A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.9.2 2024-03-02T09:30:21+00:00 2024-03-02T09:30:21+00:00 tb 2024-03-02T09:30:21+00:00 urn:sha1:abe96e60083ddd83f68f68979348706259296fab While it is a neat design detail of CMAC that you can resume it after having finalized it, nothing uses this functionality and it adds some gross things such as retaining intermediate secrets in the CMAC ctx. Once this is gone, we can simplify the CMAC code a bit. ok jsing 2024-01-30T17:43:39+00:00 tb 2024-01-30T17:43:39+00:00 urn:sha1:d69e90f471c3ff0a651a84a63f0eac291c56b6b4 2024-01-29T06:05:50+00:00 tb 2024-01-29T06:05:50+00:00 urn:sha1:952c265dd1ad7b37708e0e9d411cf78fb1149a7a 2024-01-28T20:57:15+00:00 tb 2024-01-28T20:57:15+00:00 urn:sha1:eb7ae427b18097f003416068ef5c6d6909d3c4ae 2024-01-28T14:55:40+00:00 joshua 2024-01-28T14:55:40+00:00 urn:sha1:021245d7e62a8465900bc72da18b21962d19e186 This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(), and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset(). This also replaces usage of malloc with calloc, and free with freezero. ok tb@ 2024-01-04T17:01:26+00:00 tb 2024-01-04T17:01:26+00:00 urn:sha1:9f1cd2582409ac5778c5a0e28dfb77f18d122c98 Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing 2023-12-28T21:56:12+00:00 tb 2023-12-28T21:56:12+00:00 urn:sha1:9c04f3e6f64642074c016ed4b3fdcbce9db722ed A void pointer can be passed without any cast or assigning it to an intermediate variable. That's one of hte puzzling things in old OpenSSL code: there are plenty of unnecessary casts and assignments of void pointers. Make use of this fact and rework the function to be single exit, error check consistently, including the EVP_PKEY_assign() call that can't really fail and free the cmkey on exit. Why coverity didn't flag this one is another mystery. ok jsing 2023-12-18T21:15:00+00:00 tb 2023-12-18T21:15:00+00:00 urn:sha1:81cb389e7f4e9608ec9b8c91bbc5f66b3b6dac99 This is purely mechanical apart from a single line wrap. 2023-12-15T13:45:05+00:00 tb 2023-12-15T13:45:05+00:00 urn:sha1:d97db60c4f81d255da31d14e7811f19d3505ff6b These are usually AEAD ciphers, for which CMAC makes little sense (if you need a MAC and all you have is an AEAD, you don't need CMAC, you can just use a zero length cipher text). Also, since the CMAC implementation only allows 64 and 128 bit block sizes, the AEADs would error out later anyway. The only family of ciphers this effectively excludes is AES key wrap, for which CMAC makes little sense. One notable side effect of doing this is that the EVP_Cipher() return value checks in the CMAC code magically become correct. EVP. What's not to love about it. ok jsing 2023-11-29T21:35:57+00:00 tb 2023-11-29T21:35:57+00:00 urn:sha1:69bbc5fea4f411f0c0033ecb0fc5126c895ea82a This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing