summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/evp.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Disallow the use of zero length IVs in AES-GCM viatb2020-04-271-1/+2
| | | | | | | | | | | EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key. Issue reported and fix tested by Guido Vranken. ok beck, jsing This commit adds a constant to a public header despite library lock, as discussed with deraadt and sthen.
* Add EVP_PKEY_RSA_PSS.jsing2019-10-241-1/+2
| | | | ok tb@
* Provide EVP_PKEY_CTX_get_signature_md() macro and implement thejsing2019-09-091-4/+10
| | | | | | | | EVP_PKEY_CTRL_GET_MD control for DSA, EC and RSA. This is used by the upcoming RSA CMS code. ok inoguchi@ tb@
* Provide ASN1_PKEY_CTRL_CMS_RI_TYPE.jsing2019-08-111-1/+2
|
* Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is stilltb2019-03-171-1/+3
| | | | | | freely licensed. From jsing
* Provide EVP_aes_{128,192,256}_wrap(). This is a compatibletb2019-03-171-1/+12
| | | | | | | | | | | | | implementation based on the one in OpenSSL 1.0.2r which is still freely licensed. The functions are undocumented in OpenSSL. To use them, one needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag on the EVP_CIPHER_CTX. resolves #505 ok jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+10
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* add support for xchacha20 and xchacha20-poly1305dlg2019-01-221-1/+3
| | | | | | | xchacha is a chacha stream that allows for an extended nonce, which in turn makes it feasible to use random nonces. ok tb@
* provide EVP_ENCODE_CTX_{new,free}().tb2019-01-191-1/+3
| | | | ok jsing
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-111-1/+4
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Add some accessor functions:djm2018-09-121-1/+5
| | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* Convert EVP_EncodeUpdate() to return an int to allow for errortb2018-08-241-2/+2
| | | | | | | | | checking. Matches our documented behavior. Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Provide EVP_CIPHER_CTX_encrypting().tb2018-08-241-1/+2
| | | | | tested in a bulk by sthen ok jsing
* Return an int in BIO_set_cipher() to be able to report errors.tb2018-08-241-2/+2
| | | | | tested in a bulk by sthen ok jsing
* Add a const qualifier to the argument of EVP_PKEY_size().tb2018-05-301-2/+2
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the argument of EVP_PKEY_get0_asn1(3).tb2018-05-131-2/+2
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the argument of EVP_PKEY_get0(3).tb2018-05-131-2/+2
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the argument of EVP_PKEY_bits(3).tb2018-05-131-2/+2
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the second argument of EVP_DigestVerifyFinal(3).tb2018-05-131-2/+3
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add const qualifiers to return value of BIO_f_{base64,cipher,md}().tb2018-05-021-4/+4
| | | | | tested in bulk by sthen ok jsing
* Provide EVP_PKEY_get0_EC_KEY() and 'if (ret)' vs 'if (ret != 0)' cosmetics.tb2018-02-201-2/+3
| | | | ok jsing
* Provide EVP_CIPHER_CTX_reset().jsing2018-02-171-1/+2
| | | | Rides previous minor bump.
* Provide EVP_MD_CTX_new(), EVP_MD_CTX_free() and EVP_MD_CTX_reset().jsing2018-02-171-2/+6
|
* Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),tb2018-02-171-4/+7
| | | | | | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key(). ok jsing
* Provide EVP_PKEY_up_ref().jsing2018-02-141-1/+2
|
* Remove EVP_aead_chacha20_poly1305_old() now that the original/oldjsing2017-08-281-2/+1
| | | | chacha20-poly1305 cipher suites have been removed from libssl.
* Add an EVP interface that provides concatenated MD5+SHA1 hashes, which arejsing2017-02-281-1/+2
| | | | | | | | | | used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
* deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.beck2016-05-301-4/+10
| | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-281-2/+2
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk2015-11-021-1/+2
| | | | | | | | | "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
* Temporarily revive MD4 for MS CHAP support.doug2015-09-141-1/+4
|
* Remove MD4 support from LibreSSL.doug2015-09-131-4/+1
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* Remove SHA-0 support.doug2015-09-131-2/+1
| | | | | | | SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@
* Remove obsolete MDC-2DES from libcrypto.doug2015-06-201-4/+1
| | | | ok deraadt@ jsing@ miod@
* unifdef OPENSSL_NO_RC5jsing2015-02-101-8/+1
|
* Replace assert() and OPENSSL_assert() calls with proper error return paths.miod2015-02-101-1/+8
| | | | Careful review, feedback & ok doug@ jsing@
* Move a few typedef up in this file in order to be able to use them in env_md_stmiod2015-02-081-14/+10
| | | | | and get rid of a silly FIXME comment. ok doug@ jsing@
* Delete a lot of #if 0 code in libressl.doug2015-02-071-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-091-1/+34
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* OPENSSL_ALGORITHM_DEFINES has been removed from conf.h, no need for it nowtedu2014-07-111-8/+2
|
* Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals itmiod2014-06-241-2/+1
| | | | | should not know anything about. Verified not to be used in ports; riding upon the recent libcrypto major bump.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* remove CONST_STRICT. ok beck deraadttedu2014-05-301-5/+1
|
* Implement an improved version of the EVP AEAD API. Thejsing2014-05-261-16/+18
| | | | | | | | | | | | | | | | EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was overloaded to indicate success/failure, along with the number of bytes written as output. This change adds an explicit *out_len argument which is used to return the number of output bytes and the return value is now an int that is purely used to identify success or failure. This change effectively rides the last libcrypto crank (although I do not expect there to be many users of the EVP AEAD API currently). Thanks to Adam Langley for providing the improved code that this diff is based on. ok miod@
* no no md2tedu2014-05-171-3/+0
|
* no no seedtedu2014-05-171-8/+0
|
* When OPENSSL_LOAD_CONF was added it ended up with more #if 0 code,jsing2014-05-161-4/+3
| | | | | | | | | | | more #ifdefs and a new source file that contains a single function. Nuke the #if 0 code that is now a macro and move the single function in evp_acnf.c to c_all.c, which is where the other code lives. While here, tidy evp.h slightly, remove an unnecessary #ifdef __OpenBSD__ and nuke a comment that is now a lie. ok miod@
* Add a ChaCha20-Poly1305 AEAD EVP implementation to libcrypto, from Adamjsing2014-05-151-0/+8
| | | | | | Langley's Chromium OpenSSL patches. ok miod@
* Add an AEAD EVP interface to libcrypto, along with AES-GCM AEADjsing2014-05-151-0/+114
| | | | | | | implementations. This largely pulls in Adam Langley's AEAD patches from Chromium's OpenSSL. ok miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:30:12 +0000