summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove EVP_aead_chacha20_poly1305_old() now that the original/oldjsing2017-08-282-82/+28
| | | | chacha20-poly1305 cipher suites have been removed from libssl.
* Fix a problem introduced in freezero() conversion and usejsg2017-05-111-2/+2
| | | | | | | | | | sizeof(struct) not sizeof(pointer). otto@ points out that on OpenBSD currently freezero() would have still zeroed the entire allocation, but this is not documented behaviour and may change in future. ok tom@
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-025-20/+12
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Stop calling OPENSSL_init() internally, since it is a no-op. Also placejsing2017-04-291-5/+1
| | | | | | it under #ifndef LIBRESSL_INTERNAL. ok beck@
* Include EVP_md5_sha1() via OpenSSL_add_all_digests().jsing2017-03-011-1/+2
|
* Add an EVP interface that provides concatenated MD5+SHA1 hashes, which arejsing2017-02-282-1/+85
| | | | | | | | | | used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
* LibreSSL : Truncated packet could crash via OOB readinoguchi2017-01-312-3/+10
| | | | | | | | This patch is originally from master branch of OpenSSL. - 2198b3a crypto/evp: harden AEAD ciphers. - 8e20499 crypto/evp: harden RC4_MD5 cipher. ok tom@
* Send the function codes from the error functions to the bit bucket,beck2017-01-2925-347/+187
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-1/+5
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places whenmiod2016-11-082-5/+12
| | | | | | they don't make sense. ok beck@
* No need to duplicate definitions from evp.h locally.miod2016-11-052-14/+2
| | | | ok bock@ jsing@
* Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] bymiod2016-11-043-14/+13
| | | | | | | | | | | | | | | meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
* Remove I386_ONLY define. It was only used to prefer amiod2016-11-041-3/+3
| | | | | | | faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in the SHA512 code, and had not been enabled in years, if at all. ok tom@ bcook@
* back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinalbcook2016-09-091-4/+1
| | | | | Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32
* include <sys/types.h> to get <sys/cdefs.h> instead (for __warn_references)bcook2016-09-041-2/+2
| | | | corrected by deraadt@ / guenther@
* include <sys/cdefs.h> for portablebcook2016-09-041-1/+3
|
* deprecate EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()bcook2016-09-031-3/+15
| | | | | | | | | | This switches EVP_CipherFinal() to work as EVP_EncryptFinal() and EVP_DecryptFinal() do, always clearing the cipher context on completion. Indicate that, since it is not possible to tell whether this function will clear the context (the API has changed over time in OpenSSL), it is better to use the _ex() variants and explicitly clear instead. ok beck@
* deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.beck2016-05-302-8/+16
| | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
* fix for integer overflow in encode and encrypt update functions.tedu2016-05-042-6/+11
| | | | | | additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl.
* fix a padding oracle in aesni cbc mac check. there must be enough datatedu2016-05-041-1/+4
| | | | | for both the mac and padding bytes. CVE-2016-2107 from openssl
* revert the big change from yesterday to prepare for smaller commits.tedu2016-05-043-15/+7
|
* prefer limits.h over sys/limits.hbcook2016-05-031-2/+2
|
* patch from openssl for multiple issues:tedu2016-05-033-7/+16
| | | | | | | missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-282-13/+13
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-131-4/+4
| | | | EVP_aead_chacha20_poly1305_ietf().
* initialize md_len to 0 for readability to quell warnings.beck2015-12-141-3/+3
| | | | ok guenther@
* Fix typo in comment of previous commit: "that that".reyk2015-11-021-3/+3
|
* Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk2015-11-022-19/+113
| | | | | | | | | "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
* unifdef EVP_CHECK_DES_KEY: Ben Kaduk noticed it has a syntax error; thatguenther2015-10-122-20/+2
| | | | | | | | error was present in the original 2004 commit, so it hasn't been used in over 11 years, thus exceeding our deprecation requirements by over a decade. OpenSSL has chosen to *fix it*; we'll gladly watch it burn ok jsing@
* Temporarily revive MD4 for MS CHAP support.doug2015-09-143-2/+127
|
* Remove MD4 support from LibreSSL.doug2015-09-133-127/+2
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* Remove SHA-0 support.doug2015-09-133-122/+3
| | | | | | | SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-1010-26/+28
| | | | ok miod@
* Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().jsing2015-06-202-4/+4
| | | | ok doug@ deraadt@
* Remove obsolete MDC-2DES from libcrypto.doug2015-06-203-126/+2
| | | | ok deraadt@ jsing@ miod@
* Regenmiod2015-02-151-89/+99
|
* 1.18 would introduce a possible out-of-bounds access in the error path;miod2015-02-141-7/+5
| | | | | Coverity CID 105346 ok doug@
* Remove DEBUG_PKCS5V2 code.miod2015-02-141-25/+1
|
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-112-2/+4
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* unifdef OPENSSL_NO_RC5jsing2015-02-103-29/+3
|
* Remove RC5 code - this is not currently enabled and is not likely to everjsing2015-02-101-128/+0
| | | | | | | | be enabled. Removes one symbol from libcrypto, however there is no ABI change. ok beck@ miod@ tedu@
* EVP_BytesToKey(): return through the error path (which cleans things up)miod2015-02-101-3/+3
| | | | if EVP_DigestInit_ex() fails.
* Replace assert() and OPENSSL_assert() calls with proper error return paths.miod2015-02-108-30/+87
| | | | Careful review, feedback & ok doug@ jsing@
* Remove unnecessary include of assert.hmiod2015-02-102-4/+2
|
* Move a few typedef up in this file in order to be able to use them in env_md_stmiod2015-02-081-14/+10
| | | | | and get rid of a silly FIXME comment. ok doug@ jsing@
* Check memory allocation results in EVP_PBE_alg_add_type().miod2015-02-081-3/+10
| | | | ok doug@ jsing@
* Delete a lot of #if 0 code in libressl.doug2015-02-074-60/+4
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Combine c_allc.c and c_alld.c into c_all.c - there is not much point havingjsing2015-02-073-361/+230
| | | | | | | this split across files, especially when two of them have less code than license text. ok bcook@ beck@ doug@ miod@
* More missing error checks I forgot to commit last week, part of the largemiod2014-11-181-12/+23
| | | | cleanup diff.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 16:39:46 +0000