summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ec.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move EC_POINT_{get,set}_Jprojective_coordinates to ec_local.htb2023-04-271-7/+2
|
* Nuke doxygen noisetb2023-04-271-421/+37
|
* Clean up ec.h a little.tb2023-04-261-186/+31
| | | | | The doxygen comments are either obvious or otherwise unhelpful and generally an eye sore. Go read the manpage if the header isn't enough.
* GF2m bites the dust. It won't be missed.tb2023-04-251-86/+1
|
* Remove prototype of EC_GFp_nist_method()tb2023-04-251-8/+1
|
* Move EC_KEY_{insert,set}_key_method_data() to internal-onlytb2023-04-251-17/+1
|
* Remove prototypes under OPENSSL_NO_EC_NISTP_64_GCC_128tb2023-04-181-18/+1
| | | | | | | The code was deleted a while back, the prototypes remained. We had OPENSSL_NO_EC_NISTP_64_GCC_128 in opensslfeatures.h since forever. discussed with jsing
* Sigh cvs... Also drop OPENSSL_NO_DEPRECATED from ec.htb2023-04-181-3/+1
|
* Mark public bn_nist and ec_nist API for removaltb2023-04-161-1/+3
| | | | | | | | | | | | | The faster nist code is rife with problematic C. While this is generally considered to be a pleonasm nowadays, here it specifically refers to aliasing issues and other flavors of undefined behavior. With compilers and standardization committees becoming seemingly more determined about making C even more unusable than it already is, this code has resulted in miscompilations and generally is a target rich environment for fuzzers to feast on. We're better off without it. Go look while it's still there. It's some of the very worst we have to offer. ok jsing
* Mark EC_KEY_{get,insert}_method_data() for removaltb2023-04-161-1/+5
| | | | | | | This is unused and in the way of some house keeping. Thus it will be relocated to the attic. ok jsing
* Always clear EC groups and points on free.jsing2023-03-081-1/+5
| | | | | | | | | | Rather than sometimes clearing, turn the free functions into ones that always clear (as we've done elsewhere). Turn the EC_GROUP_clear_free() and EC_POINT_clear_free() functions into wrappers that call the *_free() version. Do similar for the EC_METHOD implementations, removing the group_clear_finish() and point_clear_finish() hooks in the process. ok tb@
* spelling fixes; from paul tagliamontejmc2022-12-261-29/+29
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Implement EVP interfaces for Ed25519 and X25519.jsing2022-11-101-1/+3
| | | | ok beck@ tb@
* Remove mkerr.pl remnants from LibreSSLkn2022-07-121-5/+1
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Default to using named curve parameter encodingtb2021-09-121-2/+3
| | | | | | | | | | | | | | | | | | The pre-OpenSSL 1.1.0 default was to use explicit curve parameter encoding. Most applications want to use named curve parameter encoding and have to opt into this explicitly. Stephen Henson changed this default in OpenSSL commit 86f300d3 6 years ago and provided a new OPENSSL_EC_EXPLICIT_CURVE define to opt back into the old default. According to Debian's codesearch, no application currently does this, which indicates that we currently have a bad default. In the future it is more likely that applications expect the new default, so we follow OpenSSL to avoid problems. Prompted by schwarze who noted that OPENSSL_EC_EXPLICIT_CURVE is missing. ok beck inoguchi jsing
* Expose EC_GROUP_order_bits() in <openssl/ec.h>tb2021-09-101-3/+1
| | | | ok beck jsing
* Prepare to provide EC_GROUP_order_bits()tb2021-09-081-1/+5
| | | | ok jsing
* Expose EC_POINT_{get,set}_affine_coordinates(3) andtb2021-05-101-7/+8
| | | | | | EC_POINT_set_compressed_coordinates(3) ok jsing
* Expose EC_GROUP_{get,set}_curve(3)tb2021-05-101-3/+2
| | | | ok jsing
* Prepare to provide EC_POINT_set_compressed_coordinatestb2021-04-201-13/+14
| | | | ok jsing
* Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal usetb2021-04-201-1/+8
| | | | ok jsing
* Prepare to provide EC_POINT_{g,s}et_affine_coordinatestb2021-04-201-1/+11
| | | | | | Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Prepare to provide EC_GROUP_{get,set}_curve(3)tb2021-04-201-1/+9
| | | | | | | | | | | | | There are numerous functions in ec/ that exist with _GF2m and _GFp variants for no good reason. The code of both variants is the same. The EC_METHODs contain a pointer to the appropriate version. This commit hides the _GF2m and _GFp variants from internal use and provides versions that work for both curve types. These will be made public in an upcoming library bump. Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* If a NULL or zero cofactor is passed to EC_GROUP_set_generator(),tb2019-09-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | try to compute it using Hasse's bound. This works as long as the cofactor is small enough. Port of Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1 (old license) tests & ok inoguchi input & ok jsing commit 30c22fa8b1d840036b8e203585738df62a03cec8 Author: Billy Brumley <bbrumley@gmail.com> Date: Thu Sep 5 21:25:37 2019 +0300 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9781)
* Add various macros and controls for EC_PKEY_CTX.jsing2019-09-061-5/+95
| | | | | | | | | These are needed for the upcoming EC CMS support (nothing else appears to use them). This largely syncs our ec_pmeth.c with OpenSSL 1.1.1b. With input from inoguchi@ and tb@. ok inoguchi@ tb@
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-191-4/+4
| | | | | | | Pass const method to EC_KEY_METHOD_get_*() to get rid of an XXX. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-191-1/+11
| | | | | | This commit adds missing API for ECDH/ECDSA_verify. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-191-1/+30
| | | | | | | This commit adds init/free, support for signing, setting and getting the method, engine support as well as extra data. from markus
* Add a const qualifier to the 'key' argument of i2o_ECPublicKey() andtb2018-05-191-2/+2
| | | | | | | | | one to the last argument of each one of i2s_ASN1_OCTET_STRING(), s2i_ASN1_OCTET_STRING(), i2s_ASN1_INTEGER(), i2s_ASN1_ENUMERATED(), and i2s_ASN1_ENUMERATED_TABLE(). tested in a bulk build by sthen ok jsing
* Add assembler code for the nist 256-bit GFp curve, written initially bymiod2016-11-041-1/+7
| | | | | | | | | Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@
* Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into anjsing2015-10-131-3/+2
| | | | | | actual function. This removes the last ASN1_dup_of usage from the tree. Feedback from doug@ and miod@
* Provide EC_curve_nid2nist() and EC_curve_nist2nid().jsing2015-06-201-1/+3
| | | | | | | | From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago)
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-291-4/+0
| | | | ok to firebomb from tedu@
* Cope with the removal of openssl/symhacks.hderaadt2014-04-131-1/+0
|
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-10/+18
|
* resolve conflictsdjm2012-10-131-5/+64
|
* resolve conflicts, fix local changesdjm2010-10-011-120/+694
|
* resolve conflictsdjm2008-09-061-18/+301
|
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-2/+0
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-0/+245
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-31 10:01:16 +0000