| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This is analogous to EVP_CIPHER_CTX_legacy_clear() and will serve as an
internal replacement for EVP_MD_CTX_init() until the conversion to heap
allocated ctx is completed. This way EVP_MD_CTX_init() can be changed to
match the OpenSSL 1.1 API.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on an already used ctx. On the other hand, it can't be used
for ctx on the stack.
libcrypto still has a few ctx on the stack which will be converted to heap
allocated contexts at some point. Until this is completed, we will use
EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be
changed to match OpenSSL 1.1.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API was already cleaned up quite a bit, but it is unused in the
ecosystem and the two internal callers can be simplified a lot when
inlining the lookups.
EVP_PBE_CipherInit() can walk the table of "outer" PBEs and reach into
the matching pbe for its cipher_nid, md_nid and keygen().
PKCS5_v2_PBKDF2_keyivgen() uses EVP_PBE_find() as a way to mapping a
PRF (given by the nid of an HMAC with some digest) to the digest's nid.
This can be done by a simple switch. Move MD5 to the top and GOST to
the end in that switch and wrap the latter in OPENSSL_NO_GOST, so it
will go away once we define OPENSSL_NO_GOST.
ok beck
|
| |
|
|
|
|
|
|
| |
We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.
ok beck joshua
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
| |
These are only used by the EVP_PBE routines and will become internal in
the next major bump.
|
| | |
|
| | |
|
| |
|
|
| |
This has been a noop since forever and will be removed in the next bump.
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
After removing the last caller of EVP_PKEY_meth_find() from libssl, none
of these is used. And with EVP_PKEY_meth_new() gone, there will no longer
be a way to get your hands onto an EVP_PKEY_METHOD that is writable, so
none of the silent failures (because they're void functions) should matter
in the few weeks until we bump.
ok jsing
|
| |
|
|
| |
... and another file without license disappears.
|
| |
|
|
| |
They will await their removal in the next major bump.
|
| |
|
|
|
| |
First to move is EVP_cleanup(), which should probably be moved to an
evp_lib.c if such a file is reinstated.
|
| |
|
|
|
| |
With check_defer() gone, this is never set to anything but 0, so the two
conditional branches it is still involved in are dead code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This was a mechanism to ensure that OBJ_cleanup() doesn't remove the
ASN1_OBJECT associated with a custom cipher or digest (that was added
with EVP_add_{cipher,digest}(), while the latter is still referenced
in the OBJ_NAME table.
It had the effect that OBJ_cleanup() wasn't actually called ever from
OPENSSL_cleanup() (it is only called if you load the OID conf module).
Oh, and of course it was once part of the public API. I fixed that two
years ago, almost exactly to the day. Still mentioned in OBJ_create.3.
|
| |
|
|
|
|
|
|
|
|
| |
This makes them noops. They are used in the wild for adding ciphers
that are always added by the library init code. This is a historic
leftover.
This removes the last (and only ever) calls to check_defer().
ok jsing
|
| |
|
|
|
|
|
| |
OBJ_NAME_add() is a noop now, so remove all calls and simplify the
remainder of these two functions a bit.
Intermediate step to a larger diff that was ok jsing
|
| |
|
|
| |
This is a noop now, so no need to call it.
|
| |
|
|
|
|
|
|
|
|
|
| |
These serve no purpose anymore (and really haven't for many years) but
will have to be kept since there's a number of software that still uses
them because many years ago they had to.
Relocate the stubs to crypto_init.c since library initialization's what
they were there for.
ok jsing
|
| |
|
|
|
|
|
| |
Instead of a hashtable lookup do a bsearch() over the static table.
This needs about the same number of strcmp and is a lot simpler.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements the do_all API by simple loops over the tables of
digests and ciphers. Since some ciphers are only available on some
platforms, we need to skip them if necessary. We use loops in each
of the functions rather the convoluted way of reducing some of the
loops to others.
Since the tables are sorted, as ensured by regress, both do_all() and
do_all_sorted() walk the lists in order. In particular, we no longer
need to allocate to be able to sort hash tables by name on the fly in a
void function that may end up doing nothing because allocation failed.
We still need to do an unchecked OPENSSL_init_crypto() call. But that's
what prayer and clean living are there for (as beck put it).
