| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
requested by jsing
|
|
+ some whitespace cosmetics
|
|
|
|
|
|
|
|
|
|
OpenSSL commit 92ada7cc (2007) removed some dead code with flawed logic
attempting to print multiple lines if the line exceeded 80 characters.
Said flawed logic was there since the start of the git history importing
SSLeay 0.8.1b in 1998 and never worked. Rumor has it that it did work prior
to that. Be that as it may, it's just wrongly documented since Henson added
the docs in commit 0711be16 (2002).
Prompted by OpenSSL issue #18004 by davidben
https://github.com/quictls/quictls/pull/168
https://github.com/quictls/quictls/issues/75
|
|
This eliminates another stupid BN_free(&bn) and uses BIO_printf() rather
than a ludicrously silly result dance. In fact it appears that this dance
was so hard to grok that OpenSSL misread it and made this function return
the value -1 on ASN1_INTEGER_to_BN() failure, a value that it had never
returned before.
It doesn't matter anyway. The only uses of this function are internal to
OpenSSL's code and since TS fully conforms to OpenSSL's high QA standards,
no caller checks the return of TS_ASN1_INTEGER_print_bio().
ok jsing
|
|
|
|
After possibly decoding a and b in EC_GROUP_get_curve(), this is a pure
calculation in GFp and as such doesn't make use of any method-specifics.
Let's perform this calculation directly in the public API implementation
rather than redirecting through the methods and remove yet another method
handler.
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
The degree made some sense when EC2M was a thing in libcrypto. Fortunately
that's not the case anymore. The order handler never made sense.
ok jsing
|
|
requested by jsing
|
|
requested by jsing
|
|
This is another bit of indirection that makes this code so hard to follow.
ok jsing
|
|
|
|
|
|
|
|
|
|
BN_reciprocal() is only called by BN_div_recp() which in turn is only
called by BN_mod_mul_reciprocal(). So use this order and make the first
two static.
|
|
This is usually method specific, so remove the indirection and call the
appropriate blinding function directly.
ok tb@
|
|
This is only used by ec_points_make_affine(), which is only used by the
wNAF multiplication, which is only used by ECDSA. We can afford computing
that one once per ECDSA verification given the cost of the rest of this.
Thus, the field_set_to_one() member disappears from the EC_METHOD and the
mont_one member disappears from EC_GROUP and with it all the complications
when setting/copying/freeing the group.
ok jsing
|
|
That the BN-driven EC code uses Jacobian projective coordinates as an
optimization is an implementation detail. As such this should never have
leaked out of the library as part of the public API. No consumer should
ever care and if they do they're doing it wrong. The only port that cares
is one of those stupid little perl modules that expose all the things and
transform terrible OpenSSL regress tests into similarly horrible Perl.
In practice, only affine coordinates matter (perhaps in compressed form).
This prunes two more function pointers from EC_GROUP and prepares the
removal of the field_set_to_one() method which is now only used in
ec_points_make_affine().
ok jsing sthen
|
|
There's only one inverse and in standard affine coordinates it only has
one representation.
|
|
This way we can get rid of the stupidity that is publicly exposed
Jprojective coordinates soon.
|
|
|
|
The only way to get an EC_GROUP or an EC_POINT is by calling the relevant
_new() function and to get rid of it, something must call _free(). Thus we
can establish the invariant that every group has Weierstrass coefficients
p, a, b as well as order and cofactor hanging off it. Similarly, Every
point has allocated BIGNUMs for its Jacobian projective coordinates.
Unfortunately, a group has the generator as an optional component in
addition to seed and montgomery context/one (where optionality makes
more sense).
This is a mostly mechanical diff and only drops a few silly comments and
a couple of unnecessary NULL checks since in our part of the wrold the
word invariant has a meaning.
This should also appease Coverity who likes to throw fits at calling
BN_free() for BIGNUM on the stack (yes, this is actually a thing).
ok jsing
|
|
With rsa_sign.c r1.37 this is no longer needed.
|
|
ok jsing kn
|
|
You can set custom sign and verify handlers on an RSA method (wihch is
used to create RSA private and public key handles). However, even if you
set them explicitly with RSA_meth_set_{sign,verify}(3), these handlers
aren't used for the sake of "backward compatibility" (with what?). In order
to use them, you need to opt your objects into using the custom methods
you set by setting the RSA_FLAG_SIGN_VER flag.
OpenSSL 1.1 dropped this requirement and therefore nobody sets this flag
anyore. Like most of the mechanically added accessors, almost nothing
uses them, but, as found by kn, the yubco-piv-tool does. This resulted
in a public key being passed to rsa_private_encrypt(), which of course
doesn't end well.
So follow OpenSSL 1.1 and drop this muppetry. This makes kn's problem
with yubico-piv-tool go away.
ok jsing kn
|
|
|
|
|
|
This currently only covers sign and verify since other parts are already
known to work in practice. Prompted by a bug report by kn
|
|
|
|
|
|
Reflow the comment to avoid some very unfortunate line wraps. "Note that"
is like "literally" a bunch of generally useless noise and best omitted.
|
|
|
|
Review feedback by jsing
|
|
ok jsing
|
|
/*#define SSL_HOST_NAME "www.netscape.com" */
/*#define SSL_HOST_NAME "193.118.187.102" */
and
/*#define TEST_CERT "client.pem" *//* no default cert. */
|
|
Having constant arrays in a header is just stupid (whether the constants
are static or not), and most of the contents of these two headers clearly
belongs into a C file. Since the garbage pile that is speed.c was not ugly
enough, merge all of it there, since it is the only consumer.
discussed with jsing
PS: still waiting for that elusive volunteer who reworks libdes's speed.c
into something resembling C code.
|
|
|
|
discussed with jsing
|
|
This is an extra header for two stupid constants...
discussed with jsing
|
|
discussed with jsing
|
