summaryrefslogtreecommitdiffstats
path: root/crypto/evp
AgeCommit message (Collapse)Author
2016-03-07Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_dataMatt Caswell
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for 1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data. Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07Update the dasync engine to add a pipeline cipherMatt Caswell
Implement aes128-cbc as a pipeline capable cipher in the dasync engine. As dasync is just a dummy engine, it actually just performs the parallel encrypts/decrypts in serial. Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07Elide EVP_read_pw_string() and friends for no-uiDavid Woodhouse
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-07Make PKCS8_PRIV_KEY_INFO opaque.Dr. Stephen Henson
Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist for this structure. Two new ones were added to handle attributes. The old handling of broken formats has been removed and the corresponding structures simplified. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-03GH355: Implement HKDFAlessandro Ghedini
This patch implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. It is required to implement the QUIC and TLS 1.3 protocols (among others). Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-02EVP_PKEY_CTX utility functions.Dr. Stephen Henson
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl(). Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-25GH715: ENGINE_finish can take NULLRich Salz
Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22GH678: Add a few more zallocFdaSilvaYY
Remove some duplicated NULL/zero init. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-20Always build library object files with shared library cflagsRichard Levitte
This takes us away from the idea that we know exactly how our static libraries are going to get used. Instead, we make them available to build shareable things with, be it other shared libraries or DSOs. On the other hand, we also have greater control of when the shared library cflags. They will never be used with object files meant got binaries, such as apps/openssl or test/test*. With unified, we take this a bit further and prepare for having to deal with extra cflags specifically to be used with DSOs (dynamic engines), libraries and binaries (applications). Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPENDRichard Levitte
All those flags existed because we had all the dependencies versioned in the repository, and wanted to have it be consistent, no matter what the local configuration was. Now that the dependencies are gone from the versioned Makefile.ins, it makes much more sense to use the exact same flags as when compiling the object files. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18Remove outdated DEBUG flags.Rich Salz
Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12evp/e_des[3].c: address compiler warnings, fix formatting.Andy Polyakov
RT#4210 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11Move to REF_DEBUG, for consistency.Rich Salz
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11Fix GH 327.Rich Salz
Valgrind complains about using unitialized memory. So call OPENSSL_zalloc, not malloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10Ensure allocation size fits into size_tDmitry-Me
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #630
2016-02-10The new init functions can now fail so shouldn't be voidMatt Caswell
The new init functions can fail if the library has already been stopped. We should be able to indicate failure with a 0 return value. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10Rename INIT funtions, deprecate old ones.Rich Salz
Man, there were a lot of renamings :) Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09Use NON_EMPTY_TRANSLATION_UNIT, consistently.Rich Salz
This also closes RT 4123 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09Update build.info files for auto-init/de-initMatt Caswell
Various Makefile.in files have changes for auto-init/de-init. Make the equivalent changes in build.info. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09Auto init/deinit libcryptoMatt Caswell
This builds on the previous commit to auto initialise/deinitialise libcrypto. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08GH641: Don't care openssl_zmallocRich Salz
Don't cast malloc-family return values. Also found some places where (a) blank line was missing; and (b) the *wrong* return value was checked. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05GH601: Various spelling fixes.FdaSilvaYY
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-02GH608: Ensure 64-bit shift no matter sizeof(long)Dmitry-Me
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-01unified build scheme: add build.info filesRichard Levitte
