#
9ed721ec |
| 04-Jan-2024 |
tb <tb@openbsd.org> |
Replace .pkey_base_id with a .base_method pointer
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information
Replace .pkey_base_id with a .base_method pointer
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method.
For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that.
ok jsing
show more ...
|
#
7244e844 |
| 12-Aug-2023 |
tb <tb@openbsd.org> |
Drop silly int_ prefix from _free() and _size()
|
#
52d22fd7 |
| 12-Aug-2023 |
tb <tb@openbsd.org> |
Free {priv,pub}_key before assigning to it
While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would
Free {priv,pub}_key before assigning to it
While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods.
ok jsing
show more ...
|
#
a13d6b7a |
| 12-Aug-2023 |
tb <tb@openbsd.org> |
Simplify and unify missing_parameters() for DH and DSA
ok jsing
|
#
5c3bbfbb |
| 11-Aug-2023 |
tb <tb@openbsd.org> |
Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code()
Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING holding the parameters. This frees up key and params for their
Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code()
Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING holding the parameters. This frees up key and params for their DER encoded versions, matching the naming we use elsewhere much more closely.
ok jsing
show more ...
|
#
e6a172b0 |
| 11-Aug-2023 |
tb <tb@openbsd.org> |
Use params{,_len} in {dh,dsa}_params_{en,de}code()
|
#
b42bcaec |
| 11-Aug-2023 |
tb <tb@openbsd.org> |
Align dh and dsa decoding functions with encoding
This adds some missing error checks and fixes and unifies error codes which were (as usual) all over the place or just plain nonsense. Use an auxili
Align dh and dsa decoding functions with encoding
This adds some missing error checks and fixes and unifies error codes which were (as usual) all over the place or just plain nonsense. Use an auxiliary variable for d2i invocations even though it is not really needed here.
ok jsing
show more ...
|
#
fed21370 |
| 10-Aug-2023 |
tb <tb@openbsd.org> |
Convert {dh,dsa}_{pub,priv}_encode() to single exit
Use the same variable names throughout these functions and unify them some more.
ok jsing
|
#
0e358455 |
| 10-Aug-2023 |
tb <tb@openbsd.org> |
Clean up {dh,dsa}_pub_encode()
This brings these two messy functions into more usual shape. There is a lot more that can be done in here. It is a step in the right direction.
ok jsing
|
#
d4662417 |
| 10-Aug-2023 |
tb <tb@openbsd.org> |
Various fixes in {dh,dsa}_priv_encode()
Avoid creating an ASN1_STRING with negative length, set type, data and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead of doing this manually
Various fixes in {dh,dsa}_priv_encode()
Avoid creating an ASN1_STRING with negative length, set type, data and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead of doing this manually. Check return value for i2d_ASN1_INTEGER() and use an intermediate ASN1_OBJECT instead of nested function calls. Finally, clear sensitive data with freezero().
ok jsing
show more ...
|
#
d6d0b2f3 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in dh
ok tb@
|
#
549c133b |
| 07-Jul-2023 |
tb <tb@openbsd.org> |
Mop up remaining uses of ASN1_bn_print()
This removes lots of silly buffers and will allow us to make this API go away.
ok jsing
|
#
28db4cbb |
| 17-Apr-2023 |
tb <tb@openbsd.org> |
Fix whitespace in DHparam_print_fp()
|
#
cf220632 |
| 17-Apr-2023 |
tb <tb@openbsd.org> |
Move DHparam_print_fp() next to DHparam_print()
As usual with the fp suffix, the former wraps the latter with a file BIO. There is no reason for this function to be in a separate file.
|
#
71743258 |
| 26-Dec-2022 |
jmc <jmc@openbsd.org> |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
#
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
show more ...
|
#
5cdf0398 |
| 27-Jun-2022 |
tb <tb@openbsd.org> |
Prepare to provide EVP_PKEY_security_bits()
This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
#
7cd40e1c |
| 20-Jan-2022 |
inoguchi <inoguchi@openbsd.org> |
Add check for BIO_indent return value
CID 24812
ok jsing@ millert@ tb@
|
#
262d8ecc |
| 10-Jan-2022 |
tb <tb@openbsd.org> |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
show more ...
|
#
657fbe7d |
| 10-Jan-2022 |
tb <tb@openbsd.org> |
zap trailing whitespace
|
#
a69386be |
| 07-Jan-2022 |
tb <tb@openbsd.org> |
Add an essentially empty dh_local.h and include it in the files where it will be needed in the upcoming bump.
discussed with jsing
|
#
bc366ef8 |
| 12-Dec-2021 |
tb <tb@openbsd.org> |
Include evp_locl.h where it will be needed once most structs from evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
#
cb943ddc |
| 04-Jan-2020 |
inoguchi <inoguchi@openbsd.org> |
Avoid leak in error path of dh_priv_decode
ok jsing@ tb@
|
#
8d6bc8b3 |
| 24-Aug-2018 |
tb <tb@openbsd.org> |
Add consts to EVP_PKEY_asn1_set_private()
Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this
Add consts to EVP_PKEY_asn1_set_private()
Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way.
tested in a bulk build by sthen ok jsing
show more ...
|
#
eb5c5266 |
| 24-Aug-2018 |
tb <tb@openbsd.org> |
After removing support for broken PKCS#8 formats (it was high time), we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there.
tested in a b
After removing support for broken PKCS#8 formats (it was high time), we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there.
tested in a bulk by sthen ok jsing
show more ...
|