summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Unifdef PBE_PRF_TESTtb2024-03-261-7/+1
| | | | | | This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h ok jsing
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_SignFinaljoshua2024-03-261-6/+8
| | | | ok jsing@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_VerifyFinaljoshua2024-03-261-6/+7
| | | | ok tb@
* Clean up use of EVP_CIPHER_CTX_{legacy_clear,cleanup} in EVP_OpenInitjoshua2024-03-261-3/+3
| | | | ok tb@
* Garbage collect the unused verifyctx() and verifyctx_init()tb2024-03-262-23/+5
| | | | ok joshua jsing
* Inline sctx in EVP_DigestSignFinaljoshua2024-03-251-11/+8
| | | | ok tb@ jsing@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS5_PBE_keyivgenjoshua2024-03-251-11/+12
| | | | ok tb@
* Remove unneeded brackets from if statement in EVP_DigestSignFinaljoshua2024-03-251-3/+2
| | | | ok tb@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKeyjoshua2024-03-251-12/+14
| | | | ok tb@
* Move custom sigctx handling out of EVP_DigestSignFinaljoshua2024-03-251-13/+28
| | | | ok tb@
* Clean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.cjoshua2024-03-251-39/+49
| | | | | | | Additionally, this tidies up some surrounding code and replaces usage of free with freezero and malloc with calloc. ok tb@
* Restore EVP_get_cipherbyname(NULL)/EVP_get_digestbyname(NULL) handlingjca2024-03-241-1/+7
| | | | | | | | | The previous implementation used the now defunct OBJ_NAME_get() which bailed out when passed a NULL argument. Difference spotted by the regress tests in ports/net/openvpn (regular openvpn use is fine but openvpn --show-ciphers/--show-digests crashes). ok tb@
* Fix namespace buildtb2024-03-241-2/+1
| | | | noticed/ok beck
* Remove OPENSSL_NO_* #ifdefs from evp_names.ctb2024-03-241-145/+1
| | | | discussed with jsing
* Bye bye gost, bye, bye turdinesstb2024-03-243-79/+3
| | | | ok beck
* Remove some GOST relicstb2024-03-021-133/+0
|
* Unhook and remove GOST and STREEBOGtb2024-03-025-539/+2
| | | | | | | | | | | | This stops compiling the GOST source. The current implementation is low quality and got in the way, especially in libssl. While we would be open for GOST support, it needs to be significantly better than what we have had and it also needs a maintainer. Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h. Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later. ok jsing
* Garbage collect CUSTOM_KEY_LENGTH/SET_KEY_LENGTHtb2024-03-021-4/+1
| | | | | | | These are unused defines that used to add unwanted complications in EVP_CIPHER_CTX_set_key_lenght(). ok jsing
* Remove more PBE stuff from the public APItb2024-03-023-11/+9
| | | | | | | This is still needed internally for CMS and its predecessors. This removal will enable disentangling some of its innards. ok jsing
* Remove most PBEPARAM stuff from public visibilitytb2024-03-021-1/+2
| | | | | | The struct itself needs to remain public, unfortunately. ok jsing
* Remove a lot of PKCS12 garbage from the public APItb2024-03-021-1/+5
| | | | | | | | PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing
* Remove RC4-HMAC-MD5 and AES-{128,256}-CBC-HMAC-SHA-1tb2024-03-024-945/+2
| | | | | | | "Stitched" mode AEADs were removed from libssl a long time ago. Nothing uses these CIPHERs anymore. ok jsing
* Make legacy cipher methods internaltb2024-03-022-10/+8
| | | | | | | These are ASN.1 handlers for CIPHERs, still used by CMS and its predecessors. They should never have been public. ok jsing
* Remove EVP_PBE_* API from public visibilitytb2024-03-023-61/+6
| | | | | | | You can no longer add your custom PBE algorithm. Pity. EVP_PBE_CipherInit() stays for internal use, the rest goes away copmletely. ok jsing
* Remove EVP_PKEY_meth_*() APItb2024-03-022-237/+2
| | | | | | After ameth, the second bit of custom EVP_PKEY API removal. ok jsing
* Remove the ameth libtb2024-03-021-43/+1
| | | | | | | | This is accessor API for ASN.1 methods needed for custom PKEYs. Nothing has ever used this. This has been neutered for months. The EVP_PKEY_asn1_* API that needs to stay was moved elsewhere. ok jsing
* Remove EVP_MD_meth* againtb2024-03-022-132/+2
| | | | | | | | | | | Erlang upstream disabled the otp_test_engine for LibreSSL >= 3.5 without explanation. It was the only reason we added this garbage API in the first place. Meanwhile libfido2 started using it for a mock up of OpenSSL 3's broken fetch design with old API. This is pointless, so all this garbage goes away again (in particular we can remove the absolutely horrifying EVP_MD_meth_set_app_datasize() again). ok jsing
* Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()tb2024-03-023-13/+13
