openbsd/src/lib/libcrypto/dh, branch libressl-v3.5.3A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.5.32022-01-20T11:00:34+00:00Add check for BIO_indent return value2022-01-20T11:00:34+00:00inoguchi2022-01-20T11:00:34+00:00urn:sha1:aa385c25ced0d9d497e76952f1c22ff02913b0d8
CID 24812
ok jsing@ millert@ tb@
Make structs in dh.h opaque2022-01-14T08:25:44+00:00tb2022-01-14T08:25:44+00:00urn:sha1:b750ed61cefe91940dce870088adff3ad6857d34
This moves the struct internals for DH and DH_METHOD to dh_local.h.
ok inoguchi jsing
Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API2022-01-14T07:49:49+00:00tb2022-01-14T07:49:49+00:00urn:sha1:82ec18edf4e632f36b6f79c239fdb6961d421a82
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
Prepare to provide EVP_PKEY_{public,param}_check2022-01-10T12:10:26+00:00tb2022-01-10T12:10:26+00:00urn:sha1:875eb616f98cd0720501dc97ee72ed96343b0b33
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
Provide DH_check*_ex and many error codes2022-01-10T12:00:52+00:00tb2022-01-10T12:00:52+00:00urn:sha1:7f7aefb469a9916b1d914a9fabaed99bb909ef8d
DH_check{,_pub_key}_ex() wrap their non-ex versions to translate
the flags argument of the original functions into OpenSSL errors.
For this almost a dozen new error codes need to be added.
DH_params_check{,_ex}() is a new version of DH_check that only
performs a cheap subset of the checks.
They are needed to implement EVP_PKEY_{public,param}_check()
(observe the consistent naming) although the actual implementation
of EVP_PKEY_param_check() chose to use DH_check_ex().
As far as I can tell, the only raison d'ĂȘtre of the _ex functions
and error codes is to spew them to stderr in a couple of openssl(1)
commands. This couldn't have been solved differently...
These functions will not be exposed publicly.
ok inoguchi jsing
zap trailing whitespace2022-01-10T00:09:06+00:00tb2022-01-10T00:09:06+00:00urn:sha1:be9e6959fcd7a339f12f1570a179ccf30f61d5feAdd an essentially empty dh_local.h and include it in the files where2022-01-07T09:27:13+00:00tb2022-01-07T09:27:13+00:00urn:sha1:01c3a3efcb3377bc530d4bf225668754e137d085
it will be needed in the upcoming bump.
discussed with jsing
zap trailing whitespace2022-01-07T09:21:21+00:00tb2022-01-07T09:21:21+00:00urn:sha1:53b1ddcbe1030b90b0333d87f7533b35223ff685Prepare to provide DH_get_length()2022-01-05T20:36:29+00:00tb2022-01-05T20:36:29+00:00urn:sha1:f992cb63006da330693066680a3b9f75b7f89c89
Will be needed by openssl(1) dhparam.
ok inoguchi jsing
Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()2022-01-05T20:30:16+00:00tb2022-01-05T20:30:16+00:00urn:sha1:4b01248e7e4ed4563469c44b88e2650622a0c5a7
These are accessors that allow getting one specific DH member. They are
less error prone than the current getters DH_get0_{pqg,key}(). They
are used by many ports and will also be used in base for this reason.
Who can remember whether the pub_key or the priv_key goes first in
DH_get0_key()?
ok inoguchi jsing