Unify *_up_ref() implementations

No need for an inconsistently named local variable and a ternary operator.

ok jsing

Unifdef OPENSSL_NO_ENGINE in libcrypto

This is mechanical apart from a few manual edits to avoid doubled empty
lines.

ok jsing

Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of makin

Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of making it a little less leaky. Unfortunately this
side-channel leak mitigation leaked out of the library for no good reason.
Let's at least fix that aspect of it.

ok jsing

show more ...

Hide symbols in rsa

ok tb@

Remove a few extra spaces

Call BN_free() instead of BN_clear_free().

BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly
instead.

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Prepare to provide RSA_security_bits()

ok beck jsing

Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.h
where it will be needed in the upcoming bump.

discussed with jsing

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Free pss in RSA_free

ok bcook@
ok and "move it down two lines" jsing@

Clean up RSA_new_method().

Use calloc() instead of malloc() for initialisation and remove explicit
zero initialisation of members. This ensures that new members always get
initialised.

Also use a s

Clean up RSA_new_method().

Use calloc() instead of malloc() for initialisation and remove explicit
zero initialisation of members. This ensures that new members always get
initialised.

Also use a single error return path, simplifying code.

ok tb@

show more ...

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

make ENGINE_finish() succeed on NULL and simplify callers as in
OpenSSL commit 7c96dbcdab9 by Rich Salz.

This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifnde

make ENGINE_finish() succeed on NULL and simplify callers as in
OpenSSL commit 7c96dbcdab9 by Rich Salz.

This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.

ok jsing, tested by & ok inoguchi

show more ...

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Enable building with -DOPENSSL_NO_DEPRECATED.

If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.

This wa

Enable building with -DOPENSSL_NO_DEPRECATED.

If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.

This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.

Verified with clang that this only changes line numbers in the generated
asm.

ok miod@

show more ...

None of these need to include <openssl/rand.h>

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

show more ...

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifn

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

show more ...

BN_free, BN_clear_free, BN_CTX_free, BN_BLINDING_free and BN_MONT_CTX_free
all have implicit NULL checks, so we do not need them here.

ok miod@