| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the public key is not part of the ECPrivateKey, it needs to be
computed. Rather than doing this ad hoc inline, use the function
from the ameth that already does this.
If it is present, decode it after checking that its unused bits octet
is zero. Again use the dedicated setter API to honor an eventual
EC_KEY_METHOD.
There remains a gross bit reading the point point conversion form out of
the first octet of the bit string. This will go away in a later commit.
ok jsing
|
| |
|
|
|
|
| |
This helper will be needed in a subsequent commit.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Contrary to domain parameters and public key, the private key most be
part of the DER. Convert that to a BIGNUM and set it on the EC_KEY.
Use the dedicated setter for this (which will possibly call the handler
of the EC_KEY_METHOD) rather than doing this by hand.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to decode a private key, the group must be known in some way.
Typically, the group is encoded in the EC domain parameters, preferably
as a named curve (this is mandatory in PKIX per RFC 5480).
However, the group could be absent because the domain parameters are
OPTIONAL in the ECPrivateKey SEQUENCE. In that case the code falls
back to the group that may already be set on the EC_KEY. Now there is
no way to tell whether that group is the right one...
In any case. Split this thing out of the body of d2i_ECPrivateKey()
to make that function a bit less of an eyesore.
ok jsing
|
| | |
|
| | |
|
| |
|
|
| |
It doesn't currently need ec_local.h, but it will soon, so leave it there.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Reduces an upcoming diff which is hard enough to review without these
distractions.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Of course the four stunning beauties in there aren't printing anything.
the hex family converts an elliptic curve point's X9.62 encoding into a
hex string (which kind of makes sense, you can print that if you want).
Much more astounding is EC_POINT_point2bn() where the X9.62 octet string
is interpreted as a BIGNUM. Yes, the bignum's hex digits are the point
conversion form followed by the affine coordinate(s) of the elliptic
curve point, and yes you can choose between compressed, uncompressed,
and hybrid encoding, why do you ask? This doesn't really make any sense
whatsoever but of course you can also print that if you really want to.
Of course the beloved platinum members of the "gotta try every terrible
OpenSSL interface" club had to use and expose this.
|
| |
|
|
|
| |
This can't be perfectly symmetric, but the logic is now roughly the same
in both these functions.
|
| | |
|
| | |
|
| |
|
|
|
| |
No need to guard free() with a NULL check, check explicitly against 0
and rename p to seed.
|
| | |
|
| |
|
|
| |
Some test cases are disabled since they exercise an upcoming bug fix.
|
| | |
|
| |
|
|
| |
CID 511280
|
| | |
|
| |
|
|
|
|
| |
point to an octet string and match with the initial octet string.
would have caught the regression found by anton
|
| |
|
|
|
|
|
|
| |
This is annoying since it undoes some polishing done before commit and
reintroduces an unpleasant asymmetry.
found by anton via openssl-ruby tests
ok jsing
|
| |
|
|
| |
... is obviously r.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Factor ad-hoc inline code into helper functions. Use CBB and
BN_bn2binpad() instead of batshit crazy skip loops and pointer
banging. With all this done, the function becomes relatively
streamlined and pretty much symmetric with the new oct2point()
implementation.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Transform the spaghetti in here into something more readable. Factor
various inline checks into helper functions to make the logic clearer.
This is a bit longer but a lot safer and simpler. It accepts exactly
the same input as the original version.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SEC 1 standard defines various ways of encoding an elliptic curve
point as ASN.1 octet string. It's also used for the public key, which
isn't an octet string but a bit string for whatever historic reason.
The public API is incomplete and inconvenient, so we need to jump
through a few hoops to support it and to preserve our own sanity.
Split a small helper function out of ec_GFp_simple_point2oct() that
checks that a uint8_t represents a valid point conversion form. It
supports exactly the four possible variants and helps translating
from point_conversion_form_t at the API boundary.
Reject the form for the point at infinity since the function has
historically done that even for the case that the point actually is
the point at infinity.
ok jsing
|
| | |
|
| |
|
|
| |
breaks tree as noted by krw
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
All internal uses of EC_METHOD_get_field_type() and EC_GROUP_method_of()
are chained together. Implement this as a single API call that takes a
group and use it throughout. Gets rid of another eyesore in this part of
the tree. Not that there will be a shortage of eyesores anytime soon...
ok jsing
|
| |
|
|
|
|
|
|
| |
We can just reach into the group to obtain its EC_GROUP_METHOD. After all
ec_local.h has to be in scope. This will permit marking this ugly API as
unused internally after the next commit.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This makes the thing a bit easier on the eyes and improves greppability.
ok joshua jsing
|
| |
|
|
| |
ok joshua jsing
|
| |
|
|
|
|
| |
Move the IA32 specific code to arch/{amd64,i386}/crypto_cpu_caps.c, rather
than polluting cryptlib.c with machine dependent code. A stub version of
crypto_cpu_caps_ia32() still remains for now.
|
