| #
15073478 |
| 29-Nov-2024 |
tb <tb@openbsd.org> |
Remove X9.42 DH rudiments
In the unlikely event that we should ever decide to implement this after
a quarter century of not needing it, we can readily put this back. Until
then this is dead weight.
Remove X9.42 DH rudiments
In the unlikely event that we should ever decide to implement this after
a quarter century of not needing it, we can readily put this back. Until
then this is dead weight.
prompted by a question by djm
ok jsing
show more ...
|
| #
e45bbcd5 |
| 27-Mar-2024 |
tb <tb@openbsd.org> |
Use dh for DH function arguments.
No need for a variety of r, d, ...
|
| #
d230cbd2 |
| 27-Mar-2024 |
tb <tb@openbsd.org> |
Unify *_up_ref() implementations
No need for an inconsistently named local variable and a ternary operator.
ok jsing
|
| #
592331b2 |
| 29-Nov-2023 |
tb <tb@openbsd.org> |
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions retur
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
show more ...
|
| #
87978dd9 |
| 19-Nov-2023 |
tb <tb@openbsd.org> |
Unifdef OPENSSL_NO_ENGINE in libcrypto
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
| #
ce5197b5 |
| 13-Aug-2023 |
tb <tb@openbsd.org> |
fix whitespace
|
| #
e498bf2d |
| 12-Aug-2023 |
tb <tb@openbsd.org> |
Convert {DH,DSA}_new_method() to using calloc()
Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently
uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a
garbage po
Convert {DH,DSA}_new_method() to using calloc()
Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently
uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a
garbage pointer, which is particularly bad because the only reason we
kept them in the first place is that they are used by some software...
A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled
version is that we may call ->meth->finish() before ->meth->init() was
called. We need a NULL check for ->meth to be on the safe side in case
we should need to bring ENGINE back.
with nits from djm
ok deraadt djm
show more ...
|
| #
d6d0b2f3 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in dh
ok tb@
|
| #
c11f7855 |
| 07-Mar-2023 |
jsing <jsing@openbsd.org> |
Call BN_free() instead of BN_clear_free().
BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.
ok tb@
|
| #
fee21fef |
| 27-Jun-2022 |
tb <tb@openbsd.org> |
Prepare to provide DH_security_bits()
ok beck jsing
|
| #
a69386be |
| 07-Jan-2022 |
tb <tb@openbsd.org> |
Add an essentially empty dh_local.h and include it in the files where
it will be needed in the upcoming bump.
discussed with jsing
|
| #
7c7e4506 |
| 05-Jan-2022 |
tb <tb@openbsd.org> |
Prepare to provide DH_get_length()
Will be needed by openssl(1) dhparam.
ok inoguchi jsing
|
| #
d742c600 |
| 05-Jan-2022 |
tb <tb@openbsd.org> |
Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()
These are accessors that allow getting one specific DH member. They are
less error prone than the current getters DH_get0_{pqg,key}(). They
are us
Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()
These are accessors that allow getting one specific DH member. They are
less error prone than the current getters DH_get0_{pqg,key}(). They
are used by many ports and will also be used in base for this reason.
Who can remember whether the pub_key or the priv_key goes first in
DH_get0_key()?
ok inoguchi jsing
show more ...
|
| #
1085073b |
| 23-Nov-2021 |
tb <tb@openbsd.org> |
In DH_set0_pqg() also set dh->length if q is set to match what OpenSSL do.
ok inoguchi jsing
|
| #
7e67e88e |
| 02-May-2018 |
tb <tb@openbsd.org> |
Remove incorrect NULL checks in DH_set0_key().
Reported by Ondřej Surý, LibreSSL-portable issue #92.
ok inoguchi, jsing
|
| #
341fd9e0 |
| 14-Apr-2018 |
tb <tb@openbsd.org> |
make ENGINE_finish() succeed on NULL and simplify callers as in
OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifnde
make ENGINE_finish() succeed on NULL and simplify callers as in
OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi
show more ...
|
| #
dfbc7a43 |
| 22-Feb-2018 |
jsing <jsing@openbsd.org> |
Provide DH_get0_engine().
|
| #
4beaa5f5 |
| 20-Feb-2018 |
tb <tb@openbsd.org> |
Fix bogus check. Spotted by brynet, thanks.
|
| #
57addcd0 |
| 20-Feb-2018 |
tb <tb@openbsd.org> |
Provide DH_set_length()
ok jsing
|
| #
a108d6e6 |
| 20-Feb-2018 |
tb <tb@openbsd.org> |
Provide DH_bits()
ok jsing
|
| #
5d59ae97 |
| 20-Feb-2018 |
tb <tb@openbsd.org> |
Provide DH_{clear,set,test}_flags().
ok jsing
|
| #
1cdc303d |
| 18-Feb-2018 |
tb <tb@openbsd.org> |
Provide {DH,DSA}_set0_key(). Requested by sthen.
ok jsing
|
| #
8216844a |
| 18-Feb-2018 |
tb <tb@openbsd.org> |
Provide DH_set0_pqg.
ok jsing
|
| #
f08abba0 |
| 17-Feb-2018 |
tb <tb@openbsd.org> |
Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().
ok jsing
|
| #
5067ae9f |
| 29-Jan-2017 |
beck <beck@openbsd.org> |
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|