Align RSA and EC key generation with each other

Being two different cryptographic primitives, it is clear that there must
be some differences between RSA and EC keygen, but they don't have to be
entirely different. We need to set the key type, RSA needs a bit size and
ECDSA needs a curve. That's all the differences there need to be.

Garbage collect a few useless elses and avoid two exit labels paths where
one would do just fine.

As another small bonus, this file no longer uses "deprecated API", so the
portable fork can get rid of an ugly openssl 3 patch if they want to.

ok florian

acme-client: drop ecdsa.h, fix spacing and a typo in error message

While here drop EC_KEY_set_asn1_flag(OPENSSL_EC_NAMED_CURVE).
EC_KEY_new_by_curve_name() ends up calling EC_GROUP_new() which already
sets the OPENSSL_EC_NAMED_CURVE flag on the group. (suggested by tb@)

ok tb@

acme-client: inline a confusing and useless define

Plug leak in ec_key_create()

EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.

tested/ok claudio

whitespace/KNF

acme-client: only warn on PEM_write_ECPrivateKey() failure instead
of everytime ec_create_key() is called.

From wolf at wolfsden dot cz

ok florian

acme-client: use EVP_PKEY_base_id()

In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to
stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type)
with the equivalent EVP_PKEY_base_Id(pkey) in various places.

ok florian

It's enough to allocate the EC key once.
OK tb

use acme-client to sign certificated with ecdsa keys

diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@

acme-client: drop ecdsa.h, fix spacing and a typo in error message

While here drop EC_KEY_set_asn1_flag(OPENSSL_EC_NAMED_CURVE).
EC_KEY_new_by_curve_name() ends up calling EC_GROUP_new() which already
sets the OPENSSL_EC_NAMED_CURVE flag on the group. (suggested by tb@)

ok tb@

acme-client: inline a confusing and useless define

Plug leak in ec_key_create()

EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.

tested/ok claudio

whitespace/KNF

acme-client: only warn on PEM_write_ECPrivateKey() failure instead
of everytime ec_create_key() is called.

From wolf at wolfsden dot cz

ok florian

acme-client: use EVP_PKEY_base_id()

In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to
stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type)
with the equivalent EVP_PKEY_base_Id(pkey) in various places.

ok florian

It's enough to allocate the EC key once.
OK tb

use acme-client to sign certificated with ecdsa keys

diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@

acme-client: inline a confusing and useless define

Plug leak in ec_key_create()

EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.

tested/ok claudio

whitespace/KNF

acme-client: only warn on PEM_write_ECPrivateKey() failure instead
of everytime ec_create_key() is called.

From wolf at wolfsden dot cz

ok florian

acme-client: use EVP_PKEY_base_id()

In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to
stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type)
with the equivalent EVP_PKEY_base_Id(pkey) in various places.

ok florian

It's enough to allocate the EC key once.
OK tb

use acme-client to sign certificated with ecdsa keys

diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@

Plug leak in ec_key_create()

EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.

tested/ok claudio

whitespace/KNF

acme-client: only warn on PEM_write_ECPrivateKey() failure instead
of everytime ec_create_key() is called.

From wolf at wolfsden dot cz

ok florian

acme-client: use EVP_PKEY_base_id()

In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to
stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type)
with the equivalent EVP_PKEY_base_Id(pkey) in various places.

ok florian

It's enough to allocate the EC key once.
OK tb

use acme-client to sign certificated with ecdsa keys

diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@

acme-client: use EVP_PKEY_base_id()

In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to
stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type)
with the equivalent EVP_PKEY_base_Id(pkey) in various places.

ok florian

It's enough to allocate the EC key once.
OK tb

use acme-client to sign certificated with ecdsa keys

diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@