Replace .pkey_base_id with a .base_method pointer

Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information

Replace .pkey_base_id with a .base_method pointer

Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information can be stored in a base_method pointer in allusion
to the pkey_base_id, which is the name for the nid (aka pkey_id aka
type) of the underlying method.

For an ASN.1 method, the base method is itself, so the base method
is set as a pointer to itself. For an alias it is of course a pointer
to the underlying method. Then obviously ameth->pkey_base_id is the
same as ameth->base_method->pkey_id, so rework all ASN.1 methods to
follow that.

ok jsing

show more ...

Drop silly int_ prefix from _free() and _size()

Free {priv,pub}_key before assigning to it

While it isn't the case for the default implementations, custom DH and DSA
methods could conceivably populate private and public keys, which in turn
would

Free {priv,pub}_key before assigning to it

While it isn't the case for the default implementations, custom DH and DSA
methods could conceivably populate private and public keys, which in turn
would result in leaks in the pub/priv decode methods.

ok jsing

show more ...

Simplify and unify missing_parameters() for DH and DSA

ok jsing

Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code()

Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING
holding the parameters. This frees up key and params for their

Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code()

Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING
holding the parameters. This frees up key and params for their DER encoded
versions, matching the naming we use elsewhere much more closely.

ok jsing

show more ...

Use params{,_len} in {dh,dsa}_params_{en,de}code()

Align dh and dsa decoding functions with encoding

This adds some missing error checks and fixes and unifies error codes
which were (as usual) all over the place or just plain nonsense. Use
an auxili

Align dh and dsa decoding functions with encoding

This adds some missing error checks and fixes and unifies error codes
which were (as usual) all over the place or just plain nonsense. Use
an auxiliary variable for d2i invocations even though it is not really
needed here.

ok jsing

show more ...

Convert {dh,dsa}_{pub,priv}_encode() to single exit

Use the same variable names throughout these functions and unify them
some more.

ok jsing

Clean up {dh,dsa}_pub_encode()

This brings these two messy functions into more usual shape. There is a
lot more that can be done in here. It is a step in the right direction.

ok jsing

Various fixes in {dh,dsa}_priv_encode()

Avoid creating an ASN1_STRING with negative length, set type, data
and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead
of doing this manually

Various fixes in {dh,dsa}_priv_encode()

Avoid creating an ASN1_STRING with negative length, set type, data
and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead
of doing this manually. Check return value for i2d_ASN1_INTEGER()
and use an intermediate ASN1_OBJECT instead of nested function calls.
Finally, clear sensitive data with freezero().

ok jsing

show more ...

Hide symbols in dh

ok tb@

Mop up remaining uses of ASN1_bn_print()

This removes lots of silly buffers and will allow us to make this API
go away.

ok jsing

Fix whitespace in DHparam_print_fp()

Move DHparam_print_fp() next to DHparam_print()

As usual with the fp suffix, the former wraps the latter with a file BIO.
There is no reason for this function to be in a separate file.

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Prepare to provide EVP_PKEY_security_bits()

This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().

ok beck jsing

Add check for BIO_indent return value

CID 24812

ok jsing@ millert@ tb@

Prepare to provide EVP_PKEY_{public,param}_check

This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for

Prepare to provide EVP_PKEY_{public,param}_check

This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().

There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.

ok inoguchi jsing

show more ...

zap trailing whitespace

Add an essentially empty dh_local.h and include it in the files where
it will be needed in the upcoming bump.

discussed with jsing

Include evp_locl.h where it will be needed once most structs from
evp.h will be moved to evp_locl.h in an upcoming bump.

ok inoguchi

Avoid leak in error path of dh_priv_decode

ok jsing@ tb@

Add consts to EVP_PKEY_asn1_set_private()

Requires adding a const to the priv_decode() member of
EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode()
functions. All this is already documented this

Add consts to EVP_PKEY_asn1_set_private()

Requires adding a const to the priv_decode() member of
EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode()
functions. All this is already documented this way.

tested in a bulk build by sthen
ok jsing

show more ...

After removing support for broken PKCS#8 formats (it was high time),
we can add const to PKCS8_pkey_get0(). In order for this to work,
we need to sprinkle a few consts here and there.

tested in a b

After removing support for broken PKCS#8 formats (it was high time),
we can add const to PKCS8_pkey_get0(). In order for this to work,
we need to sprinkle a few consts here and there.

tested in a bulk by sthen
ok jsing

show more ...