summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Check for negative IV lengthtb2023-11-185-27/+45
| | | | | | | | | | | | A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle that this function returns -1. This can only happen for an incorrectly set up EVP_CIPHER. Still it is better form to check for negative lengths before stuffing it into a memcpy(). It would probably be desirable to cap the iv_length to something large enough. This can be done another time. ok beck
* Add chacha aliases for OpenSSL compatibilitytb2023-10-241-1/+3
| | | | | | | | | | | OpenSSL has the 20 in the long and short names, so add aliases to the existing names to make things work. In particular, EVP_get_cipherbyname() will now return EVP_chacha20() for both 'ChaCha20' and 'chacha20'. Found by Facundo Tuesca when trying to add LibreSSL support for ChaCha20 in https://github.com/pyca/cryptography/pull/9209 ok jsing
* Remove EVP_add_alg_module() prototypetb2023-10-181-3/+1
| | | | | | | | | | | | | | | | This function was the unfortunate protagonist in a series of tragic merge errors resulting in only a short stint of a year and nine months between OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good bye for good, but somehow a prototype came back with 1.0.1g, a famous version released when there were slightly more pressing things to be taken care of than a function supporting a config knob whose only purpose was to turn off fips mode or to error. from schwarze PS: The mechanism that it was supposed to provide is still documented in openssl.cnf(5). I am going remove the relevant bit at some point, but not today.
* Fix EVP_CIPHER_CTX_iv_length()tb2023-09-284-9/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In today's episode of "curly nonsense from EVP land" we deal with a quite harmless oversight and a not too bad suboptimal fix, relatively speaking. At some point EVP_CIPHER_{CCM,GCM}_SET_IVLEN was added. It modified some object hanging off of EVP_CIPHER. However, EVP_CIPHER_CTX_iv_length() wasn't taught about this and kept returning the hardcoded default value on the EVP_CIPHER. Once it transpired that a doc fix isn't going to cut it, this was fixed. And of course it's easy to fix: you only have to dive through about three layers of EVP, test and set a flag and handle a control in a couple methods. The upstream fix was done poorly and we begrudgingly have to match the API: the caller is expected to pass a raw pointer next to a 0 length along with EVP_CIPHER_GET_IV_LENGTH and the control handler goes *(int *)ptr = length in full YOLO mode. That's never going to be an issue because of course the caller will always pass a properly aligned pointer backing a sufficient amount of memory. Yes, unlikely to be a real issue, but it could have been done with proper semantics and checks without complicating the code. But why do I even bother to complain? We're used to this. Of note here is that there was some pushback painting other corners of a bikeshed until the reviewer gave up with a resigned That kind of changes the semantics and is one extra complexity level, but [shrug] ok... Anyway, the reason this matters now after so many years is that rust-openssl has an assert, notably added in a +758 -84 commit with the awesome message "Docs" that gets triggered by recent tests added to py-cryptography. Thanks to Alex Gaynor for reporting this. Let me take the opportunity to point out that pyca contributed to improve rust-openssl, in particular its libressl support, quite a bit. That's much appreciated and very noticeable. Regress coverage to follow in subsequent commits. Based on OpenSSL PR #9499 and issue #8330. ok beck jsing PS: A few macros were kept internal for now to avoid impact on the release cycle that is about to finish. They will be exposed after release.
