summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ec_key.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make EC_KEY_precompute_mult() return 1 directlytb2025-01-251-2/+2
| | | | | | | This hasn't done anything in a long time. Only dovecot uses an unchecked call to this. With this we can remove EC_GROUP_precompute_mult(). ok jsing
* ec_key_gen() is unused outside ec_key.c, so make it statictb2025-01-111-2/+2
|
* Move EC_KEY_METHOD_DYNAMIC next to the two methods using ittb2025-01-111-1/+3
| | | | | Only EC_KEY_METHOD_{new,free}() need to know about this flag, so make that more obvious.
* Merge ec_kmeth into ec_keytb2024-11-161-1/+271
|
* EC_KEY_copy() don't leave stale private keys in placetb2024-11-151-6/+3
| | | | | | | | | | | | As most other objects, EC_KEYs can be as sparsely and invalidly populated as imagination permits and the competent designers of EC_KEY_copy() chose to just copy over what's available (yeah, what kind of copy is that?) and leave in place what happens to be there. In particular, if the dest EC key was used with a different group and has a private key, but the source key doesn't, the dest private key remains intact, as invalid, incompatible and unusable as it may be. Fix this by clearing said private key. ok jsing
* Clean up EC_KEY_dup()tb2024-11-081-10/+15
| | | | | | | | | This calls init() with the default method, so EC_KEY_copy() gets a chance to call finish() if the source's method doesn't match. But no init() call is made in EC_KEY_copy(). Of course the source method's copy() needs to be able to cope. The great news is that ssh uses this. Sigh. ok beck jsing
* Sweep over EC_KEY_copy()tb2024-11-081-32/+28
| | | | | | | | | | | | | | | | | This is a special snowflake. Its logic is such that it only overwrites things on the target that are available in the source. So if the source has no group (yes, that's possible), the destination's group will remain. Even better: if you copy a public key over what was previously a private key, the private scalar will remain. That's almost never going to result in a valid key. If you copy from a larger group to a smaller group the private scalar will most likely be out of range [1, order). Use dup functions instead of reimplementing badly and add a snarky comment courtesy of beck to one of those silly const annotations (there's a small addendum by me). ok beck jsing
* Clean up EC_KEY_freetb2024-11-081-14/+11
| | | | | | | | r is a silly name for an EC_KEY and it is silly to assign the refcount to a variable i (short for uninspired) when you can check the function return directly. Tweak sizeof in freezero to jsing's liking. ok beck jsing
* Clean up EC_KEY_new_by_curve_name()tb2024-11-081-14/+20
| | | | | | | | Use a better variable name, simpler error handling. This could be simplified further if we decide to have an ec_key_set0_group() that avoids a copy. ok beck jsing
* EC_POINT_is_at_infinity() returns a booleantb2024-11-051-3/+3
| | | | | | | | | This may have been different at some point in the past, but it may also have been a confusion with EC_POINT_is_on_curve() which, like any great API with a name implying a boolean return, actually has three possible return values. ok jsing
* Inline a use of EC_GROUP_method_of()tb2024-10-221-2/+2
| | | | | | | | We can just reach into the group to obtain its EC_GROUP_METHOD. After all ec_local.h has to be in scope. This will permit marking this ugly API as unused internally after the next commit. ok jsing
* Unify *_up_ref() implementationstb2024-03-271-3/+2
| | | | | | No need for an inconsistently named local variable and a ternary operator. ok jsing
* Ignore ENGINE at the API boundarytb2023-11-291-2/+2
| | | | | | | | This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-191-17/+1
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Make the bn_rand_interval() API a bit more ergonomictb2023-08-031-2/+2
| | | | | | | | | | | | | | | | | | Provide bn_rand_in_range() which is a slightly tweaked version of what was previously called bn_rand_range(). The way bn_rand_range() is called in libcrypto, the lower bound is always expressible as a word. In fact, most of the time it is 1, the DH code uses a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in the Tonelli-Shanks implementation where we use 32. Converting these lower bounds to BIGNUMs on the call site is annoying so let bn_rand_interval() do that internally and route that through bn_rand_in_range(). This way we can avoid using BN_sub_word(). Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the only caller that uses actual BIGNUMs as lower bounds. ok jsing
