| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
It is hard to remember that ECDSA_do_{sign,verify}() call ecdsa_sign_sig().
Especially since the distinction to ECDSA_{sign,verify}() isn't clear from
the names. To add to the confusion, the public API is ordered differently
than the methods they call. So in this case it seems tidier to place the
public API next to the methods.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is no reason to keep these. It is cleaner to keep ECDSA_sign_setup()
but remove the logic for passed-in kinv and r.
Refuse to cooperate as far as possible. Someone could still implement
their own versions of ECDSA_{do_,}_sign_ex() and ECDSA_sign_setup() by
leveraging EC_KEY_METHOD_get_sign() and building their own wrappers.
We can't make such an implementation of ECDSA_sign_setup() fail, but we
make the actual signing fail since we no longer "do the right thing".
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ECDSA_sign_setup() permits precomputing the values of the inverse of the
random k and the corresponding r. These can then be fed into the signing
routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a
great idea and the interface adds a lot of unwanted complexity.
Not to mention that nothing ever used this correctly - if s works out to
0, a special error code is thrown requesting that the caller provide new
kinv and r values. Unsurprisingly, nobody ever checked for that special
error code.
ok jsing
This commit marks the start of a libcrypto major bump. Do not build the
tree until I bumped the shlib_version and synced file sets (in about 35
commits).
|
| | |
|
| |
|
|
|
|
| |
(part 2 of commit)
ok jsing@
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
| |
Move some trivial ones to ECerror().
discussed with jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
discussed with jsing
|
