summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Error check i2t_ASN1_OBJECT() and tweak warning messagetb2025-02-041-2/+4
| | | | | | CID 532326 ok djm jsing
* Annotate why EVP_PKEY_CTX_ctrl_str() will stay for a whiletb2025-01-201-1/+6
|
* If EVP_CIPHER_CTX_ctrl(3) is called on EVP_chacha20_poly1305(3)schwarze2024-12-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | with an unsupported control command, return -1 rather than 0 to the caller to indicate the error because in general, these control hooks ought to return -1 for unsupported control commands and 0 for other errors, for example other invalid arguments. Not a big deal because this change does not change when operations succeed or fail, and because callers are unlikely to pass unsupported control commands in the first place. The only functional change is that if a calling program inspects the ERR(3) stack after this failure, it will now find the correct error code rather than nothing. Even that wasn't a huge problem because for most EVP_CIPHER control failures, getting no reason for the error is the usual situation. Then again, giving the reason when easily possible may occasionally be useful. OpenSSL also returns -1 in this case, so it also helps compatibility a tiny bit. Found while auditing the return values of all the EVP_CIPHER control hooks in our tree. This was the only fishy one i found. OK tb@
* Reenable AES-NI in libcryptotb2024-09-061-3/+5
| | | | | | | | | | | | | | | | | | | The OPENSSL_cpu_caps() change after the last bump missed a crucial bit: there is more MD mess in the MI code than anticipated, with the result that AES is now used without AES-NI on amd64 and i386, hurting machines that previously greatly benefitted from it. Temporarily add an internal crypto_cpu_caps_ia32() API that returns the OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can be improved after the release. Regression reported and fix tested by Mark Patruck. No impact on public ABI or API. with/ok jsing PS: Next time my pkg_add feels very slow, I should perhaps not mechanically blame IEEE 802.11...
* Nuke the whrlpool (named after the galaxy) from orbittb2024-08-313-64/+2
| | | | | | | It's just gross. Only used by a popular disk encryption utility on an all-too-popular OS one or two decades back. ok beck jsing
* Remove EVP_PKEY.*attr* APItb2024-08-311-81/+1
| | | | | | I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said. ok beck jsing
* Remove EVP_PKEY_*check againtb2024-08-312-33/+2
| | | | | | | | | | | | | | | This API turned out to be a really bad idea. OpenSSL 3 extended it, with the result that basically every key type had its own DoS issues fixed in a recent security release. We eschewed these by having some upper bounds that kick in when keys get insanely large. Initially added on tobhe's request who fortunately never used it in iked, this was picked up only by ruby/openssl (one of the rare projects doing proper configure checks rather than branching on VERSION defines) and of course xca, since it uses everything it can. So it was easy to get rid of this again. ok beck jsing
* Remove the pkey_{,public_,param_}check() handlerstb2024-08-292-58/+12
| | | | | | | | This disables the EVP_PKEY_*check() API and makes it fail (more precisely indicate lack of support) on all key types. This is an intermediate step to full removal. Removal is ok beck jsing
* Implement X509_get_signature_info()tb2024-08-281-1/+4
| | | | | | | | | | | | | | | | This is a slightly strange combination of OBJ_find_sigid_algs() and the security level API necessary because OBJ_find_sigid_algs() on its own isn't smart enough for the special needs of RSA-PSS and EdDSA. The API extracts the hash's NID and the pubkey's NID from the certificate's signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA for retrieving the corresponding information. This isn't entirely free for RSA-PSS, but for now we don't cache this information. The security bits calculation is a bit hand-wavy, but that's something that comes along with this sort of numerology. ok jsing
* Garbage collect unused attributes member from EVP_PKEYtb2024-08-222-4/+2
| | | | ok miod
* Neuter EVP_PKEY_add1_attr_by_NID()tb2024-08-221-36/+5
| | | | | | | The last consumer in openssl(1) pkcs12 has been removed, so we no longer need this function. ok miod
* typo: regresss -> regresstb2024-07-291-2/+2
|
* Rewrite EVP_PKEY_add1_attr_by_NID()tb2024-07-141-11/+41
| | | | | | | Instead of jumping through many layers that cause headache, we can achieve the same in an entirely straightforward way without losing clarity. ok jsing
* Disable most EVP_PKEY_*attr* APItb2024-07-141-14/+17
| | | | | | | | There is a single consumer of this entire family of function, namely the openssl(1) pkcs12 command uses EVP_PKEY_add1_attr_by_NID, so leave that one intact for now. ok jsing
* Add tls1_prf_pkey_meth to pkey_methodstb2024-07-091-1/+3
| | | | ok jsing
* Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prftb2024-07-091-1/+2
| | | | ok jsing
