| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
These also get the EC_GROUP_get0_order() treatment
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
This code is way more complicated than it needs to be. Simplify. ec_bits()
was particularly stupid.
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
It is hard to get your return values right if you choose them to be a
random subset of {-2, ..., 3}. The item_verify() and the digestverify()
methods don't return 0 on error, but -1. Here 0 means "failed to verify",
obviously.
ok jsing
|
| | |
|
| |
|
|
|
|
| |
... since ASN1_bn_print() is stupid.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This function has two entirely independent parts, so instead of a huge
if/else just use two functions. In ecpk_print_explicity parameters() do
some additional boring cleanup such as switching to actually using the
local BN_CTX and shuffling things into a slightly more sensible order.
ok jsing
|
| |
|
|
|
|
|
| |
ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL.
Also simplify the handling of the point conversion form of the generator.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...
ok jsing
|
| |
|
|
|
|
|
| |
This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.
ok jsing
|
| |
|
|
|
|
|
|
| |
The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.
ok jsing
|
| | |
|
| |
|
|
| |
These were accidentally left behind in a previous commit.
|
| |
|
|
|
| |
In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last
remaining thing in ech_local.h where it will soon belong.
|
| |
|
|
|
|
|
|
|
|
|
| |
With the ecdh_check() and ecdsa_check() abominations gone, we can finally
get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The
EC_EX_DATA_*() handlers, (which fortunately have always had "'package'
level visibility") join the ride to the great bit bucket in the sky.
Thanks to op for making this possible.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
These are no longer in use - stub EC_GROUP_precompute_mult() and
EC_GROUP_have_precompute_mult() to match their existing behaviour.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Since there are now no EC implementations that perform pre-computation at
the EC_GROUP level, remove all of the precomp machinery, including the
extra_data EC_GROUP member.
The ec_wNAF_mul() code is horrific - simply cut out the precomp code,
rather than trying to rewrite it (that's a project for another day).
ok tb@
|
| |
|
|
|
|
|
|
| |
These were previously called by GF2m code and are no longer used.
Also remove ec_pre_comp_new(), since it is only called by
ec_wNAF_precompute_mult() and is now unused.
ok tb@
|
| |
|
|
|
|
|
|
| |
Purely cosmetic change taking into account the fact that this function
returns a length rather than a boolean. This is the last offender in the
library.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The various checks of the cofactor to be set in EC_GROUP_set_generator()
are a bit all over the place. Move them into a single function and clean
things up a little. Instead of calculating directly with the cofactor
member of the group, use a temporary variable and copy this variable only
if all tests passed. In cryptographic contexts the cofactor almost always
fits if not into a single byte then into a word, so copying is cheap.
Also streamline the computations a bit and remove some binary curve
contortions.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This should leak slightly less than the direct expansion of ASN1_dup_of().
Use freezero() since the DER could contain a private key.
ok jsing
|
| |
|
|
|
|
|
| |
An int would be perfectly sufficient for this, but then again there would
be fewer traps.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pull the setting of the name a.k.a. nid into ec_group_new_from_data().
This way, we can return early on finding the nid in the curve_list[].
This also avoids a silly bug where a bogus ERR_R_UNKNOWN_BUG is pushed
onto the error stack when ec_group_new_from_data() failed.
While there rework the exit path of ec_group_new_from_data() a bit.
Instead of an ok variable we can use an additional pointer to keep
track of the return value and free the EC_GROUP unconditionally.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
serialized format.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Also clean up the definition of EC_CURVE_DATA a bit.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
We have a BN_CTX available, so we may as well use it. This simplifies
the cleanup path at the cost of a bit more code in the setup. Also use
an extra BIGNUM for the cofactor. Reusing x for this is just silly. If
you were really going to avoid extra allocations, this entire function
could easily have been written with three BIGNUMs.
ok jsing
|
| |
|
|
|
|
|
| |
No member of the curve_list[] table has a method set. Thus, curve.meth
is always NULL and we never take the EC_GROUP_new(meth) code path.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
There's no point in introducing a typedef only for two sizeof() calls.
We might as well use an anonymous struct for this list. Make it const
while there, drop some braces and compare strcmp() return value to 0.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
| |
The doxygen comments are either obvious or otherwise unhelpful and
generally an eye sore. Go read the manpage if the header isn't enough.
|
| | |
|
| | |
|
| | |
|
