summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Two spellings of key length are enoughtb2024-01-021-6/+7
| | | | | | The API is called EVP_CIPHER_CTX_set_key_length() it has an argument called keylen and, the EVP_CIPHER_CTX's member is called key_len. One of the three is trivial to adjust, so do it.
* Rename the poor outlier EVP_CIPHER *e into *ciphertb2024-01-021-3/+3
|
* Better variable names in EVP_CIPHER_type()tb2024-01-021-7/+8
| | | | | The EVP_CIPHER *ctx (yes) is renamed to cipher, otmp becomes an aobj. Change two !ptr to ptr == NULL checks.
* Consistently use ctx for an EVP_CIPHER_CTXtb2024-01-021-36/+36
| | | | Not c (which is most of the time an EVP_CIPHER) or a (?!).
* Fix bounds check in EVP_PKEY_CTX_get_keygen_info()tb2024-01-011-2/+2
| | | | | | | | | Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily. ok miod
* kill gross whitespacetb2024-01-011-6/+6
|
* pkey_is_pss() and pkey_ctx_is_pss() to rsa_ameth.ctb2024-01-012-6/+6
| | | | | These aren't particularly helpful and should probably both be expanded. For now move them to the only place where they are actually used.
* Remove EVP_PKEY's save_type membertb2024-01-012-6/+2
| | | | | | | This was only used to avoid an ameth lookup in EVP_PKEY_set_type(), a micro-optimization that was removed in p_lib.c r1.48. ok jsing
* KNF nittb2023-12-311-2/+2
|
* Sort the NIDs by nametb2023-12-311-8/+8
| | | | requested by jsing
* Replace the sorted extensions lookup with a switchtb2023-12-311-58/+23
| | | | | | | | | If all you have is OBJ_bsearch_(), everything looks like a nail. This changes a binary search over a list of 12 elements with a lookup via a switch. switch suggested by claudio ok jsing
* Make x509_issuer_cache_free_oldest() statictb2023-12-301-2/+2
| | | | | This is an internal function and you can't hold the required mutex to call it anyway since that's internal, too.
* Some Australians don't like voids eithertb2023-12-301-3/+3
|
* One more missing void was hiding heretb2023-12-301-2/+2
|
* Some BoringSSL devs spent too much time with C++tb2023-12-302-4/+4
|
* Fix two more unchecked EVP_PKEY_assign() callstb2023-12-301-17/+25
| | | | | | | | | In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for the duration of ssl_set_pkey(). Use single exit and other minor style cleanups. ok joshua jsing
* fix previous: key -> parametertb2023-12-291-2/+2
|
* A .Xr to DSA_generate_parameters_ex() was lost accidentallytb2023-12-291-1/+2
|
* Move DSA_generate_parameters.3 to DSA_generate_parameters_ex.3tb2023-12-292-3/+3
|
* Adjust documentation for upcoming DSA_generate_parameters removaltb2023-12-295-70/+17
| | | | | | | This removes any mention of DSA_generate_parameters in the manuals apart from a comment that it is intentionally undocumented and adapts cross references to DSA_generate_parameters_ex. The file itself will be moved in a second step.
* ameth_lib: zap trailing empty linetb2023-12-291-2/+1
|
* eckey: adjust some variable names and unwrap function definitionstb2023-12-291-11/+8
| | | | ok jsing
* Clean up old_ec_priv_decode()tb2023-12-291-10/+17
| | | | | | As per usual. Stylistic adjustments and missing error check. ok jsing
* Clean up eckey_param_decode()tb2023-12-291-9/+16
| | | | | | | | This aligns eckey's parameter decoding routine with the one of other cipher abstractions: better variable names, single exit and add missing check for EVP_PKEY_assign_EC_KEY(). ok jsing
* Rework eckey_priv_decode()tb2023-12-291-49/+53
| | | | | | | | | Factor out the pubkey computation and bring it into more sensible form. This removes lots of pointless setting of errors (twice) and makes the code a bit easier on the eyes. Other than that perform some stylistic cleanup like single exit and add an error check for EVP_PKEY_assign(). ok jsing
* Move a call to X509_ALGOR_get0() down a linetb2023-12-291-2/+2
|
* Neuter the SSL_set_debug(3) APItb2023-12-294-21/+5
| | | | | | | | | | | The TLSv1.3 stack didn't support this in the first place, and in the legacy stack it only added some dubious BIO_flush(3) calls. The sleep call between SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has been a sleep call in the s_server since time immemorial, nota bene between calls to BIO_gets(3). Anyway. This can all go and what remains will go with the next major bump. ok jsing
* Move the EVP_PKEY_asn1_* API that will stay to evp/p_lib.ctb2023-12-295-212/+260
| | | | | | | | Most of these functions are only called from this file internally apart from the pem_str lookups from pem/. In the next major bump we can then remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h. While this is used to dispatch to various ASN.1 decoding routines, it doesn't fit into asn1/ at all.
* Zap some whitespacetb2023-12-291-2/+2
|
* Replace outdated comment on EVP_PKEY_asn1_find() with a todo itemtb2023-12-291-5/+5
|
* Move EVP_PKEY_asn1_add* to the end of the filetb2023-12-291-15/+20
| | | | Also add a reminder to remove most of the public API in this file.
* Move the EVP_MD block size accessor downtb2023-12-291-7/+11
| | | | | | This way all the EVP_MD accessors are in the order of the struct fields. Well, arguably the EVP_MD_meth* should come first, but they are scheduled to go meet the dodo.
* Move the EVP_MD_CTX flag accessors up a bittb2023-12-291-19/+19
| | | | This way the accessors are sorted the same way as the struct.
* Hoist EVP_MD_CTX accessors to after EVP_MD_CTX_ctrltb2023-12-291-63/+62
| | | | | | | This way the file has EVP_Digest*, then EVP_MD_CTX new/free/clean, then ctrl then the EVP_MD_CTX accessors, then the EVP_MD accessors and finally the EVP_MD_meth stuff and the order of things starts making a wee bit of sense.
* Move init/reset next to cleanuptb2023-12-291-13/+13
| | | | | | This way new/free aka create/destroy are next to each other. reset/cleanup are the same thing and init will join the club after some other fixing because two APIs that do the exact same thing aren't enough.
* Move the copy/copy_ex stuff down below the new/free/clear messtb2023-12-291-63/+64
|
* Merge the EVP_CIPHER_meth_* API into evp_cipher.ctb2023-12-293-188/+176
|
* Merge the remainder of evp_lib.c into evp_cipher.ctb2023-12-293-367/+299
|
* Move the middle part of evp_lib.c to evp_digest.ctb2023-12-292-205/+205
| | | | | These are ~200 lines of EVP_MD API that separated two parts of the file dedicated to EVP_CIPHER thingies.
* Use more consistent naming for some files in evptb2023-12-294-7/+7
| | | | | | | | | | | | | EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which will become the home of all things related to EVP_MD{,_CTX} handling. EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which will become the home of all things related to EVP_CIPHER{,_CTX} handling. EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which already is the home of EVP_ENCODE_CTX_{new,free}(). discussed with jsing
* Use a void pointer rather than char for method_datatb2023-12-292-9/+7
| | | | | This way we don't need to cast from BY_DIR * to char * and back in its only consumer, the lovely by_dir.
* Remove the unused init flag of X509_LOOKUPtb2023-12-291-2/+1
|
* Clean up pkey_ec_paramgen()tb2023-12-281-10/+17
| | | | | | | | | | This is basically the same as the dh and dsa version, except it's different because it's EC. Single exit, uniform error checking. "Plug" another leak. With this I earned another shining turd for my collection. ok jsing
* Rework pkey_das_paramgen()tb2023-12-281-16/+21
| | | | | | | | | Another copy-paste-then-tweak-and-diverge version of the same old thing. Fix it the same way as pkey_rsa_paramgen() and pkey_dh_paramgen(). The callbacks are initialized at the top and the weird error checking is turned into something much simpler. ok jsing
* Rework pkey_dh_paramgen()tb2023-12-281-16/+19
| | | | | | | | Similar to pkey_rsa_paramgen() this function does some strange dances with the pkey_gencb and initialization plus missing error checks. Fix all that and use the idiom established in previous commits. ok jsing
* Fix pkey_ec_keygen()tb2023-12-281-13/+20
| | | | | | | | | The EC code came later, and people got better at writing terrible code. In this case, they could remain quite close to what they copy-pasted from DH, so it was relatively straightforward (for once). There's only one slight extra twist and that's easily dealt with. ok jsing
* Rework pkey_dsa_keygen()tb2023-12-281-9/+18
| | | | | | | | Very similar to pkey_dh_keygen(): single exit and hold on to an extra reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA to the pkey. "Fixes" another leak that Coverity missed. ok jsing
* Rework pkey_dh_keygen()tb2023-12-281-9/+19
| | | | | | | | Single exit, fix error checking and hold on to the DH by keeping a reference. In other words, switch from EVP_PKEY_assign() to using EVP_PKEY_set1_DH() and free unconditionally in the error path. ok jsing
* Rework and fix pkey_hmac_keygen()tb2023-12-281-8/+15
| | | | | | | | | The usual: single exit, error check all functions even if they can't actually fail. This one was flagged again. ok jsing CID 471706 (false positive)
* Rework pkey_rsa_keygen()tb2023-12-281-17/+21
| | | | | | | | | As usual, make the function single exit. Initialize the pkey callback pointer and the BN_GENCB on the stack at the top rather than relying on the weird trans_cb() in evp_pkey_set_cb_translate() to do so. Greatly simplify the control flow and add missing error checks. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:02:44 +0000