* Make EVP_PKEY_get1_$TYPE a wrapper of EVP_PKEY_get0_$TYPEtb2023-09-101-22/+29
| | | | | | | Avoids a bit of code duplication and reduces the probability of a fix being applied to only one of get0 and get1 (which happend in p_lib.c r1.35). ok jsing
* EVP_CipherInit(): use EVP_CIPHER_CTX_cleanup()tb2023-09-101-3/+3
| | | | | | | | | | | | | | | | Before EVP_CIPHER_CTX was opaque, callers could pass an uninitialized ctx into EVP_CipherInit() and calling EVP_CIPHER_CTX_cleanup() on such a ctx would end in tears. The only way to initialize a ctx is by way of EVP_CIPHER_CTX_new(), on which we can call EVP_CIPHER_CTX_cleanup() and avoid silly leaks on ctx reuse. This also allows some simplifications in the documentation. There are more changes of this kind that should be done all over libcrypto. They will be tackled in subsequent commits. "makes a lot of sense" schwarze ok jsing
* whitespacetb2023-09-021-2/+2
|
* Align EVP_PKEY_get1_RSA() with EVP_PKEY_get0_RSA()tb2023-09-021-6/+7
|
* Fix EVP_PKEY_get0_RSA() for RSA-PSStb2023-09-011-6/+6
| | | | | | It currently returns NULL. This is OpenSSL 4088b926 + De Morgan. ok jsing
* Remove two unnecessary local variablestb2023-08-261-9/+3
|
* KNF, no assembly changeschwarze2023-08-251-6/+6
| | | | OK tb@ jsing@
* Update references from RFC 7539 to RFC 8439tb2023-08-241-3/+3
| | | | | | | | RFC 7539 was superseded by RFC 8439, incorporating errata and making editorial improvements. Very little of substance changed, in particular section numbers remain the same. Prompted by a question from schwarze
* Clarify how the EVP IV is used with ChaChatb2023-08-241-8/+6
| | | | | | | | | | | EVP_chacha20() was aligned to follow OpenSSL's nonconformant implementation during a2k20 by djm and myself in an effort to allow OpenSSH to use the OpenSSL 1.1 API. Some corresponding OpenSSL 1.1 documentation was imported at the same time. A comment attempted to translate between implementation and the incorrect documentation, which was necessarily gibberish. Improve the situation by rephrasing and dropping nonsensical bits. Prompted by a question of schwarze
* Rename env_md{,_ctx}_st to evp_md{,_ctx}_sttb2023-08-111-3/+3
| | | | | | | | | | | | | | As everyone knows (and who doesn't know will immediately guess), EVP is short for envelope. Most structs backing the public EVP_* types are called evp_*. For the EVP_MD and EVP_MD_CTX types, someone used env_md_st and env_md_ctx_st, which, as jsing pointed out, may or may not be related to a much less obvious abbreviation of envelope. It could also simply have been for reasons of inconsistency. Be all that as it may: rename these structs to use the evp_* namespace to match all the other EVP types, as well as upstream. ok jsing
* Remove OPENSSL_cpuid_setup() call from OPENSSL_add_all_algorithms_noconf()jsing2023-07-241-2/+1
| | | | | | | | | | OPENSSL_cpuid_setup() used to need to be called from OPENSSL_add_all_algorithms(), as that was the main entry point. These days we do on demand initialisation and there are various paths that lead to OPENSSL_init_crypto() being called, which in turn calls OPENSSL_cpuid_setup(). ok tb@
* No need to call OBJ_sigid_free() in EVP_cleanup() anymore.tb2023-07-221-2/+1
| | | | ok jsing
* Unbreak the namespace build after a broken mk.conf and tool misfire hadbeck2023-07-0757-470/+57
| | | | | | | | me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@
* Hide symbols in hkdf, evp, err, ecdsa, and ecbeck2023-07-0757-57/+470
| | | | | | (part 2 of commit) ok jsing@
* Move check_defer() and obj_cleanup_defer to evp/names.ctb2023-06-291-1/+4
| | | | | | | | | | These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
* Rename all occurrences of e in this file to enginetb2023-06-201-15/+15
| | | | Requested by jsing
* Rename int_ctx_new() into evp_pkey_ctx_new()tb2023-06-201-4/+4
| | | | | | int_ctx_new() is a bad, generic, nondescriptive name. requested by jsing
* Clean up and fix int_ctx_new()tb2023-06-201-34/+30
| | | | | | | | | Compare explicitly against NULL, ensure the engine is always finished on error, switch to using calloc() instead of malloc() + forgetting to set some members to 0, use EVP_PKEY_up_ref() and also use pkey_ctx instead of ret for the newly created EVP_PKEY_CTX. ok jsing
* Clean up EVP_PKEY_CTX_meth_dup()tb2023-06-201-22/+19
| | | | | | | | | | | Explicitly check against NULL, replace malloc() plus manual zeroing with calloc(). Use EVP_PKEY_up_ref() rather than handrolling it and use a more normal error idiom. There still seems to be a bug in here in that the ENGINE's refcount isn't bumped, but that will be investigated and fixed separately. ok jsing
