Hide deprecated functions in evp.h

use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.

ok tb@

Hide public symbols in evp.h

largely mechanically done by the guentherizer 9000

ok tb@

Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.

Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.
In OpenSSL 1.1, somebody removed them and carelessly made _init() an
alias of _reset() aka _cleanup(). As a consequence, both signature and
semantics changed.

Unsurprisingly, there is now code out there that actually uses the new
semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns
our _init() with OpenSSL 1.1 semantics.

ok jsing

show more ...

Remove custom key length handling

No cipher in libcrypto is marked EVP_CIPH_CUSTOM_KEY_LENGTH and no control
handler deals with EVP_CTRL_SET_KEY_LENGTH, which means that this code is
dead as far as

Remove custom key length handling

No cipher in libcrypto is marked EVP_CIPH_CUSTOM_KEY_LENGTH and no control
handler deals with EVP_CTRL_SET_KEY_LENGTH, which means that this code is
dead as far as libcrypto is concerned. Almost nothing uses EVP_CIPHER_meth*
(this was added for a single project) and nothing sets a custom ctrl. This
isn't going to change anyway since EVP_CIPHER_meth* is deprecated in order
to promote more provider beauty.

ok beck jsing

show more ...

Align EVP_CIPHER_CTX_init() and _legacy_clear()

Add EVP_CIPHER_CTX_legacy_clear()

OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on

Add EVP_CIPHER_CTX_legacy_clear()

OpenSSL 1.1 made EVP_CIPHER_CTX_init() an alias of EVP_CIPHER_CTX_reset().
In particular, it changed signature and it would no longer leak internal
state if used on an already used ctx. On the other hand, it can't be used
for ctx on the stack.

libcrypto still has a few ctx on the stack which will be converted to heap
allocated contexts at some point. Until this is completed, we will use
EVP_CIPHER_CTX_legacy_clear() internally, so that the public API can be
changed to match OpenSSL 1.1.

ok jsing

show more ...

Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe

We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now si

Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe

We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.

ok beck joshua

show more ...

Improve EVP_CIPHER_{get,set}_asn1_iv()

Use iv_len for the variables storing the IV length, formerly l and j.
Remove use of the unnecessary variable i and unindent the whole mess.
Some return values

Improve EVP_CIPHER_{get,set}_asn1_iv()

Use iv_len for the variables storing the IV length, formerly l and j.
Remove use of the unnecessary variable i and unindent the whole mess.
Some return values are fishy. That will be addressed in subsequent
commits.

ok jsing

show more ...

Improve length checks for oiv and iv

There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the
IVs of block ciphers. In most modes, only iv is used, but in some modes iv
is modified

Improve length checks for oiv and iv

There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the
IVs of block ciphers. In most modes, only iv is used, but in some modes iv
is modified and oiv is used to store the original IV. At the moment nothing
enforces that they are of the same length. Therefore make sure the correct
one or both are checked before writing to or reading from them.

ok miod

show more ...

Improve order in ancient CMS helpers

First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv()
which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping
EVP_CIPHER_g

Improve order in ancient CMS helpers

First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv()
which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping
EVP_CIPHER_get_asn1_iv(). Move each param function below the iv function
it wraps.

show more ...

Move a t to the right place in a comment

Match struct order for the EVP_CIPHER_CTX accessors

This isn't great since the struct is ordered in about the silliest way
imaginable, but it is better than it was before. Bringing order into
this m

Match struct order for the EVP_CIPHER_CTX accessors

This isn't great since the struct is ordered in about the silliest way
imaginable, but it is better than it was before. Bringing order into
this mess is harder than solving a Rubik's cube.

show more ...

Move down EVP_CIPHER_CTX accessors expose EVP_CIPHER internals

These confusingly named getters were added "for convenience" in 1.1.
They fit best next to the EVP_CIPHER API.

Move the trivial EVP_CIPHER getters down

They are now below the CMS ASN.1 IV stuff, but above the EVP_CIPHER_meth*
API, which are setters, in a way.

Simplify EVP_CIPHER_{asn1_to_param,parma_to_asn1}()

There's no need for a ret variable and else if/else

Move the EVP_CIPHER API that only exists for CMS/legacy a bit down

Two spellings of key length are enough

The API is called EVP_CIPHER_CTX_set_key_length() it has an argument called
keylen and, the EVP_CIPHER_CTX's member is called key_len. One of the three
is triv

Two spellings of key length are enough

The API is called EVP_CIPHER_CTX_set_key_length() it has an argument called
keylen and, the EVP_CIPHER_CTX's member is called key_len. One of the three
is trivial to adjust, so do it.

show more ...

Rename the poor outlier EVP_CIPHER *e into *cipher

Better variable names in EVP_CIPHER_type()

The EVP_CIPHER *ctx (yes) is renamed to cipher, otmp becomes an aobj.
Change two !ptr to ptr == NULL checks.

Consistently use ctx for an EVP_CIPHER_CTX

Not c (which is most of the time an EVP_CIPHER) or a (?!).

Merge the EVP_CIPHER_meth_* API into evp_cipher.c

Merge the remainder of evp_lib.c into evp_cipher.c

Use more consistent naming for some files in evp

EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which
will become the home of all things related to EVP_MD{,_CTX} handling.

EVP_C

Use more consistent naming for some files in evp

EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which
will become the home of all things related to EVP_MD{,_CTX} handling.

EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which
will become the home of all things related to EVP_CIPHER{,_CTX} handling.

EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which
already is the home of EVP_ENCODE_CTX_{new,free}().

discussed with jsing

show more ...