summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Garbage collect the now unused totalnumtb2024-11-221-5/+2
|
* Move wNAF[], wNAF_len[], wsize[] to the stacktb2024-11-221-32/+6
| | | | | | | Again, we know their sizes (always 2), so we can avoid allocating and freeing them. Also remove the extra "pivot" element. It's not needed. ok djm
* Change 0 - digit to -digittb2024-11-221-2/+2
| | | | pointed out by jsing
* Rename val_sub[] into row[] and move it to the stacktb2024-11-221-15/+13
| | | | ok djm
* ec_wNAF_mul(): lose two levels of indentationtb2024-11-211-17/+18
| | | | | | This makes the mess a bit more readable. ok jsing
* ec_wNAF_mul(): remove r_is_at_infinity sillinesstb2024-11-211-25/+20
| | | | | | | | | | All the EC_POINT_* API has a fast path for the point at infinity. So we're not gaining more than a few cycles by making this terrible mess even more terrible than it already is by avoding calls ot it (it's also incorrect as it is since we don't know that the point is no longer at infinity when it is unset). Simplify and add a comment explaining what this mess is doing. ok jsing
* ec_lib: zap a useless commenttb2024-11-171-3/+1
|
* Minor simplifications in ec_cmp()tb2024-11-171-11/+9
|
* Rewrite EC_GROUP_cmp()tb2024-11-171-51/+75
| | | | | | | | | | Use better variable names (cf. https://jmilne.org/math/tips.html#4) and avoid the weird style of assigning to r (what does r stand for anyway?) and short circuiting subsequent tests using if (r || ...). Also, do not reuse the variables for order and cofactor that were previously used for the curve coefficients. ok jsing
* Simplify signature of ec_wNAF_mul()tb2024-11-163-56/+30
| | | | | | | | | | | | | The only caller passes in num = 1 and is itself called in a path that ensures that the multiplier of the generator is != NULL. Consequently we don't need to deal with an array of points and an array of scalars so rename them accordingly. In addition, the change implies that numblocks and num_scalar are now always 1, so inline this information and take a first step towards disentangling this gordian knot. ok jsing
* Merge ec_kmeth into ec_keytb2024-11-162-329/+271
|
* Shuffle the global default_ec_key_meth down a few linestb2024-11-161-3/+3
|
* Move the default EC_KEY_METHOD to the end of the filetb2024-11-161-50/+50
|
* ec_mult: fix includestb2024-11-151-2/+5
|
* EC_KEY_copy() don't leave stale private keys in placetb2024-11-151-6/+3
| | | | | | | | | | | | As most other objects, EC_KEYs can be as sparsely and invalidly populated as imagination permits and the competent designers of EC_KEY_copy() chose to just copy over what's available (yeah, what kind of copy is that?) and leave in place what happens to be there. In particular, if the dest EC key was used with a different group and has a private key, but the source key doesn't, the dest private key remains intact, as invalid, incompatible and unusable as it may be. Fix this by clearing said private key. ok jsing
* eck_prn: some more air to breathetb2024-11-141-1/+3
|
* eck_prn: fix includestb2024-11-141-2/+4
|
* ec_prn: use pkey rather than pk for an EC_KEYtb2024-11-141-11/+11
|
* eck_prn: use group rather than x for an EC_GROUPtb2024-11-141-3/+3
|
* eck_prn: use ec_key rather than x for an EC_KEYtb2024-11-141-9/+9
|
* eck_prn: consistently use bio for a BIO rather than b and bp randomlytb2024-11-141-43/+43
|
* eck_prn: sprinkle some empty lines and drop some parens for consistencytb2024-11-141-7/+23
|
* eck_prn: shuffle printing functions into a better ordertb2024-11-141-47/+47
|
* Garbage collect a reference to ecp_mont.c, rewrap commenttb2024-11-121-7/+6
| | | | spotted by jsing
* ecp_methods.c: rewrap some linestb2024-11-121-25/+25
|
* Lose the ugly GFp_simple_ and GFp_mont_ infixestb2024-11-121-127/+117
|
* Make ec_GFp_simple_* statictb2024-11-122-71/+32
| | | | | These functions are no longer shared between multiple files, so they can be static in ecp_methods.c and the long list of prototypes can go away.
