Commit graph

100 commits

Author SHA1 Message Date
FdaSilvaYY
3484236d8d EVP,KDF: Add more error code along some return 0 in ...
methods :
 - EVP_PBE_scrypt
 - EVP_PKEY_meth_add0
 - EVP_PKEY_meth_new
 - EVP_PKEY_CTX_dup

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5783)
2018-03-29 22:46:10 +02:00
Jack Bates
693be9a2cb Convert _meth_get_ functions to const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2181)
2018-03-21 10:37:05 +00:00
Matt Caswell
b0edda11cb Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)
2018-03-20 13:08:46 +00:00
Matt Caswell
13735cfef6 Integrate X448 and Ed448 into libcrypto
This adds all of the relevant EVP plumbing required to make
X448 and Ed448 work.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5481)
2018-03-02 10:14:31 +00:00
Paul Yang
b000470873 Support public key and param check in EVP interface
EVP_PKEY_public_check() and EVP_PKEY_param_check()

Doc and test cases are added

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)
2017-11-20 07:20:30 +01:00
Dr. Stephen Henson
d19b01ad79 Add EVP_PKEY_set1_engine() function.
Add an ENGINE to EVP_PKEY structure which can be used for cryptographic
operations: this will typically be used by an HSM key to redirect calls
to a custom EVP_PKEY_METHOD.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Dr. Stephen Henson
918a27facd Fix memory leak on lookup failure
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Dr. Stephen Henson
c2976edf4b Don't ignore passed ENGINE.
If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new()
use it instead of the default.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)
2017-10-12 00:03:32 +01:00
Paul Yang
0822e89add Support EVP_PKEY_meth_remove and pmeth internal cleanup
1. make app pkey methods cleanup internal
2. add EVP_PKEY_meth_remove

Fixes travis-ci failure in #4337

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4356)
2017-09-14 12:41:34 +08:00
Paul Yang
2aee35d37d Support key check in EVP interface
A new method is added to EVP_PKEY_METH as:

    int (*check) (EVP_PKEY_CTX *ctx);

and to EVP_PKEY_ASN1_METHOD as:

    int (*pkey_check) (EVP_PKEY_CTX *ctx);

This is used to check the validity of a specific key.

The order of calls is:
EVP_PKEY_check -> pmeth.check -> ameth.pkey_check.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4337)
2017-09-13 20:38:14 +02:00
Johannes Bauer
64bf10167b Fix coding style of EVP_PKEY_CTX_ctrl_uint64
Code review of @dot-asm pointed out style guide violation; this patch
fixes it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4166)
2017-08-15 17:30:25 -05:00
Johannes Bauer
cefa762ee5 Add interface to the scrypt KDF by means of PKEY_METHOD
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD.
This fixes #4021 (at least for the scrypt portion of the issue).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)
2017-08-08 15:44:49 +01:00
Dr. Stephen Henson
48ed9c23b0 Add public key method enumeration function.
Add functions to enumerate public key methods. Add test to ensure table
is in the correct order.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4015)
2017-07-29 23:04:09 +01:00
Dr. Stephen Henson
42a3008aa4 ED25519 public key method.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:20 +01:00
Bernd Edlinger
83b4049ab7 Combined patch against master branch for the following issues:
Fixed a memory leak in ASN1_digest and ASN1_item_digest.
Reworked error handling in asn1_item_embed_new.
Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup.
Fixed a memory leak in CRYPTO_free_ex_data.
Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon.
Check for null pointer in tls_process_cert_verify.

Fixes #2103 #2104 #2105 #2109 #2111 #2115

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2342)
2017-02-03 20:39:52 +01:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Todd Short
52ad5b60e3 Add support for Poly1305 in EVP_PKEY
Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-24 15:40:37 +01:00
Dr. Stephen Henson
c82bafc52e fix a few more style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:52 +00:00
Dr. Stephen Henson
52ad523c0e fix various style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:50 +00:00
Dr. Stephen Henson
410877bad2 Digest string helper function.
New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
6577e00892 PSS EVP_PKEY method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
262bd85fde Add X25519 methods to internal tables
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Rich Salz
6286757141 Copyright consolidation 04/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:46 -04:00
Rich Salz
14f051a0ae Make string_to_hex/hex_to_string public
Give the API new names, document it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 09:02:11 -04:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Matt Caswell
b4a3aeebd9 Fix no-cmac
There were a couple of CMAC references without OPENSSL_NO_CMAC guards.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 17:07:11 +00:00
Alessandro Ghedini
03273d61e7 Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
aacfb134be GH355: Implement HKDF
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.

It is required to implement the QUIC and TLS 1.3 protocols (among others).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-03 18:21:20 -05:00
Dr. Stephen Henson
99119000ad EVP_PKEY_CTX utility functions.
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:57:32 +00:00
Rich Salz
7c96dbcdab GH715: ENGINE_finish can take NULL
Simplifies calling code.  Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-25 15:19:42 -05:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Dr. Stephen Henson
1eff3485b6 Add TLS PRF method.
Add EVP_PKEY algorithm for TLS1 PRF.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-19 14:00:32 +00:00
Dr. Stephen Henson
4a1f3f2741 Only declare stacks in headers
Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
8588571572 Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
4a640fb6c3 Fix declarations and constification for inline stack.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Ben Laurie
33bed28b39 Fix no-engine.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-29 12:52:06 +00:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Dr. Stephen Henson
01a4e8764d remove unneeded includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:56 +01:00
Dr. Stephen Henson
37f3a3b327 make no-dh work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:55 +01:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Dr. Stephen Henson
e7451ed137 EVP_PKEY_METHOD accessor functions.
Functions to retrieve the function pointer of an existing method: this
can be used to create a method which intercepts or modifies the behaviour
of an existing method while retaining most of the existing behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-10 18:20:27 +01:00
Rich Salz
a939b0aab5 More zalloc nits
Found on GitHub by dimman

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-04 11:45:44 -04:00
Rich Salz
64b25758ed remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:26:34 -04:00
Rich Salz
b51bce9420 Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02 22:05:37 -04:00
Richard Levitte
b39fc56061 Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 17:21:40 +02:00
Rich Salz
75ebbd9aa4 Use p==NULL not !p (in if statements, mainly)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00