| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
CID 21653
ok jsing@ millert@ tb@
|
| |
|
|
|
|
| |
CID 24778
ok jsing@ millert@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
This provides support for new-style BIO callbacks in
BIO_{read,write,gets,puts}() and a helper function to
work out whether it should call the new or the old
style callback. It also adds a few typedefs and minor
code cleanup as well as the BIO_{get,set}_callback_ex()
from jsing, ok tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding
public API EVP_{dss,dss1,ecdsa}().
This is basically the following OpenSSL commit. The mentioned change in
RSA is already present in rsa/rsa_pmeth.c.
ok inoguchi jsing
commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Wed Dec 2 13:57:04 2015 +0000
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
|
| |
|
|
|
|
| |
This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h.
ok inoguchi jsing
|
| |
|
|
|
| |
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This allows implementations to add their own EVP_MD_METHODs.
Only the setters are provided.
This is used by erlang for the otp_test_engine.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
NULL out two pointer values after memcpy() to avoid a double free.
In the event that both in->pctx and in->md_data are non-NULL and
the calloc() of out->md_data fails, a double free could occur.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This API with very strange ownership handling is used by Ruby 3.1,
unfortunately.
For unclear reasons, it was decided that the caller retains ownership of
the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to
make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}().
Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs
to be unset on the duplicated EVP_MD_CTX.
ok inoguchi jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
| |
that will need it in the upcoming bump.
discussed with jsing
|
| |
|
|
|
|
| |
They will be needed by security/py-M2Crypto and telephony/sngrep.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is just a dumb 'return ctx->buf' whose name was chosen to be consistent
with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf()
ok jsing
The backstory is this:
This wonderful API will be needed by MariaDB once EVP is opaque. To be able
to use its own handrolled AES CTR variant, it needs to reach inside the cipher
ctx's buffer and mess with it:
uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
NOTE this assumes that there are only buf_len bytes in the buf.
If OpenSSL will change that, we'll need to change the implementation
of this class too.
*/
Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API
obviously doesn't provide a means of doing any length checks.
If it is any consolation, it was committed with the vague hope of being a
temporary measure as OpenSSL commit 83b06347 suggests:
Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them [...]
As is true for many temporary kludges and dumb accessors, these are here
to stay a with us for a while.
While I'm at it, MariaDB has other phantastic things it did to ease its
pain with the OpenSSL 1.1 API transition.
To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per
EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and
uses arrays of these sizes that it aligns, casts and passes as ctx to the
EVP API.
Of course, they need to safeguard themselves against the inevitable buffer
overruns that this might cause since the type is opaque and could (and actually
did) change its size between two OpenSSL releases. There is a runtime check in
mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc()
with "coc_malloc()" to determine the sizes that OpenSSL would allocate
internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's
ideas of the ctx sizes.
Go look, I'm not making this stuff up.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with
separately. EVP_CIPHER_INFO internals are still publicly visible in
OpenSSL, so it won't be moved.
Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These
typedefs will be visible by files including only hmac.h or evp.h since
hmac.h includes evp.h and evp.h includes ossl_typ.h.
ok inoguchi
|
| |
|
|
|
|
| |
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
| |
|
|
|
|
|
| |
from hmac.h will be moved there in an umpcoming bump. Include this
file where it will be needed.
ok inoguchi
|
| |
|
|
| |
ok inoguchi
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
| |
almost all members to 0. Just set the two things that need setting.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
It is very easy to forget to copy over newly added methods. Everyone
working in this corner has run into this. Instead, preserve what needs
preserving and use a struct copy, so all methods get copied from src
to dest.
tweak/ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN
defines and aliases the GCM and CCM versions to those.
This is the publicly visible part of OpenSSL's e640fa02005.
ok inoguchi jsing
|
| |
|
|
| |
move from an awful macro to a proper function.
|
| |
|
|
|
|
| |
no longer needed.
ok jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}.
and are part of the OpenSSL 1.1.1 API. While they simplify callers in some
situations slightly, their real use is for EdDSA that by design can't be
split into Update/Final steps.
Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c
ok inoguchi
|
| |
|
|
| |
ok bcook inoguchi jsing
|
| |
|
|
|
|
|
| |
sebastia ran into this when attempting to update security/hcxtools.
This will be tested via wycheproof.go once the symbol is public.
ok jsing, tested by sebastia
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ok inoguchi
commit 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
Author: Matt Caswell <matt@openssl.org>
Date: Tue Feb 2 17:17:23 2021 +0000
Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-23840
Reviewed-by: Paul Dale <pauli@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX
containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy
to copy cipher_data to the target struct. The result is that the
copy contains a pointer to the wrong struct, which then leads to a
use-after-free. The custom copy handler fixes things up to avoid
that.
Issue reported by Guido Vranken
ok beck inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
It is possible to do this by abusing the EVP_CTRL_INIT API.
Pointed out by jsing.
ok inoguchi jsing (as part of a larger diff)
|
| |
|
|
|
|
|
|
|
|
|
| |
EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key.
Issue reported and fix tested by Guido Vranken.
ok beck, jsing
This commit adds a constant to a public header despite library lock,
as discussed with deraadt and sthen.
|
| |
|
|
|
|
|
| |
Referred to this OpenSSL commit and adopted to the codebase.
b785504a10310cb2872270eb409b70971be5e76e
suggest and ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Fix the problem that long unbroken line of base64 text is not decoded.
Referred to this OpenSSL commit and adapted to the codebase.
3cdd1e94b1d71f2ce3002738f9506da91fe2af45
Reported by john.a.passaro <at> gmail.com to the LibreSSL ML.
ok tb@
|
| | |
|
| |
|
|
|
|
| |
behavior.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new IV is 128 bit long and is actually the 64 bit counter followed
by 64 the bit initialization vector. This is needed by an upcoming
change in OpenSSH and is a breaking change for all current callers.
There are language bindings for Node.js, Rust and Erlang, but none of
our ports use them.
Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014
while the entirely incompatible version in OpenSSL was committed on
Dec 9, 2015.
Initial diff from djm and myself, further refinements by djm.
Ports grepping by sthen
ok jsing
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This handles controls with a message digest by name, looks up the message
digest and then proxies the control through with the EVP_MD *.
This is internal only for now and will be used in upcoming RSA related
changes.
Based on OpenSSL 1.1.1d.
ok inoguchi@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
EVP_PKEY_CTRL_GET_MD control for DSA, EC and RSA.
This is used by the upcoming RSA CMS code.
ok inoguchi@ tb@
|
| | |
|
