summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* {d2i,i2d}_ECParameters() also want a bit of exercisingtb2024-10-261-1/+28
|
* d2i_ECPrivateKey: move the version setting where it belongstb2024-10-261-2/+2
|
* d2i_ECPrivateKey: minor cleanup for entry and exit pathtb2024-10-261-13/+13
| | | | | Reduces an upcoming diff which is hard enough to review without these distractions.
* a and ret aren't great names for EC_KEYstb2024-10-261-26/+26
|
* Mechanically rename priv_key to ec_privatekeytb2024-10-261-27/+27
|
* ec_asn1_test: play some silly games to cover a few more code pathstb2024-10-261-1/+47
|
* Add regress coverage for ec_print.ctb2024-10-261-2/+889
| | | | | | | | | | | | | | | | | Of course the four stunning beauties in there aren't printing anything. the hex family converts an elliptic curve point's X9.62 encoding into a hex string (which kind of makes sense, you can print that if you want). Much more astounding is EC_POINT_point2bn() where the X9.62 octet string is interpreted as a BIGNUM. Yes, the bignum's hex digits are the point conversion form followed by the affine coordinate(s) of the elliptic curve point, and yes you can choose between compressed, uncompressed, and hybrid encoding, why do you ask? This doesn't really make any sense whatsoever but of course you can also print that if you really want to. Of course the beloved platinum members of the "gotta try every terrible OpenSSL interface" club had to use and expose this.
* Cosmetic tweak to make point2oct and oct2point more symmetrictb2024-10-251-7/+12
| | | | | This can't be perfectly symmetric, but the logic is now roughly the same in both these functions.
* Use macros describing the intent rather than #if 0tb2024-10-251-8/+38
|
* ec_asn1: make two helpers statictb2024-10-251-3/+3
|
* Minor cosmetic tweaks for EC_GROUP_set_seed()tb2024-10-251-9/+8
| | | | | No need to guard free() with a NULL check, check explicitly against 0 and rename p to seed.
* ec_asn1: fix some NULL misspellingstb2024-10-251-4/+4
|
* Add regress for {d2i,i2d}_ECPrivateKey() and {o2i,i2o}_ECPublicKey()tb2024-10-251-1/+1003
| | | | Some test cases are disabled since they exercise an upcoming bug fix.
* Fix argument names: des_in -> der_in and des_out -> der_outtb2024-10-242-19/+19
|
* Add missing error check for CBB_init_fixed()tb2024-10-241-4/+5
| | | | CID 511280
* ec_point_conversion: cosmeticstb2024-10-231-4/+4
|
* ec_point_conversion: extend test coverage by translating back thetb2024-10-231-2/+76
| | | | | | point to an octet string and match with the initial octet string. would have caught the regression found by anton
* EC_POINT_point2oct() need to special case the point at infinitytb2024-10-231-4/+10
| | | | | | | | This is annoying since it undoes some polishing done before commit and reintroduces an unpleasant asymmetry. found by anton via openssl-ruby tests ok jsing
* EC_get_builtin_curves(): the most appropriate name for a list of curves...tb2024-10-231-5/+5
| | | | ... is obviously r.
* remove duplicate defines; ok tb@jsg2024-10-233-13/+3
|
* remove duplicate X509v3_asid_add_id_or_range.3 linejsg2024-10-221-2/+1
|
* Move a check for hybrid point encoding into a helper functiontb2024-10-221-7/+14
|
* Rewrite ec_GFp_simple_point2oct() using CBBtb2024-10-221-63/+90
| | | | | | | | | | Factor ad-hoc inline code into helper functions. Use CBB and BN_bn2binpad() instead of batshit crazy skip loops and pointer banging. With all this done, the function becomes relatively streamlined and pretty much symmetric with the new oct2point() implementation. ok jsing
* Rewrite ec_GFp_simple_oct2point() using CBStb2024-10-221-57/+86
| | | | | | | | | Transform the spaghetti in here into something more readable. Factor various inline checks into helper functions to make the logic clearer. This is a bit longer but a lot safer and simpler. It accepts exactly the same input as the original version. ok jsing
* Start cleaning up oct2point and point2octtb2024-10-221-5/+41
| | | | | | | | | | | | | | | | | | | The SEC 1 standard defines various ways of encoding an elliptic curve point as ASN.1 octet string. It's also used for the public key, which isn't an octet string but a bit string for whatever historic reason. The public API is incomplete and inconvenient, so we need to jump through a few hoops to support it and to preserve our own sanity. Split a small helper function out of ec_GFp_simple_point2oct() that checks that a uint8_t represents a valid point conversion form. It supports exactly the four possible variants and helps translating from point_conversion_form_t at the API boundary. Reject the form for the point at infinity since the function has historically done that even for the case that the point actually is the point at infinity. ok jsing
