| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
While it is a neat design detail of CMAC that you can resume it after
having finalized it, nothing uses this functionality and it adds some
gross things such as retaining intermediate secrets in the CMAC ctx.
Once this is gone, we can simplify the CMAC code a bit.
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(),
and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset().
This also replaces usage of malloc with calloc, and free with freezero.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information can be stored in a base_method pointer in allusion
to the pkey_base_id, which is the name for the nid (aka pkey_id aka
type) of the underlying method.
For an ASN.1 method, the base method is itself, so the base method
is set as a pointer to itself. For an alias it is of course a pointer
to the underlying method. Then obviously ameth->pkey_base_id is the
same as ameth->base_method->pkey_id, so rework all ASN.1 methods to
follow that.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A void pointer can be passed without any cast or assigning it to an
intermediate variable. That's one of hte puzzling things in old OpenSSL
code: there are plenty of unnecessary casts and assignments of void
pointers.
Make use of this fact and rework the function to be single exit, error
check consistently, including the EVP_PKEY_assign() call that can't
really fail and free the cmkey on exit.
Why coverity didn't flag this one is another mystery.
ok jsing
|
| |
|
|
| |
This is purely mechanical apart from a single line wrap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are usually AEAD ciphers, for which CMAC makes little sense (if you
need a MAC and all you have is an AEAD, you don't need CMAC, you can just
use a zero length cipher text). Also, since the CMAC implementation only
allows 64 and 128 bit block sizes, the AEADs would error out later anyway.
The only family of ciphers this effectively excludes is AES key wrap, for
which CMAC makes little sense.
One notable side effect of doing this is that the EVP_Cipher() return
value checks in the CMAC code magically become correct. EVP. What's not to
love about it.
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add explanatory comments that refer to the spec so that all the weird
dances make a little more sense. It turns out that this implmeentation
only supports block ciphers with block sizes of 64 and 128 bits, so
enforce this with a check.
Simplify make_kn() to make a little more sense and make it constant
time. Some stylistic fixes like checking pointers explicitly against
NULL and shuffle things into an order that makes a bit more sense.
Includes a fix for a warning reported by Viktor Szakats in
https://github.com/libressl/portable/issues/926
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
| |
Now that EVP_PKEY is opaque, there is no reason to keep the ptr member
of the pkey union as a weird char pointer, a void pointer will do. This
avoids a few stupid casts and simplifies an upcoming diff.
ok jsing
|
| |
|
|
|
|
| |
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
| |
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| |
|
|
|
| |
X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them,
like all the other well-behaved *_CTX_free() functions do.
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
| |
are needed in the source files that actually require them.
ok beck@ miod@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| | |
|
| |
|
|
|
| |
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
|
| |
|
|
|
| |
that it is easier to find code pieces. They are getting in the way.
ok miod
|
| |\
| |
| | |
branch.
|
| | |
|
| |
|
