summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Convert some tables to C99 initializerstb2023-07-023-42/+249
| | | | ok & "happy pirate day" beck
* Fix return values of ecx methodstb2023-07-021-5/+5
| | | | | | | | | It is hard to get your return values right if you choose them to be a random subset of {-2, ..., 3}. The item_verify() and the digestverify() methods don't return 0 on error, but -1. Here 0 means "failed to verify", obviously. ok jsing
* Demacro SHA-512.jsing2023-07-021-54/+112
| | | | | | | | | | | | | | | Use static inline functions instead of macros to implement SHA-512. At the same time, make two key changes - firstly, rather than trying to outsmart the compiler and shuffle variables around, write the algorithm the way it is documented and actually swap the variable contents. Secondly, instead of interleaving the message schedule update and the round, do the full message schedule update first, then process the round. Overall, we get safer and more readable code. Additionally, the compiler can generate smaller and faster code (with a gain of 5-10% across a range of architectures). ok beck@ tb@
* Fix typo in previoustb2023-07-021-2/+2
|
* Use asprintf() to avoid repetition in string constantstb2023-07-021-6/+13
| | | | | | ... since ASN1_bn_print() is stupid. ok jsing
* Split ECPKParameters_print()tb2023-07-021-121/+150
| | | | | | | | | This function has two entirely independent parts, so instead of a huge if/else just use two functions. In ecpk_print_explicity parameters() do some additional boring cleanup such as switching to actually using the local BN_CTX and shuffling things into a slightly more sensible order. ok jsing
* Switch sign_sig() and sign_setup() to using BN_CTXtb2023-07-021-47/+73
| | | | | | | | | | | Both these functions use a BN_CTX internally to deal with the EC API that usually requires one. However, they don't actually make use of it. Get the BIGNUMs from the BN_CTX instead, which simplifies the cleanup. Also defer allocation of the ECDSA_SIG to the very end. Instead of using its internal r and s, use two local r and s variables and transfer those to the ECDSA_SIG on success. ok beck jsing
* Revert hunk accidentally committed in r1.39tb2023-07-021-11/+1
|
* Rework handling of the out_kinv and out_r pointerstb2023-07-021-8/+15
| | | | suggested by jsing
* Replace bn_sqr_words() with bn_sqr_add_words().jsing2023-07-021-35/+23
| | | | | | | | | | | | | | In order to implement efficient squaring, we compute the sum of products (omitting the squares), double the sum of products and then finally compute and add in the squares. However, for reasons unknown the final calculation was implemented as two separate steps. Replace bn_sqr_words() with bn_sqr_add_words() such that we do the computation in one step, avoid the need for temporary BN and remove needless overhead. This gives us a performance gain across most architectures (even with the loss of sse2 on i386, for example). ok tb@
* Rename ctx_in into in_ctx, kinvp into out_kinv and rp into out_rtb2023-07-021-12/+13
|
* Rename a few variables from X to xtb2023-07-021-14/+14
|
* Simplify things by switching to bn_rand_interval()tb2023-07-021-22/+19
| | | | | | | | This avoids some silly dances in ECDSA signature generation by replacing them with a single API call. Also garbage collect the now unnecessary range. ok beck jsing
* Unconditionally zero the ECDH keytb2023-07-021-6/+3
| | | | | | | While memset() is quite expensive, we can afford zeroing a few extra bytes to make this code more readable. ok beck jsing
* ECDSA_size(): move order a few lines downtb2023-07-021-2/+2
|
* Invert method checks to avoid stupid line breakstb2023-07-021-22/+26
|
* Move the EC_POINT a bit down and a * to the right placetb2023-07-021-3/+3
|
* ech_key.c: Fix includestb2023-07-021-3/+4
| | | | | We need stdint.h for uintptr_t, stdlib.h for malloc, ec.h for various things, but there's no need for objects. or sha.h.
