openbsd/src/lib/libcrypto/hmac, branch libressl-v3.8.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.0 2023-04-25T15:48:48+00:00 Wire up truncated SHA-2, SHA-3 and related things 2023-04-25T15:48:48+00:00 tb 2023-04-25T15:48:48+00:00 urn:sha1:8c449d8a1445a23c96b8b2f389e256ea32662e36 from jsing libressl *_namespace.h: adjust *_ALIAS() to require a semicolon 2023-02-16T08:38:17+00:00 tb 2023-02-16T08:38:17+00:00 urn:sha1:24a27fd0d17d515b00097199de60fa85a76a95df LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing Make internal header file names consistent 2022-11-26T16:08:57+00:00 tb 2022-11-26T16:08:57+00:00 urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook Unindent and check some pointers explicitly against NULL 2022-11-19T04:36:52+00:00 tb 2022-11-19T04:36:52+00:00 urn:sha1:8831f9c4bf55f1c9f5ae60a9f4804c7c6c20e909 Remove HMAC PRIVATE KEY support 2022-11-19T04:32:49+00:00 tb 2022-11-19T04:32:49+00:00 urn:sha1:6b2aef44098a53fcc9f6533d8defd1257fff1055 This is an undocumented feature of openssl genpkey for testing purposes. Emilia removed support for this 'bogus private key format' from OpenSSL in 2017 in commit c26f655fdd18ac19016c1c0496105f5256a1e84d. ok jsing Check os for NULL before dereferencing it 2022-11-18T20:03:36+00:00 tb 2022-11-18T20:03:36+00:00 urn:sha1:8e2bde89a5d1bb3002c8a910a07e727c01f37646 Avoids a segfault when both priv == NULL and os == NULL. ok miod Include bytestring.h directly rather than pulling it in via asn1_locl.h 2022-11-18T15:10:51+00:00 tb 2022-11-18T15:10:51+00:00 urn:sha1:6c4a21938605b81ccd046aff2a7db341ac1b6578 Wire up HMAC to raw private key methods 2022-11-18T15:01:04+00:00 tb 2022-11-18T15:01:04+00:00 urn:sha1:4ac94b93f062b2c44f969dc6f9f4eda7a744a023 Obviously, the brilliant API design kitchen decided that an interface carrying public and private key in its name (so that every sane person thinks of asymmetric cryptography), is also perfectly suitable for MACs. Wire up HMAC since Ruby's OpenSSL gem uses these bindings if the build system detects that EVP_PKEY_new_raw_public_key() is available in evp.h. While there, also add the missing pub_cmp() ameth, which obviously treats two things as equal by returning 1. Reported by jeremy and anton, fixes regress/lib/libssl/openssl-ruby tests ok jsing Change the pkey.ptr from char * to void * 2022-11-18T14:45:10+00:00 tb 2022-11-18T14:45:10+00:00 urn:sha1:3ceb42d62047d438cd7b6b6a201682452faf30fc Now that EVP_PKEY is opaque, there is no reason to keep the ptr member of the pkey union as a weird char pointer, a void pointer will do. This avoids a few stupid casts and simplifies an upcoming diff. ok jsing Add support for symbol hiding disabled by default. 2022-11-11T11:25:18+00:00 beck 2022-11-11T11:25:18+00:00 urn:sha1:0ba6b15619d4e4feafccdbd0226ee99b70553a11 Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@