| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
EC_GROUP_method_of() and EC_METHOD_get_field_type() only ever used chained
together as a convoluted means to retrieve the field type of a group. This
is no longer useful since the answer will always be NID_X9_62_prime_field.
EC_POINT_method_of(), EC_GROUP{,_have}_precompute_mult(): exposed by one of
those expose-everything perl XS modules.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
This hasn't done anything in a long time. Only dovecot uses an unchecked
call to this. With this we can remove EC_GROUP_precompute_mult().
ok jsing
|
| |
|
|
|
|
|
|
| |
At this point the NID is always NID_X9_62_prime_field, so we can use
SN_X9_62_prime_field directly rather than getting the field type from
the method and then converting the nid to an sn with OBJ_nid2sn().
ok jsing
|
| |
|
|
|
|
|
| |
The field_type is always NID_X9_62_prime_field, no need to encode and
retrieve this from the group method.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
There's no need for a separate mul_generator_ct() function pointer - we
really only need mul_single_ct() and mul_double_nonct(). And rather than
calling ec_mul_ct() and having it figure out which point to use, explicitly
pass the generator point when calling mul_single_ct().
ok tb@
|
| |
|
|
| |
The API will be removed soon. This prepares moving it to its only consumer.
|
| |
|
|
| |
These somehow escaped a prior pass.
|
| |
|
|
|
|
|
| |
This helped a bit with readability when we needed to do &group->p, but now
that's no longer needed.
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Add wrapper functions that call the methods so that we can get rid of
inconsistent use of ugly function pointers with massively overlong lines
and other ways of reaching into the methods.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Only EC_KEY_METHOD_{new,free}() need to know about this flag, so make
that more obvious.
|
| | |
|
| |
|
|
|
| |
Rename ec_is_on_curve() to ec_point_is_on_curve() and ec_cmp() to
ec_point_cmp().
|
| |
|
|
|
| |
These were in the middle of the methods responsible for curve operations,
which makes little sense.
|
| |
|
|
|
|
|
|
| |
Now that it is method-agnostic, we can remove the method and move the
implementation to the body of the public API function. And another
method goes away. We're soon down to the ones we really need.
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
| |
While this is nicely done, it is a bit too clever. We can do the
calculation in the normal domain rather than the Montgomery domain
and this way the method becomes method agnostic. This will be a bit
slower but since a couple of field operations are nothing compared
to the cost of BN_mod_sqrt() this isn't a concern.
ok jsing
|
| |
|
|
| |
discussed with jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC_POINTs_mul() was only ever used by Ruby and they stopped doing so for
LibreSSL when we incorporated the constant time multiplication work of
Brumley et al and restricted the length of the points array to 1, making
this API effectively useless. The only real reason you want to have an
API to calculate \sum n_i P_i is for ECDSA where you want m * G + n * P.
Whether something like his needs to be in the public API is doubtful.
EC_POINTs_make_affine() is an implementation detail of EC_POINTs_mul().
As such it never really belonged into the public API.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Whatever the EC_METHOD, this will always be equivalent to getting and
setting the affine coordinates, so this needs no dedicated method.
Also, this is a function that makes no real sense since a caller should
never need to care about this... As always, our favorite language bindings
thought they might have users who care. This time it's Ruby and Perl.
ok jsing
|
| | |
|
| |
|
|
| |
requested by jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
After possibly decoding a and b in EC_GROUP_get_curve(), this is a pure
calculation in GFp and as such doesn't make use of any method-specifics.
Let's perform this calculation directly in the public API implementation
rather than redirecting through the methods and remove yet another method
handler.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The degree made some sense when EC2M was a thing in libcrypto. Fortunately
that's not the case anymore. The order handler never made sense.
ok jsing
|
| |
|
|
| |
requested by jsing
|
| |
|
|
| |
requested by jsing
|
| |
|
|
|
|
| |
This is another bit of indirection that makes this code so hard to follow.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is usually method specific, so remove the indirection and call the
appropriate blinding function directly.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is only used by ec_points_make_affine(), which is only used by the
wNAF multiplication, which is only used by ECDSA. We can afford computing
that one once per ECDSA verification given the cost of the rest of this.
Thus, the field_set_to_one() member disappears from the EC_METHOD and the
mont_one member disappears from EC_GROUP and with it all the complications
when setting/copying/freeing the group.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
That the BN-driven EC code uses Jacobian projective coordinates as an
optimization is an implementation detail. As such this should never have
leaked out of the library as part of the public API. No consumer should
ever care and if they do they're doing it wrong. The only port that cares
is one of those stupid little perl modules that expose all the things and
transform terrible OpenSSL regress tests into similarly horrible Perl.
In practice, only affine coordinates matter (perhaps in compressed form).
This prunes two more function pointers from EC_GROUP and prepares the
removal of the field_set_to_one() method which is now only used in
ec_points_make_affine().
ok jsing sthen
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only way to get an EC_GROUP or an EC_POINT is by calling the relevant
_new() function and to get rid of it, something must call _free(). Thus we
can establish the invariant that every group has Weierstrass coefficients
p, a, b as well as order and cofactor hanging off it. Similarly, Every
point has allocated BIGNUMs for its Jacobian projective coordinates.
Unfortunately, a group has the generator as an optional component in
addition to seed and montgomery context/one (where optionality makes
more sense).
This is a mostly mechanical diff and only drops a few silly comments and
a couple of unnecessary NULL checks since in our part of the wrold the
word invariant has a meaning.
This should also appease Coverity who likes to throw fits at calling
BN_free() for BIGNUM on the stack (yes, this is actually a thing).
ok jsing
|
| |
|
|
|
|
|
| |
There is only one caller, EC_GROUP_free(), so inline the relevant free
calls there and dispose of a few layers of indirection.
ok jsing
|
| |
|
|
|
|
|
|
| |
For both in-tree methods these are just complicated ways of zeroing part
of the group object. The group is allocated with calloc(), so it's all
entirely pointless.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
