tests at the start and check the length for negativity (long is always the wrong type). Switch to ec_point_from_octets() and let it determine the point conversion form rather than having yet another copy of the same ugly stanza. Set the form on the key using EC_KEY_set_conv_form() (which also affects the group on the key, so this is a slight change of behavior). Why on earth this function returns the EC_KEY passed in, I'll never know. ok jsing
* Rewrite i2o_ECPublicKey()tb2024-10-311-26/+25
| | | | | | | | | | | | | | | | | | | | Turn the function into single exit and use ec_point_to_octets() to avoid the point2oct dance. Ensure that the buf_len size_t doesn't get truncated by the int return. While we could avoid an allocation in case out == NULL, we don't do so. In case out != NULL and *out != NULL this API assumes *out has sufficient room, copies the result into it and advances *out past it. This is just asking for trouble (of course, i2d has the same misfeature). Don't use this if you can help it. Unfortunately, OpenSSH couldn't help it in at least one spot (that one's on BoringSSL's allocator not returning an allocated pointer that you can pass to free). We had to do it lest people run RedHat patches of dubious quality. For: FIPS the monkey must be pleased at all cost. ok jsing
* ecp_oct.c no longer needs bytestring and stdinttb2024-10-311-4/+1
|
* ec_point_to_octets: move out_len initialization up a bittb2024-10-311-3/+3
|
* Expand the introductory comment with references to X9.62 and SEC 1tb2024-10-301-1/+4
|
* Move the point2bn and point2hex API to ec_convert.ctb2024-10-303-146/+84
| | | | discussed with jsing
* Replace hardcoded 1U with EC_OCT_YBITtb2024-10-301-2/+2
|
* Move the GFp-specific point <-> octets functions to ec_convert.ctb2024-10-302-296/+296
| | | | discussed with jsing
* Move public point <-> octets API to a new ec_convert.ctb2024-10-303-131/+202
| | | | discussed with jsing
* Rewrite EC_POINT_bn2point()tb2024-10-301-28/+15
| | | | | | | | | This is slightly asymmetric with EC_POINT_point2bn() and different from the other "print" functions since it has to deal with the asymmetry between BN_bin2bn() and BN_bn2bin() and allocate itself. Still, we can make this substantially shorter than it previously was. ok jsing
* Add ec_point_from_asn1_bit_string()tb2024-10-301-16/+20
| | | | | | | This is inverse to ec_point_to_asn1_bit_string(). Use it to simplify the ec_key_set_public_key() helper. ok jsing
* Add ec_point_from_asn1_octet_string()tb2024-10-301-13/+21
| | | | | | | This is inverse to ec_point_to_asn1_octet_string() but again a lot simpler. Simplify ec_asn1_set_group_parameters() by using it. ok jsing
* Provide ec_point_from_octets()tb2024-10-302-3/+35
| | | | | | | | | This is a wrapper that is the reverse of ec_point_to_octets(). It is a bit simpler since EC_POINT_oct2point() expects the point to be allocated already. It also hands back the correctly parsed point conversion form so that we don't have to do this by hand in a few places. ok jsing
* Rewrite BN_hex2point()tb2024-10-301-11/+12
| | | | | | This can do the reverse dance: chain BN_hex2bn() with EC_POINT_bn2point(). ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:57:08 +0000