summaryrefslogtreecommitdiff
path: root/crypto/cmac/cmac.c
Commit message (Collapse)AuthorAgeFilesLines
* Stop raising ERR_R_MALLOC_FAILURE in most placesRichard Levitte2022-10-051-3/+1
| | | | | | | | | | | | | | | | | | | | | | | Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
* Fix the incorrect checks of EVP_CIPHER_CTX_set_key_lengthPeiwei Hu2022-05-271-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
* EVP_Cipher: fix the incomplete return checkPeiwei Hu2021-11-161-1/+1
| | | | | | | | | Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17027)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-011-5/+5
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* Update copyright yearMatt Caswell2021-04-221-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986)
* Add "origin" field to EVP_CIPHER, EVP_MDRich Salz2021-04-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
* Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() callRichard Levitte2020-11-131-1/+1
| | | | | | | | | | This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* Correctly handle the return value from EVP_Cipher() in the CMAC codeMatt Caswell2020-06-101-3/+3
| | | | | | | | | | | | EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
* Ensure we never use a partially initialised CMAC_CTXMatt Caswell2020-06-101-3/+9
| | | | | | | | | If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Deprecate the low level CMAC functionsPauli2020-01-291-0/+6
| | | | | | | | | | | Use of the low level CMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
* [KDF] Add feedback-mode and CMAC support to KBKDFRobbie Harwood2019-10-171-1/+2
| | | | | | | | | | | | | Implement SP800-108 section 5.2 with CMAC support. As a side effect, enable 5.1 with CMAC and 5.2 with HMAC. Add test vectors from RFC 6803. Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10143)
* Coverty fixes for MACsRichard Levitte2019-08-271-6/+16
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9700)
* Following the license change, modify the boilerplates in crypto/cmac/Richard Levitte2018-12-061-1/+1
| | | | | | | [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7782)
* Update copyright yearRichard Levitte2018-04-171-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990)
* Set error code if alloc returns NULLRich Salz2018-04-051-2/+4
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5886)
* Don't use deprecated EVP_CIPHER_CTX_cleanup() internallyRichard Levitte2017-03-011-1/+1
| | | | | | Use EVP_CIPHER_CTX_reset() instead Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2812)
* Don't free in cleanup routineBenjamin Kaduk2017-02-281-1/+2
| | | | | | | | | | | Cleanse instead, and free in the free routine. Seems to have been introduced in commit 846ec07d904f9cc81d486db0db14fb84f61ff6e5 when EVP_CIPHER_CTX was made opaque. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2798)
* Copyright consolidation 06/10Rich Salz2016-05-171-49/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH601: Various spelling fixes.FdaSilvaYY2016-02-051-3/+3
| | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove unused internal macrosRichard Levitte2016-01-121-1/+1
| | | | | | | The M_EVP_* macros related to EVP_CIPHER / EVP_CIPHER_CTX are not public, and are unused. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Adapt all EVP_CIPHER_CTX users for it becoming opaqueRichard Levitte2016-01-121-21/+25
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Continue standardising malloc style for libcryptoMatt Caswell2015-11-091-1/+1
| | | | | | | Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-141-1/+1
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use safer sizeof variant in mallocRich Salz2015-05-041-1/+2
| | | | | | | | | | | | | For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free NULL cleanup 11Rich Salz2015-05-011-0/+2
| | | | | | | | | | | | | | | | | | | Don't check for NULL before calling free functions. This gets: ERR_STATE_free ENGINE_free DSO_free CMAC_CTX_free COMP_CTX_free CONF_free NCONF_free NCONF_free_data _CONF_free_data A sk_free use within OBJ_sigid_free TS_TST_INFO_free (rest of TS_ API was okay) Doc update for UI_free (all uses were fine) X509V3_conf_free X509V3_section_free X509V3_string_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-190/+180
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* remove OPENSSL_FIPSAPIDr. Stephen Henson2014-12-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove fips_constseg references.Dr. Stephen Henson2014-12-081-1/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* fix reset fixDr. Stephen Henson2012-04-111-1/+1
|
* make reinitialisation work for CMACDr. Stephen Henson2012-04-111-0/+2
|
* cmac.c: optimize make_kn and move zero_iv to const segment.Andy Polyakov2012-01-061-10/+9
|
* Implement FIPS CMAC.Richard Levitte2011-03-241-10/+12
| | | | | | | | | | | * fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as an example. * crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros where possible. * crypto/evp/evp.h: (some of the macros get added with this change) * fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use macros to have cmac.c use these functions. * Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
* Make CMAC API similar to HMAC API. Add methods for CMAC.Dr. Stephen Henson2010-02-081-7/+44
|
* Initial experimental CMAC implementation.Dr. Stephen Henson2010-02-071-0/+232
View Lorry Controller Status