| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Rename the variable from x into pkey, make it NULL safe and unindent.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
There is no need for a local variable and a ternary operator here.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}()
live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(),
the latter being a relatively simple wrapper of Init_ex/Update/Final_ex.
|
| |
|
|
|
|
|
| |
Consistently implement the _ex() version after the non-extended versions,
First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only
switches the order of CipherFinal{,_ex} and move the DecryptInit* down,
so they are no longer somewhere in the middle of the Encrypt* functions.
|
| |
|
|
|
| |
I guess I'm getting old. Next time I'll have to add a reminder not to
forget to remove the reminder.
|
| | |
|
| |
|
|
|
|
|
| |
These remove a few more potential out-of-bounds accesses and ensure in
particular that the padding is between 1 and block_size (inclusive).
ok joshua jsing
|
| |
|
|
|
|
|
|
|
|
| |
Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the
middle of the function. Handle the reuse case outside of the big non-NULL
cipher case for now. This looks a bit odd but relies on the invariant that
cipher_data is only set if the cipher is set. It will be reworked in a
subsequent commit.
ok jsing
|
| |
|
|
| |
ok joshua jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to
hang it off the EVP_CIPHER_CTX since it is easy to compute and validate.
ok joshua jsing
|
| |
|
|
|
|
|
| |
Ensure that the nid and key length are non-negative and that the block
size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem.
ok joshua jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Rename the slightly awkward buf_offset into partial_len and rename
buf_avail into partial_needed to match.
suggested by jsing
|
| |
|
|
| |
suggested by jsing
|
| |
|
|
|
|
|
|
|
|
| |
Rework the code to use the usual variable names, return early if we
have block size 1 and unindent the remainder of the code for block
sizes 8 and 16. Rework the padding check to be less acrobatic and
copy the remainder of the plain text into out using memcpy() rather
than a for loop.
input/ok jsing
|
| |
|
|
|
|
|
| |
This switches to the variable names used in other functions, adds a
reminder to add a missing length check and uses memset for the padding.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This time the block size is called b and there's some awful length
fiddling with fix_len, which until recently also served as store
for the return value for do_cipher()...
If we land on a block boundary, we keep the last block decrypted and
don't count it as part of the output. So in the next call we need to
feed it back in. Feeding it back in counts as output written this time
around, so instead of remembering that we need to adjust outl, keep a
tally of the bytes written. This way we can also do some overflow and
underflow checking.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
This was done the worst possible way. It would be much simpler to invert
the logic and use a single #ifdef. jsing prefers keeping the current
logic and suggested we ditch the preprocessor mess altogether.
ok jsing, claudio agreed with the initial diff
|
| |
|
|
|
|
|
|
| |
This is mostly stylistic cleanup, making the control flow a bit more
obvious. There's one user-visible change: we no longer go out of our
way to provide info about the unknown algorithm. The nid is enough.
ok joshua jsing
|
| |
|
|
| |
suggested by millert
|
| |
|
|
|
|
|
|
|
| |
Use more sensible variable names in order to make the logic a bit easier
to follow. The variables may be renamed in a later pass. Unindent a block
that was squeezed too much to the right and make a few minor stylistic
tweaks.
ok jsing
|
| |
|
|
|
|
|
| |
There is no point in having EVP_PBE_CipherInit() between the table and
the lookup functions (which it notably uses).
No code change.
|
| |
|
|
|
|
|
|
|
| |
Split the table of built-in password based encryption algorithms into two
and use a linear scan over the table corresponding to the type specified
in EVP_PBE_find()'s type argument. Use better variable names, make the
API a bit safer and generally reduce the eye bleed in here.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using five different idioms for eight callers of the do_cipher()
method in EVP_{Decrypt,Encrypt}{Update,Final_ex}(), wrap the API insanity
in an evp_cipher() function that calls do_cipher() as appropriate depending
on the EVP_CIPH_FLAG_CUSTOM_CIPHER being set or not. This wrapper has the
usual OpenSSL calling conventions.
There is one complication in EVP_EncryptUpdate() in the case a previous
call wrote only a partial buffer. In that case, the evp_cipher() call is
made twice and the lengths have to be added. Add overflow checks and only
set outl (the number of bytes written) to out on success.
ok jsing
|
| |
|
|
|
|
| |
It's a noop and will be removed in the next major bump.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nobody adds a custom password-based encryption algorithm, be it a PRF or
one that can be an outermost AlgorithmIdentifier in CMS or its precursors.
This makes the undocumented and unused EVP_PBE_alg_add{,_type}() always
fail. They will be removed in the next major bump.
Thus, we no longer need to maintain a global stack of PBE algorithms that
one thread can happily modify while another one searches it.
In subsequent steps we can then remove another rather pointless use of
OBJ_bsearch_(). "Let's optimize the lookup in a table with two dozen
entries using about as many glorious layers of obfuscating macros."
ok jsing
|
| |
|
|
|
|
|
|
|
| |
On overlong input, chacha20_poly1305_cipher() would return 0, which in
EVP_CipherUpdate() and EVP_CipherFinal() signals success with no data
written since EVP_CIPH_FLAG_CUSTOM_CIPHER is set. In order to signal an
error, we need to return -1. Obviously.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_Cipher() is an implementation detail of EVP_Cipher{Update,Final}().
Behavior depends on EVP_CIPH_FLAG_CUSTOM_CIPHER being set on ctx->cipher.
If the flag is set, do_cipher() operates in update mode if in != NULL and
in final mode if in == NULL. It returns the number of bytes written to out
(which may be 0) or -1 on error.
If the flag is not set, do_cipher() assumes properly aligned data and that
padding is handled correctly by the caller. Most do_cipher() methods will
silently produce garbage and succeed. Returns 1 on success, 0 on error.
ok jsing
|
| |
|
|
|
|
|
|
| |
EVP_Cipher() is a dangerous thin wrapper of the do_cipher() method set on
the EVP_CIPHER_CTX's cipher. It implements (part of) the update and final
step of the EVP_Cipher* API. Its behavior is nuts and will be documented
in a comment in a subsequent commit. schwarze has a manpage diff that will
fix the incorrect documentation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
They make no sense. These are thin wrappers of EVP_*Final_ex() and behave
exactly the same way. The minor behavior difference of Init and Init_ex is
likely a historical artefact of this abomination of an API. Deprecation of
the Init functions was recently removed from the manpage. The only reason
to prefer the _ex versions over the normal versions is ENGINE. This is no
longer an argument.
The warnings were added in an attempt at adding automatic cleanup. This
broke stuff and was therefore backed out. The warnings remained.
discussed with schwarze
|
| | |
|
| |
|
|
|
|
| |
The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.
|
| |
|
|
|
|
| |
The correct way of wrapping foo() is 'int ret; ret = foo(); return ret;'
because 'return foo();' would be too simple... Also unify branching from
EVP_Cipher* into EVP_Encrypt* EVP_Decrypt*.
|
| |
|
|
|
|
|
|
| |
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
|
| |
|
|
|
|
|
| |
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
| |
|
|
|
|
|
| |
This includes a manual intervention for the call to EVP_PKEY_meth_find()
which ended up in the middle of nowhere.
ok jsing
|
| |
|
|
| |
CID 468015
|