* Hide symbols in hkdf, evp, err, ecdsa, and ecbeck2023-07-071-1/+27
| | | | | | (part 2 of commit) ok jsing@
* Drop useless ossl_ prefixestb2023-07-051-2/+2
| | | | discussed with jsing
* Convert ossl_ec_key_gen() and EC_KEY_check_key()tb2023-07-031-23/+6
| | | | | | These also get the EC_GROUP_get0_order() treatment ok beck jsing
* Remove EC_EXTRA_DATAtb2023-06-251-49/+1
| | | | | | | | | | | With the ecdh_check() and ecdsa_check() abominations gone, we can finally get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The EC_EX_DATA_*() handlers, (which fortunately have always had "'package' level visibility") join the ride to the great bit bucket in the sky. Thanks to op for making this possible. ok jsing
* Replace the remaining BN_copy() with bn_copy()tb2023-03-271-2/+2
| | | | ok jsing
* Call BN_free() instead of BN_clear_free().jsing2023-03-071-2/+2
| | | | | | | BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@
* Clean up and simplify EC_KEY handling, mostly from a BN_CTX perspective.jsing2023-01-141-59/+80
| | | | | | | | | If we have a BN_CTX available, make use of it rather than calling BN_new(). Always allocate a new priv_key and pub_key, rather than having complex reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end() calls. ok tb@
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Fix an annoying quirk in the EC codetb2022-11-191-23/+23
| | | | | | Dealing with elliptic curves makes some people think that it would be kind of neat to multiply types with variable names. Sometimes. Only in function definitions.
* whitespacetb2022-11-191-17/+17
|
* Simplify code after adding EC_POINT_{s,g}et_affine_coordinates()tb2021-04-201-25/+6
| | | | ok jsing
* Prepare to provide EC_POINT_{g,s}et_affine_coordinatestb2021-04-201-5/+5
| | | | | | Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-191-2/+11
| | | | | | This commit adds missing API for ECDH/ECDSA_verify. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-191-21/+70
| | | | | | | This commit adds init/free, support for signing, setting and getting the method, engine support as well as extra data. from markus
* Avoid dereferencing eckey before checking it for NULL.tb2018-11-091-5/+6
| | | | | | CID 184282 ok beck jsing mestre
* unrevert the use of bn_rand_interval().tb2018-11-061-5/+4
| | | | ok beck jsing
* revert use of bn_rand_interval due to failures with ECDHE and TLStb2018-11-061-4/+5
|
* Make use of bn_rand_interval() where appropriate.tb2018-11-051-5/+4
| | | | ok beck jsing
* Eliminate a few "} else" branches, a few unneeded NULL checks beforetb2018-11-051-16/+12
| | | | | | freeing and indent nearby labels. ok beck jsing
* recommit label indentation part of the backout; clearly unrelated to thetb2018-07-151-4/+4
| | | | breakage.
* back out ecc constant time changesjsg2018-07-151-4/+4
| | | | | | | | after the constant time commits various regress tests started failing on sparc64 ssh t9, libcrypto ec ecdh ecdsa and trying to ssh out resulted in 'invalid elliptic curve value' ok tb@
* Indent labels by a space so they don't obliterate function names in diffs.tb2018-07-101-4/+4
|
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-021-4/+2
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-17/+15
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
| | | | ok miod@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-091-3/+6
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Use `> 0' instead of `!= 0' as a successful condition formiod2015-02-081-4/+4
| | | | | | EC_POINT_is_at_infinity() and EC_POINT_is_on_curve(), for they may return -1 should an error arise. ok doug@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-29/+15
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+4
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* malloc() result does not need a cast.deraadt2014-06-071-1/+1
| | | | ok miod
* knf approximationtedu2014-05-061-215/+219
|
* kill REF_PRINT/REF_CHECK debugging framework noone would usederaadt2014-04-171-20/+0
| | | | ok miod
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-2/+2
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-151-8/+0
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 03:25:48 +0000