openbsd/src/lib/libcrypto/hkdf, branch OPENBSD_7_8_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8_BASE 2025-05-10T05:54:39+00:00 Use err_local.h rather than err.h in most places 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing Rewrite HKDF_expand(). 2024-03-25T13:09:13+00:00 jsing 2024-03-25T13:09:13+00:00 urn:sha1:284a92902e7e2cadbab54fcc5e2de56838bfb3c6 Simplify overflow checking and length tracking, use a CBB to handle output and use HMAC_CTX_new() rather than having a HMAC_CTX on the stack. ok tb@ Use EVP_MD in HKDF() and HKDF_extract() prototypes 2023-08-11T04:52:08+00:00 tb 2023-08-11T04:52:08+00:00 urn:sha1:26e17c246c08a4ed6ef78ed3841fb88f6678a823 Switch these prototypes to be like all other code and use the EVP_MD type rather than the internal name of the struct. This also makes the function definitions match the prototypes. ok jsing Hide symbols in hkdf, evp, err, ecdsa, and ec 2023-07-07T13:54:46+00:00 beck 2023-07-07T13:54:46+00:00 urn:sha1:f9fcde20a6214da85e802190ccd3a2bf5f891559 (part 2 of commit) ok jsing@ Avoid a potentially overflowing check 2023-06-01T02:34:23+00:00 tb 2023-06-01T02:34:23+00:00 urn:sha1:15d3c912ab27ed23d29447224f0220efc5eb1044 This doesn't actually overflow, but still is poor style. Speaking of which: this is now the second time I get to fix something reported by Nicky Mouha by way of a blog post. The first time was the actual SHA-3 buffer overflow in Python where it is not entirely clear who screwed up and how. Hopefully next time proper communication will happen and work. ok jsing Make internal header file names consistent 2022-11-26T16:08:57+00:00 tb 2022-11-26T16:08:57+00:00 urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook Include evp_locl.h where it will be needed once most structs from 2021-12-12T21:30:14+00:00 tb 2021-12-12T21:30:14+00:00 urn:sha1:b632ec4f99386efc52214c580c9f233748302224 evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi Add a mostly empty hmac_local.h. HMAC_CTX and a few other things 2021-12-12T21:27:38+00:00 tb 2021-12-12T21:27:38+00:00 urn:sha1:e6d34a52bf003f2e199023dc166779f5d25bfcff from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi Remove unused #include <assert.h>. 2021-08-27T16:12:33+00:00 tb 2021-08-27T16:12:33+00:00 urn:sha1:65fc83378c48db3795a7b52ba805b78c6ee3ed6a This is from upstream where there is an assert() that EVP_MD_size(digest) matches the length returned by HMAC(). We avoid asserts in our libraries. From Martin Vahlensieck A touch of style(9) 2019-11-21T20:02:20+00:00 tim 2019-11-21T20:02:20+00:00 urn:sha1:2f2e1cc632ae0ff73e57a6736cc33593c6a0adfc OK tb@ tedu@