A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.9.1 2024-03-02T09:33:14+00:00 2024-03-02T09:33:14+00:00 tb 2024-03-02T09:33:14+00:00 urn:sha1:dd733fbf4aedf12a61eb3281cf9aba872ad4bf86 This was deprecated in 0.9.8 and used until recently by rust-openssl and by keynote (keynote has the excuse that it was written before the deprecation). Fortunately Paul Kehrer fixed this in rust-openssl, so we can garbage collect this turd. (It was replaced with the less ergonomic DSA_generate_parameters_ex() to expose a new fancy way of displaying dots, stars and pluses on key generation). ok jsing 2024-01-04T17:01:26+00:00 tb 2024-01-04T17:01:26+00:00 urn:sha1:9f1cd2582409ac5778c5a0e28dfb77f18d122c98 Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing 2024-01-04T16:41:56+00:00 tb 2024-01-04T16:41:56+00:00 urn:sha1:b1aedf2a14d9cd341b6b3b19a90343383ec0209f For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing 2023-12-28T22:11:26+00:00 tb 2023-12-28T22:11:26+00:00 urn:sha1:6dc9e5f983be9febbb25de952e1e5dbcd9ceee4f Another copy-paste-then-tweak-and-diverge version of the same old thing. Fix it the same way as pkey_rsa_paramgen() and pkey_dh_paramgen(). The callbacks are initialized at the top and the weird error checking is turned into something much simpler. ok jsing 2023-12-28T22:07:23+00:00 tb 2023-12-28T22:07:23+00:00 urn:sha1:1a97887b534c60ad7359cc3059cc7de91eab190d Very similar to pkey_dh_keygen(): single exit and hold on to an extra reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA to the pkey. "Fixes" another leak that Coverity missed. ok jsing 2023-11-29T21:35:57+00:00 tb 2023-11-29T21:35:57+00:00 urn:sha1:69bbc5fea4f411f0c0033ecb0fc5126c895ea82a This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing 2023-11-19T15:46:10+00:00 tb 2023-11-19T15:46:10+00:00 urn:sha1:593d97e74cc873d99aced677883cf55625efe62d This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing 2023-08-12T07:59:48+00:00 tb 2023-08-12T07:59:48+00:00 urn:sha1:156606251785f22da3265415907d576d76db2ff6 2023-08-12T07:50:47+00:00 tb 2023-08-12T07:50:47+00:00 urn:sha1:75d00cb38a793e674ec61e79cfad30c174e5a93c While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing 2023-08-12T07:46:14+00:00 tb 2023-08-12T07:46:14+00:00 urn:sha1:3ce61e18114b54d6a68b3d52d58caecbb472fe23 ok jsing