| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This partially reverts jsing's OpenBSD commit b8185953, but without adding
back the error check that potentialy results in dumb leaks. No cleanup()
method in the wild returns anything but 1. Since that's the signature in
the EVP_CIPHER_meth_* API, we have no choice...
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
| |
Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.
ok tb@
|
| |
|
|
|
|
| |
Otherwise EVP_CIPHER_CTX_cleanup() leaks, as spotted by the ASAN CI.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
EVP_chacha20_poly1305() is an EVP_CIPHER implementation of the
ChaCha20-Poly1305 AEAD. This is potentially used to provide encryption for
the QUIC transport layer.
Where possible, this should be avoided in favour of the significantly saner
EVP_AEAD interface.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
The length checks for EVP_aead_chacha20_poly1305() seal/open were incorrect
and are no longer necessary (not to mention that the comment failed to
match the code). Remove these since the underlying ChaCha implementation
will now handle the same sized inputs at these functions can.
Issue flagged by and ok tb@
|
| |
|
|
|
|
| |
Reported by oss-fuzz, really fixes issue #13805.
ok beck@ tb@
|
| |
|
|
|
|
| |
Reported by oss-fuzz, fixes issue #13805.
ok beck@ tb@
|
| |
|
|
|
|
|
| |
xchacha is a chacha stream that allows for an extended nonce, which
in turn makes it feasible to use random nonces.
ok tb@
|
| |
|
|
| |
chacha20-poly1305 cipher suites have been removed from libssl.
|
| |
|
|
|
|
|
|
|
|
| |
sizeof(struct) not sizeof(pointer).
otto@ points out that on OpenBSD currently freezero() would have still
zeroed the entire allocation, but this is not documented behaviour and
may change in future.
ok tom@
|
| |
|
|
|
|
|
|
|
|
| |
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
|
|
|
| |
and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will
become the standard version.
Discussed with many.
|
| |
|
|
| |
EVP_aead_chacha20_poly1305_ietf().
|
| | |
|
| |
|
|
|
|
|
|
|
| |
"ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD
construction that is incompatible with the common style that has been
already used in TLS with EVP_aead_chacha20_poly1305(). The IETF
version also adds a constant (salt) that is prepended to the nonce.
OK mikeb@ jsing@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok doug@ deraadt@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| |
|
|
|
|
| |
available via boringssl.
ok deraadt@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was
overloaded to indicate success/failure, along with the number of bytes
written as output. This change adds an explicit *out_len argument which
is used to return the number of output bytes and the return value is now
an int that is purely used to identify success or failure.
This change effectively rides the last libcrypto crank (although I do not
expect there to be many users of the EVP AEAD API currently).
Thanks to Adam Langley for providing the improved code that this diff is
based on.
ok miod@
|
| |
|
|
|
| |
as new stuff was brought in.
ok miod@
|
| | |
|
| | |
|
|
|
Langley's Chromium OpenSSL patches.
ok miod@
|
