summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Expand the SM4_ROUNDS macro.jsing2025-01-221-25/+83
| | | | | | | | | | This macro references variable names that are in the consuming function and are not actually passed to the macro. Expanding it makes the logic clearer. If we wanted to reduce code the middle six group of rounds could be implemented using a for loop (which the compiler can then choose to unroll). ok tb@
* Replace {load,store}_u32_be() with crypto_{load,store}_be32toh().jsing2025-01-221-39/+25
| | | | | | | | load_u32_be() and store_u32_be() are not symmetrical, with load_u32_be() having a rather unexpected indexing interface. Fix up the callers to perform their own indexing and use crypto_{load,store}_be32toh() instead. ok tb@
* Pull the family key and constant key tables out of SM4_set_key().jsing2025-01-221-28/+27
| | | | ok tb@
* BN_mod_mul_reciprocal: remove y == NULL complicationtb2025-01-221-14/+11
| | | | | | | No caller ever passes y == NULL, so remove the corresponding contortions and unindent the relevant bits. ok jsing
* Replace rotl() with crypto_rol_u32().jsing2025-01-221-15/+10
| | | | ok tb@
* EC_GROUP_check(): use accessor rather than reaching into the grouptb2025-01-211-3/+4
| | | | The API will be removed soon. This prepares moving it to its only consumer.
* Move BN_RECP_CTX to the heaptb2025-01-213-67/+48
| | | | | | | | | | | | | | This introduces a BN_RECP_CTX_create() function that allocates and populates the BN_RECP_CTX in a single call, without taking an unused BN_CTX argument. At the same time, make the N and Nr members BIGNUMs on the heap which are allocated by BN_RECP_CTX_create() and freed by BN_RECP_CTX_free() and remove the unnecessary flags argument. Garbage collect the now unused BN_RECP_CTX_{new,init,set}(). ok jsing
* crypto.h: zap some offensive whitespacetb2025-01-201-2/+2
|
* Annotate why EVP_PKEY_CTX_ctrl_str() will stay for a whiletb2025-01-201-1/+6
|
* Improve bit counter handling in MD5.jsing2025-01-193-19/+18
| | | | | | | | | | | | | | | | Like most hashes, MD5 needs to keep count of the number of bits in the message being processed. However, rather than using a 64 bit counter this is implemented using two 32 bit values (which is exposed in the public API). Even with this hurdle, we can still use 64 bit math and let the compiler figure out how to best handle the situation (hopefully avoiding compiler warnings on 16 bit platforms in the process!). On amd64 this code now requires two instructions, instead of the previous five. While here remove a comment that is excessively visible and no longer completely accurate (and if you're going to redefine types like MD5_WORD you kinda need to know what you're doing). ok tb@ (who's going to miss the dear diary style comments)
* Use name instead of register.jsing2025-01-181-3/+3
|
* rsa_pmeth: unify strcmp return checkstb2025-01-171-12/+10
| | | | ok jsing
* Replace the remaining group->meth->field_{mul,sqr}tb2025-01-171-13/+13
| | | | These somehow escaped a prior pass.
* ecp_methods: remove p = group->p indirectiontb2025-01-171-37/+34
| | | | | | | This helped a bit with readability when we needed to do &group->p, but now that's no longer needed. discussed with jsing
* ecp_methods: rework field_{mul,sqr}() handlingtb2025-01-171-93/+83
| | | | | | | | Add wrapper functions that call the methods so that we can get rid of inconsistent use of ugly function pointers with massively overlong lines and other ways of reaching into the methods. ok jsing
* Fix two incorrect strtonum() conversionstb2025-01-171-3/+13
| | | | | | | | | | | | | | | | The atoi() would also accept the magic negative values and old openssl releases would expose these as arguments to -pkeyopt rsa_pss_saltlen:-1 in the openssl pkeyutl "app". While modern openssl switched to having readable alternatives to these, the oseid component of opensc would use the old syntax until yesterday. Still, this is our bug and we need to keep accepting the magic values as such, so do so. Everything below -3 will be rejected by the RSA_ctrl() handler later. Debugged by Doug Engert in https://github.com/OpenSC/OpenSC/issues/3317 ok jsing op
* dh_ameth: explcitly -> explicitlytb2025-01-171-2/+2
|
* asn_mime: deteched -> detached + a knf nittb2025-01-171-2/+3
|
* Fix another awful comment in ec_point_cmp()tb2025-01-111-4/+3
|
* Align vertical backslashes in a macrotb2025-01-111-2/+2
|
* ec_point_cmp: tidy up an ugly commenttb2025-01-111-7/+5
|
* ec_key_gen() is unused outside ec_key.c, so make it statictb2025-01-112-4/+3
|
* Move EC_KEY_METHOD_DYNAMIC next to the two methods using ittb2025-01-112-4/+4
| | | | | Only EC_KEY_METHOD_{new,free}() need to know about this flag, so make that more obvious.
* Remove a weird commenttb2025-01-111-5/+1
|
* Rename the is_on_curve() method to point_is_on_curve()tb2025-01-113-12/+13
| | | | | Rename ec_is_on_curve() to ec_point_is_on_curve() and ec_cmp() to ec_point_cmp().
