| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
|
| |
As usual, this will be guarded by LIBRESSL_INTERNAL || LIBRESSL_NEXT_API
until the next bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
This adds the EVP_PKEY_ED25519 and EVP_PKEY_X25519 aliases for the NIDs
and exposes the raw public key API.
The ED25519_KEYLEN and X25519_KEYLEN defines are still kept internal for
now to match what OpenSSL have. We may want to expose those later.
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
| |
These are needed for EVP implementations of Ed25519 and X25519.
ok beck@ tb@
|
| |
|
|
|
|
| |
This will be needed to deal with Curve25519 based keys.
ok beck@ tb@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
While these will not be used by LibreSSL, they are used by some QUIC
implementations (such as ngtcp2).
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
EVP_chacha20_poly1305() is an EVP_CIPHER implementation of the
ChaCha20-Poly1305 AEAD. This is potentially used to provide encryption for
the QUIC transport layer.
Where possible, this should be avoided in favour of the significantly saner
EVP_AEAD interface.
ok tb@
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
| |
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
| |
|
|
|
|
|
| |
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding
public API EVP_{dss,dss1,ecdsa}().
This is basically the following OpenSSL commit. The mentioned change in
RSA is already present in rsa/rsa_pmeth.c.
ok inoguchi jsing
commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Wed Dec 2 13:57:04 2015 +0000
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
|
| |
|
|
|
|
| |
This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h.
ok inoguchi jsing
|
| |
|
|
|
| |
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This allows implementations to add their own EVP_MD_METHODs.
Only the setters are provided.
This is used by erlang for the otp_test_engine.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This API with very strange ownership handling is used by Ruby 3.1,
unfortunately.
For unclear reasons, it was decided that the caller retains ownership of
the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to
make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}().
Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs
to be unset on the duplicated EVP_MD_CTX.
ok inoguchi jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
They will be needed by security/py-M2Crypto and telephony/sngrep.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is just a dumb 'return ctx->buf' whose name was chosen to be consistent
with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf()
ok jsing
The backstory is this:
This wonderful API will be needed by MariaDB once EVP is opaque. To be able
to use its own handrolled AES CTR variant, it needs to reach inside the cipher
ctx's buffer and mess with it:
uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
NOTE this assumes that there are only buf_len bytes in the buf.
If OpenSSL will change that, we'll need to change the implementation
of this class too.
*/
Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API
obviously doesn't provide a means of doing any length checks.
If it is any consolation, it was committed with the vague hope of being a
temporary measure as OpenSSL commit 83b06347 suggests:
Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them [...]
As is true for many temporary kludges and dumb accessors, these are here
to stay a with us for a while.
While I'm at it, MariaDB has other phantastic things it did to ease its
pain with the OpenSSL 1.1 API transition.
To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per
EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and
uses arrays of these sizes that it aligns, casts and passes as ctx to the
EVP API.
Of course, they need to safeguard themselves against the inevitable buffer
overruns that this might cause since the type is opaque and could (and actually
did) change its size between two OpenSSL releases. There is a runtime check in
mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc()
with "coc_malloc()" to determine the sizes that OpenSSL would allocate
internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's
ideas of the ctx sizes.
Go look, I'm not making this stuff up.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with
separately. EVP_CIPHER_INFO internals are still publicly visible in
OpenSSL, so it won't be moved.
Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These
typedefs will be visible by files including only hmac.h or evp.h since
hmac.h includes evp.h and evp.h includes ossl_typ.h.
ok inoguchi
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN
defines and aliases the GCM and CCM versions to those.
This is the publicly visible part of OpenSSL's e640fa02005.
ok inoguchi jsing
|
| |
|
|
|
|
| |
no longer needed.
ok jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}.
and are part of the OpenSSL 1.1.1 API. While they simplify callers in some
situations slightly, their real use is for EdDSA that by design can't be
split into Update/Final steps.
Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c
ok inoguchi
|
| |
|
|
| |
ok bcook inoguchi jsing
|
| |
|
|
|
|
|
| |
sebastia ran into this when attempting to update security/hcxtools.
This will be tested via wycheproof.go once the symbol is public.
ok jsing, tested by sebastia
|
| |
|
|
|
|
|
|
|
|
|
| |
EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key.
Issue reported and fix tested by Guido Vranken.
ok beck, jsing
This commit adds a constant to a public header despite library lock,
as discussed with deraadt and sthen.
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
EVP_PKEY_CTRL_GET_MD control for DSA, EC and RSA.
This is used by the upcoming RSA CMS code.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
| |
freely licensed.
From jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
implementation based on the one in OpenSSL 1.0.2r which is
still freely licensed.
The functions are undocumented in OpenSSL. To use them, one
needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
flag on the EVP_CIPHER_CTX.
resolves #505
ok jsing
|
| |
|
|
|
|
|
|
| |
This is an ISC licensed version based on the sources by Ribose Inc
that were ported to OpenSSL in 2017.
Patch from Daniel Wyatt with minor tweaks.
ok inoguchi, jsing
|
| |
|
|
|
|
|
| |
xchacha is a chacha stream that allows for an extended nonce, which
in turn makes it feasible to use random nonces.
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory
for legal use of cryptography within China and [are] widely applied in
the country, covering identification/financial cards, contactless,
TPM 2.0 and PKI.
ok beck inoguchi jsing
|
| |
|
|
|
|
| |
RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()
feedback and ok jsing@ tb@
|
