| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Rename EC_KEY from r to key like in the rest of the file | tb | 2023-07-10 | 1 | -4/+4 |
| | | |||||
| * | Hide symbols in hkdf, evp, err, ecdsa, and ec | beck | 2023-07-07 | 3 | -3/+27 |
| | | | | | | | (part 2 of commit) ok jsing@ | ||||
| * | Mop up last uses of ECDHerror() and ECDSAerror() | tb | 2023-07-05 | 1 | -17/+15 |
| | | | | | ok jsing | ||||
| * | One more ECDSAerror goes. | tb | 2023-07-05 | 1 | -2/+2 |
| | | |||||
| * | ECDHerror() and ECDSAerror will go away | tb | 2023-07-05 | 1 | -37/+37 |
| | | | | | | | Move some trivial ones to ECerror(). discussed with jsing | ||||
| * | Drop an incorrect part from a comment | tb | 2023-07-05 | 1 | -2/+2 |
| | | |||||
| * | Missing . in comment | tb | 2023-07-05 | 1 | -2/+2 |
| | | |||||
| * | Fix #includes | tb | 2023-07-05 | 1 | -2/+6 |
| | | |||||
| * | Remove local prototypes for public API (?!) | tb | 2023-07-05 | 1 | -6/+1 |
| | | |||||
| * | Improve BN_bn2bin() error check for readability | tb | 2023-07-05 | 1 | -2/+2 |
| | | |||||
| * | Move ECDSA_size() to a more sensible place in this file | tb | 2023-07-05 | 1 | -28/+28 |
| | | |||||
| * | Merge ECDSA code that will stay into ecdsa.c | tb | 2023-07-05 | 2 | -157/+95 |
| | | | | | discussed with jsing | ||||
| * | Rename ecs_local.h into ecdsa_local.h | tb | 2023-07-05 | 4 | -7/+7 |
| | | |||||
| * | Make variables in prototypes match function declarations | tb | 2023-07-05 | 1 | -6/+6 |
| | | |||||
| * | Drop useless ossl_ prefixes | tb | 2023-07-05 | 3 | -15/+14 |
| | | | | | discussed with jsing | ||||
| * | Avoid outputting invalid signatures | tb | 2023-07-04 | 1 | -1/+11 |
| | | | | | | | | | | | | | The caller can provide an r which will be added to the ECDSA_SIG unchecked. This can happen via ECDSA_{,do_}sign_ex() or ECDSA_sign_setup() or else via a custom sign_sig() handler. Therefore add a check that it is in the bounds required. Since k was long thrown away, there's no way to check kinv, so it needs to be trusted. Misdesigned APIs that will output garbage everywhere... ok jsing | ||||
| * | Clean up ECDSA verification | tb | 2023-07-04 | 1 | -14/+29 |
| | | | | | | | | | Use variable names that correspond more closely to the standard. Use an additional variable for s^-1 for readability. Annotate the code with the corresponding steps from FIPS 186-5. ok jsing | ||||
| * | ECDSA signing: annotate code with steps corresponding to FIPS 185-6. | tb | 2023-07-04 | 1 | -3/+25 |
| | | | | | ok jsing | ||||
| * | Extract private key and group order in s computation | tb | 2023-07-04 | 1 | -19/+18 |
| | | | | | | | | This pushes a few variables no longer needed in ossl_ecdsa_sign_sig() into ecdsa_compute_s() separating API logic and pure computation a bit more. ok beck | ||||
| * | Use key for the EC_KEY everywhere | tb | 2023-07-04 | 1 | -39/+38 |
| | | |||||
| * | Some more consistency in variable names | tb | 2023-07-04 | 1 | -15/+15 |
| | | |||||
| * | Normalize ECDSA_SIG to be sig everywhere | tb | 2023-07-04 | 1 | -11/+11 |
| | | |||||
| * | Normalize on digest and digest_len rather than dgst dlen dgstlen, etc. | tb | 2023-07-04 | 1 | -28/+34 |
| | | |||||
| * | Rework ecdsa_prepare_digest() | tb | 2023-07-04 | 1 | -35/+35 |
| | | | | | | | | | Make it take an EC_KEY instead of a group order in preparation for further cleanup. Rename m into e to match the standard better. Also buy some vowels for jsing. ok beck jsing | ||||
| * | Factor the computation of ECDSA s into a function | tb | 2023-07-04 | 1 | -69/+88 |
| | | | | | | | | | ossl_ecdsa_sign_sig() is already complicated enough. The math bit is entirely self contained and does not need to obfuscate control flow and logic. with feedback from and ok jsing | ||||
| * | sign_sig: drop ckinv | tb | 2023-07-03 | 1 | -5/+7 |
| | | | | | | | | | The only reason ckinv exists is to be able to avoid a copy. This copy leaks some timing info, that will be mitigated in a subsequent step. It is an unused or at least uncommonly used codepath. ok jsing | ||||
