| Commit message (Collapse) | Author | Files | Lines |
|---|
|
If we get here, we're in a server and have managed to load the cert.
The public key is therefore a point on a built-in curve, and we know
the group is defined over some prime field. Now it is just a matter of
figuring out whether we support the group in libssl.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
Support was removed nearly a decade ago. No need to mention this anymore.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
Support for this went away in 2017, but a few things still mentioned DSA
in various contexts. Replace DSA with ECDSA where appropriate and otherwise
delete this. It won't work.
ok jsing
|
|
|
|
|
|
ok jsing
|
|
These somehow escaped a prior pass.
|
|
This helped a bit with readability when we needed to do &group->p, but now
that's no longer needed.
discussed with jsing
|
|
Add wrapper functions that call the methods so that we can get rid of
inconsistent use of ugly function pointers with massively overlong lines
and other ways of reaching into the methods.
ok jsing
|
|
The atoi() would also accept the magic negative values and old openssl
releases would expose these as arguments to -pkeyopt rsa_pss_saltlen:-1
in the openssl pkeyutl "app". While modern openssl switched to having
readable alternatives to these, the oseid component of opensc would use
the old syntax until yesterday.
Still, this is our bug and we need to keep accepting the magic values as
such, so do so. Everything below -3 will be rejected by the RSA_ctrl()
handler later.
Debugged by Doug Engert in https://github.com/OpenSC/OpenSC/issues/3317
ok jsing op
|
|
|
|
|
|
OpenSSL 1.1 and 3.2 will be removed from the ports tree, so test the two
remaining versions. Unfortunately, this requires a lot more manual
massaging than there should be.
|
|
OpenSSL 1.1 is dead and will soon be removed from the ports tree.
At the same time OpenSSL 3.3 will become the default openssl.
|
|
|
|
|
|
|
|
|
|
Only EC_KEY_METHOD_{new,free}() need to know about this flag, so make
that more obvious.
|
|
|
|
Rename ec_is_on_curve() to ec_point_is_on_curve() and ec_cmp() to
ec_point_cmp().
|
|
These were in the middle of the methods responsible for curve operations,
which makes little sense.
|
|
Now that it is method-agnostic, we can remove the method and move the
implementation to the body of the public API function. And another
method goes away. We're soon down to the ones we really need.
discussed with jsing
|
|
While this is nicely done, it is a bit too clever. We can do the
calculation in the normal domain rather than the Montgomery domain
and this way the method becomes method agnostic. This will be a bit
slower but since a couple of field operations are nothing compared
to the cost of BN_mod_sqrt() this isn't a concern.
ok jsing
|
|
discussed with jsing
|
|
|
|
EC_POINTs_mul() was only ever used by Ruby and they stopped doing so for
LibreSSL when we incorporated the constant time multiplication work of
Brumley et al and restricted the length of the points array to 1, making
this API effectively useless. The only real reason you want to have an
API to calculate \sum n_i P_i is for ECDSA where you want m * G + n * P.
Whether something like his needs to be in the public API is doubtful.
EC_POINTs_make_affine() is an implementation detail of EC_POINTs_mul().
As such it never really belonged into the public API.
ok jsing
|
|
ok jsing
|
|
Whatever the EC_METHOD, this will always be equivalent to getting and
setting the affine coordinates, so this needs no dedicated method.
Also, this is a function that makes no real sense since a caller should
never need to care about this... As always, our favorite language bindings
thought they might have users who care. This time it's Ruby and Perl.
ok jsing
|
|
ok millert operator(7)
|
|
feedback jmc@ ok deraadt@ schwarze@
|
|
|
|
requested by jsing
|
|
+ some whitespace cosmetics
|
|
|
|
|
|
|
|
|
|
OpenSSL commit 92ada7cc (2007) removed some dead code with flawed logic
attempting to print multiple lines if the line exceeded 80 characters.
Said flawed logic was there since the start of the git history importing
SSLeay 0.8.1b in 1998 and never worked. Rumor has it that it did work prior
to that. Be that as it may, it's just wrongly documented since Henson added
the docs in commit 0711be16 (2002).
Prompted by OpenSSL issue #18004 by davidben
https://github.com/quictls/quictls/pull/168
https://github.com/quictls/quictls/issues/75
|
|
This eliminates another stupid BN_free(&bn) and uses BIO_printf() rather
than a ludicrously silly result dance. In fact it appears that this dance
was so hard to grok that OpenSSL misread it and made this function return
the value -1 on ASN1_INTEGER_to_BN() failure, a value that it had never
returned before.
It doesn't matter anyway. The only uses of this function are internal to
OpenSSL's code and since TS fully conforms to OpenSSL's high QA standards,
no caller checks the return of TS_ASN1_INTEGER_print_bio().
ok jsing
|
|
|
|
After possibly decoding a and b in EC_GROUP_get_curve(), this is a pure
calculation in GFp and as such doesn't make use of any method-specifics.
Let's perform this calculation directly in the public API implementation
rather than redirecting through the methods and remove yet another method
handler.
ok jsing
|
|
|
|
|
|
|
|
|
