openbsd/src/lib/libcrypto/dh, branch libressl-v3.8.2

openbsd/src/lib/libcrypto/dh, branch libressl-v3.8.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.2 2023-08-13T12:09:14+00:00 fix whitespace 2023-08-13T12:09:14+00:00 tb 2023-08-13T12:09:14+00:00 urn:sha1:9ed4ae0e8bb57718bff8370d5629f36660774ee7 Drop silly int_ prefix from _free() and _size() 2023-08-12T07:59:48+00:00 tb 2023-08-12T07:59:48+00:00 urn:sha1:156606251785f22da3265415907d576d76db2ff6 Free {priv,pub}_key before assigning to it 2023-08-12T07:50:47+00:00 tb 2023-08-12T07:50:47+00:00 urn:sha1:75d00cb38a793e674ec61e79cfad30c174e5a93c While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing Simplify and unify missing_parameters() for DH and DSA 2023-08-12T07:43:48+00:00 tb 2023-08-12T07:43:48+00:00 urn:sha1:ca959b67a4d1cc2713bf6ef88288116f17fcc8cc ok jsing Convert {DH,DSA}_new_method() to using calloc() 2023-08-12T06:14:36+00:00 tb 2023-08-12T06:14:36+00:00 urn:sha1:43f9166987ef626b65b6af9f5e4b7a4179c0ecac Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a garbage pointer, which is particularly bad because the only reason we kept them in the first place is that they are used by some software... A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled version is that we may call ->meth->finish() before ->meth->init() was called. We need a NULL check for ->meth to be on the safe side in case we should need to bring ENGINE back. with nits from djm ok deraadt djm Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code() 2023-08-11T13:57:24+00:00 tb 2023-08-11T13:57:24+00:00 urn:sha1:1d23790aedecd16063a7b5e8eb1b0f7009f81d22 Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING holding the parameters. This frees up key and params for their DER encoded versions, matching the naming we use elsewhere much more closely. ok jsing Use params{,_len} in {dh,dsa}_params_{en,de}code() 2023-08-11T13:53:45+00:00 tb 2023-08-11T13:53:45+00:00 urn:sha1:e392da2d02a86f657177c5d0b765fb6ffacc45b1 Align dh and dsa decoding functions with encoding 2023-08-11T11:32:19+00:00 tb 2023-08-11T11:32:19+00:00 urn:sha1:30b9bf3476045dde6388822dd4c4f5ef7377d658 This adds some missing error checks and fixes and unifies error codes which were (as usual) all over the place or just plain nonsense. Use an auxiliary variable for d2i invocations even though it is not really needed here. ok jsing Convert {dh,dsa}_{pub,priv}_encode() to single exit 2023-08-10T16:57:15+00:00 tb 2023-08-10T16:57:15+00:00 urn:sha1:77774e4ae96f2f49858b5c28789db495a4c52e9a Use the same variable names throughout these functions and unify them some more. ok jsing Clean up {dh,dsa}_pub_encode() 2023-08-10T15:11:16+00:00 tb 2023-08-10T15:11:16+00:00 urn:sha1:613ea14100348433bc126c36a2fe25f5d35cd216 This brings these two messy functions into more usual shape. There is a lot more that can be done in here. It is a step in the right direction. ok jsing