summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Minor cosmetic tweaks for EC_GROUP_set_seed()tb2024-10-251-9/+8
| | | | | No need to guard free() with a NULL check, check explicitly against 0 and rename p to seed.
* ec_asn1: fix some NULL misspellingstb2024-10-251-4/+4
|
* Add regress for {d2i,i2d}_ECPrivateKey() and {o2i,i2o}_ECPublicKey()tb2024-10-251-1/+1003
| | | | Some test cases are disabled since they exercise an upcoming bug fix.
* Fix argument names: des_in -> der_in and des_out -> der_outtb2024-10-242-19/+19
|
* Add missing error check for CBB_init_fixed()tb2024-10-241-4/+5
| | | | CID 511280
* ec_point_conversion: cosmeticstb2024-10-231-4/+4
|
* ec_point_conversion: extend test coverage by translating back thetb2024-10-231-2/+76
| | | | | | point to an octet string and match with the initial octet string. would have caught the regression found by anton
* EC_POINT_point2oct() need to special case the point at infinitytb2024-10-231-4/+10
| | | | | | | | This is annoying since it undoes some polishing done before commit and reintroduces an unpleasant asymmetry. found by anton via openssl-ruby tests ok jsing
* EC_get_builtin_curves(): the most appropriate name for a list of curves...tb2024-10-231-5/+5
| | | | ... is obviously r.
* remove duplicate defines; ok tb@jsg2024-10-233-13/+3
|
* remove duplicate X509v3_asid_add_id_or_range.3 linejsg2024-10-221-2/+1
|
* Move a check for hybrid point encoding into a helper functiontb2024-10-221-7/+14
|
* Rewrite ec_GFp_simple_point2oct() using CBBtb2024-10-221-63/+90
| | | | | | | | | | Factor ad-hoc inline code into helper functions. Use CBB and BN_bn2binpad() instead of batshit crazy skip loops and pointer banging. With all this done, the function becomes relatively streamlined and pretty much symmetric with the new oct2point() implementation. ok jsing
* Rewrite ec_GFp_simple_oct2point() using CBStb2024-10-221-57/+86
| | | | | | | | | Transform the spaghetti in here into something more readable. Factor various inline checks into helper functions to make the logic clearer. This is a bit longer but a lot safer and simpler. It accepts exactly the same input as the original version. ok jsing
* Start cleaning up oct2point and point2octtb2024-10-221-5/+41
| | | | | | | | | | | | | | | | | | | The SEC 1 standard defines various ways of encoding an elliptic curve point as ASN.1 octet string. It's also used for the public key, which isn't an octet string but a bit string for whatever historic reason. The public API is incomplete and inconvenient, so we need to jump through a few hoops to support it and to preserve our own sanity. Split a small helper function out of ec_GFp_simple_point2oct() that checks that a uint8_t represents a valid point conversion form. It supports exactly the four possible variants and helps translating from point_conversion_form_t at the API boundary. Reject the form for the point at infinity since the function has historically done that even for the case that the point actually is the point at infinity. ok jsing
* Suppress warning noise from deprecated OpenSSL APItb2024-10-221-1/+2
|
* Revert marking EC_GROUP_method_of() and EC_METHOD_get_field_type() unusedtb2024-10-221-3/+3
| | | | breaks tree as noted by krw
* ecp_oct.c: add missing includestb2024-10-221-1/+5
|
* Mark EC_GROUP_method_of() and EC_METHOD_get_field_type() as unusedtb2024-10-221-3/+3
| | | | ok jsing
* Provide and use ec_group_get_field_type()tb2024-10-224-8/+17
| | | | | | | | | All internal uses of EC_METHOD_get_field_type() and EC_GROUP_method_of() are chained together. Implement this as a single API call that takes a group and use it throughout. Gets rid of another eyesore in this part of the tree. Not that there will be a shortage of eyesores anytime soon... ok jsing
* Inline a use of EC_GROUP_method_of()tb2024-10-221-2/+2
| | | | | | | | We can just reach into the group to obtain its EC_GROUP_METHOD. After all ec_local.h has to be in scope. This will permit marking this ugly API as unused internally after the next commit. ok jsing
* ec_ameth.c: fix includestb2024-10-201-3/+9
|
* ec_asn1: add missing includestb2024-10-201-2/+6
|
* ec_curve: add missing includestb2024-10-201-1/+5
|
* zap an empty linetb2024-10-201-2/+1
|
* Make ec EVP_PKEY_CTRL_MD handler match dsa/rsa more closelytb2024-10-191-11/+14
| | | | | | This makes the thing a bit easier on the eyes and improves greppability. ok joshua jsing
* Drop a useless cast in pkey_dsa_ctrl()tb2024-10-191-2/+2
| | | | ok joshua jsing
* Remove IA32 specific code from cryptlib.c.jsing2024-10-195-41/+29
| | | | | | Move the IA32 specific code to arch/{amd64,i386}/crypto_cpu_caps.c, rather than polluting cryptlib.c with machine dependent code. A stub version of crypto_cpu_caps_ia32() still remains for now.
* Remove unused sparc CPU capability detection code.jsing2024-10-193-204/+1
| | | | | | | This has been unused for a long time - it can be found in the attic if someone wants to clean it up and enable it in the future. ok tb@
* EC_GROUP_check(): zap useless commentstb2024-10-191-4/+3
|
* Move EC_GROUP_check() to ec_lib.ctb2024-10-193-115/+57
| | | | EC_GROUP_check() is quite simple. It doesn't need to use its own file.
* ec_asn1_test: simplify previoustb2024-10-181-7/+4
|
* ec_asn1_test: call EC_GROUP_check() for the builtin curvestb2024-10-182-59/+13
| | | | | This makes the internal curve test in ectest.c superfluous. Also fix a logic error.
* Simplify EC_get_builtin_curves().tb2024-10-181-4/+5
| | | | | When determining the minimum of nitems and EC_CURVE_LIST_LENGTH we need neither an extra variable nor a ternary operator.
* Use better naming in ec_curve.ctb2024-10-181-33/+33
| | | | | | | Rename struct ec_list_element into struct ec_curve. Accordingly, curve_list becomes struct ec_curve ec_curve_list[]. Adjust internal API to match. suggested by jsing
* ec_asn1_test: adjust for rejection of non-builtin curve parameterstb2024-10-181-14/+2
|
* Enforce that EC Parameters correspond to a builtin curvetb2024-10-183-3/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | EC parameters are very general. While there are some minimal sanity checks, for the parameters due to DoS risks found in the last decade, the elliptic curve code is poorly written and a target rich environment for NULL dereferences, busy loops, expensive computations and whatever other nastiness you can think of. It is not too hard to come up with parameters that reach very ugly code. While we have removed for the worst of it (the "fast" nist code and GF2m come to mind), the code very much resembles the Augean Stables. Unfortunately, curve parameters are still in use - even mandatory in some contexts - for example in machine-readable travel documents signed by ICAO country signing certification authorities (see ICAO Doc 9303). To avoid many of these DoS vectors, start enforcing that we know what the curve parameters are about, namely that they correspond to a builtin curve. This way we know that the parameters are at least as good as the standards we implement and checking this is cheap: Translate curve parameters into the ad hoc representation in the builtin curve code and check there's a match. That's very cheap since most curves are distinguished by cofactor and parameter length and we need to use an actual parameter comparison for at most half a dozen curves, usually only one or two. ok jsing
* Remove now unused x86cpuid.pl.jsing2024-10-181-153/+0
|
* Provide crypto_cpu_caps_init() for i386.jsing2024-10-183-10/+120
| | | | | | | This is the same CPU capabilities code that is now used for amd64. Like amd64 we now only populate OPENSSL_ia32cap_P with bits used by perlasm. Discussed with tb@
* Remove now unused x86_64cpuid.pl.jsing2024-10-181-147/+0
|
* Provide crypto_cpu_caps_init() for amd64.jsing2024-10-184-11/+126
| | | | | | | | | | | This is a CPU capability detection implementation in C, with minimal inline assembly (for cpuid and xgetbv). This replaces the assembly mess generated by x86_64cpuid.pl. Rather than populating OPENSSL_ia32cap_P directly with CPUID output, just set the bits that the remaining perlasm checks (namely AESNI, AVX, FXSR, INTEL, HT, MMX, PCLMUL, SSE, SSE2 and SSSE3). ok joshua@ tb@
* Inline last use of OPENSSL_load_builtin_modules()tb2024-10-184-77/+6
| | | | | | | This used to be a trivial wrapper of the ASN1_add_oid_module() horror. It's no longer exported, so it can go away. It moves from the terribly named file conf_mall.c to the equally terribly named file conf_sap.c. I have no idea what mall and sap are supposed to mean in this context.
* Move EC_GROUP_new_curve_GFp() into ec_lib.ctb2024-10-183-99/+23
| | | | Another single-function file goes away.
* Merge EC_GROUP_new_curve_GFp() with ec_group_new_curve()tb2024-10-181-12/+5
| | | | | | The latter was used for EC_GROUP_new_curve_GF2m() and is now pointless. ok jsing
* ec_asn1_test: add secp256k1.mtb2024-10-181-10/+81
|
* ec_asn1_test: remove last hardcoded wei25519 remnanttb2024-10-181-4/+3
|
* ec_asn1_test: test Wei25519.2 and Wei25519.-3 as welltb2024-10-181-37/+163
| | | | Covers a few more corner cases in the elliptic curve code.
* ec_asn1_test: clean up & refactor; test Wei25519 with simple methodtb2024-10-181-109/+189
|
* Split ec_asn1_parameters2group() into digestible piecestb2024-10-171-96/+144
| | | | | | | | | | | | | | | | | This becomes a simple wrapper function that currently does three checks: 1. ensure the fieldID is for a prime field 2. check that the purported prime is of reasonable size, extract and set curve coefficients and point conversion form 3. extract and set generator, order, cofactor and seed. Sanity checks such as the Hasse bound are dealt with in the EC_GROUP API, so need not be repeated here. They will become redundant once we enforce that the parameters represent a builtin curve anyway. ok jsing
* Provide crypto_cpu_caps_init() as a CPU capability detection entry point.jsing2024-10-173-5/+18
| | | | | | | This can be overridden on a per-architecture basis. The default version calls OPENSSL_cpuid_setup(), which will be eventually replaced/removed. ok joshua@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-03 20:27:10 +0000