Hide public symbols in evp.h

largely mechanically done by the guentherizer 9000

ok tb@

Unifdef PBE_PRF_TEST

This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h

ok jsing

Convert the remaining legacy ciphers to C99 initializers

No change in the generated aarch64 assembly apart from line number changes.

ok jsing

Remove unused app_data from EVP_CIPHER

The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.

ok jsing

Revert a hunk of r1.23 that makes no sense

The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.

Forgot to fix one unsigned int vs int confusion

CID 468015

Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Unifdef PBE_PRF_TEST

This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h

ok jsing

Convert the remaining legacy ciphers to C99 initializers

No change in the generated aarch64 assembly apart from line number changes.

ok jsing

Remove unused app_data from EVP_CIPHER

The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.

ok jsing

Revert a hunk of r1.23 that makes no sense

The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.

Forgot to fix one unsigned int vs int confusion

CID 468015

Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Convert the remaining legacy ciphers to C99 initializers

No change in the generated aarch64 assembly apart from line number changes.

ok jsing

Remove unused app_data from EVP_CIPHER

The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.

ok jsing

Revert a hunk of r1.23 that makes no sense

The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.

Forgot to fix one unsigned int vs int confusion

CID 468015

Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Convert the remaining legacy ciphers to C99 initializers

No change in the generated aarch64 assembly apart from line number changes.

ok jsing

Remove unused app_data from EVP_CIPHER

The EVP_CIPHER structs are static const data that the library returns when
you call EVP_aes_128_cbc(), for example. It makes no sense whatsoever to
hang user data off such a struct, but it's been there since forever.

ok jsing

Revert a hunk of r1.23 that makes no sense

The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.

Forgot to fix one unsigned int vs int confusion

CID 468015

Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Revert a hunk of r1.23 that makes no sense

The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function
called here is EVP_CIPHER_CTX_key_length(). The result of the computation
is still correct, the check and local variable simply make no sense.

Forgot to fix one unsigned int vs int confusion

CID 468015

Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Forgot to fix one unsigned int vs int confusion

CID 468015

Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Use correct length for EVP CFB mode ciphers.

The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.

Should address the remaining issues reported by Coverity.

ok tb@

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Add bounds checks for various EVP cipher implementations.

The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.

Found by Coverity, hiding under a large pile of macros.

ok tb@

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Remove dead code.

Only change to generated assembly is due to line numbers.

Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.

Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Add check for EVP_CIPHER_CTX_ctrl

suggestion from tb@

Add check for EVP_CIPHER_CTX_set_key_length return value

CID 21653

ok jsing@ millert@ tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

tags as requested by miod and tedu

KNF.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
openssl-engine-0.9.6 merge