summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Mechanically expand BLOCK_CIPHER_* ciphers.jsing2022-09-041-17/+145
| | | | | | This includes the wonderful BLOCK_CIPHER_ecb_loop - a for loop in a macro. No change in generated assembly.
* Remove now unused IMPLEMENT_CFBR macro.jsing2022-09-041-10/+1
|
* Mechanically expand IMPLEMENT_CFBR macros.jsing2022-09-041-8/+267
| | | | Only change to generated assembly is due to the use of EVPerror().
* Remove now unused IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-034-19/+4
| | | | | | Also remove various comments noting that it cannot be used for certain block ciphers (which kinda defeats the purpose of having a generic implementation in the first place).
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-21/+486
| | | | | Only change to generated assembly is due to EVPerror()'s use of line numbers.
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-4/+162
| | | | No change in generated assembly.
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-8/+161
| | | | | | Only change to generated assembly is due to EVPerror()'s use of line numbers. CVS ----------------------------------------------------------------------
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-6/+162
| | | | No change to generated assembly.
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-5/+163
| | | | | | | | | These macros make the ASN.1 macros seem sane - there are layers and layers and layers here, which are hiding bugs. No change to generated assembly. Discussed with tb@
* chacha20_poly1305_cleanup() should return 1tb2022-08-301-2/+2
| | | | | | Otherwise EVP_CIPHER_CTX_cleanup() leaks, as spotted by the ASAN CI. ok jsing
* Provide additional defines for EVP AEAD.jsing2022-08-271-1/+18
| | | | | | | While these will not be used by LibreSSL, they are used by some QUIC implementations (such as ngtcp2). ok tb@
* fix indent and zap trailing whitespacetb2022-08-211-3/+3
|
* Provide EVP_chacha20_poly1305()jsing2022-08-202-7/+260
| | | | | | | | | | | EVP_chacha20_poly1305() is an EVP_CIPHER implementation of the ChaCha20-Poly1305 AEAD. This is potentially used to provide encryption for the QUIC transport layer. Where possible, this should be avoided in favour of the significantly saner EVP_AEAD interface. ok tb@
* Remove bogus length checks from EVP_aead_chacha20_poly1305()jsing2022-08-201-27/+1
| | | | | | | | | The length checks for EVP_aead_chacha20_poly1305() seal/open were incorrect and are no longer necessary (not to mention that the comment failed to match the code). Remove these since the underlying ChaCha implementation will now handle the same sized inputs at these functions can. Issue flagged by and ok tb@
* Mop up key_len assignments.jsing2022-08-041-91/+59
| | | | | | | Remove unnecessary conditions for XTS mode, since we know which are XTS. Also use bytes rather than bits / 8. ok tb@
* Mop up EVP_CIPH_FLAG_FIPS usage.jsing2022-08-041-59/+59
| | | | | | LibreSSL does not do FIPS and nothing else sets or checks these. ok tb@
* Remove various aesni_* defines to aes_* functions.jsing2022-08-041-56/+24
| | | | | | | A number of the AES-NI functions are #defines to an aes_* function - remove these and just use the AES variant directly. ok tb@
* Expand BLOCK_CIPHER_* macros.jsing2022-08-021-133/+1056
| | | | | | | | | As a first step towards untangling and cleaning up the EVP AES code, expand the BLOCK_CIPHER_* macros. In particular, rather than having two sets of macros - one that is used if AESNI is being compiled in and one if it is not, condition on #ifdef AESNI_CAPABLE in the expanded code. ok tb@
* Reorder functions and remove unnecessary function prototypes.jsing2022-07-301-29/+24
|
* Do not pass input length <= 0 to the cipher handlerstb2022-07-261-11/+17
| | | | | | | | | | Input length < 0 is an error and input length == 0 can result in strange effects in some ciphers, except in CCM mode, which is extra special. Based on OpenSSL 420cb707 by Matt Caswell and Richard Levitte found by & ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Expose new API in headers.tb2022-07-071-5/+1
| | | | | | | These are mostly security-level related, but there are also ASN1_TIME and ASN_INTEGER functions here, as well as some missing accessors. ok jsing
* Prepare to provide EVP_PKEY_security_bits()tb2022-06-272-2/+20
| | | | | | | This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
* Add hkdf_pkey_meth to the standard_methods[]tb2022-05-051-1/+3
| | | | ok beck jsing
* Provide EVP_PKEY_HKDF alias for NID_hkdftb2022-05-051-1/+2
| | | | ok beck jsing
* Provide versions of EVP_PKEY_CTX_{str,hex}2ctrl() for internal use.tb2022-05-052-2/+38
| | | | ok beck jsing
* Add check for EVP_CIPHER_CTX_ctrlinoguchi2022-01-201-4/+6
| | | | suggestion from tb@
* Add check for EVP_CIPHER_CTX_set_key_length return valueinoguchi2022-01-201-2/+3
| | | | | | CID 21653 ok jsing@ millert@ tb@
* Add check for BIO_indent return valueinoguchi2022-01-201-2/+3
| | | | | | CID 24778 ok jsing@ millert@ tb@
* Implement new-style OpenSSL BIO callbackstb2022-01-143-9/+9
| | | | | | | | | | This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb
* Remove legacy sign/verify from EVP_MD.tb2022-01-1418-644/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
* Make structs in evp.h and hmac.h opaquetb2022-01-142-134/+131
| | | | | | This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h. ok inoguchi jsing
* Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb2022-01-141-15/+1
| | | | | This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
* Fix typo in header guardtb2022-01-121-3/+3
|
* Prepare to provide the EVP_MD_meth_* APItb2022-01-102-2/+130
| | | | | | | | | This allows implementations to add their own EVP_MD_METHODs. Only the setters are provided. This is used by erlang for the otp_test_engine. ok inoguchi jsing
* Prepare to provide EVP_PKEY_{public,param}_checktb2022-01-104-4/+72
| | | | | | | | | | | | | | This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check(). There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present. ok inoguchi jsing
* Prepare to provide EVP_PKEY_check()tb2022-01-104-4/+47
| | | | | | | | | | | | | | | | | | This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing
* Prevent a double free in EVP_MD_CTX_copy_ex()tb2022-01-101-1/+3
| | | | | | | | NULL out two pointer values after memcpy() to avoid a double free. In the event that both in->pctx and in->md_data are non-NULL and the calloc() of out->md_data fails, a double free could occur. ok inoguchi jsing
* Prepare to provide EVP_MD_CTX{,_set}_pkey_ctx()tb2022-01-094-5/+55
| | | | | | | | | | | | | This API with very strange ownership handling is used by Ruby 3.1, unfortunately. For unclear reasons, it was decided that the caller retains ownership of the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}(). Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs to be unset on the duplicated EVP_MD_CTX. ok inoguchi jsing
* Prepare to provide EVP_AEAD_CTX_{new,free}()tb2022-01-072-3/+29
| | | | ok jsing
* include asn1_locl.h where it will be needed for the bump.tb2022-01-071-1/+2
| | | | discussed with jsing
* Add a new, mostly empty, bio_local.h and include it in the filestb2022-01-073-3/+6
| | | | | | that will need it in the upcoming bump. discussed with jsing
* Prepare to provide EVP_CIPHER_CTX_{get,set}_cipher_datatb2021-12-242-3/+22
| | | | | | They will be needed by security/py-M2Crypto and telephony/sngrep. ok inoguchi jsing
* Prepare to provide EVP_CIPHER_CTX_buf_noconst()tb2021-12-242-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is just a dumb 'return ctx->buf' whose name was chosen to be consistent with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf() ok jsing The backstory is this: This wonderful API will be needed by MariaDB once EVP is opaque. To be able to use its own handrolled AES CTR variant, it needs to reach inside the cipher ctx's buffer and mess with it: uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); /* Not much we can do, block ciphers cannot encrypt data that aren't a multiple of the block length. At least not without padding. Let's do something CTR-like for the last partial block. NOTE this assumes that there are only buf_len bytes in the buf. If OpenSSL will change that, we'll need to change the implementation of this class too. */ Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API obviously doesn't provide a means of doing any length checks. If it is any consolation, it was committed with the vague hope of being a temporary measure as OpenSSL commit 83b06347 suggests: Note that the accessors / writers for iv, buf and num may go away, as those rather belong in the implementation's own structure (cipher_data) when the implementation would affect them [...] As is true for many temporary kludges and dumb accessors, these are here to stay a with us for a while. While I'm at it, MariaDB has other phantastic things it did to ease its pain with the OpenSSL 1.1 API transition. To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and uses arrays of these sizes that it aligns, casts and passes as ctx to the EVP API. Of course, they need to safeguard themselves against the inevitable buffer overruns that this might cause since the type is opaque and could (and actually did) change its size between two OpenSSL releases. There is a runtime check in mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc() with "coc_malloc()" to determine the sizes that OpenSSL would allocate internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's ideas of the ctx sizes. Go look, I'm not making this stuff up.
* Annotate the structs that will be moved to hmac_local.h and evp_locl.htb2021-12-121-3/+10
| | | | | | | | | | | | in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with separately. EVP_CIPHER_INFO internals are still publicly visible in OpenSSL, so it won't be moved. Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These typedefs will be visible by files including only hmac.h or evp.h since hmac.h includes evp.h and evp.h includes ossl_typ.h. ok inoguchi
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-1235-36/+104
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Add a mostly empty hmac_local.h. HMAC_CTX and a few other thingstb2021-12-121-1/+2
| | | | | | | from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
* Add header guards to evp_locl.h.tb2021-12-121-1/+6
| | | | ok inoguchi
* Add #include "bn_lcl.h" to the files that will soon need it.tb2021-12-041-1/+2
| | | | ok inoguchi jsing
* Use calloc() in EVP_PKEY_meth_new() instead of malloc() and settingtb2021-12-031-29/+2
| | | | | | almost all members to 0. Just set the two things that need setting. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 20:23:48 +0000