summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Missing initialization; OpenSSL PR#3289 and #3345 via OpenSSL trunk.miod2014-07-111-2/+3
|
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1147-155/+157
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-1040-53/+155
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Kill a blatantly outdated (and now wrong) commentmiod2014-07-101-4/+1
|
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-1014-17/+45
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals itmiod2014-06-242-627/+1
| | | | | should not know anything about. Verified not to be used in ports; riding upon the recent libcrypto major bump.
* Switch to the ISC licensed versions of these files, which Google has madejsing2014-06-212-101/+26
| | | | | | available via boringssl. ok deraadt@
* free iv, then cleanse. from Cyril Jouvetedu2014-06-151-2/+2
|
* Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 ratherjsing2014-06-151-9/+4
| | | | | | than '\0' for several memset(). ok beck@ miod@
* Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()jsing2014-06-151-6/+2
| | | | | | does something special... just use calloc() instead. ok beck@ miod@
* Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().jsing2014-06-151-1/+2
| | | | ok beck@ miod@
* The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of thejsing2014-06-151-2/+2
| | | | | | | EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
* tags as requested by miod and teduderaadt2014-06-1260-54/+60
|
* c-file-style hints, begone; ok beckderaadt2014-06-112-2/+2
|
* Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receivesderaadt2014-06-101-3/+0
| | | | | | | | | | | | | collateral damage. The syncronous nature of this mechanism has hampered performance for symmetric crypto relative to brute-force cpu. The assymetric crypto support never really materialized in drivers. So abandon the complexity. ok tedu beck mikeb some disagrement from djm but if he wants to test /dev/crypto ciphers he should do it without this this gigantic API in the way
* Use C99 initialisers for EVP_MD structs, for clarity, grepability and tojsing2014-06-1011-180/+266
| | | | | | protect from future field reordering/removal. No difference in generated assembly.
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-072-35/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* malloc() result does not need a cast.deraadt2014-06-075-5/+5
| | | | ok miod
* remove CONST_STRICT. ok beck deraadttedu2014-05-301-5/+1
|
* no need for null check before free. from Brendan MacDonelltedu2014-05-301-2/+1
|
* Implement an improved version of the EVP AEAD API. Thejsing2014-05-265-106/+109
| | | | | | | | | | | | | | | | EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was overloaded to indicate success/failure, along with the number of bytes written as output. This change adds an explicit *out_len argument which is used to return the number of output bytes and the return value is now an int that is purely used to identify success or failure. This change effectively rides the last libcrypto crank (although I do not expect there to be many users of the EVP AEAD API currently). Thanks to Adam Langley for providing the improved code that this diff is based on. ok miod@
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-251-3/+1
|
* Convert OPENSSL_malloc stuff back to intrinsics, a few were missedbeck2014-05-222-4/+4
| | | | | as new stuff was brought in. ok miod@
* no no md2tedu2014-05-171-3/+0
|
* no no seedtedu2014-05-172-17/+0
|
* When OPENSSL_LOAD_CONF was added it ended up with more #if 0 code,jsing2014-05-163-94/+14
| | | | | | | | | | | more #ifdefs and a new source file that contains a single function. Nuke the #if 0 code that is now a macro and move the single function in evp_acnf.c to c_all.c, which is where the other code lives. While here, tidy evp.h slightly, remove an unnecessary #ifdef __OpenBSD__ and nuke a comment that is now a lie. ok miod@
* More KNF.jsing2014-05-154-7/+7
|
* Use C99 initialisers for the AEAD struct.jsing2014-05-151-9/+9
|
* KNF.jsing2014-05-151-70/+67
|
* Add a ChaCha20-Poly1305 AEAD EVP implementation to libcrypto, from Adamjsing2014-05-153-0/+272
| | | | | | Langley's Chromium OpenSSL patches. ok miod@
* KNF.jsing2014-05-152-74/+75
|
* Add an AEAD EVP interface to libcrypto, along with AES-GCM AEADjsing2014-05-155-33/+549
| | | | | | | implementations. This largely pulls in Adam Langley's AEAD patches from Chromium's OpenSSL. ok miod@
* Stop being a dummy... presumably these are left overs from pedantic modejsing2014-05-151-3/+1
| | | | | | that were not wrapped with #if PEDANTIC. ok miod@
* More KNF.jsing2014-05-115-16/+27
|
* KNF.jsing2014-05-112-322/+287
|
* More KNF.jsing2014-05-0811-45/+94
|
* KNF.jsing2014-05-0812-308/+383
|
* Remove KSSL debug code.jsing2014-05-081-21/+0
| | | | "fire bomb" tedu@
* KNF.jsing2014-05-087-912/+917
|
* Nuke OPENSSL_FIPS - having #ifdefs inside a #ifndef for the same thingjsing2014-05-082-18/+0
| | | | | | is amusing. ok deraadt@
* KNF.jsing2014-05-0816-1499/+1544
|
* KNF.jsing2014-05-0714-944/+984
|
* Add checks for invalid base64 encoded data, specifically relating to thejsing2014-05-031-0/+12
| | | | | | | | | | | | | | | | | | | | | handling of padding. This fixes a crash that can be triggered by feeding base64 data followed by 64 or more padding characters, which results in a negative output length. This issue was reported by David Ramos, although the same bug has been sitting in the OpenSSL RT since 2011: https://rt.openssl.org/Ticket/Display.html?id=2608 Worse still, BIO_read seems to be completely unable to detect that the base64 input was invalid/corrupt - in particular, enabling BIO_FLAGS_BASE64_NO_NL results in a stream of zero value bytes rather than no input (possibly a good replacement for /dev/null...), which could result in nasty consequences. Prior to this fix some zero value bytes were also injected without this flag being enabled. The recently added base64 regress triggers and documents these issues (and also ensures that this change retains functional behaviour).
* It is definitly not the correct spelling.jsing2014-05-031-2/+2
|
* KNF.jsing2014-05-034-932/+910
|
* KNF.jsing2014-05-034-495/+514
|
* Nuke unused evptests.txt - the real one is over in regress.jsing2014-05-011-334/+0
| | | | ok miod@
* Provide an EVP implementation for ChaCha.jsing2014-05-013-0/+73
| | | | ok miod@
* Use C99 initializers for the various FOO_METHOD structs. More readable, andmiod2014-04-274-48/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 18:55:50 +0000