openbsd/src/lib/libcrypto/dh, branch OPENBSD_7

openbsd/src/lib/libcrypto/dh, branch OPENBSD_7_2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_2 2022-07-13T18:38:20+00:00 Simplify computation of max_pub_key = dh->p - 1. 2022-07-13T18:38:20+00:00 tb 2022-07-13T18:38:20+00:00 urn:sha1:c5df41ab4c6221a6afbdce624a917ed470179c2e ok jsing Remove mkerr.pl remnants from LibreSSL 2022-07-12T14:42:50+00:00 kn 2022-07-12T14:42:50+00:00 urn:sha1:89e42d5857196a8071fbafb5565388d0e20ec32b This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb Expose new API in headers. 2022-07-07T13:01:28+00:00 tb 2022-07-07T13:01:28+00:00 urn:sha1:7986c6c16406e5ad9f53a49107428df9f9fd70c1 These are mostly security-level related, but there are also ASN1_TIME and ASN_INTEGER functions here, as well as some missing accessors. ok jsing Prepare to provide EVP_PKEY_security_bits() 2022-06-27T12:36:06+00:00 tb 2022-06-27T12:36:06+00:00 urn:sha1:3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing Prepare to provide DH_security_bits() 2022-06-27T12:31:38+00:00 tb 2022-06-27T12:31:38+00:00 urn:sha1:e9bc35a6d120c0aa1f30feafb92222df91771dbd ok beck jsing Add check for BIO_indent return value 2022-01-20T11:00:34+00:00 inoguchi 2022-01-20T11:00:34+00:00 urn:sha1:aa385c25ced0d9d497e76952f1c22ff02913b0d8 CID 24812 ok jsing@ millert@ tb@ Make structs in dh.h opaque 2022-01-14T08:25:44+00:00 tb 2022-01-14T08:25:44+00:00 urn:sha1:b750ed61cefe91940dce870088adff3ad6857d34 This moves the struct internals for DH and DH_METHOD to dh_local.h. ok inoguchi jsing Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API 2022-01-14T07:49:49+00:00 tb 2022-01-14T07:49:49+00:00 urn:sha1:82ec18edf4e632f36b6f79c239fdb6961d421a82 This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits). Prepare to provide EVP_PKEY_{public,param}_check 2022-01-10T12:10:26+00:00 tb 2022-01-10T12:10:26+00:00 urn:sha1:875eb616f98cd0720501dc97ee72ed96343b0b33 This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check(). There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present. ok inoguchi jsing Provide DH_check*_ex and many error codes 2022-01-10T12:00:52+00:00 tb 2022-01-10T12:00:52+00:00 urn:sha1:7f7aefb469a9916b1d914a9fabaed99bb909ef8d DH_check{,_pub_key}_ex() wrap their non-ex versions to translate the flags argument of the original functions into OpenSSL errors. For this almost a dozen new error codes need to be added. DH_params_check{,_ex}() is a new version of DH_check that only performs a cheap subset of the checks. They are needed to implement EVP_PKEY_{public,param}_check() (observe the consistent naming) although the actual implementation of EVP_PKEY_param_check() chose to use DH_check_ex(). As far as I can tell, the only raison d'être of the _ex functions and error codes is to spew them to stderr in a couple of openssl(1) commands. This couldn't have been solved differently... These functions will not be exposed publicly. ok inoguchi jsing