openbsd/src/lib/libcrypto/evp, branch OPENBSD_7_2A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=OPENBSD_7_22022-09-15T07:04:19+00:00Use LONG_MAX as the limit for ciphers with long based APIs.2022-09-15T07:04:19+00:00jsing2022-09-15T07:04:19+00:00urn:sha1:69a6645367fe0e98f414f8ce038c6a4c2e3fb102
These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.
ok tb@
Stop pretending that EVP_CIPHER cleanup can fail.2022-09-13T04:59:18+00:00jsing2022-09-13T04:59:18+00:00urn:sha1:2ec5e8a2e012afe68c1a580604d754b7e8cc73ee
Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.
ok tb@
Expose EVP_chacha20_poly1305()2022-09-11T17:29:24+00:00tb2022-09-11T17:29:24+00:00urn:sha1:994f306172b8bb6dce5e7d2ba813e435994c7bab
ok jsing
Expose various EVP AEAD constants for EVP ChaCha and QUIC2022-09-11T17:28:33+00:00tb2022-09-11T17:28:33+00:00urn:sha1:66a87f09c5b56ec4b967f10cac7a0eb7aa5e5d59
ok jsing
Increment the input and output position for EVP AES CFB1.2022-09-10T17:45:10+00:00jsing2022-09-10T17:45:10+00:00urn:sha1:8b1f87ff17c15812707feb063a073472bba18199
The length is decremented, however the input is repeatedly read from and
output written to the same position. Correct this by actually incrementing
the input and output pointers.
Found via OpenSSL 604e591ed7,
ok tb@
Use correct length for EVP CFB mode ciphers.2022-09-10T17:39:47+00:00jsing2022-09-10T17:39:47+00:00urn:sha1:de6c106921914263e126f0a65ff53578716ce425
The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.
Should address the remaining issues reported by Coverity.
ok tb@
Replace aes_{ccm,xts}_cleanup usage with NULL.2022-09-06T06:38:26+00:00jsing2022-09-06T06:38:26+00:00urn:sha1:8915991783ef245f913d2d2d5b64d91f6a179d6d
Only change in generated assembly is due to line numbers.
Stop casting a size_t to a long and then passing it as a size_t.2022-09-06T06:17:11+00:00jsing2022-09-06T06:17:11+00:00urn:sha1:1a2b24a50a3e7801e8ad635598d6079f62b970cb
These cipher implementations take a size_t length argument, so stop
casting it to a long.
Found by Coverity.
ok tb@
Remove dead code.2022-09-04T15:56:51+00:00jsing2022-09-04T15:56:51+00:00urn:sha1:6e1462350b37c8a46335178d23fa0738f688825f
No change in generated assembly.
Add bounds checks for various EVP cipher implementations.2022-09-04T15:45:25+00:00jsing2022-09-04T15:45:25+00:00urn:sha1:8869e441d0c3b744fcf47865bc3a28770c66b2b5
The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.
Found by Coverity, hiding under a large pile of macros.
ok tb@