| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Move the zeroing of the output buffer a few lines up and remove an
unnecessary check.
requested/ok jsing
|
|
Some cosmetic tweaks in ecdh_compute_key(). Rename buflen to buf_len
to match out_len, use calloc() and freezero().
ok jsing
|
|
In OpenSSL e2285d87, the KDF handling was moved from the compute_key()
method into the public API. A consequence of this change is that the
ECDH_compute_key() API no longer returns -1 for some errors. Existing
checks for <= 0 are safe as are those checking for the exact length as
return value, which is all what the ecosystem seems to be doing.
ok jsing
|
|
The remaining two ECDH interfaces are relocated into ec.h. ecdh.h
remains. It does nothing but include ec.h.
ok jsing
|
|
Unlike ECDSA_METHOD, this has been unused forever but kind of needed to
stay for symmetry with ECDSA_METHOD. Now we can finally take it behind
the barn and remove its tendrils into ENGINE.
ok jsing
|
|
Much like the ECDSA errors, the ECDH errors have been unused for a
while. Garbage collect them.
ok jsing
|
|
This API can fail for various reasons, in which case it returns -1, so
you need to check if (EC_POINT_is_on_curve_checks(...) <= 0).
ok miod
|
|
This snuck in with ech_key.c r1.33 because I committed from a dirty tree.
|
|
(part 2 of commit)
ok jsing@
|
|
ok jsing
|
|
Move some trivial ones to ECerror().
discussed with jsing
|
|
|
|
discussed with jsing
|
|
While memset() is quite expensive, we can afford zeroing a few extra bytes
to make this code more readable.
ok beck jsing
|
|
|
|
We need stdint.h for uintptr_t, stdlib.h for malloc, ec.h for various
things, but there's no need for objects. or sha.h.
|
|
|
|
|
|
|
|
|
|
|
|
ok jsing
|
|
|
|
ok jsing
|
|
As ugly as the BN_bn2binpad() internals are, what it does is quite handy
with all sorts of EC stuff. So use it here too and eliminate some ugly
manual pointer zeroing and offsets. Also switch len and buflen from size_t
to int to remove an iffy cast: both are set by functions that return a
non-negative int.
ok jsing
|
|
ok jsing
|
|
|
|
|
|
|
|
|
|
In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last
remaining thing in ech_local.h where it will soon belong.
|
|
This way the public ECDH API that will remain in libcrypto is in one file
and the public ECDH API that will go is in the other one.
|
|
No other file uses this anymore
|
|
Now that they no longer use static methods, they can move where they
belong. Also make the static method const, as it should have been all
along.
|
|
This is now unused code. Removing it will free us up to remove some
other ugliness in the ec directory.
ok jsing
|
|
Now that it is no longer possible to set a custom {ECDH,ECDSA}_METHOD,
EC_KEY_METHOD can just call the relevant method directly without the
need for this extra contortion.
ok jsing
|
|
They will be removed in the next major bump. No port uses them. They use
code that is in the way of upcoming surgery. Only libtls and smtpd used
to use the ECDSA version.
ok jsing
|
|
They will be removed in the next major bump. No port uses them. They use
code that is in the way of upcoming surgery. Only libtls used the ECDSA
version, but thankfully op cleaned that up.
ok jsing
|
|
|
|
|
|
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
|
Not all of them, only those that didn't leak into a public header...
Yes.
|
|
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
|
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
|
Pointed out by and ok jsing
|
|
ok inoguchi jsing
|
|
ok jsing
|
|
Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b
ok jsing
|
|
|
