| Age | Commit message (Collapse) | Author |
|---|
|
Long deprecated, last users have been fixed.
ok beck jsing
|
|
ok beck
|
|
HMAC() and the one-step digests used to support passing a NULL buffer and
would return the digest in a static buffer. This design is firmly from the
nineties, not thread safe and it saves callers a single line. The few ports
that used to rely this were fixed with patches sent to non-hostile (and
non-dead) upstreams. It's early enough in the release cycle that remaining
uses hidden from the compiler should be caught, at least the ones that
matter.
There won't be that many since BoringSSL removed this feature in 2017.
https://boringssl-review.googlesource.com/14528
Add non-null attributes to the headers and add a few missing bounded
attributes.
ok beck jsing
|
|
HMAC_CTX_reset() and HMAC_Init() had missing LCRYPTO_ALIAS().
ok beck jsing
|
|
There is no need to call HMAC_CTX_init() as the memory has already been
initialised to zero.
ok tb
|
|
ok jsing
|
|
Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias.
As such it resolves to an underlying ASN.1 method (in one step).
This information can be stored in a base_method pointer in allusion
to the pkey_base_id, which is the name for the nid (aka pkey_id aka
type) of the underlying method.
For an ASN.1 method, the base method is itself, so the base method
is set as a pointer to itself. For an alias it is of course a pointer
to the underlying method. Then obviously ameth->pkey_base_id is the
same as ameth->base_method->pkey_id, so rework all ASN.1 methods to
follow that.
ok jsing
|
|
The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.
ok jsing
CID 471706 (false positive)
|
|
This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.
ok jsing
|
|
from jsing
|
|
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
|
|
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
|
|
|
This is an undocumented feature of openssl genpkey for testing purposes.
Emilia removed support for this 'bogus private key format' from OpenSSL
in 2017 in commit c26f655fdd18ac19016c1c0496105f5256a1e84d.
ok jsing
|
|
Avoids a segfault when both priv == NULL and os == NULL.
ok miod
|
|
|
|
Obviously, the brilliant API design kitchen decided that an interface
carrying public and private key in its name (so that every sane person
thinks of asymmetric cryptography), is also perfectly suitable for MACs.
Wire up HMAC since Ruby's OpenSSL gem uses these bindings if the build
system detects that EVP_PKEY_new_raw_public_key() is available in evp.h.
While there, also add the missing pub_cmp() ameth, which obviously
treats two things as equal by returning 1.
Reported by jeremy and anton, fixes regress/lib/libssl/openssl-ruby tests
ok jsing
|
|
Now that EVP_PKEY is opaque, there is no reason to keep the ptr member
of the pkey union as a weird char pointer, a void pointer will do. This
avoids a few stupid casts and simplifies an upcoming diff.
ok jsing
|
|
Fully explained in libcrypto/README. TL;DR make sure libcrypto
and libssl's function calls internally and to each other are via
symbol names that won't get overridden by linking other libraries.
Mostly work by guenther@, which will currently be gated behind a
build setting NAMESPACE=yes. once we convert all the symbols to
this method we will do a major bump and pick up the changes.
ok tb@ jsing@
|
|
If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the
previous key. This makes no sense inside HMAC() since the HMAC_CTX
has no key set yet. This is hit by HKDF() with NULL salt() via the
EVP API and results in a few Wycheproof test failures. If key is
NULL, use a zero length dummy key.
This was not hit from wycheproof.go since we pass a []byte with a
single NUL from Go.
Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0,
OpenSSL will still fail by passing a NULL key which makes no sense,
so set key_len to 0 instead.
ok beck jsing
|
|
It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data
is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is
called with such a context. This in turn calls pmeth->cleanup(), and thus
these cleanup functions must be careful not to use NULL data. Most of
them are, but one of GOST's functions and HMAC's aren't.
Reported for HMAC by Masaru Masada
https://github.com/libressl-portable/openbsd/issues/129
ok bcook jsing
|
|
Instead of using malloc() and setting most struct members to 0,
simply use calloc().
ok bcook jsing
|
|
In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into
HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset()
in dc0099e1.
LibreSSL retained them for API compatibility with OpenSSL 1.0.
Not many things use them anymore. In fact, some projects that didn't
want to modify their code for OpenSSL 1.1 API compatibility used the
removed functions to wrap the OpenSSL 1.1 API. We had to patch some
of these and this will now no longer be necessary.
Also remove HMAC_cleanup(). Nothing uses this.
ok inoguchi jsing
|
|
This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h.
ok inoguchi jsing
|
|
in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with
separately. EVP_CIPHER_INFO internals are still publicly visible in
OpenSSL, so it won't be moved.
Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These
typedefs will be visible by files including only hmac.h or evp.h since
hmac.h includes evp.h and evp.h includes ossl_typ.h.
ok inoguchi
|
|
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
|
|
from hmac.h will be moved there in an umpcoming bump. Include this
file where it will be needed.
ok inoguchi
|
|
HMAC_CTX_get_md().
|
|
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
|
Ensure both MD and key have been initialized before processing HMAC.
Releasing HMAC_CTX in error path of HMAC().
In regress test, added test 4,5,6 and cleaned up the code.
ok jsing@
|
|
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
|
ok miod@
|
|
ok doug@
|
|
Careful review, feedback & ok doug@ jsing@
|
|
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
|
are needed in the source files that actually require them.
ok beck@ miod@
|
|
|
|
|
|
|
|
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
|
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
|
|
|
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
|
|
|
|
with the bearded ones...
some API's that nobody should be using will dissapear with this commit.
|
|
that it is easier to find code pieces. They are getting in the way.
ok miod
|
|
|
|
|
|
|
|
|