* Suppress warning noise from deprecated OpenSSL APItb2024-10-221-1/+2
|
* Revert marking EC_GROUP_method_of() and EC_METHOD_get_field_type() unusedtb2024-10-221-3/+3
| | | | breaks tree as noted by krw
* ecp_oct.c: add missing includestb2024-10-221-1/+5
|
* Mark EC_GROUP_method_of() and EC_METHOD_get_field_type() as unusedtb2024-10-221-3/+3
| | | | ok jsing
* Provide and use ec_group_get_field_type()tb2024-10-224-8/+17
| | | | | | | | | All internal uses of EC_METHOD_get_field_type() and EC_GROUP_method_of() are chained together. Implement this as a single API call that takes a group and use it throughout. Gets rid of another eyesore in this part of the tree. Not that there will be a shortage of eyesores anytime soon... ok jsing
* Inline a use of EC_GROUP_method_of()tb2024-10-221-2/+2
| | | | | | | | We can just reach into the group to obtain its EC_GROUP_METHOD. After all ec_local.h has to be in scope. This will permit marking this ugly API as unused internally after the next commit. ok jsing
* ec_ameth.c: fix includestb2024-10-201-3/+9
|
* ec_asn1: add missing includestb2024-10-201-2/+6
|
* ec_curve: add missing includestb2024-10-201-1/+5
|
* zap an empty linetb2024-10-201-2/+1
|
* Make ec EVP_PKEY_CTRL_MD handler match dsa/rsa more closelytb2024-10-191-11/+14
| | | | | | This makes the thing a bit easier on the eyes and improves greppability. ok joshua jsing
* Drop a useless cast in pkey_dsa_ctrl()tb2024-10-191-2/+2
| | | | ok joshua jsing
* Remove IA32 specific code from cryptlib.c.jsing2024-10-195-41/+29
| | | | | | Move the IA32 specific code to arch/{amd64,i386}/crypto_cpu_caps.c, rather than polluting cryptlib.c with machine dependent code. A stub version of crypto_cpu_caps_ia32() still remains for now.
* Remove unused sparc CPU capability detection code.jsing2024-10-193-204/+1
| | | | | | | This has been unused for a long time - it can be found in the attic if someone wants to clean it up and enable it in the future. ok tb@
* EC_GROUP_check(): zap useless commentstb2024-10-191-4/+3
|
* Move EC_GROUP_check() to ec_lib.ctb2024-10-193-115/+57
| | | | EC_GROUP_check() is quite simple. It doesn't need to use its own file.
* ec_asn1_test: simplify previoustb2024-10-181-7/+4
|
* ec_asn1_test: call EC_GROUP_check() for the builtin curvestb2024-10-182-59/+13
| | | | | This makes the internal curve test in ectest.c superfluous. Also fix a logic error.
* Simplify EC_get_builtin_curves().tb2024-10-181-4/+5
| | | | | When determining the minimum of nitems and EC_CURVE_LIST_LENGTH we need neither an extra variable nor a ternary operator.
* Use better naming in ec_curve.ctb2024-10-181-33/+33
| | | | | | | Rename struct ec_list_element into struct ec_curve. Accordingly, curve_list becomes struct ec_curve ec_curve_list[]. Adjust internal API to match. suggested by jsing
* ec_asn1_test: adjust for rejection of non-builtin curve parameterstb2024-10-181-14/+2
|
* Enforce that EC Parameters correspond to a builtin curvetb2024-10-183-3/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | EC parameters are very general. While there are some minimal sanity checks, for the parameters due to DoS risks found in the last decade, the elliptic curve code is poorly written and a target rich environment for NULL dereferences, busy loops, expensive computations and whatever other nastiness you can think of. It is not too hard to come up with parameters that reach very ugly code. While we have removed for the worst of it (the "fast" nist code and GF2m come to mind), the code very much resembles the Augean Stables. Unfortunately, curve parameters are still in use - even mandatory in some contexts - for example in machine-readable travel documents signed by ICAO country signing certification authorities (see ICAO Doc 9303). To avoid many of these DoS vectors, start enforcing that we know what the curve parameters are about, namely that they correspond to a builtin curve. This way we know that the parameters are at least as good as the standards we implement and checking this is cheap: Translate curve parameters into the ad hoc representation in the builtin curve code and check there's a match. That's very cheap since most curves are distinguished by cofactor and parameter length and we need to use an actual parameter comparison for at most half a dozen curves, usually only one or two. ok jsing
* Remove now unused x86cpuid.pl.jsing2024-10-181-153/+0
|
* Provide crypto_cpu_caps_init() for i386.jsing2024-10-183-10/+120
| | | | | | | This is the same CPU capabilities code that is now used for amd64. Like amd64 we now only populate OPENSSL_ia32cap_P with bits used by perlasm. Discussed with tb@
* Remove now unused x86_64cpuid.pl.jsing2024-10-181-147/+0
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 17:10:41 +0000