* Merge ecp_mont.c into ecp_methods.ctb2024-11-122-271/+205
|
* KNF nit for end of comment markertb2024-11-121-2/+2
|
* Rename ecp_smpl.c to ecp_methods.ctb2024-11-121-1/+1
| | | | | | | | While not the greatest of names, ecp_methods.c is better than ecp_smpl.c. It matches the naming ecx_methods.c and in a subsequent commit it will become the new home of the stuff in ecp_mont.c as well. discussed with jsing
* Wrap comment badly mistreated by an autoformatter due to missing /*-tb2024-11-101-3/+6
|
* Garbage collect an unused variabletb2024-11-101-3/+1
|
* Clean up EC_KEY_dup()tb2024-11-081-10/+15
| | | | | | | | | This calls init() with the default method, so EC_KEY_copy() gets a chance to call finish() if the source's method doesn't match. But no init() call is made in EC_KEY_copy(). Of course the source method's copy() needs to be able to cope. The great news is that ssh uses this. Sigh. ok beck jsing
* Sweep over EC_KEY_copy()tb2024-11-081-32/+28
| | | | | | | | | | | | | | | | | This is a special snowflake. Its logic is such that it only overwrites things on the target that are available in the source. So if the source has no group (yes, that's possible), the destination's group will remain. Even better: if you copy a public key over what was previously a private key, the private scalar will remain. That's almost never going to result in a valid key. If you copy from a larger group to a smaller group the private scalar will most likely be out of range [1, order). Use dup functions instead of reimplementing badly and add a snarky comment courtesy of beck to one of those silly const annotations (there's a small addendum by me). ok beck jsing
* Clean up EC_KEY_freetb2024-11-081-14/+11
| | | | | | | | r is a silly name for an EC_KEY and it is silly to assign the refcount to a variable i (short for uninspired) when you can check the function return directly. Tweak sizeof in freezero to jsing's liking. ok beck jsing
* Clean up EC_KEY_new_by_curve_name()tb2024-11-081-14/+20
| | | | | | | | Use a better variable name, simpler error handling. This could be simplified further if we decide to have an ec_key_set0_group() that avoids a copy. ok beck jsing
* Relocate ECParameters_dup() to ec_asn1tb2024-11-082-24/+24
| | | | | | | | | jsing rightly points out that this has nothing to do with ASN.1, but ec_lib.c has no EC_KEY knowledge otherwise (it's about groups and points) and moving it to ec_key.c is also not satisfactory since the weird d2i/i2d for ECParameters don't belong there either. no objection from jsing
* Rename EC_YBIT to EC_POINT_YBITtb2024-11-081-6/+6
|
* Ugh. Don't return the group after freeing ittb2024-11-081-2/+2
| | | | CID 514612
* EC_GROUP_set_seed(): flip order of seed and len null checkstb2024-11-061-2/+2
| | | | requested by jsing
* Treat the curls in EC_GROUP_dup() with a flatirontb2024-11-061-9/+17
| | | | | | | This was about as unreadable as four lines of code doing a trivial thing can get... ok jsing
* Clean up EC_GROUP_copy()tb2024-11-061-27/+15
| | | | | | | | | | | | | | | | | | | Switch from artistic free reinterpretations of public API in the same file to calling the real thing if possible. This means that we need to copy the group's coefficients first instead of last, so that we can call EC_GROUP_set_generator() to set - yes - all three of generator, order, and cofactor of the group. However, we may not have a generator yet since for some reason it is an optional field and some code relies on that. In that case simply copy over order and cofactor and punt on sanity checking for now (since this API never did that anyway). Finally set the seed using EC_GROUP_set_seed() instead of using a custom reimplementation. ok jsing
* Switch EC_GROUP_new() to calloc()tb2024-11-061-21/+20
| | | | | | | | Use a single cleanup path, use calloc rather than setting several members to 0/NULL. This has the side effect that finished can be called even when init() wasn't called, but this isn't an issue with our EC_GROUP_METHODs. ok jsing
* EC_POINT_is_at_infinity() returns a booleantb2024-11-053-15/+15
| | | | | | | | | This may have been different at some point in the past, but it may also have been a confusion with EC_POINT_is_on_curve() which, like any great API with a name implying a boolean return, actually has three possible return values. ok jsing
* Rewrite EC_POINT_new() and EC_POINT_dup()tb2024-11-041-27/+34
| | | | | | | | Like most of the code in this file that hasn't been overhauled, these are just terrible. As jsing points out, we will need to ensure that finish() works on a not fully initialized point. That's currently safe. ok jsing
* affine coordinates: the intention was to move the check, not to copy it...tb2024-11-031-6/+1
| | | | | So... zap the now redundant check. Should have been committed along with ec_lib.c -r1.77
* Move point at infinity check to API boundarytb2024-11-031-2/+7
| | | | | | | | Since we only consider standard affine coordinates, the point at infinity must be excluded. Check at the API boundary that the point isn't the point at infinity rather than hiding this check somewhere in a method. ok jsing
* d2i_ECPKParameters(): unify return statement with rest of filetb2024-11-021-2/+3
|
* ec_convert: remove _OCT also from the macro namestb2024-11-021-24/+24
|
* Fix includes in ec_lib and ecp_smpltb2024-11-022-2/+11
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 00:16:18 +0000