| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
This is an internal function and you can't hold the required mutex
to call it anyway since that's internal, too.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Validate that every alias resolves to a non-alias in one step and that
non-aliases have pkey_id == pkey_base_id, an info string and a pem_str.
They can be looked up by their pkey_id or pem_str.
Conversely, all these are false for aliases.
|
| |
|
|
|
|
|
|
|
| |
In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to
EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for
the duration of ssl_set_pkey(). Use single exit and other minor style
cleanups.
ok joshua jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This removes any mention of DSA_generate_parameters in the manuals apart
from a comment that it is intentionally undocumented and adapts cross
references to DSA_generate_parameters_ex. The file itself will be moved
in a second step.
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
As per usual. Stylistic adjustments and missing error check.
ok jsing
|
| |
|
|
|
|
|
|
| |
This aligns eckey's parameter decoding routine with the one of other
cipher abstractions: better variable names, single exit and add missing
check for EVP_PKEY_assign_EC_KEY().
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Factor out the pubkey computation and bring it into more sensible form.
This removes lots of pointless setting of errors (twice) and makes the
code a bit easier on the eyes. Other than that perform some stylistic
cleanup like single exit and add an error check for EVP_PKEY_assign().
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The TLSv1.3 stack didn't support this in the first place, and in the legacy
stack it only added some dubious BIO_flush(3) calls. The sleep call between
SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has
been a sleep call in the s_server since time immemorial, nota bene between
calls to BIO_gets(3). Anyway. This can all go and what remains will go with
the next major bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
This undocumented, incomplete public function has never done anything
useful. It will be removed from libssl. Removing it from openssl(1)
clears the way for this.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Most of these functions are only called from this file internally apart
from the pem_str lookups from pem/. In the next major bump we can then
remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h.
While this is used to dispatch to various ASN.1 decoding routines, it
doesn't fit into asn1/ at all.
|
| | |
|
| | |
|
| |
|
|
| |
Also add a reminder to remove most of the public API in this file.
|
| |
|
|
|
|
| |
This way all the EVP_MD accessors are in the order of the struct fields.
Well, arguably the EVP_MD_meth* should come first, but they are scheduled
to go meet the dodo.
|
| |
|
|
| |
This way the accessors are sorted the same way as the struct.
|
| |
|
|
|
|
|
| |
This way the file has EVP_Digest*, then EVP_MD_CTX new/free/clean,
then ctrl then the EVP_MD_CTX accessors, then the EVP_MD accessors
and finally the EVP_MD_meth stuff and the order of things starts
making a wee bit of sense.
|
| |
|
|
|
|
| |
This way new/free aka create/destroy are next to each other. reset/cleanup
are the same thing and init will join the club after some other fixing
because two APIs that do the exact same thing aren't enough.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
These are ~200 lines of EVP_MD API that separated two parts of the file
dedicated to EVP_CIPHER thingies.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which
will become the home of all things related to EVP_MD{,_CTX} handling.
EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which
will become the home of all things related to EVP_CIPHER{,_CTX} handling.
EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which
already is the home of EVP_ENCODE_CTX_{new,free}().
discussed with jsing
|
| |
|
|
|
| |
This way we don't need to cast from BY_DIR * to char * and back in
its only consumer, the lovely by_dir.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is basically the same as the dh and dsa version, except it's
different because it's EC. Single exit, uniform error checking.
"Plug" another leak.
With this I earned another shining turd for my collection.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Another copy-paste-then-tweak-and-diverge version of the same old thing.
Fix it the same way as pkey_rsa_paramgen() and pkey_dh_paramgen(). The
callbacks are initialized at the top and the weird error checking is
turned into something much simpler.
ok jsing
|
| |
|
|
|
|
|
|
| |
Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The EC code came later, and people got better at writing terrible code.
In this case, they could remain quite close to what they copy-pasted
from DH, so it was relatively straightforward (for once). There's only
one slight extra twist and that's easily dealt with.
ok jsing
|
| |
|
|
|
|
|
|
| |
Very similar to pkey_dh_keygen(): single exit and hold on to an extra
reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA
to the pkey. "Fixes" another leak that Coverity missed.
ok jsing
|
| |
|
|
|
|
|
|
| |
Single exit, fix error checking and hold on to the DH by keeping a
reference. In other words, switch from EVP_PKEY_assign() to using
EVP_PKEY_set1_DH() and free unconditionally in the error path.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.
ok jsing
CID 471706 (false positive)
|
| |
|
|
|
|
|
|
|
| |
As usual, make the function single exit. Initialize the pkey callback
pointer and the BN_GENCB on the stack at the top rather than relying
on the weird trans_cb() in evp_pkey_set_cb_translate() to do so.
Greatly simplify the control flow and add missing error checks.
ok jsing
|
| |
|
|
|
|
|
| |
Turn the function into single exit and error check EVP_PKEY_assign()
for style.
ok jsing
|
| |
|
|
|
|
|
| |
Again change this function into the single exit idiom, and error check
EVP_PKEY_assign().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A void pointer can be passed without any cast or assigning it to an
intermediate variable. That's one of hte puzzling things in old OpenSSL
code: there are plenty of unnecessary casts and assignments of void
pointers.
Make use of this fact and rework the function to be single exit, error
check consistently, including the EVP_PKEY_assign() call that can't
really fail and free the cmkey on exit.
Why coverity didn't flag this one is another mystery.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Calling EVP_KEY_assign_GOST(pkey, NULL) has the same effect as calling
EVP_PKEY_set_type(pkey, EVP_PKEY_GOSTR01). The only difference is that
the latter form allows for error checking while the former won't let
you do that. Add comments explaining what we're actually doing: freeing
and zeroing the pkey->pkey union.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Again this can't actually fail, but if it did, things would leak.
Call GOST_KEY_free() in the error path.
ok jsing
CID 471706 (false positive)
|
| |
|
|
|
|
|
|
|
|
| |
Make this function single exit, check and assign and finally error
check EVP_PKEY_assign(). This can't actually fail currently, but
if it did, things would leak. Free the key data with freezero.
ok jsing
CID 471704 (false positive)
|
| | |
|
| |
|
|
|
|
| |
Engines are no longer a thing.
Discussed with tb@
|
