| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
These were accidentally left behind in a previous commit.
|
| |
|
|
|
| |
In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last
remaining thing in ech_local.h where it will soon belong.
|
| |
|
|
|
|
|
|
|
|
|
| |
With the ecdh_check() and ecdsa_check() abominations gone, we can finally
get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The
EC_EX_DATA_*() handlers, (which fortunately have always had "'package'
level visibility") join the ride to the great bit bucket in the sky.
Thanks to op for making this possible.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
These are no longer in use - stub EC_GROUP_precompute_mult() and
EC_GROUP_have_precompute_mult() to match their existing behaviour.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Since there are now no EC implementations that perform pre-computation at
the EC_GROUP level, remove all of the precomp machinery, including the
extra_data EC_GROUP member.
The ec_wNAF_mul() code is horrific - simply cut out the precomp code,
rather than trying to rewrite it (that's a project for another day).
ok tb@
|
| |
|
|
|
|
|
|
| |
These were previously called by GF2m code and are no longer used.
Also remove ec_pre_comp_new(), since it is only called by
ec_wNAF_precompute_mult() and is now unused.
ok tb@
|
| |
|
|
|
|
|
|
| |
Purely cosmetic change taking into account the fact that this function
returns a length rather than a boolean. This is the last offender in the
library.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The various checks of the cofactor to be set in EC_GROUP_set_generator()
are a bit all over the place. Move them into a single function and clean
things up a little. Instead of calculating directly with the cofactor
member of the group, use a temporary variable and copy this variable only
if all tests passed. In cryptographic contexts the cofactor almost always
fits if not into a single byte then into a word, so copying is cheap.
Also streamline the computations a bit and remove some binary curve
contortions.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This should leak slightly less than the direct expansion of ASN1_dup_of().
Use freezero() since the DER could contain a private key.
ok jsing
|
| |
|
|
|
|
|
| |
An int would be perfectly sufficient for this, but then again there would
be fewer traps.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pull the setting of the name a.k.a. nid into ec_group_new_from_data().
This way, we can return early on finding the nid in the curve_list[].
This also avoids a silly bug where a bogus ERR_R_UNKNOWN_BUG is pushed
onto the error stack when ec_group_new_from_data() failed.
While there rework the exit path of ec_group_new_from_data() a bit.
Instead of an ok variable we can use an additional pointer to keep
track of the return value and free the EC_GROUP unconditionally.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
serialized format.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Also clean up the definition of EC_CURVE_DATA a bit.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
We have a BN_CTX available, so we may as well use it. This simplifies
the cleanup path at the cost of a bit more code in the setup. Also use
an extra BIGNUM for the cofactor. Reusing x for this is just silly. If
you were really going to avoid extra allocations, this entire function
could easily have been written with three BIGNUMs.
ok jsing
|
| |
|
|
|
|
|
| |
No member of the curve_list[] table has a method set. Thus, curve.meth
is always NULL and we never take the EC_GROUP_new(meth) code path.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
There's no point in introducing a typedef only for two sizeof() calls.
We might as well use an anonymous struct for this list. Make it const
while there, drop some braces and compare strcmp() return value to 0.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
| |
The doxygen comments are either obvious or otherwise unhelpful and
generally an eye sore. Go read the manpage if the header isn't enough.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This code is full of problematic C and is also otherwise of questionable
quality. It is far from constant time and jsing informs me it also isn't
faster. Good riddance.
|
| |
|
|
| |
from jsing
|
| | |
|
| |
|
|
|
|
|
| |
The code was deleted a while back, the prototypes remained. We had
OPENSSL_NO_EC_NISTP_64_GCC_128 in opensslfeatures.h since forever.
discussed with jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The faster nist code is rife with problematic C. While this is generally
considered to be a pleonasm nowadays, here it specifically refers to
aliasing issues and other flavors of undefined behavior. With compilers
and standardization committees becoming seemingly more determined about
making C even more unusable than it already is, this code has resulted
in miscompilations and generally is a target rich environment for fuzzers
to feast on. We're better off without it. Go look while it's still there.
It's some of the very worst we have to offer.
ok jsing
|
| |
|
|
|
|
|
| |
This is unused and in the way of some house keeping. Thus it will be
relocated to the attic.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
A large mechanical diff led to sloppy review and gave coverity an
opportunity to be right for once. First time in a good many weeks.
same diff/ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The EC API allows callers to optionally pass in a BN_CTX, which means that
any code needing a BN_CTX has to check if one was provided, allocate one if
not, then free it again. Rather than doing this dance throughout the EC
code, handle the BN_CTX existance at the EC API boundary. This means that
lower level implementation code can simply assume that the BN_CTX is
available.
ok tb@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is required behavior of the EVP_DigestSign() API, but seemingly
almost nothing uses this. Well, turns out ldns does.
Reported by Stephane. Helpful comments by sthen.
ok jsing
|
