summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher().tb2019-04-031-7/+13
| | | | | | | | | | | | | | | The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing tls_aad[plen-4] is no good. Also check that the length of the AAD set via the control interface is equal to 13 since the whole file is written with that case in mind. Note that we no longer use this code in LibreSSL/OpenBSD. We eliminated the use of these control interfaces and stitched cipher modes in libssl a while ago. Problem found by Guido Vranken with his cryptofuzz - thanks! input & ok beck, jsing
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-271-3/+3
| | | | | | Reported by oss-fuzz, really fixes issue #13805. ok beck@ tb@
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-241-3/+3
| | | | | | Reported by oss-fuzz, fixes issue #13805. ok beck@ tb@
* Expand the ERR_PACK() macro to ERR_REASON() for consistency.tb2019-03-181-2/+2
| | | | No binary change.
* Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is stilltb2019-03-173-3/+22
| | | | | | freely licensed. From jsing
* Provide EVP_aes_{128,192,256}_wrap(). This is a compatibletb2019-03-175-6/+171
| | | | | | | | | | | | | implementation based on the one in OpenSSL 1.0.2r which is still freely licensed. The functions are undocumented in OpenSSL. To use them, one needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag on the EVP_CIPHER_CTX. resolves #505 ok jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-173-2/+134
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* add support for xchacha20 and xchacha20-poly1305dlg2019-01-222-2/+125
| | | | | | | xchacha is a chacha stream that allows for an extended nonce, which in turn makes it feasible to use random nonces. ok tb@
* provide EVP_ENCODE_CTX_{new,free}().tb2019-01-192-2/+16
| | | | ok jsing
* Make AES CCM available in tables.tb2018-12-261-1/+4
| | | | | | Omission reported by reyk and Alice Wonder. ok bcook jsing
* zap 10 tab leading whitespace before 'struct evp_pkey_ctx_st {'tb2018-11-241-2/+2
|
* Add EVP_sm3() to OpenSSL_add_all_digests_internal().tb2018-11-111-1/+4
| | | | ok beck inoguchi
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-112-1/+77
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Add some accessor functions:djm2018-09-122-2/+44
| | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
* Add const to EVP_PKCS82PKEY().tb2018-08-241-2/+2
| | | | | tested in a bulk by sthen ok jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-241-2/+2
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-241-30/+2
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
* Check return value of EVP_EncodeUpdate() in b64_write().tb2018-08-241-3/+4
| | | | ok jsing
* Convert EVP_EncodeUpdate() to return an int to allow for errortb2018-08-242-8/+10
| | | | | | | | | checking. Matches our documented behavior. Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Provide EVP_CIPHER_CTX_encrypting().tb2018-08-242-2/+9
| | | | | tested in a bulk by sthen ok jsing
* Return an int in BIO_set_cipher() to be able to report errors.tb2018-08-242-13/+22
| | | | | tested in a bulk by sthen ok jsing
* Add a comment that explains what the check is doing and why len >= 1.tb2018-08-141-1/+2
| | | | Prompted by a remark by jsing
* The UI_add_{input,verify}_string() functions want a length not includingtb2018-08-141-5/+8
| | | | | | | | | | | | | | the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to a one-byte buffer overrun in all callers of EVP_read_pw_string(). Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C. Fix this by doing some basic sanity checking in EVP_read_pw_string_min(). Cap the len argument at BUFSIZ and ensure that min < len as well as 0 <= min and 1 <= len. The last two checks are important as these numbers may end up in reallocarray(). ok bcook (on previous version), jsing, mestre
* Add glue to EVP_md5_sha1() so that it can be used with EVP_Sign* andjsing2018-08-101-1/+12
| | | | | | EVP_Verify*. ok tb@
* Add a const qualifier to the argument of EVP_PKEY_size().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the ASN1_OBJECT * argument of the following:tb2018-05-131-2/+3
| | | | | | | | EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3), X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3) tested in a bulk by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the argument of EVP_PKEY_get0_asn1(3).tb2018-05-131-2/+2
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the argument of EVP_PKEY_get0(3).tb2018-05-132-4/+4
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the argument of EVP_PKEY_bits(3).tb2018-05-132-4/+4
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the second argument of EVP_DigestVerifyFinal(3).tb2018-05-132-4/+5
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
* Add const qualifiers to return value of BIO_f_{base64,cipher,md}().tb2018-05-024-13/+13
| | | | | tested in bulk by sthen ok jsing
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-144-36/+19
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-172-5/+38
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Provide EVP_PKEY_get0_EC_KEY() and 'if (ret)' vs 'if (ret != 0)' cosmetics.tb2018-02-202-13/+23
| | | | ok jsing
* Provide EVP_CIPHER_CTX_reset().jsing2018-02-172-18/+27
| | | | Rides previous minor bump.
* Provide EVP_MD_CTX_new(), EVP_MD_CTX_free() and EVP_MD_CTX_reset().jsing2018-02-172-21/+46
|
* Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),tb2018-02-172-23/+55
| | | | | | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key(). ok jsing
* Provide EVP_PKEY_up_ref().jsing2018-02-142-2/+10
|
* GNU ld has prefixed the contents of .gnu.warning.SYMBOL sectionstb2017-11-281-4/+4
| | | | | | | | with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
* Remove EVP_aead_chacha20_poly1305_old() now that the original/oldjsing2017-08-282-82/+28
| | | | chacha20-poly1305 cipher suites have been removed from libssl.
* Fix a problem introduced in freezero() conversion and usejsg2017-05-111-2/+2
| | | | | | | | | | sizeof(struct) not sizeof(pointer). otto@ points out that on OpenBSD currently freezero() would have still zeroed the entire allocation, but this is not documented behaviour and may change in future. ok tom@
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-025-20/+12
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Stop calling OPENSSL_init() internally, since it is a no-op. Also placejsing2017-04-291-5/+1
| | | | | | it under #ifndef LIBRESSL_INTERNAL. ok beck@
* Include EVP_md5_sha1() via OpenSSL_add_all_digests().jsing2017-03-011-1/+2
|
* Add an EVP interface that provides concatenated MD5+SHA1 hashes, which arejsing2017-02-282-1/+85
| | | | | | | | | | used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
* LibreSSL : Truncated packet could crash via OOB readinoguchi2017-01-312-3/+10
| | | | | | | | This patch is originally from master branch of OpenSSL. - 2198b3a crypto/evp: harden AEAD ciphers. - 8e20499 crypto/evp: harden RC4_MD5 cipher. ok tom@
* Send the function codes from the error functions to the bit bucket,beck2017-01-2925-347/+187
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-1/+5
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 16:48:56 +0000