| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
These aren't particularly helpful and should probably both be expanded.
For now move them to the only place where they are actually used.
|
|
This was only used to avoid an ameth lookup in EVP_PKEY_set_type(), a
micro-optimization that was removed in p_lib.c r1.48.
ok jsing
|
|
|
|
requested by jsing
|
|
If all you have is OBJ_bsearch_(), everything looks like a nail. This
changes a binary search over a list of 12 elements with a lookup via
a switch.
switch suggested by claudio
ok jsing
|
|
|
|
This is an internal function and you can't hold the required mutex
to call it anyway since that's internal, too.
|
|
|
|
|
|
|
|
Validate that every alias resolves to a non-alias in one step and that
non-aliases have pkey_id == pkey_base_id, an info string and a pem_str.
They can be looked up by their pkey_id or pem_str.
Conversely, all these are false for aliases.
|
|
In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to
EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for
the duration of ssl_set_pkey(). Use single exit and other minor style
cleanups.
ok joshua jsing
|
|
|
|
|
|
|
|
This removes any mention of DSA_generate_parameters in the manuals apart
from a comment that it is intentionally undocumented and adapts cross
references to DSA_generate_parameters_ex. The file itself will be moved
in a second step.
|
|
|
|
ok jsing
|
|
As per usual. Stylistic adjustments and missing error check.
ok jsing
|
|
This aligns eckey's parameter decoding routine with the one of other
cipher abstractions: better variable names, single exit and add missing
check for EVP_PKEY_assign_EC_KEY().
ok jsing
|
|
Factor out the pubkey computation and bring it into more sensible form.
This removes lots of pointless setting of errors (twice) and makes the
code a bit easier on the eyes. Other than that perform some stylistic
cleanup like single exit and add an error check for EVP_PKEY_assign().
ok jsing
|
|
|
|
The TLSv1.3 stack didn't support this in the first place, and in the legacy
stack it only added some dubious BIO_flush(3) calls. The sleep call between
SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has
been a sleep call in the s_server since time immemorial, nota bene between
calls to BIO_gets(3). Anyway. This can all go and what remains will go with
the next major bump.
ok jsing
|
|
This undocumented, incomplete public function has never done anything
useful. It will be removed from libssl. Removing it from openssl(1)
clears the way for this.
ok jsing
|
|
ok jsing
|
|
Most of these functions are only called from this file internally apart
from the pem_str lookups from pem/. In the next major bump we can then
remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h.
While this is used to dispatch to various ASN.1 decoding routines, it
doesn't fit into asn1/ at all.
|
|
|
|
|
|
Also add a reminder to remove most of the public API in this file.
|
|
This way all the EVP_MD accessors are in the order of the struct fields.
Well, arguably the EVP_MD_meth* should come first, but they are scheduled
to go meet the dodo.
|
|
This way the accessors are sorted the same way as the struct.
|
|
This way the file has EVP_Digest*, then EVP_MD_CTX new/free/clean,
then ctrl then the EVP_MD_CTX accessors, then the EVP_MD accessors
and finally the EVP_MD_meth stuff and the order of things starts
making a wee bit of sense.
|
|
This way new/free aka create/destroy are next to each other. reset/cleanup
are the same thing and init will join the club after some other fixing
because two APIs that do the exact same thing aren't enough.
|
|
|
|
|
|
|
|
These are ~200 lines of EVP_MD API that separated two parts of the file
dedicated to EVP_CIPHER thingies.
|
|
EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which
will become the home of all things related to EVP_MD{,_CTX} handling.
EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which
will become the home of all things related to EVP_CIPHER{,_CTX} handling.
EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which
already is the home of EVP_ENCODE_CTX_{new,free}().
discussed with jsing
|
|
This way we don't need to cast from BY_DIR * to char * and back in
its only consumer, the lovely by_dir.
|
|
|
|
This is basically the same as the dh and dsa version, except it's
different because it's EC. Single exit, uniform error checking.
"Plug" another leak.
With this I earned another shining turd for my collection.
ok jsing
|
|
Another copy-paste-then-tweak-and-diverge version of the same old thing.
Fix it the same way as pkey_rsa_paramgen() and pkey_dh_paramgen(). The
callbacks are initialized at the top and the weird error checking is
turned into something much simpler.
ok jsing
|
|
Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.
ok jsing
|
|
The EC code came later, and people got better at writing terrible code.
In this case, they could remain quite close to what they copy-pasted
from DH, so it was relatively straightforward (for once). There's only
one slight extra twist and that's easily dealt with.
ok jsing
|
|
Very similar to pkey_dh_keygen(): single exit and hold on to an extra
reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA
to the pkey. "Fixes" another leak that Coverity missed.
ok jsing
|
|
Single exit, fix error checking and hold on to the DH by keeping a
reference. In other words, switch from EVP_PKEY_assign() to using
EVP_PKEY_set1_DH() and free unconditionally in the error path.
ok jsing
|
|
The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.
ok jsing
CID 471706 (false positive)
|
|
As usual, make the function single exit. Initialize the pkey callback
pointer and the BN_GENCB on the stack at the top rather than relying
on the weird trans_cb() in evp_pkey_set_cb_translate() to do so.
Greatly simplify the control flow and add missing error checks.
ok jsing
|
|
Turn the function into single exit and error check EVP_PKEY_assign()
for style.
ok jsing
|
