#
1.9 |
|
09-May-2024 |
tb |
Align RSA and EC key generation with each other
Being two different cryptographic primitives, it is clear that there must be some differences between RSA and EC keygen, but they don't have to be entirely different. We need to set the key type, RSA needs a bit size and ECDSA needs a curve. That's all the differences there need to be.
Garbage collect a few useless elses and avoid two exit labels paths where one would do just fine.
As another small bonus, this file no longer uses "deprecated API", so the portable fork can get rid of an ugly openssl 3 patch if they want to.
ok florian
|
Revision tags: OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.8 |
|
29-Aug-2023 |
op |
acme-client: drop ecdsa.h, fix spacing and a typo in error message
While here drop EC_KEY_set_asn1_flag(OPENSSL_EC_NAMED_CURVE). EC_KEY_new_by_curve_name() ends up calling EC_GROUP_new() which already sets the OPENSSL_EC_NAMED_CURVE flag on the group. (suggested by tb@)
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.7 |
|
18-Dec-2022 |
tb |
acme-client: inline a confusing and useless define
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.6 |
|
22-Feb-2022 |
tb |
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be freed at the end of keyproc() or acctproc(), which means that secrets aren't wiped. Move EC_KEY_free() to the out label, so that the refcount is decremented or the key freed, as appropriate.
tested/ok claudio
|
#
1.5 |
|
22-Feb-2022 |
tb |
whitespace/KNF
|
#
1.4 |
|
22-Feb-2022 |
tb |
acme-client: only warn on PEM_write_ECPrivateKey() failure instead of everytime ec_create_key() is called.
From wolf at wolfsden dot cz
ok florian
|
#
1.3 |
|
18-Nov-2021 |
tb |
acme-client: use EVP_PKEY_base_id()
In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type) with the equivalent EVP_PKEY_base_Id(pkey) in various places.
ok florian
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.2 |
|
17-Jun-2019 |
florian |
It's enough to allocate the EC key once. OK tb
|
#
1.1 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.8 |
|
29-Aug-2023 |
op |
acme-client: drop ecdsa.h, fix spacing and a typo in error message
While here drop EC_KEY_set_asn1_flag(OPENSSL_EC_NAMED_CURVE). EC_KEY_new_by_curve_name() ends up calling EC_GROUP_new() which already sets the OPENSSL_EC_NAMED_CURVE flag on the group. (suggested by tb@)
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.7 |
|
18-Dec-2022 |
tb |
acme-client: inline a confusing and useless define
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.6 |
|
22-Feb-2022 |
tb |
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be freed at the end of keyproc() or acctproc(), which means that secrets aren't wiped. Move EC_KEY_free() to the out label, so that the refcount is decremented or the key freed, as appropriate.
tested/ok claudio
|
#
1.5 |
|
22-Feb-2022 |
tb |
whitespace/KNF
|
#
1.4 |
|
22-Feb-2022 |
tb |
acme-client: only warn on PEM_write_ECPrivateKey() failure instead of everytime ec_create_key() is called.
From wolf at wolfsden dot cz
ok florian
|
#
1.3 |
|
18-Nov-2021 |
tb |
acme-client: use EVP_PKEY_base_id()
In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type) with the equivalent EVP_PKEY_base_Id(pkey) in various places.
ok florian
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.2 |
|
17-Jun-2019 |
florian |
It's enough to allocate the EC key once. OK tb
|
#
1.1 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.7 |
|
18-Dec-2022 |
tb |
acme-client: inline a confusing and useless define
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.6 |
|
22-Feb-2022 |
tb |
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be freed at the end of keyproc() or acctproc(), which means that secrets aren't wiped. Move EC_KEY_free() to the out label, so that the refcount is decremented or the key freed, as appropriate.
tested/ok claudio
|
#
1.5 |
|
22-Feb-2022 |
tb |
whitespace/KNF
|
#
1.4 |
|
22-Feb-2022 |
tb |
acme-client: only warn on PEM_write_ECPrivateKey() failure instead of everytime ec_create_key() is called.
From wolf at wolfsden dot cz
ok florian
|
#
1.3 |
|
18-Nov-2021 |
tb |
acme-client: use EVP_PKEY_base_id()
In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type) with the equivalent EVP_PKEY_base_Id(pkey) in various places.
ok florian
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.2 |
|
17-Jun-2019 |
florian |
It's enough to allocate the EC key once. OK tb
|
#
1.1 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.6 |
|
22-Feb-2022 |
tb |
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be freed at the end of keyproc() or acctproc(), which means that secrets aren't wiped. Move EC_KEY_free() to the out label, so that the refcount is decremented or the key freed, as appropriate.
tested/ok claudio
|
#
1.5 |
|
22-Feb-2022 |
tb |
whitespace/KNF
|
#
1.4 |
|
22-Feb-2022 |
tb |
acme-client: only warn on PEM_write_ECPrivateKey() failure instead of everytime ec_create_key() is called.
From wolf at wolfsden dot cz
ok florian
|
#
1.3 |
|
18-Nov-2021 |
tb |
acme-client: use EVP_PKEY_base_id()
In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type) with the equivalent EVP_PKEY_base_Id(pkey) in various places.
ok florian
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.2 |
|
17-Jun-2019 |
florian |
It's enough to allocate the EC key once. OK tb
|
#
1.1 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.3 |
|
18-Nov-2021 |
tb |
acme-client: use EVP_PKEY_base_id()
In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type) with the equivalent EVP_PKEY_base_Id(pkey) in various places.
ok florian
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.2 |
|
17-Jun-2019 |
florian |
It's enough to allocate the EC key once. OK tb
|
#
1.1 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|