openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Hide deprecated functions in evp.h	beck	2024-04-10	1	-1/+5
\| \| \| \| \| \|	use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them. ok tb@
*	Hide public symbols in evp.h	beck	2024-04-09	1	-1/+58
\| \| \| \| \| \|	largely mechanically done by the guentherizer 9000 ok tb@
*	Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()	tb	2024-03-02	1	-5/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live on the stack, these initialization APIs were wrappers around memset. In OpenSSL 1.1, somebody removed them and carelessly made _init() an alias of _reset() aka _cleanup(). As a consequence, both signature and semantics changed. Unsurprisingly, there is now code out there that actually uses the new semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns our _init() with OpenSSL 1.1 semantics. ok jsing
*	Remove custom key length handling	tb	2024-02-24	1	-5/+1
\| \| \| \| \| \| \| \| \| \| \|	No cipher in libcrypto is marked EVP_CIPH_CUSTOM_KEY_LENGTH and no control handler deals with EVP_CTRL_SET_KEY_LENGTH, which means that this code is dead as far as libcrypto is concerned. Almost nothing uses EVP_CIPHER_meth* (this was added for a single project) and nothing sets a custom ctrl. This isn't going to change anyway since EVP_CIPHER_meth* is deprecated in order to promote more provider beauty. ok beck jsing
*	Align EVP_CIPHER_CTX_init() and _legacy_clear()	tb	2024-02-18	1	-2/+2
\|
*	Add EVP_CIPHER_CTX_legacy_clear()	tb	2024-02-18	1	-1/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset(). In particular, it changed signature and it would no longer leak internal state if used on an already used ctx. On the other hand, it can't be used for ctx on the stack. libcrypto still has a few ctx on the stack which will be converted to heap allocated contexts at some point. Until this is completed, we will use EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be changed to match OpenSSL 1.1. ok jsing
*	Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe	tb	2024-01-30	1	-1/+4
\| \| \| \| \| \| \| \|	We have a bunch of code that relies on this. Surely there is code out there in the wider ecosystem that relies on these being NULL-safe by now since upstream sprinkles NULL checks wherever they can. ok beck joshua
*	Improve EVP_CIPHER_{get,set}_asn1_iv()	tb	2024-01-07	1	-25/+26
\| \| \| \| \| \| \| \| \|	Use iv_len for the variables storing the IV length, formerly l and j. Remove use of the unnecessary variable i and unindent the whole mess. Some return values are fishy. That will be addressed in subsequent commits. ok jsing
*	Improve length checks for oiv and iv	tb	2024-01-04	1	-4/+5
\| \| \| \| \| \| \| \| \| \|	There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the IVs of block ciphers. In most modes, only iv is used, but in some modes iv is modified and oiv is used to store the original IV. At the moment nothing enforces that they are of the same length. Therefore make sure the correct one or both are checked before writing to or reading from them. ok miod
*	Improve order in ancient CMS helpers	tb	2024-01-03	1	-25/+25
\| \| \| \| \| \| \|	First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv() which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping EVP_CIPHER_get_asn1_iv(). Move each param function below the iv function it wraps.
*	Move a t to the right place in a comment	tb	2024-01-02	1	-2/+2
\|
*	Match struct order for the EVP_CIPHER_CTX accessors	tb	2024-01-02	1	-69/+73
\| \| \| \| \| \|	This isn't great since the struct is ordered in about the silliest way imaginable, but it is better than it was before. Bringing order into this mess is harder than solving a Rubik's cube.
*	Move down EVP_CIPHER_CTX accessors expose EVP_CIPHER internals	tb	2024-01-02	1	-38/+42
\| \| \| \| \|	These confusingly named getters were added "for convenience" in 1.1. They fit best next to the EVP_CIPHER API.
*	Move the trivial EVP_CIPHER getters down	tb	2024-01-02	1	-31/+35
\| \| \| \| \|	They are now below the CMS ASN.1 IV stuff, but above the EVP_CIPHER_meth* API, which are setters, in a way.
*	Simplify EVP_CIPHER_{asn1_to_param,parma_to_asn1}()	tb	2024-01-02	1	-17/+13
\| \| \| \|	There's no need for a ret variable and else if/else
*	Move the EVP_CIPHER API that only exists for CMS/legacy a bit down	tb	2024-01-02	1	-121/+125
\|
*	Two spellings of key length are enough	tb	2024-01-02	1	-6/+7
\| \| \| \| \| \|	The API is called EVP_CIPHER_CTX_set_key_length() it has an argument called keylen and, the EVP_CIPHER_CTX's member is called key_len. One of the three is trivial to adjust, so do it.
*	Rename the poor outlier EVP_CIPHER e into cipher	tb	2024-01-02	1	-3/+3
\|
*	Better variable names in EVP_CIPHER_type()	tb	2024-01-02	1	-7/+8
\| \| \| \| \|	The EVP_CIPHER *ctx (yes) is renamed to cipher, otmp becomes an aobj. Change two !ptr to ptr == NULL checks.
*	Consistently use ctx for an EVP_CIPHER_CTX	tb	2024-01-02	1	-36/+36
\| \| \| \|	Not c (which is most of the time an EVP_CIPHER) or a (?!).
*	Merge the EVP_CIPHER_meth_* API into evp_cipher.c	tb	2023-12-29	1	-1/+175
\|
*	Merge the remainder of evp_lib.c into evp_cipher.c	tb	2023-12-29	1	-3/+298
\|
*	Use more consistent naming for some files in evp	tb	2023-12-29	1	-0/+687
	EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which will become the home of all things related to EVP_MD{,_CTX} handling. EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which will become the home of all things related to EVP_CIPHER{,_CTX} handling. EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which already is the home of EVP_ENCODE_CTX_{new,free}(). discussed with jsing