Commit Graph

51 Commits

Author SHA1 Message Date
Matt Caswell
b7c913c820 Ensure EVP_MD_CTX_md returns the EVP_MD originally used
Fixes #8613

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)
2019-04-03 15:44:36 +01:00
Matt Caswell
8c8cf0d962 Make EVP_Digest* functions provider aware
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Matt Caswell
3653d0c224 Implement EVP_MD_fetch()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Richard Levitte
4a8b0c55c0 Following the license change, modify the boilerplates in crypto/evp/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7794)
2018-12-06 14:54:57 +01:00
Richard Levitte
f842b6b2a4 Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl()
These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and
EVP_PKEY_CTX_hex2ctrl().  They will parse the value, and then pass the
parsed result and length to a callback that knows exactly how to pass
them on to a main _ctrl function, along with a context structure
pointer.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Paul Yang
81c7945388 Allow EVP_MD_CTX_set_pkey_ctx to accept NULL pctx
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
4803717f5e Support setting SM2 ID
zero-length ID is allowed, but it's not allowed to skip the ID.

Fixes: #6534

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
00902d9414 Introduce EVP_MD_CTX_set_pkey_ctx
Thus users can use this function to set customized EVP_PKEY_CTX to
EVP_MD_CTX structure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Matt Caswell
fd38836ba8 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6538)
2018-06-20 15:29:23 +01:00
David von Oheimb
49c9c1b3d0 add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6217)
2018-06-18 10:45:35 +01:00
KaoruToda
26a7d938c9 Remove parentheses of return.
Since return is inconsistent, I removed unnecessary parentheses and
unified them.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-18 16:05:06 +01:00
Todd Short
8bfa99f04f Fix EVP_MD_meth_get_flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2134)
2016-12-22 15:23:41 +01:00
Rich Salz
6286757141 Copyright consolidation 04/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:46 -04:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
98ee75439d Update the dasync engine to add a pipeline cipher
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
Rich Salz
43ecb9c35c GH641: Don't care openssl_zmalloc
Don't cast malloc-family return values.
Also found some places where (a) blank line was missing; and (b)
the *wrong* return value was checked.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 11:09:16 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Richard Levitte
3dcb9e4e0f EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any more
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
e79f877333 Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functions
We follow the method used for EVP_MD.
Also, move all the internal EVP_CIPHER building macros from evp_locl.h
to evp_int.h.  This will benefit our builtin EVP_CIPHERs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
480d33237d Remove EVP_CIPHER_CTX_flags, it's only confusing
EVP_CIPHER_CTX_flags was returning the flags of its associated
EVP_CIPHER.  However, EVP_CIPHER_CTX has flags of its own, so this
function is quite confusing and therefore error prone.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
83b0634702 Add accessors and writers for EVP_CIPHER_CTX
New functions:

- EVP_CIPHER_CTX_encrypting()
- EVP_CIPHER_CTX_iv()
- EVP_CIPHER_CTX_iv_noconst()
- EVP_CIPHER_CTX_original_iv()
- EVP_CIPHER_CTX_buf_noconst()
- EVP_CIPHER_CTX_num()
- EVP_CIPHER_CTX_set_num()
- EVP_CIPHER_CTX_cipher_data()
- EVP_CIPHER_CTX_new_cipher_data()

Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them (that would be the case when
they are flagged EVP_CIPH_CUSTOM_IV or EVP_CIPH_FLAG_CUSTOM_CIPHER).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
2db6bf6f85 Make the definition of EVP_MD opaque
This moves the definition to crypto/include/internal/evp_int.h and
defines all the necessary method creators, destructors, writers and
accessors.  The name standard for the latter is inspired from the
corresponding functions to manipulate UI methods.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
7638370ca6 Make the definition of EVP_MD_CTX opaque
This moves the definitionto crypto/evp/evp_locl.h, along with a few
associated accessor macros.  A few accessor/writer functions added.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Dr. Stephen Henson
4ec36aff2a RFC5753 compliance.
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 22:57:47 +01:00
Dr. Stephen Henson
2acdef5e97 Return error for unsupported modes.
PR#3974
PR#3975

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-12 13:54:56 +01:00
Richard Levitte
b39fc56061 Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Dr. Stephen Henson
2e43027757 make ASN1_OBJECT opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 17:35:58 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Dr. Stephen Henson
e61f5d55bc Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
83e9c36261 Use default ASN1 if flag set. 2011-02-07 12:47:16 +00:00
Dr. Stephen Henson
7a4bd34a4f FIPS mode EVP changes:
Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
e92f9f45e8 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
7e765bf29a Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Dr. Stephen Henson
18096abb29 Handle NULL parameter in some EVP utility functions. 2007-05-31 12:39:21 +00:00
Dr. Stephen Henson
6e7ca5e1eb Update from stable branch. 2007-02-27 18:43:42 +00:00
Nils Larsch
7806f3dd4b replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:54:57 +00:00
Dr. Stephen Henson
c39c32dd65 PKCS#8 fixes from stable branch. 2004-07-04 16:44:52 +00:00
Richard Levitte
8d1ebe0bd1 Add the missing parts for DES CFB1 and CFB8.
Add the corresponding AES parts while I'm at it.
make update
2004-01-28 19:05:35 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Dr. Stephen Henson
4b42658082 Make pkcs8 work again.
Make EVP_CIPHER_type() return NID_undef if the cipher has no
ASN1 OID, modify code to handle this.
2000-02-22 18:45:11 +00:00
Dr. Stephen Henson
84fa704c6f Fix some obvious bugs in the PKCS#7 library handling. It didn't try to
find the right RecipientInfo based on the recipient certificate (so would
fail a lot of the time) and fixup cipher structures to correctly (maybe)
modify the AlgorithmIdentifiers.  Largely untested at present... this will be
fixed in due course. Well the stuff was broken to begin with so if its broken
now then you haven't lost anything :-)
1999-05-16 00:25:36 +00:00
Dr. Stephen Henson
884e8ec615 Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data.
Containts elements of code by Sebastian Akerman <sak@parallelconsulting.com>
and made a bit less "naughty" by Steve.
1999-05-10 00:47:42 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00