* Move is_on_curve() and (point) cmp() uptb2025-01-112-201/+201
| | | | | These were in the middle of the methods responsible for curve operations, which makes little sense.
* Move compressed coordinate setting into public APItb2025-01-113-108/+83
| | | | | | | | Now that it is method-agnostic, we can remove the method and move the implementation to the body of the public API function. And another method goes away. We're soon down to the ones we really need. discussed with jsing
* Rework ec_point_set_compressed_coordinates()tb2025-01-111-18/+14
| | | | | | | | | | While this is nicely done, it is a bit too clever. We can do the calculation in the normal domain rather than the Montgomery domain and this way the method becomes method agnostic. This will be a bit slower but since a couple of field operations are nothing compared to the cost of BN_mod_sqrt() this isn't a concern. ok jsing
* Move ec_points_make_affine() to the right placetb2025-01-111-135/+135
| | | | discussed with jsing
* Move the EC_POINTs API into the garbage bintb2025-01-111-20/+20
|
* Neuter the EC_POINTs_* APItb2025-01-114-77/+16
| | | | | | | | | | | | | | EC_POINTs_mul() was only ever used by Ruby and they stopped doing so for LibreSSL when we incorporated the constant time multiplication work of Brumley et al and restricted the length of the points array to 1, making this API effectively useless. The only real reason you want to have an API to calculate \sum n_i P_i is for ECDSA where you want m * G + n * P. Whether something like his needs to be in the public API is doubtful. EC_POINTs_make_affine() is an implementation detail of EC_POINTs_mul(). As such it never really belonged into the public API. ok jsing
* Remove a pointless check about Z == 1tb2025-01-111-7/+1
| | | | ok jsing
* Inline ec_point_make_affine() in the public APItb2025-01-113-44/+22
| | | | | | | | | | Whatever the EC_METHOD, this will always be equivalent to getting and setting the affine coordinates, so this needs no dedicated method. Also, this is a function that makes no real sense since a caller should never need to care about this... As always, our favorite language bindings thought they might have users who care. This time it's Ruby and Perl. ok jsing
* Remove seven pairs of unnecessary parenthesestb2025-01-111-5/+5
| | | | ok millert operator(7)
* ec_lib.c: zap stray empty line at end of filetb2025-01-091-2/+1
|
* check_discriminant: make the assumptions on p, a, b more explicittb2025-01-091-2/+3
| | | | requested by jsing
* Improve order of things in BN_RECP_CTX_set()tb2025-01-081-3/+4
| | | | + some whitespace cosmetics
* Remove parentheses in return statementstb2025-01-081-8/+8
|
* Add a space after commatb2025-01-081-3/+3
|
* Remove superfluous parenthesestb2025-01-081-13/+13
|
* X509_NAME_print() also fails to indenttb2025-01-081-5/+6
|
* X509_NAME_print: remove lie about multiple lines being usedtb2025-01-071-4/+2
| | | | | | | | | | | | | OpenSSL commit 92ada7cc (2007) removed some dead code with flawed logic attempting to print multiple lines if the line exceeded 80 characters. Said flawed logic was there since the start of the git history importing SSLeay 0.8.1b in 1998 and never worked. Rumor has it that it did work prior to that. Be that as it may, it's just wrongly documented since Henson added the docs in commit 0711be16 (2002). Prompted by OpenSSL issue #18004 by davidben https://github.com/quictls/quictls/pull/168 https://github.com/quictls/quictls/issues/75
* Rewrite TS_ASN1_INTEGER_print_bio()tb2025-01-071-14/+19
| | | | | | | | | | | | | | This eliminates another stupid BN_free(&bn) and uses BIO_printf() rather than a ludicrously silly result dance. In fact it appears that this dance was so hard to grok that OpenSSL misread it and made this function return the value -1 on ASN1_INTEGER_to_BN() failure, a value that it had never returned before. It doesn't matter anyway. The only uses of this function are internal to OpenSSL's code and since TS fully conforms to OpenSSL's high QA standards, no caller checks the return of TS_ASN1_INTEGER_print_bio(). ok jsing
* Remove stale comment about methods and memberstb2025-01-071-6/+1
|
* Check discriminant directly in EC_GROUP_set_discriminant()tb2025-01-073-68/+47
| | | | | | | | | | After possibly decoding a and b in EC_GROUP_get_curve(), this is a pure calculation in GFp and as such doesn't make use of any method-specifics. Let's perform this calculation directly in the public API implementation rather than redirecting through the methods and remove yet another method handler. ok jsing
* unitialized -> uninitializedtb2025-01-061-2/+2
|
* ec_lib: create a garbage bin at the end, throw Jprojective stuff in theretb2025-01-061-19/+24
|
* Inline the last two uses of ec_mont_group_clear()tb2025-01-061-14/+11
|
* typo: slighty -> slightlytb2025-01-061-2/+2
|
* group_copy() is no longer a thing...tb2025-01-061-3/+1
|