openbsd/src/lib/libcrypto/dh, branch libressl-v4.2.1

openbsd/src/lib/libcrypto/dh, branch libressl-v4.2.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.2.1 2025-05-10T05:54:39+00:00 Use err_local.h rather than err.h in most places 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing Remove #error if OPENSSL_NO_FOO is defined 2025-01-25T17:59:44+00:00 tb 2025-01-25T17:59:44+00:00 urn:sha1:5d52abc236226c5a47c36b07e2256e77141e373a discussed with jsing dh_ameth: explcitly -> explicitly 2025-01-17T05:04:25+00:00 tb 2025-01-17T05:04:25+00:00 urn:sha1:cd1f21f8cbb9151769acbc7fd34da681a4d97a73 Remove X9.42 DH rudiments 2024-11-29T15:59:57+00:00 tb 2024-11-29T15:59:57+00:00 urn:sha1:30b4f7f318b03413f22e3849cf9eeba83c165643 In the unlikely event that we should ever decide to implement this after a quarter century of not needing it, we can readily put this back. Until then this is dead weight. prompted by a question by djm ok jsing Remove weird pad member that was never set to zero after malloc() so 2024-11-29T07:42:35+00:00 tb 2024-11-29T07:42:35+00:00 urn:sha1:916f80d01875d84154d09cf15bfc3c885c8c0b05 the weird thing it was supposed to be doing couldn't possibly work. ok jsing Garbage collect the DH_check*_ex() API 2024-08-30T17:44:56+00:00 tb 2024-08-30T17:44:56+00:00 urn:sha1:67d80505486d7a6c9512d45a4d7e0add8a2b13ec This was only needed by the EVP_PKEY_*check() API, which was defanged. So this silly garbage can now go: it translated flags to errors on the error stack so that openssl *check could print ugly errors while DoS-ing the user. ok beck Remove the pkey_{,public_,param_}check() handlers 2024-08-29T16:58:19+00:00 tb 2024-08-29T16:58:19+00:00 urn:sha1:c8099c070f0c547b73edced83591dbd871254307 This disables the EVP_PKEY_*check() API and makes it fail (more precisely indicate lack of support) on all key types. This is an intermediate step to full removal. Removal is ok beck jsing replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@ 2024-08-26T22:00:47+00:00 op 2024-08-26T22:00:47+00:00 urn:sha1:74733354b5147290f7bc39826a56793e0c4bdcda libcrypto: constify most error string tables 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing Add space after commas 2024-05-19T08:22:40+00:00 tb 2024-05-19T08:22:40+00:00 urn:sha1:53a52e123319b9797787cbe9f6b53f6e7e147699