| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Much like the ECDSA errors, the ECDH errors have been unused for a
while. Garbage collect them.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface
better. In particular, the EC_KEY sign and verify method accessors are
moved to the right header. Whether the rest of the ECDSA stuff belongs
there is debatable, but that was upstream's choice.
ok jsing
|
| |
|
|
|
|
|
|
| |
After smtpd (in base) and libtls finally switched from ECDSA_METHOD to
EC_KEY_METHOD, much of the ECDSA_METHOD code was neutered. Remove the
remaining public API as well as numerous tentacles into ENGINE.
ok jsing
|
| |
|
|
|
|
|
| |
These error codes have been unused for a while, so the public API loading
them is pointless.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
It is hard to remember that ECDSA_do_{sign,verify}() call ecdsa_sign_sig().
Especially since the distinction to ECDSA_{sign,verify}() isn't clear from
the names. To add to the confusion, the public API is ordered differently
than the methods they call. So in this case it seems tidier to place the
public API next to the methods.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is no reason to keep these. It is cleaner to keep ECDSA_sign_setup()
but remove the logic for passed-in kinv and r.
Refuse to cooperate as far as possible. Someone could still implement
their own versions of ECDSA_{do_,}_sign_ex() and ECDSA_sign_setup() by
leveraging EC_KEY_METHOD_get_sign() and building their own wrappers.
We can't make such an implementation of ECDSA_sign_setup() fail, but we
make the actual signing fail since we no longer "do the right thing".
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ECDSA_sign_setup() permits precomputing the values of the inverse of the
random k and the corresponding r. These can then be fed into the signing
routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a
great idea and the interface adds a lot of unwanted complexity.
Not to mention that nothing ever used this correctly - if s works out to
0, a special error code is thrown requesting that the caller provide new
kinv and r values. Unsurprisingly, nobody ever checked for that special
error code.
ok jsing
This commit marks the start of a libcrypto major bump. Do not build the
tree until I bumped the shlib_version and synced file sets (in about 35
commits).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is a hack. The test is in rather poor shape and it is hard to tell
whether it still does what it is supposed to be doing. Hopefully somemone
will rewrite this in a style that doesn't make me squeal on opening this
file...
|
| |
|
|
|
|
|
|
| |
This is uninteresting and rather meaningless except for the implementer.
No need to have several hundred lines of code backing half a dozen symbols
in the public API for this.
ok jsing
|
| |
|
|
|
|
| |
Some people already have way too many simple and not too important diffs in
their inbox. This isn't worth kicking something more important out of the
queue.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Remove their documentation and mark some associated constants as
intentionally undocumented until they will be removed from public
headers.
|
| |
|
|
| |
be added in the upcoming bump.
|
| |
|
|
|
|
|
|
| |
Make the logic and control flow a bit more explicit and use a single
extra variable for computing the discriminant. Call it discriminant,
not tmp, tmp_1 or tmp_2.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This introduces two "inverses" of the ec_decode_scalar() function that take
a BIGNUM, reduce it modulo p and then encodes it into the curve's field
representation. For setting projective coordinates, we need a specialized
helper that deals with the Z_is_one optimization that is used to optimize
for calculations in standard affine coordinates of the projective plane.
This is used for simplifying EC_POINT_set_Jprojective_coordinates() and
for cleaning up and streamlining EC_GROUP_set_curve().
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Instead of inlining EC_GROUP_get_curve(), we can simply call it...
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is a helper that decodes a scalar from field-internal representation
to a representation as a BIGNUM in the interval [0, p). This simplifies
EC_GROUP_get_curve() and EC_POINT_get_Jprojective_coordinates() to a few
obvious lines and prepares cleanup in EC_POINT_get_affine_coordinates().
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
OPENSSL_cpuid_setup() is invoked via OPENSSL_init_crypto(), whihc is
triggered by various entry points to the library. As such, we do not need
to invoke it as a constructor.
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
| |
This API can fail for various reasons, in which case it returns -1, so
you need to check if (EC_POINT_is_on_curve_checks(...) <= 0).
ok miod
|
| |
|
|
| |
If not even the idiot who invented this API gets this right...
|
| |
|
|
|
|
| |
Or in the flag, don't overwrite the already set ones.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
OPENSSL_cpuid_setup() used to need to be called from
OPENSSL_add_all_algorithms(), as that was the main entry point. These days
we do on demand initialisation and there are various paths that lead to
OPENSSL_init_crypto() being called, which in turn calls
OPENSSL_cpuid_setup().
ok tb@
|
| |
|
|
|
|
| |
This does not cause an issue currently, however if called differently to
their current usage, it can lead to an input being overwritten and
incorrect results being generated.
|
| | |
|
| |
|
|
| |
reminded by anton
|
| | |
|
| |
|
|
|
|
| |
This is the only consumer of ERR_get_string_table(), which will go away.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of having two unreadable tables placed in a header generated by a
janky perl script from an ugly text file, use a single table inlined in
the C file. This table is used to translate between signature algorithm
OIDs and pairs of OIDs of a message digest and a cipher. The table has
fewer than fifty entries and isn't used in a hot path. Using binary search
is overkill. Just do two linear searches, one for each translation. None
of the original code remains apart from the API.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
These functions will be removed in the upcoming bump. Nothing uses them,
so it won't hurt if they become noops. This allows us to garbage collect
the sig_app and sigx_app stacks and make a first step towards simplifying
the OBJ_bsearch_() dances. Also sprinkle some const correctness... because
we can.
intermediate step towards a diff that is ok jsing
|
| |
|
|
|
|
|
|
| |
This is essentially a reimplementation of ASN1_buf_print(). The latter was
only added for these printing purposes and it will be removed again since
nothing uses it. We can then simply remove t_pkey.c in the upcoming bump.
ok jsing
|
| |
|
|
| |
variant of a suggestion by jsing
|
