From: Hans-Jörg Höxer Subject: Re: [EXT] Re: ssh: affine_coordinates_GFp() -> affine_coordinates() To: Date: Fri, 9 May 2025 12:05:45 +0200 Hi, On Fri, May 09, 2025 at 10:42:32AM +0200, Theo Buehler wrote: > ... > > > I want to remove the _GFp() API from libcrypto and some ssh-related code > > > is in the way of that. I will of course upstream the change to libfido2. > > > Does portable openssh still need to care about pre-3.4 libressl? I can't answer this. Nonetheless, the diff looks ok to me. > > > > I know it's a boring diff :) > > Please? > > Index: lib/libfido2/src/es256.c > =================================================================== > RCS file: /cvs/src/lib/libfido2/src/es256.c,v > diff -u -p -r1.5 es256.c > --- lib/libfido2/src/es256.c 29 Aug 2022 03:04:29 -0000 1.5 > +++ lib/libfido2/src/es256.c 25 Apr 2025 06:56:07 -0000 > @@ -298,7 +298,7 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k > } > > if ((q = EC_POINT_new(g)) == NULL || > - EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 || > + EC_POINT_set_affine_coordinates(g, q, x, y, bnctx) == 0 || > EC_KEY_set_public_key(ec, q) == 0) { > fido_log_debug("%s: EC_KEY_set_public_key", __func__); > goto fail; > @@ -363,10 +363,10 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, con > goto fail; > } > > - if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 || > + if (EC_POINT_get_affine_coordinates(g, q, x, y, bnctx) == 0 || > (nx = BN_num_bytes(x)) < 0 || (size_t)nx > sizeof(pk->x) || > (ny = BN_num_bytes(y)) < 0 || (size_t)ny > sizeof(pk->y)) { > - fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp", > + fido_log_debug("%s: EC_POINT_get_affine_coordinates", > __func__); > goto fail; > } > Index: usr.bin/ssh/sk-usbhid.c > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/sk-usbhid.c,v > diff -u -p -r1.47 sk-usbhid.c > --- usr.bin/ssh/sk-usbhid.c 3 Dec 2024 08:31:49 -0000 1.47 > +++ usr.bin/ssh/sk-usbhid.c 25 Apr 2025 06:51:10 -0000 > @@ -508,8 +508,8 @@ pack_public_key_ecdsa(const fido_cred_t > skdebug(__func__, "BN_bin2bn failed"); > goto out; > } > - if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) { > - skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed"); > + if (EC_POINT_set_affine_coordinates(g, q, x, y, NULL) != 1) { > + skdebug(__func__, "EC_POINT_set_affine_coordinates failed"); > goto out; > } > response->public_key_len = EC_POINT_point2oct(g, q, > Index: usr.bin/ssh/sshkey.c > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/sshkey.c,v > diff -u -p -r1.149 sshkey.c > --- usr.bin/ssh/sshkey.c 6 May 2025 05:40:56 -0000 1.149 > +++ usr.bin/ssh/sshkey.c 6 May 2025 15:26:16 -0000 > @@ -2667,8 +2667,7 @@ sshkey_ec_validate_public(const EC_GROUP > > /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ > if (EC_GROUP_get_order(group, order, NULL) != 1 || > - EC_POINT_get_affine_coordinates_GFp(group, public, > - x, y, NULL) != 1) { > + EC_POINT_get_affine_coordinates(group, public, x, y, NULL) != 1) { > ret = SSH_ERR_LIBCRYPTO_ERROR; > goto out; > } > @@ -2752,9 +2751,8 @@ sshkey_dump_ec_point(const EC_GROUP *gro > fprintf(stderr, "%s: BN_new failed\n", __func__); > goto out; > } > - if (EC_POINT_get_affine_coordinates_GFp(group, point, > - x, y, NULL) != 1) { > - fprintf(stderr, "%s: EC_POINT_get_affine_coordinates_GFp\n", > + if (EC_POINT_get_affine_coordinates(group, point, x, y, NULL) != 1) { > + fprintf(stderr, "%s: EC_POINT_get_affine_coordinates\n", > __func__); > goto out; > } > Index: regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c > =================================================================== > RCS file: /cvs/src/regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c,v > diff -u -p -r1.2 ssh-verify-attestation.c > --- regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c 6 Dec 2024 10:37:42 -0000 1.2 > +++ regress/usr.bin/ssh/misc/ssh-verify-attestation/ssh-verify-attestation.c 9 May 2025 08:41:05 -0000 > @@ -162,8 +162,8 @@ get_pubkey_from_cred_ecdsa(const fido_cr > error_f("BN_bin2bn failed"); > goto out; > } > - if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) { > - error_f("EC_POINT_set_affine_coordinates_GFp failed"); > + if (EC_POINT_set_affine_coordinates(g, q, x, y, NULL) != 1) { > + error_f("EC_POINT_set_affine_coordinates failed"); > goto out; > } > *pubkey_len = EC_POINT_point2oct(g, q, > Index: regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c > =================================================================== > RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c,v > diff -u -p -r1.3 test_sshbuf_getput_crypto.c > --- regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c 14 Dec 2021 21:25:27 -0000 1.3 > +++ regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_crypto.c 9 May 2025 08:41:39 -0000 > @@ -218,7 +218,7 @@ sshbuf_getput_crypto_tests(void) > ASSERT_PTR_NE(ecp, NULL); > MKBN(ec256_x, bn_x); > MKBN(ec256_y, bn_y); > - ASSERT_INT_EQ(EC_POINT_set_affine_coordinates_GFp( > + ASSERT_INT_EQ(EC_POINT_set_affine_coordinates( > EC_KEY_get0_group(eck), ecp, bn_x, bn_y, NULL), 1); > ASSERT_INT_EQ(EC_KEY_set_public_key(eck, ecp), 1); > BN_free(bn_x); > @@ -247,7 +247,7 @@ sshbuf_getput_crypto_tests(void) > bn_y = BN_new(); > ASSERT_PTR_NE(bn_x, NULL); > ASSERT_PTR_NE(bn_y, NULL); > - ASSERT_INT_EQ(EC_POINT_get_affine_coordinates_GFp( > + ASSERT_INT_EQ(EC_POINT_get_affine_coordinates( > EC_KEY_get0_group(eck), EC_KEY_get0_public_key(eck), > bn_x, bn_y, NULL), 1); > MKBN(ec256_x, bn); >