| * | Rework the logic in ECDSA sign_sig() | tb | 2023-07-03 | 1 | -24/+30 |
| | | | | | | | | | | | | If the caller supplied both kinv and r, we don't loop but rather throw an undocumented error code that no one uses, which is intended to tell the caller to run ECDSA_sign_setup() and try again. Use a boolean that indicates this situation so that the logic becomes a bit more transparent. ok jsing | ||||
| * | sign_sig: test on assignment | tb | 2023-07-03 | 1 | -5/+6 |
| | | |||||
| * | sign_setup: split another check into two | tb | 2023-07-03 | 1 | -2/+6 |
| | | |||||
| * | Split range checks for ECDSA r and ECDSA s | tb | 2023-07-03 | 1 | -3/+8 |
| | | | | | requested by jsing | ||||
| * | Switch a couple of test from ucmp to cmp | tb | 2023-07-03 | 1 | -4/+4 |
| | | | | | | | | | This is confusing, as both sides involved should be unsigned. The ec code is undecided on whether the group order can be negative. It should never be, so lets see what happen with this slightly stricter check. discussed with jsing | ||||
| * | ossl_ecdsa_verify_sig(): simplify range checks | tb | 2023-07-03 | 1 | -6/+4 |
| | | | | | | | | The checks whether r and s lie in the interval [1, order) were a bit uglier than necessary. Clean this up. ok beck jsing | ||||
| * | List variables in a somewhat more sensible order | tb | 2023-07-03 | 1 | -4/+4 |
| | | |||||
| * | In ossl_ecdsa_verify_sig() use BN_CTX more idiomatically | tb | 2023-07-03 | 1 | -8/+10 |
| | | | | | ok beck jsing | ||||
| * | Split a bunch of unrelated checks | tb | 2023-07-03 | 1 | -3/+10 |
| | | | | | ok beck jsing | ||||
| * | Make ossl_ecdsa_verify_sig() single exit | tb | 2023-07-03 | 1 | -4/+4 |
| | | | | | ok beck jsing | ||||
| * | Switch ossl_ecdsa_verify() to timingsafe_memcmp() | tb | 2023-07-03 | 1 | -2/+2 |
| | | | | | Requested by jsing | ||||
| * | Streamline ossl_ecdsa_verify() | tb | 2023-07-03 | 1 | -7/+13 |
| | | | | | | | | Make it single exit and use API more idiomatically and some other cosmetics. ok beck jsing | ||||
| * | Switch ECDSA code to using EC_GROUP_get0_order() | tb | 2023-07-03 | 1 | -25/+17 |
| | | | | | ok jsing | ||||
| * | Another empty line did not want to go in | tb | 2023-07-03 | 1 | -1/+2 |
| | | |||||
| * | Trade a pair of extra braces for a missing empty line | tb | 2023-07-03 | 1 | -3/+3 |
| | | |||||
| * | Switch sign_sig() and sign_setup() to using BN_CTX | tb | 2023-07-02 | 1 | -47/+73 |
| | | | | | | | | | | | | Both these functions use a BN_CTX internally to deal with the EC API that usually requires one. However, they don't actually make use of it. Get the BIGNUMs from the BN_CTX instead, which simplifies the cleanup. Also defer allocation of the ECDSA_SIG to the very end. Instead of using its internal r and s, use two local r and s variables and transfer those to the ECDSA_SIG on success. ok beck jsing | ||||
| * | Revert hunk accidentally committed in r1.39 | tb | 2023-07-02 | 1 | -11/+1 |
| | | |||||
| * | Rework handling of the out_kinv and out_r pointers | tb | 2023-07-02 | 1 | -8/+15 |
| | | | | | suggested by jsing | ||||
| * | Rename ctx_in into in_ctx, kinvp into out_kinv and rp into out_r | tb | 2023-07-02 | 1 | -12/+13 |
| | | |||||
| * | Rename a few variables from X to x | tb | 2023-07-02 | 1 | -14/+14 |
| | | |||||
| * | Simplify things by switching to bn_rand_interval() | tb | 2023-07-02 | 1 | -22/+19 |
| | | | | | | | | | This avoids some silly dances in ECDSA signature generation by replacing them with a single API call. Also garbage collect the now unnecessary range. ok beck jsing | ||||
| * | ECDSA_size(): move order a few lines down | tb | 2023-07-02 | 1 | -2/+2 |
| | | |||||
| * | Invert method checks to avoid stupid line breaks | tb | 2023-07-02 | 1 | -22/+26 |
| | | |||||
| * | Move ECDSA_size() to ecs_ossl.c to match what was done in ecdh | tb | 2023-06-25 | 2 | -34/+34 |
| | | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |