#
1.19 |
|
17-Apr-2024 |
tb |
Avoid NULL dereference in EVP_PKEY_paramgen()
If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth which would typically dereference it. This is identical to a recent change in keygen().
ok jsing
|
#
1.18 |
|
12-Apr-2024 |
tb |
Garbage collect various *_init() pmeths
It's unclear whether the functions these support were ever really used for anything else than kicking off an overenginerred state machine.
ok jsing
|
#
1.17 |
|
12-Apr-2024 |
tb |
Fix a potential NULL-deref in EVP_PKEY_keygen()
After a EVP_PKEY_new() failure, a NULL pointer would be passed to the keygen pmeth, which could result in tears.
ok beck jsing
|
#
1.16 |
|
09-Apr-2024 |
beck |
Hide public symbols in evp.h
largely mechanically done by the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.15 |
|
01-Jan-2024 |
tb |
Fix bounds check in EVP_PKEY_CTX_get_keygen_info()
Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily.
ok miod
|
#
1.14 |
|
29-Nov-2023 |
tb |
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.13 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.12 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.18 |
|
12-Apr-2024 |
tb |
Garbage collect various *_init() pmeths
It's unclear whether the functions these support were ever really used for anything else than kicking off an overenginerred state machine.
ok jsing
|
#
1.17 |
|
12-Apr-2024 |
tb |
Fix a potential NULL-deref in EVP_PKEY_keygen()
After a EVP_PKEY_new() failure, a NULL pointer would be passed to the keygen pmeth, which could result in tears.
ok beck jsing
|
#
1.16 |
|
09-Apr-2024 |
beck |
Hide public symbols in evp.h
largely mechanically done by the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.15 |
|
01-Jan-2024 |
tb |
Fix bounds check in EVP_PKEY_CTX_get_keygen_info()
Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily.
ok miod
|
#
1.14 |
|
29-Nov-2023 |
tb |
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.13 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.12 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.16 |
|
09-Apr-2024 |
beck |
Hide public symbols in evp.h
largely mechanically done by the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.15 |
|
01-Jan-2024 |
tb |
Fix bounds check in EVP_PKEY_CTX_get_keygen_info()
Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily.
ok miod
|
#
1.14 |
|
29-Nov-2023 |
tb |
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.13 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.12 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.15 |
|
01-Jan-2024 |
tb |
Fix bounds check in EVP_PKEY_CTX_get_keygen_info()
Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily.
ok miod
|
#
1.14 |
|
29-Nov-2023 |
tb |
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.13 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.12 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.14 |
|
29-Nov-2023 |
tb |
Ignore ENGINE at the API boundary
This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.13 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.12 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.13 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.12 |
|
07-Jul-2023 |
beck |
Hide symbols in hkdf, evp, err, ecdsa, and ec
(part 2 of commit)
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.11 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.10 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present.
ok inoguchi jsing
|
#
1.9 |
|
10-Jan-2022 |
tb |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method has const.
Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.8 |
|
04-Dec-2021 |
tb |
Add #include "bn_lcl.h" to the files that will soon need it.
ok inoguchi jsing
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.7 |
|
18-Nov-2021 |
tb |
Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.6 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.5 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.4 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.3 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.2 |
|
07-May-2014 |
jsing |
KNF.
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|