Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low
level functions that do not handle padding characters. This was causing
the SRP code to fail. One side effect of using EVP_EncodeUpdate is that
it inserts newlines which is not what we need in SRP so we add a flag to
avoid that.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5925)
Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's really from an other thread because the SSL object moved to an
other thread.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
When doing in place encryption the overlapping buffer check can fail
incorrectly where we have done a partial block "Update" operation. This
fixes things to take account of any pending partial blocks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
We follow the method used for EVP_MD.
Also, move all the internal EVP_CIPHER building macros from evp_locl.h
to evp_int.h. This will benefit our builtin EVP_CIPHERs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Following the method used for EVP_MD_CTX and HMAC_CTX,
EVP_CIPHER_CTX_init and EVP_CIPHER_CTX_cleanup are joined together
into one function, EVP_CIPHER_CTX_reset, with EVP_CIPHER_CTX_init kept
as an alias.
EVP_CIPHER_CTX_cleanup fills no purpose of its own any more and is
therefore removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This moves the definition to crypto/include/internal/evp_int.h and
defines all the necessary method creators, destructors, writers and
accessors. The name standard for the latter is inspired from the
corresponding functions to manipulate UI methods.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This moves the definitionto crypto/evp/evp_locl.h, along with a few
associated accessor macros. A few accessor/writer functions added.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Set EVP_CIPH_FLAG_FIPS on approved ciphers.
Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.
Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.
Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
value of the passed output buffer is NULL.
The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
deviates from the "standard" 64 bits of feedback that all other
algorithms are using. Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.
Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
