| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
EC_GROUP_method_of() and EC_METHOD_get_field_type() only ever used chained
together as a convoluted means to retrieve the field type of a group. This
is no longer useful since the answer will always be NID_X9_62_prime_field.
EC_POINT_method_of(), EC_GROUP{,_have}_precompute_mult(): exposed by one of
those expose-everything perl XS modules.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
This hasn't done anything in a long time. Only dovecot uses an unchecked
call to this. With this we can remove EC_GROUP_precompute_mult().
ok jsing
|
| |
|
|
|
|
|
|
| |
At this point the NID is always NID_X9_62_prime_field, so we can use
SN_X9_62_prime_field directly rather than getting the field type from
the method and then converting the nid to an sn with OBJ_nid2sn().
ok jsing
|
| |
|
|
|
|
|
| |
The field_type is always NID_X9_62_prime_field, no need to encode and
retrieve this from the group method.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This appears to be about 5% faster than the current perlasm version on a
modern Intel CPU.
While here rename md5_block_asm_data_order to md5_block_data_order, for
consistency with other hashes.
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Instead of doing a weird dance, set the sign on N in BN_RECP_CTX_create().
Since we're not exposing a general purpose calculator API, we can simplify.
ok jsing
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
| |
There's no need for BN_mod_mul_reciprocal() to have this complication.
The caller knows when x == y, so place the burden on the caller. This
simplifies both the caller side and the implementation in bn_recp.c.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
There's no need for a separate mul_generator_ct() function pointer - we
really only need mul_single_ct() and mul_double_nonct(). And rather than
calling ec_mul_ct() and having it figure out which point to use, explicitly
pass the generator point when calling mul_single_ct().
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
This macro references variable names that are in the consuming function and
are not actually passed to the macro. Expanding it makes the logic clearer.
If we wanted to reduce code the middle six group of rounds could be
implemented using a for loop (which the compiler can then choose to
unroll).
ok tb@
|
| |
|
|
|
|
|
|
| |
load_u32_be() and store_u32_be() are not symmetrical, with load_u32_be()
having a rather unexpected indexing interface. Fix up the callers to
perform their own indexing and use crypto_{load,store}_be32toh() instead.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
No caller ever passes y == NULL, so remove the corresponding contortions
and unindent the relevant bits.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
The API will be removed soon. This prepares moving it to its only consumer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a BN_RECP_CTX_create() function that allocates and
populates the BN_RECP_CTX in a single call, without taking an unused
BN_CTX argument.
At the same time, make the N and Nr members BIGNUMs on the heap which
are allocated by BN_RECP_CTX_create() and freed by BN_RECP_CTX_free()
and remove the unnecessary flags argument.
Garbage collect the now unused BN_RECP_CTX_{new,init,set}().
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Like most hashes, MD5 needs to keep count of the number of bits in the
message being processed. However, rather than using a 64 bit counter this
is implemented using two 32 bit values (which is exposed in the public
API). Even with this hurdle, we can still use 64 bit math and let the
compiler figure out how to best handle the situation (hopefully avoiding
compiler warnings on 16 bit platforms in the process!). On amd64 this code
now requires two instructions, instead of the previous five.
While here remove a comment that is excessively visible and no longer
completely accurate (and if you're going to redefine types like MD5_WORD
you kinda need to know what you're doing).
ok tb@ (who's going to miss the dear diary style comments)
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
These somehow escaped a prior pass.
|
| |
|
|
|
|
|
| |
This helped a bit with readability when we needed to do &group->p, but now
that's no longer needed.
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Add wrapper functions that call the methods so that we can get rid of
inconsistent use of ugly function pointers with massively overlong lines
and other ways of reaching into the methods.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The atoi() would also accept the magic negative values and old openssl
releases would expose these as arguments to -pkeyopt rsa_pss_saltlen:-1
in the openssl pkeyutl "app". While modern openssl switched to having
readable alternatives to these, the oseid component of opensc would use
the old syntax until yesterday.
Still, this is our bug and we need to keep accepting the magic values as
such, so do so. Everything below -3 will be rejected by the RSA_ctrl()
handler later.
Debugged by Doug Engert in https://github.com/OpenSC/OpenSC/issues/3317
ok jsing op
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Only EC_KEY_METHOD_{new,free}() need to know about this flag, so make
that more obvious.
|
| | |
|
| |
|
|
|
| |
Rename ec_is_on_curve() to ec_point_is_on_curve() and ec_cmp() to
ec_point_cmp().
|
| |
|
|
|
| |
These were in the middle of the methods responsible for curve operations,
which makes little sense.
|
| |
|
|
|
|
|
|
| |
Now that it is method-agnostic, we can remove the method and move the
implementation to the body of the public API function. And another
method goes away. We're soon down to the ones we really need.
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
| |
While this is nicely done, it is a bit too clever. We can do the
calculation in the normal domain rather than the Montgomery domain
and this way the method becomes method agnostic. This will be a bit
slower but since a couple of field operations are nothing compared
to the cost of BN_mod_sqrt() this isn't a concern.
ok jsing
|
| |
|
|
| |
discussed with jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC_POINTs_mul() was only ever used by Ruby and they stopped doing so for
LibreSSL when we incorporated the constant time multiplication work of
Brumley et al and restricted the length of the points array to 1, making
this API effectively useless. The only real reason you want to have an
API to calculate \sum n_i P_i is for ECDSA where you want m * G + n * P.
Whether something like his needs to be in the public API is doubtful.
EC_POINTs_make_affine() is an implementation detail of EC_POINTs_mul().
As such it never really belonged into the public API.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Whatever the EC_METHOD, this will always be equivalent to getting and
setting the affine coordinates, so this needs no dedicated method.
Also, this is a function that makes no real sense since a caller should
never need to care about this... As always, our favorite language bindings
thought they might have users who care. This time it's Ruby and Perl.
ok jsing
|
| |
|
|
| |
ok millert operator(7)
|
| | |
|
| |
|
|
| |
requested by jsing
|
| |
|
|
| |
+ some whitespace cosmetics
|
