| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
The prefixes in here are all over the place... This removes one variety.
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
|
| |
|
|
|
|
|
|
| |
These headers are now reduced to #include <openssl/ec.h> and are provided
for compatiblity only. There's no point in using them. At the same time
garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
In OpenSSL e2285d87, the KDF handling was moved from the compute_key()
method into the public API. A consequence of this change is that the
ECDH_compute_key() API no longer returns -1 for some errors. Existing
checks for <= 0 are safe as are those checking for the exact length as
return value, which is all what the ecosystem seems to be doing.
ok jsing
|
| |
|
|
|
|
|
| |
The remaining two ECDH interfaces are relocated into ec.h. ecdh.h
remains. It does nothing but include ec.h.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface
better. In particular, the EC_KEY sign and verify method accessors are
moved to the right header. Whether the rest of the ECDSA stuff belongs
there is debatable, but that was upstream's choice.
ok jsing
|
| |
|
|
|
|
|
|
| |
Make the logic and control flow a bit more explicit and use a single
extra variable for computing the discriminant. Call it discriminant,
not tmp, tmp_1 or tmp_2.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This introduces two "inverses" of the ec_decode_scalar() function that take
a BIGNUM, reduce it modulo p and then encodes it into the curve's field
representation. For setting projective coordinates, we need a specialized
helper that deals with the Z_is_one optimization that is used to optimize
for calculations in standard affine coordinates of the projective plane.
This is used for simplifying EC_POINT_set_Jprojective_coordinates() and
for cleaning up and streamlining EC_GROUP_set_curve().
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Instead of inlining EC_GROUP_get_curve(), we can simply call it...
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is a helper that decodes a scalar from field-internal representation
to a representation as a BIGNUM in the interval [0, p). This simplifies
EC_GROUP_get_curve() and EC_POINT_get_Jprojective_coordinates() to a few
obvious lines and prepares cleanup in EC_POINT_get_affine_coordinates().
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok miod
|
| | |
|
| |
|
|
|
|
|
|
| |
This is essentially a reimplementation of ASN1_buf_print(). The latter was
only added for these printing purposes and it will be removed again since
nothing uses it. We can then simply remove t_pkey.c in the upcoming bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
|
|
| |
(part 2 of commit)
ok jsing@
|
| |
|
|
|
|
|
| |
This removes lots of silly buffers and will allow us to make this API
go away.
ok jsing
|
| |
|
|
|
|
|
| |
This eliminates a few stupid dances the horrible ASN1_bn_print() API
required.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
These also get the EC_GROUP_get0_order() treatment
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
This code is way more complicated than it needs to be. Simplify. ec_bits()
was particularly stupid.
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
It is hard to get your return values right if you choose them to be a
random subset of {-2, ..., 3}. The item_verify() and the digestverify()
methods don't return 0 on error, but -1. Here 0 means "failed to verify",
obviously.
ok jsing
|
| | |
|
| |
|
|
|
|
| |
... since ASN1_bn_print() is stupid.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This function has two entirely independent parts, so instead of a huge
if/else just use two functions. In ecpk_print_explicity parameters() do
some additional boring cleanup such as switching to actually using the
local BN_CTX and shuffling things into a slightly more sensible order.
ok jsing
|
| |
|
|
|
|
|
| |
ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL.
Also simplify the handling of the point conversion form of the generator.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...
ok jsing
|
| |
|
|
|
|
|
| |
This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.
ok jsing
|
| |
|
|
|
|
|
|
| |
The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.
ok jsing
|
| | |
|
| |
|
|
| |
These were accidentally left behind in a previous commit.
|
| |
|
|
|
| |
In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last
remaining thing in ech_local.h where it will soon belong.
|
| |
|
|
|
|
|
|
|
|
|
| |
With the ecdh_check() and ecdsa_check() abominations gone, we can finally
get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The
EC_EX_DATA_*() handlers, (which fortunately have always had "'package'
level visibility") join the ride to the great bit bucket in the sky.
Thanks to op for making this possible.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
These are no longer in use - stub EC_GROUP_precompute_mult() and
EC_GROUP_have_precompute_mult() to match their existing behaviour.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Since there are now no EC implementations that perform pre-computation at
the EC_GROUP level, remove all of the precomp machinery, including the
extra_data EC_GROUP member.
The ec_wNAF_mul() code is horrific - simply cut out the precomp code,
rather than trying to rewrite it (that's a project for another day).
ok tb@
|
| |
|
|
|
|
|
|
| |
These were previously called by GF2m code and are no longer used.
Also remove ec_pre_comp_new(), since it is only called by
ec_wNAF_precompute_mult() and is now unused.
ok tb@
|
| |
|
|
|
|
|
|
| |
Purely cosmetic change taking into account the fact that this function
returns a length rather than a boolean. This is the last offender in the
library.
ok jsing
|