The OBJ_NAME API is completely misnamed. It has little to do with objects
and a lot to do with EVP. Therefore we implement what will remain from
its saner replacement in the evp directory, i.e., evp_names.c.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is the corresponding commit for digests and their aliases. It
only adds a table to be used in upcoming commits. What was said
about ciphers applies mutatis mutandis to digests.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This arranges the data provided by dynamic library initialization
in a static table and will help avoid gross code with missing error
checking and other defects on every use of the library. This table
isn't pretty due to various naming inconsistecies accumulated over
the decades. It will significantly simplify the implementation of
API such as EVP_get_cipherbyname() and EVP_CIPHER_do_all().
All the table does is map strings to ciphers, typically used on the
openssl(1) command line or in code it's the mechanism that underlies
the map from NID_chacha20 to the data returned by EVP_chacha20().
It's of course more complicated because it just had to be stupid.
This is one of the places where the use of bsearch() is justified.
The price to pay for the simplification is that adding custom aliases
and custom ciphers to this table will no longer be supported. It is
one significant user of the LHASH madness. That's just another piece
of the awful "toolkit aspect"-guided misdesign that contributes to
making this codebase so terrible.
A corresponding table for the digests will be added in the next
commit.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
| |
No change in the generated aarch64 assembly apart from line number changes.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Use iv_len for the variables storing the IV length, formerly l and j.
Remove use of the unnecessary variable i and unindent the whole mess.
Some return values are fishy. That will be addressed in subsequent
commits.
ok jsing
|
| |
|
|
|
| |
Switch i to a size_t and improve a flag check. Part of an earlier diff
that was ok jsing but were lost when I reworked the diff.
|
| | |
|
| |
|
|
|
| |
Remove unnecessary parentheses and use a better place to break an overlong
line.
|
| |
|
|
|
|
|
| |
Use an error exit that frees the ui in case the UI_add_* fail. Also add
a few empty lines for readability.
ok joshua
|
| |
|
|
|
|
|
|
|
|
| |
This removes the global pkey_app_methods stack that was never cleaned up
and makes EVP_PKEY_meth_add0() always fail and push an error on the stack.
EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and
things become a bit cleaner. It's still all way more complicated than it
needs to be...
ok jsing
|
| |
|
|
|
|
|
|
| |
The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.
ok jsing
|
| |
|
|
|
| |
Use better variable names without silly p prefix and use explicit checks
against NULL.
|
| |
|
|
|
|
|
|
|
| |
Use slightly better argument and variable names, do not pointlessly try
to match a string of negative length < -1, use a size_t for the strlen()
and preserve the logic that allows lookup by a string fragment rather
than a full string.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
EVP_PKEY_asn1_find() finds the EVP_PKEY_ASN1_METHOD underlying the method
or alias with nid (or, rather, pkey_id) passed in. Now that we have the
base method stored in a pointer, we can return that method after a simple
lookup of said nid (or, rather, pkey_id).
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information can be stored in a base_method pointer in allusion
to the pkey_base_id, which is the name for the nid (aka pkey_id aka
type) of the underlying method.
For an ASN.1 method, the base method is itself, so the base method
is set as a pointer to itself. For an alias it is of course a pointer
to the underlying method. Then obviously ameth->pkey_base_id is the
same as ameth->base_method->pkey_id, so rework all ASN.1 methods to
follow that.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For some reason DSA, GOST, and RSA had their ASN.1 methods stored in
an array. This is clumsy and the only benefit is that one saves a few
externs in p_lib.c. They were also arranged by ascending NID because
of bsearch() madness.
Split them up and arrange the methods by name, which is much saner
and simpler.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the
IVs of block ciphers. In most modes, only iv is used, but in some modes iv
is modified and oiv is used to store the original IV. At the moment nothing
enforces that they are of the same length. Therefore make sure the correct
one or both are checked before writing to or reading from them.
ok miod
|
| |
|
|
|
|
|
| |
First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv()
which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping
EVP_CIPHER_get_asn1_iv(). Move each param function below the iv function
it wraps.
|
| | |
|
| |
|
|
|
|
| |
This isn't great since the struct is ordered in about the silliest way
imaginable, but it is better than it was before. Bringing order into
this mess is harder than solving a Rubik's cube.
|
| |
|
|
|
| |
These confusingly named getters were added "for convenience" in 1.1.
They fit best next to the EVP_CIPHER API.
|
| |
|
|
|
| |
They are now below the CMS ASN.1 IV stuff, but above the EVP_CIPHER_meth*
API, which are setters, in a way.
|