Now that we have the foundation for the "unified" build scheme in place, we add build.info files. They have been generated from the Makefiles in the same directories. Things that are platform specific will appear in later commits. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-29Templatize util/domdRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-26Remove /* foo.c */ commentsRich Salz
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-20Remove update tagsRich Salz
Also remove depend/local_depend. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20make EVP_PKEY opaqueDr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19Add TLS PRF method.Dr. Stephen Henson
Add EVP_PKEY algorithm for TLS1 PRF. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-17Remove some old makefile targetsRich Salz
Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-17RT4247: Add missing patchRich Salz
Missed the camellia EVP update. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-15RT4247: Fix EVP_CIPHER_CTX opaque on sparcRich Salz
Via Rainer Jung Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-13After EVP_CIPHER turned opaque, e_rc5.c needs to include evp_int.hRichard Levitte
We missed this one because rc5 is disabled by default. Notified by The Doctor <doctor@doctor.nl2k.ab.ca> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Move Makefiles to Makefile.inRich Salz
Create Makefile's from Makefile.in Rename Makefile.org to Makefile.in Rename Makefiles to Makefile.in Address review feedback from Viktor and Richard Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-12make updateRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any moreRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Adapt builtin cipher implementations to opaque EVP_CIPHERRichard Levitte
They all stop including evp_locl.h, so we also take care of their adaptation to opaque EVP_CIPHER_CTX, as was promised in an earlier commit. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Adapt the internal EVP routines to opaque EVP_CIPHERRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functionsRichard Levitte
We follow the method used for EVP_MD. Also, move all the internal EVP_CIPHER building macros from evp_locl.h to evp_int.h. This will benefit our builtin EVP_CIPHERs. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Remove EVP_CIPHER_CTX_flags, it's only confusingRichard Levitte
EVP_CIPHER_CTX_flags was returning the flags of its associated EVP_CIPHER. However, EVP_CIPHER_CTX has flags of its own, so this function is quite confusing and therefore error prone. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Adapt all EVP_CIPHER_CTX users for it becoming opaqueRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Adapt cipher implementations to opaque EVP_CIPHER_CTXRichard Levitte
Note: there's a larger number of implementations in crypto/evp/ that aren't affected because they include evp_locl.h. They will be handled in a separate commit. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Adapt the internal EVP routines to opaque EVP_CIPHER_CTXRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Add accessors and writers for EVP_CIPHER_CTXRichard Levitte
New functions: - EVP_CIPHER_CTX_encrypting() - EVP_CIPHER_CTX_iv() - EVP_CIPHER_CTX_iv_noconst() - EVP_CIPHER_CTX_original_iv() - EVP_CIPHER_CTX_buf_noconst() - EVP_CIPHER_CTX_num() - EVP_CIPHER_CTX_set_num() - EVP_CIPHER_CTX_cipher_data() - EVP_CIPHER_CTX_new_cipher_data() Note that the accessors / writers for iv, buf and num may go away, as those rather belong in the implementation's own structure (cipher_data) when the implementation would affect them (that would be the case when they are flagged EVP_CIPH_CUSTOM_IV or EVP_CIPH_FLAG_CUSTOM_CIPHER). Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12Make EVP_CIPHER_CTX opaque and renew the creator / destructor functionsRichard Levitte
Following the method used for EVP_MD_CTX and HMAC_CTX, EVP_CIPHER_CTX_init and EVP_CIPHER_CTX_cleanup are joined together into one function, EVP_CIPHER_CTX_reset, with EVP_CIPHER_CTX_init kept as an alias. EVP_CIPHER_CTX_cleanup fills no purpose of its own any more and is therefore removed. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-07Backwards-compatibility subject to OPENSSL_API_COMPATViktor Dukhovni
Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07Only declare stacks in headersDr. Stephen Henson
Don't define stacks in C source files: it causes warnings about unused functions in some compilers. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07Rename DECLARE*STACK_OF to DEFINE*STACK_OFDr. Stephen Henson
Applications wishing to include their own stacks now just need to include DEFINE_STACK_OF(foo) in a header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07Fix declarations and constification for inline stack.Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-02Fix a possible memleakRichard Levitte
If there's a failure allocating md_data, the destination pctx will have a shared pointer with the source EVP_MD_CTX, which will lead to problems when either the source or the destination is freed. Reviewed-by: Stephen Henson <steve@openssl.org>