| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Both our remaining EC_METHODs use the methods that used to be called
ec_GFp_simple_{oct2point,point2oct}() so there's no need for the function
pointer indirection. Make the public API call them directly.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a few local variables to make the checks at the start slightly less
unappealing. Use those to simplify the conditionals a bit and avoid a
particularly silly exit code. ok is set unless ret is 0, so what do you
think 'return (ok ? ret : 0);' returns? By the way, ret < 0 is an error
as well.
While most of the stuff in this file could use a lot more cleanup, I think
the first layer of cockroaches has been exterminated and there's even some
faint golden glimmer between the turds.
Let's shelve the biohazard warnings for now.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
a is a stupid name for an EC_key, so is ret. Pull apart the tests at the
start and check the length for negativity (long is always the wrong type).
Switch to ec_point_from_octets() and let it determine the point conversion
form rather than having yet another copy of the same ugly stanza.
Set the form on the key using EC_KEY_set_conv_form() (which also affects
the group on the key, so this is a slight change of behavior). Why on earth
this function returns the EC_KEY passed in, I'll never know.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn the function into single exit and use ec_point_to_octets() to avoid
the point2oct dance. Ensure that the buf_len size_t doesn't get truncated
by the int return.
While we could avoid an allocation in case out == NULL, we don't do so.
In case out != NULL and *out != NULL this API assumes *out has sufficient
room, copies the result into it and advances *out past it. This is just
asking for trouble (of course, i2d has the same misfeature). Don't use
this if you can help it.
Unfortunately, OpenSSH couldn't help it in at least one spot (that one's
on BoringSSL's allocator not returning an allocated pointer that you can
pass to free). We had to do it lest people run RedHat patches of dubious
quality. For: FIPS the monkey must be pleased at all cost.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
|
| |
This is slightly asymmetric with EC_POINT_point2bn() and different from
the other "print" functions since it has to deal with the asymmetry
between BN_bin2bn() and BN_bn2bin() and allocate itself. Still, we can
make this substantially shorter than it previously was.
ok jsing
|
| |
|
|
|
|
|
| |
This is inverse to ec_point_to_asn1_bit_string(). Use it to simplify the
ec_key_set_public_key() helper.
ok jsing
|
| |
|
|
|
|
|
| |
This is inverse to ec_point_to_asn1_octet_string() but again a lot
simpler. Simplify ec_asn1_set_group_parameters() by using it.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is a wrapper that is the reverse of ec_point_to_octets(). It is a
bit simpler since EC_POINT_oct2point() expects the point to be allocated
already. It also hands back the correctly parsed point conversion form
so that we don't have to do this by hand in a few places.
ok jsing
|
| |
|
|
|
|
| |
This can do the reverse dance: chain BN_hex2bn() with EC_POINT_bn2point().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of doing everything by hand, this can use EC_POINT_point2bn()
and chain it with BN_bn2hex(), slashing the number of lines in half.
This removes one of the ten remaining "01234567890ABCDEF" strings from
libcrypto. Unfortunately, none of the nine others is used in an API that
could convert the octet string directly, so we use that ugly detour via
a bignum. Still it's better than what was there.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
While it makes little sens to place either one of the uncompressed, the
compressed or the hybrid X9.62 octet string encoding of an elliptic curve
point into a BIGNUM, it is what this API does. It's ec_point_to_octets()
followed by BN_bin2bn().
ok jsing
|
| |
|
|
|
| |
Garbage collect the ok variable and some comments from captain obvious,
wrap a long line and tidy up the exit path.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This adds a specialized helper for creating an ASN.1 bit string
out of an elliptic curve point (the public key) and use it in
i2d_ECPrivateKey().
ok jsing
|
| |
|
|
|
|
|
|
| |
This adds a specialized helper for creating an ASN.1 octet string
out of an elliptic curve point (the generator). Use this to simplify
ec_asn1_group2parameters().
ok jsing
|
| |
|
|
|
|
|
|
|
| |
EC_POING_point2oct() is annoying to use since its invocation involves
two calls: one to determine the space to allocate and one to pass the
buffer and perform the actual conversion. Wrap this dance in a helper
with the correct signature.
ok jsing
|
| | |
|
| |
|
|
|
| |
EC_KEY_set_public_key() sets a copy, so it doesn't take ownership and
hence pub_key must not be nulled out on success.
|
| |
|
|
| |
(will be fixed shortly).
|
| |
|
|
|
| |
Can't replace it with adding the point to itself since that also leaks
(another doc bug). Who would've thought.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The private key is a random integer between 1 and order - 1. As such it
requires at most as many bytes as the order to encode. SEC 1, Section C.4
is very explicit about padding it to this length:
The component privateKey is the private key defined to be the octet
string of length [ceil(log_2 n/8)] (where n is the order of the curve)
obtained from the unsigned integer via the encoding of Section 2.3.7.
Fix this by generalizing a similar fix for field elements.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the public key is not part of the ECPrivateKey, it needs to be
computed. Rather than doing this ad hoc inline, use the function
from the ameth that already does this.
If it is present, decode it after checking that its unused bits octet
is zero. Again use the dedicated setter API to honor an eventual
EC_KEY_METHOD.
There remains a gross bit reading the point point conversion form out of
the first octet of the bit string. This will go away in a later commit.
ok jsing
|
| |
|
|
|
|
| |
This helper will be needed in a subsequent commit.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Contrary to domain parameters and public key, the private key most be
part of the DER. Convert that to a BIGNUM and set it on the EC_KEY.
Use the dedicated setter for this (which will possibly call the handler
of the EC_KEY_METHOD) rather than doing this by hand.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to decode a private key, the group must be known in some way.
Typically, the group is encoded in the EC domain parameters, preferably
as a named curve (this is mandatory in PKIX per RFC 5480).
However, the group could be absent because the domain parameters are
OPTIONAL in the ECPrivateKey SEQUENCE. In that case the code falls
back to the group that may already be set on the EC_KEY. Now there is
no way to tell whether that group is the right one...
In any case. Split this thing out of the body of d2i_ECPrivateKey()
to make that function a bit less of an eyesore.
ok jsing
|
| | |
|
| | |
|
| |
|
|
| |
It doesn't currently need ec_local.h, but it will soon, so leave it there.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Reduces an upcoming diff which is hard enough to review without these
distractions.
|
| | |
|
| | |
|
| | |
|
