| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
While memset() is quite expensive, we can afford zeroing a few extra bytes
to make this code more readable.
ok beck jsing
|
| |
|
|
|
|
|
| |
This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.
"ok = (rv == 2);" beck
|
| |
|
|
|
|
|
| |
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.
ok beck
|
| |
|
|
|
|
|
|
| |
With this change any requests from configurations to request
versions of tls before tls 1.2 will use tls 1.2. This prepares
us to deprecate tls 1.0 and tls 1.1 support from libssl.
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
We need stdint.h for uintptr_t, stdlib.h for malloc, ec.h for various
things, but there's no need for objects. or sha.h.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
As ugly as the BN_bn2binpad() internals are, what it does is quite handy
with all sorts of EC stuff. So use it here too and eliminate some ugly
manual pointer zeroing and offsets. Also switch len and buflen from size_t
to int to remove an iffy cast: both are set by functions that return a
non-negative int.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
The other public headers have function and reason codes at the end because
the error header was inlined. This was also the case here, too, until the
automatic library initialization was appended.
|
| |
|
|
|
|
|
| |
ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL.
Also simplify the handling of the point conversion form of the generator.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
malloc options"
Now only enabled for platforms where it's know to work and written
as a inline functions instead of a macro.
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
|
|
| |
These formerly public symbols are the last things hidden by
LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c
Unfortunately, check_defer() needs to know about NUM_NIDS, so
its implementation needs to remain in obj_dat.c, the only file
that can include obj_dat.h due to NID tables.
ok miod
|
| |
|
|
|
|
|
| |
After the GF2m removal, this function always returns 0, so adjust the
documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis()
that were left behind. Also add a tiny grammar tweak in the HISTORY
section.
|
| | |
|
| |
|
|
|
|
|
|
| |
The existence of the public get_rfc*() API is a historic curiosity that may
soon be corrected. We inherited its use and it survived in libssl until now.
Switch to the better named BN_get_rfc*() wrappers.
ok jsing
|
| |
|
|
|
|
|
| |
This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...
ok jsing
|
| |
|
|
|
|
|
| |
This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.
ok jsing
|
| |
|
|
|
|
|
|
| |
The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For some reason there is no NULL check on setting the HKDF key for p2 like
in the other cases in the switch, instead OpenSSL fail in memdup, nulling
out the key but leaving he key_len at the old value. This looks accidental
but our behavior makes some haproxy regress tests segfault. So mimic weird
OpenSSL semantics but in addition set the key_len to 0.
Reported by Ilya Shipitsin
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
These were accidentally left behind in a previous commit.
|
| |
|
|
|
| |
In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last
remaining thing in ech_local.h where it will soon belong.
|
| |
|
|
|
| |
This way the public ECDH API that will remain in libcrypto is in one file
and the public ECDH API that will go is in the other one.
|
| |
|
|
| |
No other file uses this anymore
|
| |
|
|
|
|
| |
Now that they no longer use static methods, they can move where they
belong. Also make the static method const, as it should have been all
along.
|
| |
|
|
|
|
|
|
|
|
|
| |
With the ecdh_check() and ecdsa_check() abominations gone, we can finally
get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The
EC_EX_DATA_*() handlers, (which fortunately have always had "'package'
level visibility") join the ride to the great bit bucket in the sky.
Thanks to op for making this possible.
ok jsing
|
| |
|
|
|
|
|
| |
This is now unused code. Removing it will free us up to remove some
other ugliness in the ec directory.
ok jsing
|
| |
|
|
|
|
|
|
| |
Now that it is no longer possible to set a custom {ECDH,ECDSA}_METHOD,
EC_KEY_METHOD can just call the relevant method directly without the
need for this extra contortion.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
They will be removed in the next major bump. No port uses them. They use
code that is in the way of upcoming surgery. Only libtls and smtpd used
to use the ECDSA version.
ok jsing
|
| |
|
|
|
|
|
|
| |
They will be removed in the next major bump. No port uses them. They use
code that is in the way of upcoming surgery. Only libtls used the ECDSA
version, but thankfully op cleaned that up.
ok jsing
|
| | |
|