* Remove e_old.c againtb2023-04-261-159/+0
| | | | | | | | | Also remove nonexistent symbols #defined to other symbols that confuse some linkers in -portable. This commit entails no ABI change on OpenBSD. Discussed with jsing
* Reinstate e_old.c it is still used by -portabletb2023-04-251-0/+159
|
* e_old can also gotb2023-04-251-159/+0
|
* Move truncated sha-2 and sha3 out of #ifdef wrapperstb2023-04-251-5/+1
|
* Remove X9.31 supporttb2023-04-251-2/+1
| | | | ok jsing
* Wire up truncated SHA-2, SHA-3 and related thingstb2023-04-251-1/+9
| | | | from jsing
* Provide EVP methods for SHA3 224/256/384/512.jsing2023-04-162-1/+182
| | | | ok tb@
* Provide EVP methods for SHA512/224 and SHA512/256.jsing2023-04-162-2/+83
| | | | ok tb@
* Provide and use sha{224,384}_{update,final} functions.jsing2023-04-091-28/+54
| | | | | | | | | | Improve readability and consistency by providing and using functions named for the specific hash, rather than reusing the sha256/sha512 update and final functions. No functional change. ok tb@
* Rename SHA functions to have sha{1,224,256,384,512}_ prefix.jsing2023-04-091-31/+31
| | | | | | | | Also remove some unnecessary parentheses. No functional change. ok tb@
* Expose the EVP_CIPHER_meth_* API (setter only) in evp.htb2023-03-101-3/+1
|
* Convert EVP_CIPHER_meth_dup() to using calloc()tb2023-03-011-3/+2
| | | | | | | There is no reason for this to call EVP_CIPHER_meth_new(), as the flags will be copied a line later anyway. Simplify this. Requested by jsing
* Make cipher_method_lib.c compile with LibreSSLtb2023-03-011-15/+29
| | | | | | | OPENSSL_zalloc() -> calloc(), OPENSSL_free() -> free() and a few assorted cosmetic tweaks to match our style better. ok jsing
* Add EVP_CIPHER_meth_* prototypes to evp.htb2023-03-011-1/+25
| | | | | | | As usual, this will be guarded by LIBRESSL_INTERNAL || LIBRESSL_NEXT_API until the next bump. ok jsing
* Make the cleanup() method return an int againtb2023-03-014-7/+12
| | | | | | | | | This partially reverts jsing's OpenBSD commit b8185953, but without adding back the error check that potentialy results in dumb leaks. No cleanup() method in the wild returns anything but 1. Since that's the signature in the EVP_CIPHER_meth_* API, we have no choice... ok jsing
* Fix line wrapping of function pointer argumentstb2023-03-011-15/+8
| | | | ok jsing
* First KNF approximation as per knfmt(1)tb2023-03-011-60/+72
| | | | ok jsing
* Drop the EVP_CIPHER_METH_get_* functionstb2023-03-011-42/+1
| | | | | | | | Nothing interesting uses them. There's a Debian SSH-1 module and corresponding ncrack bits. That's not reason enough to have this garbage. ok jsing
* Add RCS tagtb2023-03-011-0/+1
|
* Revert OpenSSL commit aa6bb135tb2023-03-011-5/+54
| | | | | | | | | | | | This reinstates the original license on this file. Don't bother bumping the copyright year. Nothing interesting has happened in here since the initial commit. (There was one interesting commit though: "Don't care openssl_zmalloc()", which is interesting due to the lack of care, not because it's copyright worthy) ok jsing
* libcrypto: import a copy of OpenSSL 1.1's cmeth_lib.ctb2023-03-011-0/+151
| | | | | | | | | | This is the file as of OpenSSL 1.1.1 commit 82dfb986. Call the file cipher_method_lib.c since the short names in this directory are hard enough to read. This is a first step towards providing the poorly named EVP_CIPHER_meth_* API which is needed by some projects because of EVP_CIPHER opacity. ok jsing
* spelling fixes; from paul tagliamontejmc2022-12-263-6/+6
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make header guards of internal headers consistenttb2022-11-261-4/+4
| | | | | Not all of them, only those that didn't leak into a public header... Yes.
* Make internal header file names consistenttb2022-11-2653-113/+113
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Change the pkey.ptr from char * to void *tb2022-11-182-4/+4
| | | | | | | | Now that EVP_PKEY is opaque, there is no reason to keep the ptr member of the pkey union as a weird char pointer, a void pointer will do. This avoids a few stupid casts and simplifies an upcoming diff. ok jsing
* Expose various EVP hooks for Ed25519 and X25519tb2022-11-131-6/+3
| | | | | | | | This adds the EVP_PKEY_ED25519 and EVP_PKEY_X25519 aliases for the NIDs and exposes the raw public key API. The ED25519_KEYLEN and X25519_KEYLEN defines are still kept internal for now to match what OpenSSL have. We may want to expose those later.
* Implement EVP interfaces for Ed25519 and X25519.jsing2022-11-103-3/+26
| | | | ok beck@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 14:17:28 +0000