| Age | Commit message (Collapse) | Author |
|---|
|
This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.
This is an intermediate step to full removal.
Removal is ok beck jsing
|
|
This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.
The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.
The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.
ok jsing
|
|
ok miod
|
|
It's unclear whether the functions these support were ever really
used for anything else than kicking off an overenginerred state
machine.
ok jsing
|
|
ok joshua jsing
|
|
ok beck
|
|
This is still needed internally for CMS and its predecessors. This
removal will enable disentangling some of its innards.
ok jsing
|
|
These are ASN.1 handlers for CIPHERs, still used by CMS and its
predecessors. They should never have been public.
ok jsing
|
|
You can no longer add your custom PBE algorithm. Pity. EVP_PBE_CipherInit()
stays for internal use, the rest goes away copmletely.
ok jsing
|
|
This is analogous to EVP_CIPHER_CTX_legacy_clear() and will serve as an
internal replacement for EVP_MD_CTX_init() until the conversion to heap
allocated ctx is completed. This way EVP_MD_CTX_init() can be changed to
match the OpenSSL 1.1 API.
ok jsing
|
|
OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on an already used ctx. On the other hand, it can't be used
for ctx on the stack.
libcrypto still has a few ctx on the stack which will be converted to heap
allocated contexts at some point. Until this is completed, we will use
EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be
changed to match OpenSSL 1.1.
ok jsing
|
|
|
|
The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.
ok jsing
|
|
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information can be stored in a base_method pointer in allusion
to the pkey_base_id, which is the name for the nid (aka pkey_id aka
type) of the underlying method.
For an ASN.1 method, the base method is itself, so the base method
is set as a pointer to itself. For an alias it is of course a pointer
to the underlying method. Then obviously ameth->pkey_base_id is the
same as ameth->base_method->pkey_id, so rework all ASN.1 methods to
follow that.
ok jsing
|
|
This was only used to avoid an ameth lookup in EVP_PKEY_set_type(), a
micro-optimization that was removed in p_lib.c r1.48.
ok jsing
|
|
Most of these functions are only called from this file internally apart
from the pem_str lookups from pem/. In the next major bump we can then
remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h.
While this is used to dispatch to various ASN.1 decoding routines, it
doesn't fit into asn1/ at all.
|
|
|
|
The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to
hang it off the EVP_CIPHER_CTX since it is easy to compute and validate.
ok joshua jsing
|
|
suggested by jsing
|
|
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
|
|
In today's episode of "curly nonsense from EVP land" we deal with a quite
harmless oversight and a not too bad suboptimal fix, relatively speaking.
At some point EVP_CIPHER_{CCM,GCM}_SET_IVLEN was added. It modified some
object hanging off of EVP_CIPHER. However, EVP_CIPHER_CTX_iv_length() wasn't
taught about this and kept returning the hardcoded default value on the
EVP_CIPHER. Once it transpired that a doc fix isn't going to cut it, this
was fixed. And of course it's easy to fix: you only have to dive through
about three layers of EVP, test and set a flag and handle a control in a
couple methods.
The upstream fix was done poorly and we begrudgingly have to match the API:
the caller is expected to pass a raw pointer next to a 0 length along with
EVP_CIPHER_GET_IV_LENGTH and the control handler goes *(int *)ptr = length
in full YOLO mode. That's never going to be an issue because of course the
caller will always pass a properly aligned pointer backing a sufficient
amount of memory. Yes, unlikely to be a real issue, but it could have been
done with proper semantics and checks without complicating the code. But
why do I even bother to complain? We're used to this.
Of note here is that there was some pushback painting other corners of a
bikeshed until the reviewer gave up with a resigned
That kind of changes the semantics and is one extra complexity level,
but [shrug] ok...
Anyway, the reason this matters now after so many years is that rust-openssl
has an assert, notably added in a +758 -84 commit with the awesome message
"Docs" that gets triggered by recent tests added to py-cryptography.
Thanks to Alex Gaynor for reporting this. Let me take the opportunity to
point out that pyca contributed to improve rust-openssl, in particular its
libressl support, quite a bit. That's much appreciated and very noticeable.
Regress coverage to follow in subsequent commits.
Based on OpenSSL PR #9499 and issue #8330.
ok beck jsing
PS: A few macros were kept internal for now to avoid impact on the release
cycle that is about to finish. They will be exposed after release.
|
|
As everyone knows (and who doesn't know will immediately guess), EVP is
short for envelope. Most structs backing the public EVP_* types are called
evp_*. For the EVP_MD and EVP_MD_CTX types, someone used env_md_st and
env_md_ctx_st, which, as jsing pointed out, may or may not be related to
a much less obvious abbreviation of envelope. It could also simply have
been for reasons of inconsistency.
Be all that as it may: rename these structs to use the evp_* namespace
to match all the other EVP types, as well as upstream.
ok jsing
|
|
This partially reverts jsing's OpenBSD commit b8185953, but without adding
back the error check that potentialy results in dumb leaks. No cleanup()
method in the wild returns anything but 1. Since that's the signature in
the EVP_CIPHER_meth_* API, we have no choice...
ok jsing
|
|
Not all of them, only those that didn't leak into a public header...
Yes.
|
|
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