* libcrypto: constify most error string tablestb2024-06-241-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* Fix in-place decryption for EVP_chacha20_poly1305()tb2024-05-221-3/+3
| | | | | | | | | | | | | Take the MAC before clobbering the input value on decryption. Fixes hangs during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256. Found, issue pinpointed, and initial fix tested by Lucas Gabriel Vuotto: Let me take this opportunity to thank the HAProxy team for going out of their way to keep supporting LibreSSL. It's much appreciated. See https://github.com/haproxy/haproxy/issues/2569 tweak/ok jsing
* Avoid NULL dereference in EVP_PKEY_paramgen()tb2024-04-171-6/+8
| | | | | | | | If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth which would typically dereference it. This is identical to a recent change in keygen(). ok jsing
* Delete a few more GOST remnantstb2024-04-141-21/+1
| | | | | | | | When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST, which we define. ok jsing
* bio_enc: various basic cleanuptb2024-04-121-64/+67
| | | | | | | | Call a BIO bio rather than bi, a, or b; don't cast when assigning from or to a (void *). Drop loads of silly redundant parentheses, use better order of variable declarations. No change in the generated assembly
* Garbage collect various *_init() pmethstb2024-04-123-53/+24
| | | | | | | | It's unclear whether the functions these support were ever really used for anything else than kicking off an overenginerred state machine. ok jsing
* Fix a potential NULL-deref in EVP_PKEY_keygen()tb2024-04-121-6/+8
| | | | | | | After a EVP_PKEY_new() failure, a NULL pointer would be passed to the keygen pmeth, which could result in tears. ok beck jsing
* Hide deprecated functions in evp.hbeck2024-04-103-13/+8
| | | | | | use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them. ok tb@
* Hide public symbols in x509.hbeck2024-04-091-1/+12
| | | | | | | This picks up most of the remaining public symbols in x509.h ok tb@
* Hide public symbols in evp.hbeck2024-04-0942-42/+382
| | | | | | largely mechanically done by the guentherizer 9000 ok tb@
* Rename EVP_aes_XXX_cfb to EVP_aes_XXX_cfb128.beck2024-04-091-4/+4
| | | | | | For consitency with everything else. ok tb@
* Check the return value of EVP_CIPHER_CTX_reset()tb2024-03-281-3/+5
| | | | | | | The function call can't actually fail, but all other calls check its return value. ok joshua jsing
* Explain the weird copy dance in EVP_DigestSignFinal()tb2024-03-271-2/+3
| | | | with jsing
* Fix whitespacetb2024-03-271-2/+2
|
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} injoshua2024-03-271-18/+24
| | | | | | | | | EVP_DigestSignFinal Additionally, this cleans up some more surrounding code. This is a fixed version of r1.21. ok tb
* Recommit r1.20joshua2024-03-271-27/+31
| | | | ok tb jsing
* Revert to r1.19 while we track down a bug in the last two commits.jsing2024-03-271-38/+29
|
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} injoshua2024-03-271-17/+22
| | | | | | | | EVP_DigestSignFinal Additionally, this cleans up some more surrounding code. ok tB
* Clean up EVP_DigestSignFinaljoshua2024-03-261-27/+31
| | | | ok jsing tb
* Unifdef PBE_PRF_TESTtb2024-03-261-7/+1
| | | | | | This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h ok jsing
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_SignFinaljoshua2024-03-261-6/+8
| | | | ok jsing@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_VerifyFinaljoshua2024-03-261-6/+7
| | | | ok tb@
* Clean up use of EVP_CIPHER_CTX_{legacy_clear,cleanup} in EVP_OpenInitjoshua2024-03-261-3/+3
| | | | ok tb@
* Garbage collect the unused verifyctx() and verifyctx_init()tb2024-03-262-23/+5
| | | | ok joshua jsing
* Inline sctx in EVP_DigestSignFinaljoshua2024-03-251-11/+8
| | | | ok tb@ jsing@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS5_PBE_keyivgenjoshua2024-03-251-11/+12
| | | | ok tb@
* Remove unneeded brackets from if statement in EVP_DigestSignFinaljoshua2024-03-251-3/+2
| | | | ok tb@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKeyjoshua2024-03-251-12/+14
| | | | ok tb@
* Move custom sigctx handling out of EVP_DigestSignFinaljoshua2024-03-251-13/+28
| | | | ok tb@
* Clean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.cjoshua2024-03-251-39/+49
| | | | | | | Additionally, this tidies up some surrounding code and replaces usage of free with freezero and malloc with calloc. ok tb@
* Restore EVP_get_cipherbyname(NULL)/EVP_get_digestbyname(NULL) handlingjca2024-03-241-1/+7
| | | | | | | | | The previous implementation used the now defunct OBJ_NAME_get() which bailed out when passed a NULL argument. Difference spotted by the regress tests in ports/net/openvpn (regular openvpn use is fine but openvpn --show-ciphers/--show-digests crashes). ok tb@
* Fix namespace buildtb2024-03-241-2/+1
| | | | noticed/ok beck
* Remove OPENSSL_NO_* #ifdefs from evp_names.ctb2024-03-241-145/+1
| | | | discussed with jsing
* Bye bye gost, bye, bye turdinesstb2024-03-243-79/+3
| | | | ok beck
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 06:04:59 +0000