* Reverse polarity to avoid an overlong linetb2023-07-011-5/+6
|
* Reword comment to fit on a single linetb2023-07-011-5/+2
|
* tmp is a silly name for a point on an elliptic curvetb2023-07-011-6/+6
|
* Garbage collect the now unused lentb2023-07-011-5/+3
|
* Test and assign for EC_KEY_get0_private_key()tb2023-07-011-3/+2
|
* Add a missing NULL check for grouptb2023-07-011-2/+3
| | | | ok jsing
* Reference commit needed in the next major bumptb2023-07-011-2/+2
|
* Simplify handling of rettb2023-07-011-6/+6
| | | | ok jsing
* Use BN_bn2binpad() instead of handrolling ittb2023-07-011-5/+3
| | | | | | | | | | As ugly as the BN_bn2binpad() internals are, what it does is quite handy with all sorts of EC stuff. So use it here too and eliminate some ugly manual pointer zeroing and offsets. Also switch len and buflen from size_t to int to remove an iffy cast: both are set by functions that return a non-negative int. ok jsing
* Remove unused y from ECDH key computationtb2023-07-011-5/+5
| | | | ok jsing
* crypto.h: move the error stuff to the endtb2023-07-011-21/+21
| | | | | | The other public headers have function and reason codes at the end because the error header was inlined. This was also the case here, too, until the automatic library initialization was appended.
* Simplify ASN1_bn_print() usage in ec/tb2023-07-012-30/+20
| | | | | | | ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL. Also simplify the handling of the point conversion form of the generator. ok jsing
* whitespacetb2023-06-301-2/+2
|
* Drop the no longer necessary -DLIBRESSL_CRYPTO_INTERNALtb2023-06-291-2/+2
| | | | ok miod
* Move check_defer() and obj_cleanup_defer to evp/names.ctb2023-06-292-7/+5
| | | | | | | | | | These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
* Adjust EC_GROUP_get_basis_type() documentationtb2023-06-281-64/+8
| | | | | | | After the GF2m removal, this function always returns 0, so adjust the documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis() that were left behind. Also add a tiny grammar tweak in the HISTORY section.
* Remove some dead code from ECPKParameters_print()tb2023-06-271-31/+6
| | | | | | | This code is unreachable since binary curve support was removed. There is a lot more to clean up in here... ok jsing
* Remove the now unused poly[] from EC_GROUPtb2023-06-271-15/+2
| | | | | | | This was needed for defining the multiplication over binary fields. Since that code is gone, this is no longer needed. ok jsing
* Simplify EC_GROUP_get_basis_type()tb2023-06-271-18/+2
| | | | | | | | The remaining EC_METHODs in libcrypto all have a field type of NID_X9_62_prime_field, so this function always returns 0. Make that more obvious. ok jsing
* Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semanticstb2023-06-261-2/+9
| | | | | | | | | | | | For some reason there is no NULL check on setting the HKDF key for p2 like in the other cases in the switch, instead OpenSSL fail in memdup, nulling out the key but leaving he key_len at the old value. This looks accidental but our behavior makes some haproxy regress tests segfault. So mimic weird OpenSSL semantics but in addition set the key_len to 0. Reported by Ilya Shipitsin ok jsing
* Add missing RCS markertb2023-06-251-0/+1
|
* Remove unneeded bn_local.h and drop a NULL checktb2023-06-251-5/+3
|
* Move ECDSA_size() to ecs_ossl.c to match what was done in ecdhtb2023-06-252-34/+34
|
* With ech_local.h gone, we no longer need to -I ecdhtb2023-06-251-2/+1
|
* Remove ech_local.htb2023-06-251-65/+0
|
* Stop including ech_local.htb2023-06-253-5/+5
|
* Remove prototypes for EC_KEY_{get,insert}_key_method_data()tb2023-06-251-8/+1
| | | | These were accidentally left behind in a previous commit.
* Move ecdh_KDF_X9_63() to ec_local.htb2023-06-252-8/+8
| | | | | In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last remaining thing in ech_local.h where it will soon belong.
* Move ECDH_size() to ech_key.ctb2023-06-252-8/+8
| | | | | This way the public ECDH API that will remain in libcrypto is in one file and the public ECDH API that will go is in the other one.
* Move the ecdh_method struct declaration to ech_lib.ctb2023-06-252-11/+10
| | | | No other file uses this anymore
* Move ECDH_OpenSSL() ECDSA_OpenSSL() to *_lib.ctb2023-06-254-28/+28
| | | | | | Now that they no longer use static methods, they can move where they belong. Also make the static method const, as it should have been all along.
* Remove EC_EXTRA_DATAtb2023-06-254-230/+4
| | | | | | | | | | | With the ecdh_check() and ecdsa_check() abominations gone, we can finally get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The EC_EX_DATA_*() handlers, (which fortunately have always had "'package' level visibility") join the ride to the great bit bucket in the sky. Thanks to op for making this possible. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 22:53:13 +0000