summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Disallow setting the AES-GCM IV length to 0tb2020-04-301-1/+5
| | | | | | | It is possible to do this by abusing the EVP_CTRL_INIT API. Pointed out by jsing. ok inoguchi jsing (as part of a larger diff)
* Disallow the use of zero length IVs in AES-GCM viatb2020-04-273-3/+15
| | | | | | | | | | | EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key. Issue reported and fix tested by Guido Vranken. ok beck, jsing This commit adds a constant to a public header despite library lock, as discussed with deraadt and sthen.
* Check high bit for base64 decodeinoguchi2020-03-041-2/+10
| | | | | | | Referred to this OpenSSL commit and adopted to the codebase. b785504a10310cb2872270eb409b70971be5e76e suggest and ok tb@
* Fix base64 processing of long linesinoguchi2020-03-031-99/+66
| | | | | | | | | | Fix the problem that long unbroken line of base64 text is not decoded. Referred to this OpenSSL commit and adapted to the codebase. 3cdd1e94b1d71f2ce3002738f9506da91fe2af45 Reported by john.a.passaro <at> gmail.com to the LibreSSL ML. ok tb@
* typotb2020-01-261-2/+2
|
* Improve the comment explaining why the previous change matches OpenSSL'stb2020-01-261-8/+15
| | | | | | behavior. ok jsing
* Adjust EVP_chacha20()'s behavior to match OpenSSL's semantics:tb2020-01-261-7/+14
| | | | | | | | | | | | | | | | | The new IV is 128 bit long and is actually the 64 bit counter followed by 64 the bit initialization vector. This is needed by an upcoming change in OpenSSH and is a breaking change for all current callers. There are language bindings for Node.js, Rust and Erlang, but none of our ports use them. Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014 while the entirely incompatible version in OpenSSL was committed on Dec 9, 2015. Initial diff from djm and myself, further refinements by djm. Ports grepping by sthen ok jsing
* Avoid leak in error path of PKCS5_PBE_keyivgeninoguchi2020-01-121-1/+2
| | | | ok jsing@ tb@
* Wire up PKEY methods for RSA-PSS.jsing2019-11-011-2/+6
| | | | ok tb@
* Provide EVP_PKEY_CTX_md().jsing2019-10-292-8/+18
| | | | | | | | | | | | This handles controls with a message digest by name, looks up the message digest and then proxies the control through with the EVP_MD *. This is internal only for now and will be used in upcoming RSA related changes. Based on OpenSSL 1.1.1d. ok inoguchi@ tb@
* Add EVP_PKEY_RSA_PSS.jsing2019-10-241-1/+2
| | | | ok tb@
* Provide EVP_PKEY_CTX_get_signature_md() macro and implement thejsing2019-09-091-4/+10
| | | | | | | | EVP_PKEY_CTRL_GET_MD control for DSA, EC and RSA. This is used by the upcoming RSA CMS code. ok inoguchi@ tb@
* Provide ASN1_PKEY_CTRL_CMS_RI_TYPE.jsing2019-08-111-1/+2
|
* Correct missing test to determine if length is in bytes or in bits.beck2019-05-141-1/+3
| | | | | Issue found by Guido Vranken <guidovranken@gmail.com> ok tedu@ tb@
* Revert the other hunk of r1.36 as well: in the case of CCM, ccm.key istb2019-05-121-1/+11
| | | | | | | | | assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs to be copied over... Pointed out by Guido Vranken. ok jsing
* Revert part of r1.36: in the case of GCM, gcm.key is assigned fromtb2019-05-101-1/+7
| | | | | | | | | aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be copied over... Fixes cryptofuzz issue #14352 and likely also #14374. ok beck jsing
* Allocate md_data with calloc to avoid use of uninitialised memory.jsing2019-04-191-6/+6
| | | | | | Found by Guido Vranken when fuzzing and trying to use GOST with HMAC. Fix confirmed by Guido; ok tb@
* Some more malloc() to calloc() conversions.jsing2019-04-141-7/+5
| | | | ok tb@
* Remove two pointless chunks of code.jsing2019-04-141-16/+1
| | | | | | | | This reverts part of OpenSSL c2fd5d79, which added the same code to AES CCM, GCM and XTS. In the case of CCM and GCM nothing assigns {ccm,gcm}.key so there is never going to be anything to update (unlike XTS). ok tb@
* Use calloc() when allocating cipher_data.jsing2019-04-141-5/+5
| | | | | | Avoids use of uninitialised memory. ok tb@
* Annotate a future improvement.jsing2019-04-141-1/+2
|
* Avoid potential double-frees following EVP_CIPHER_CTX_copy().jsing2019-04-141-4/+17
| | | | | | | | | | | In the case of a cipher with a custom copy control, if that control fails we may still have pointers that we do not own in the previously copied cipher data. Avoid potential double-frees by zeroing and freeing the copied cipher data in this case. Issue reported by Guido Vranken. ok tb@
* Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher().tb2019-04-031-7/+13
| | | | | | | | | | | | | | | The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing tls_aad[plen-4] is no good. Also check that the length of the AAD set via the control interface is equal to 13 since the whole file is written with that case in mind. Note that we no longer use this code in LibreSSL/OpenBSD. We eliminated the use of these control interfaces and stitched cipher modes in libssl a while ago. Problem found by Guido Vranken with his cryptofuzz - thanks! input & ok beck, jsing
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-271-3/+3
| | | | | | Reported by oss-fuzz, really fixes issue #13805. ok beck@ tb@
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-241-3/+3
| | | | | | Reported by oss-fuzz, fixes issue #13805. ok beck@ tb@
* Expand the ERR_PACK() macro to ERR_REASON() for consistency.tb2019-03-181-2/+2
| | | | No binary change.
* Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is stilltb2019-03-173-3/+22
| | | | | | freely licensed. From jsing
* Provide EVP_aes_{128,192,256}_wrap(). This is a compatibletb2019-03-175-6/+171
| | | | | | | | | | | | | implementation based on the one in OpenSSL 1.0.2r which is still freely licensed. The functions are undocumented in OpenSSL. To use them, one needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag on the EVP_CIPHER_CTX. resolves #505 ok jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-173-2/+134
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* add support for xchacha20 and xchacha20-poly1305dlg2019-01-222-2/+125
| | | | | | | xchacha is a chacha stream that allows for an extended nonce, which in turn makes it feasible to use random nonces. ok tb@
* provide EVP_ENCODE_CTX_{new,free}().tb2019-01-192-2/+16
| | | | ok jsing
* Make AES CCM available in tables.tb2018-12-261-1/+4
| | | | | | Omission reported by reyk and Alice Wonder. ok bcook jsing
* zap 10 tab leading whitespace before 'struct evp_pkey_ctx_st {'tb2018-11-241-2/+2
|
* Add EVP_sm3() to OpenSSL_add_all_digests_internal().tb2018-11-111-1/+4
| | | | ok beck inoguchi
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-112-1/+77
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Add some accessor functions:djm2018-09-122-2/+44
| | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
* Add const to EVP_PKCS82PKEY().tb2018-08-241-2/+2
| | | | | tested in a bulk by sthen ok jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-241-2/+2
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-241-30/+2
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
* Check return value of EVP_EncodeUpdate() in b64_write().tb2018-08-241-3/+4
| | | | ok jsing
* Convert EVP_EncodeUpdate() to return an int to allow for errortb2018-08-242-8/+10
| | | | | | | | | checking. Matches our documented behavior. Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Provide EVP_CIPHER_CTX_encrypting().tb2018-08-242-2/+9
| | | | | tested in a bulk by sthen ok jsing
* Return an int in BIO_set_cipher() to be able to report errors.tb2018-08-242-13/+22
| | | | | tested in a bulk by sthen ok jsing
* Add a comment that explains what the check is doing and why len >= 1.tb2018-08-141-1/+2
| | | | Prompted by a remark by jsing
* The UI_add_{input,verify}_string() functions want a length not includingtb2018-08-141-5/+8
| | | | | | | | | | | | | | the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to a one-byte buffer overrun in all callers of EVP_read_pw_string(). Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C. Fix this by doing some basic sanity checking in EVP_read_pw_string_min(). Cap the len argument at BUFSIZ and ensure that min < len as well as 0 <= min and 1 <= len. The last two checks are important as these numbers may end up in reallocarray(). ok bcook (on previous version), jsing, mestre
* Add glue to EVP_md5_sha1() so that it can be used with EVP_Sign* andjsing2018-08-101-1/+12
| | | | | | EVP_Verify*. ok tb@
* Add a const qualifier to the argument of EVP_PKEY_size().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the ASN1_OBJECT * argument of the following:tb2018-05-131-2/+3
| | | | | | | | EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3), X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3) tested in a bulk by sthen ok beck (as part of a larger diff)
* Add a const qualifier to the argument of EVP_PKEY_get0_asn1(3).tb2018-05-131-2/+2
| | | | | tested in a bulk build by sthen ok beck (as part of a larger diff)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 22:16:12 +0000