| | | | | | | | | | | | | | When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live on the stack, these initialization APIs were wrappers around memset. In OpenSSL 1.1, somebody removed them and carelessly made _init() an alias of _reset() aka _cleanup(). As a consequence, both signature and semantics changed. Unsurprisingly, there is now code out there that actually uses the new semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns our _init() with OpenSSL 1.1 semantics. ok jsing
* Switch name member of OBJ_NAME to const void *tb2024-03-021-3/+3
| | | | | | Because this is the type it should have had from the get go. ok jsing
* Remove unused public OBJ_NAME_* APItb2024-03-021-53/+1
| | | | | | | This functionality has been disabled for a few months. Now it is high time to garbage collect it. ok jsing
* Remove EVP_{add,delete}_{cipher,digest}_alias()tb2024-03-021-10/+1
| | | | | | | | These are macro wrappers around the neutered OBJ_NAME_{add,remove}() API (notice the consistency), which will be removed shortly. Only security/xca used to use this. ok jsing
* Remove EVP_add_{cipher,digest}() from public APItb2024-03-022-17/+2
| | | | | | | | | | | Ciphers and digests are now handled in a static lookup table and no longer by the associative array that used to underlie the OBJ_NAME API. Adding ciphers is no longer possible. What uses this API does so for historic reasons coming from a time where SHA-2 and some AES variants needed to be enabled explicitly. Ports doing this (PHP and DANE code) were fixed. ok jsing
* Remove custom key length handlingtb2024-02-241-5/+1
| | | | | | | | | | | No cipher in libcrypto is marked EVP_CIPH_CUSTOM_KEY_LENGTH and no control handler deals with EVP_CTRL_SET_KEY_LENGTH, which means that this code is dead as far as libcrypto is concerned. Almost nothing uses EVP_CIPHER_meth* (this was added for a single project) and nothing sets a custom ctrl. This isn't going to change anyway since EVP_CIPHER_meth* is deprecated in order to promote more provider beauty. ok beck jsing
* Align EVP_CIPHER_CTX_init() and _legacy_clear()tb2024-02-181-2/+2
|
* Hide EVP_{CIPHER,MD}_CTX_init() from internalstb2024-02-181-1/+5
| | | | ok jsing
* Use EVP_MD_CTX_legacy_clear() internallytb2024-02-186-15/+15
| | | | ok jsing
* Use EVP_CIPHER_CTX_legacy_clear() internallytb2024-02-182-6/+6
| | | | ok jsing
* Add EVP_MD_CTX_legacy_clear()tb2024-02-182-2/+9
| | | | | | | | | This is analogous to EVP_CIPHER_CTX_legacy_clear() and will serve as an internal replacement for EVP_MD_CTX_init() until the conversion to heap allocated ctx is completed. This way EVP_MD_CTX_init() can be changed to match the OpenSSL 1.1 API. ok jsing
* Add EVP_CIPHER_CTX_legacy_clear()tb2024-02-182-2/+10
| | | | | | | | | | | | | | OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset(). In particular, it changed signature and it would no longer leak internal state if used on an already used ctx. On the other hand, it can't be used for ctx on the stack. libcrypto still has a few ctx on the stack which will be converted to heap allocated contexts at some point. Until this is completed, we will use EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be changed to match OpenSSL 1.1. ok jsing
* Inline EVP_PBE_find() in its last two callerstb2024-02-011-140/+69
| | | | | | | | | | | | | | | | | This API was already cleaned up quite a bit, but it is unused in the ecosystem and the two internal callers can be simplified a lot when inlining the lookups. EVP_PBE_CipherInit() can walk the table of "outer" PBEs and reach into the matching pbe for its cipher_nid, md_nid and keygen(). PKCS5_v2_PBKDF2_keyivgen() uses EVP_PBE_find() as a way to mapping a PRF (given by the nid of an HMAC with some digest) to the digest's nid. This can be done by a simple switch. Move MD5 to the top and GOST to the end in that switch and wrap the latter in OPENSSL_NO_GOST, so it will go away once we define OPENSSL_NO_GOST. ok beck
* Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safetb2024-01-302-3/+8
| | | | | | | | We have a bunch of code that relies on this. Surely there is code out there in the wider ecosystem that relies on these being NULL-safe by now since upstream sprinkles NULL checks wherever they can. ok beck joshua
* Dynamic EVP_PKEY_METHODs are a thing from the pasttb2024-01-271-3/+1
|
* Add a few aliases for ECDSA and DSA for security/xcatb2024-01-271-1/+143
| | | | ok jsing
* Use ret instead of rv in a few keyivgen functionstb2024-01-271-11/+11
|
* Fold keyivgen functions into evp_pbe.ctb2024-01-273-472/+386
| | | | | These are only used by the EVP_PBE routines and will become internal in the next major bump.
* Make some comments and some whitespace less uglytb2024-01-271-13/+14
|
* Whitespace tweaktb2024-01-271-2/+4
|
* Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.ctb2024-01-272-10/+7
| | | | This has been a noop since forever and will be removed in the next bump.
* Mark the functions at the end of this file for removaltb2024-01-271-1/+5
|
* Support HMAC with SHA-3 as a PBE PRFtb2024-01-271-1/+21
| | | | ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 07:46:33 +0000