openbsd/src/lib/libcrypto/evp, branch libressl-v3.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.4.1 2021-05-10T17:00:32+00:00 Expose EVP_Digest{Sign,Verify}(3) 2021-05-10T17:00:32+00:00 tb 2021-05-10T17:00:32+00:00 urn:sha1:0736b9c781c627f1c51859d70c0dd39522c9a5a7 ok jsing Prepare to provide EVP_Digest{Sign,Verify} 2021-05-09T14:25:40+00:00 tb 2021-05-09T14:25:40+00:00 urn:sha1:258556827001d9b174663d7dfbf8a8495b0c8868 These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}. and are part of the OpenSSL 1.1.1 API. While they simplify callers in some situations slightly, their real use is for EdDSA that by design can't be split into Update/Final steps. Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c ok inoguchi Provide EVP_PKEY_new_CMAC_key(3) 2021-03-31T16:47:01+00:00 tb 2021-03-31T16:47:01+00:00 urn:sha1:c7922f8b9a137af47dc02a37ceec9bfacef62554 ok bcook inoguchi jsing Prepare to provide EVP_PKEY_new_CMAC_key() 2021-03-29T15:57:23+00:00 tb 2021-03-29T15:57:23+00:00 urn:sha1:e5044a16b50be503267937298648ce4abb8bbcbc sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia Pull in fix for EVP_CipherUpdate() overflow from OpenSSL. 2021-02-18T19:12:29+00:00 tb 2021-02-18T19:12:29+00:00 urn:sha1:437b348a511b4b2e5f787c70cbc0d6b72e041b43 ok inoguchi commit 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Author: Matt Caswell <matt@openssl.org> Date: Tue Feb 2 17:17:23 2021 +0000 Don't overflow the output length in EVP_CipherUpdate calls CVE-2021-23840 Reviewed-by: Paul Dale <pauli@openssl.org> Add a custom copy handler for AES key wrap 2020-06-05T18:44:42+00:00 tb 2020-06-05T18:44:42+00:00 urn:sha1:f599916be5b15add90651fc8802c4f96fc257310 This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy to copy cipher_data to the target struct. The result is that the copy contains a pointer to the wrong struct, which then leads to a use-after-free. The custom copy handler fixes things up to avoid that. Issue reported by Guido Vranken ok beck inoguchi jsing Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5. 2020-06-05T17:30:41+00:00 jsing 2020-06-05T17:30:41+00:00 urn:sha1:35a22aaa59dd2c20dc984d2317024ae0ea5c4939 Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@ Disallow setting the AES-GCM IV length to 0 2020-04-30T18:43:11+00:00 tb 2020-04-30T18:43:11+00:00 urn:sha1:1813a9138ee882b675662d47ed9fe6974bd433f3 It is possible to do this by abusing the EVP_CTRL_INIT API. Pointed out by jsing. ok inoguchi jsing (as part of a larger diff) Disallow the use of zero length IVs in AES-GCM via 2020-04-27T19:31:02+00:00 tb 2020-04-27T19:31:02+00:00 urn:sha1:59b4077b60cc24004bc23295bd2ff465be743f11 EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key. Issue reported and fix tested by Guido Vranken. ok beck, jsing This commit adds a constant to a public header despite library lock, as discussed with deraadt and sthen. Check high bit for base64 decode 2020-03-04T11:53:21+00:00 inoguchi 2020-03-04T11:53:21+00:00 urn:sha1:b112788885dac0be8d46296a88f6713f8e4fccd0 Referred to this OpenSSL commit and adopted to the codebase. b785504a10310cb2872270eb409b70971be5e76e suggest and ok tb@