Download raw body.
[EXT] Re: ssh: affine_coordinates_GFp() -> affine_coordinates()
Hi,
On Fri, May 09, 2025 at 10:42:32AM +0200, Theo Buehler wrote:
> ...
> > > I want to remove the _GFp() API from libcrypto and some ssh-related code
> > > is in the way of that. I will of course upstream the change to libfido2.
> > > Does portable openssh still need to care about pre-3.4 libressl?
I can't answer this. Nonetheless, the diff looks ok to me.
> >
> > I know it's a boring diff :)
>
> Please?
>
> Index: lib/libfido2/src/es256.c
> ===================================================================
> RCS file: /cvs/src/lib/libfido2/src/es256.c,v
> diff -u -p -r1.5 es256.c
> --- lib/libfido2/src/es256.c 29 Aug 2022 03:04:29 -0000 1.5
> +++ lib/libfido2/src/es256.c 25 Apr 2025 06:56:07 -0000
> @@ -298,7 +298,7 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k
> }
>
> if ((q = EC_POINT_new(g)) == NULL ||
> - EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
> + EC_POINT_set_affine_coordinates(g, q, x, y, bnctx) == 0 ||
> EC_KEY_set_public_key(ec, q) == 0) {
> fido_log_debug("%s: EC_KEY_set_public_key", __func__);
> goto fail;
> @@ -363,10 +363,10 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, con
> goto fail;
> }
>
> - if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
> + if (EC_POINT_get_affine_coordinates(g, q, x, y, bnctx) == 0 ||
> (nx = BN_num_bytes(x)) < 0 || (size_t)nx > sizeof(pk->x) ||
> (ny = BN_num_bytes(y)) < 0 || (size_t)ny > sizeof(pk->y)) {
> - fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
> + fido_log_debug("%s: EC_POINT_get_affine_coordinates",
> __func__);
> goto fail;
> }
> Index: usr.bin/ssh/sk-usbhid.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/sk-usbhid.c,v
> diff -u -p -r1.47 sk-usbhid.c
> --- usr.bin/ssh/sk-usbhid.c 3 Dec 2024 08:31:49 -0000 1.47
> +++ usr.bin/ssh/sk-usbhid.c 25 Apr 2025 06:51:10 -0000
> @@ -508,8 +508,8 @@ pack_public_key_ecdsa(const fido_cred_t
> skdebug(__func__, "BN_bin2bn failed");
> goto out;
> }
> - if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
> - skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
> + if (EC_POINT_set_affine_coordinates(g, q, x, y, NULL) != 1) {
> + skdebug(__func__, "EC_POINT_set_affine_coordinates failed");
> goto out;
> }
> response->public_key_len = EC_POINT_point2oct(g, q,
> Index: usr.bin/ssh/sshkey.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/sshkey.c,v
> diff -u -p -r1.149 sshkey.c
> --- usr.bin/ssh/sshkey.c 6 May 2025 05:40:56 -0000 1.149
> +++ usr.bin/ssh/sshkey.c 6 May 2025 15:26:16 -0000
> @@ -2667,8 +2667,7 @@ sshkey_ec_validate_public(const EC_GROUP
>
> /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */
> if (EC_GROUP_get_order(group, order, NULL) != 1 ||
> - EC_POINT_get_affine_coordinates_GFp(group, public,
> - x, y, NULL) != 1) {
> + EC_POINT_get_affine_coordinates(group, public, x, y, NULL) != 1) {
> ret = SSH_ERR_LIBCRYPTO_ERROR;
> goto out;
> }
> @@ -2752,9 +2751,8 @@ sshkey_dump_ec_point(const EC_GROUP *gro
> fprintf(stderr, "%s: BN_new failed\n", __func__);
> goto out;
> }
> - if (EC_POINT_get_affine_coordinates_GFp(group, point,
> - x, y, NULL) != 1) {
> - fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n",
> + if (EC_POINT_get_affine_coordinates(group, point, x, y, NULL) != 1) {
> + fprintf(stderr, "%s: EC_POINT_get_affine_coordinates\n",
> __func__);
> goto out;
> }
> Index: regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c
> ===================================================================
> RCS file: /cvs/src/regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c,v
> diff -u -p -r1.2 ssh-verify-attestation.c
> --- regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c 6 Dec 2024 10:37:42 -0000 1.2
> +++ regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c 9 May 2025 08:41:05 -0000
> @@ -162,8 +162,8 @@ get_pubkey_from_cred_ecdsa(const fido_cr
> error_f("BN_bin2bn failed");
> goto out;
> }
> - if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
> - error_f("EC_POINT_set_affine_coordinates_GFp failed");
> + if (EC_POINT_set_affine_coordinates(g, q, x, y, NULL) != 1) {
> + error_f("EC_POINT_set_affine_coordinates failed");
> goto out;
> }
> *pubkey_len = EC_POINT_point2oct(g, q,
> Index: regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c
> ===================================================================
> RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c,v
> diff -u -p -r1.3 test_sshbuf_getput_crypto.c
> --- regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c 14 Dec 2021 21:25:27 -0000 1.3
> +++ regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c 9 May 2025 08:41:39 -0000
> @@ -218,7 +218,7 @@ sshbuf_getput_crypto_tests(void)
> ASSERT_PTR_NE(ecp, NULL);
> MKBN(ec256_x, bn_x);
> MKBN(ec256_y, bn_y);
> - ASSERT_INT_EQ(EC_POINT_set_affine_coordinates_GFp(
> + ASSERT_INT_EQ(EC_POINT_set_affine_coordinates(
> EC_KEY_get0_group(eck), ecp, bn_x, bn_y, NULL), 1);
> ASSERT_INT_EQ(EC_KEY_set_public_key(eck, ecp), 1);
> BN_free(bn_x);
> @@ -247,7 +247,7 @@ sshbuf_getput_crypto_tests(void)
> bn_y = BN_new();
> ASSERT_PTR_NE(bn_x, NULL);
> ASSERT_PTR_NE(bn_y, NULL);
> - ASSERT_INT_EQ(EC_POINT_get_affine_coordinates_GFp(
> + ASSERT_INT_EQ(EC_POINT_get_affine_coordinates(
> EC_KEY_get0_group(eck), EC_KEY_get0_public_key(eck),
> bn_x, bn_y, NULL), 1);
> MKBN(ec256_x, bn);
>
[EXT] Re: ssh: affine_coordinates_GFp() -> affine_coordinates()