Use OpenSSL_MAC and OpenSSL_MAC_CTX wrappers together with
OPENSSL_TRY to replace manual EVP_MAC resource management in
KMAC::sign(). This eliminates manual EVP_MAC_free/EVP_MAC_CTX_free
calls in every error path.
The first EVP initialization call in AESGCMCipher::encrypt() used
EVP_DecryptInit. Every other cipher mode in the file correctly matches
its init calls to the operation direction (CBC, CTR, OCB, KW).
The second EVP_EncryptInit call overrides the context direction before
any ciphertext is produced, but the EVP_CTRL_GCM_SET_IVLEN control call
on the next line executes while the context is in decrypt mode.
Add a LibCrypto::Authentication::KMAC helper over OpenSSL.
Add keygen/import/export logic into WebCrypto.
Register KMAC128/KMAC256 operations with SubtleCrypto.
Implement AES-OCB AEAD using OpenSSL and expose it through
the WebCrypto API, including key management and AEAD parameters.
Add WPT:
/encrypt_decrypt/aes_ocb.tentative.https.any.html
Implement ChaCha20-Poly1305 AEAD using OpenSSL and expose it through
the WebCrypto API, including key management and AEAD parameters.
Add WPT:
/encrypt_decrypt/chacha20_poly1305.tentative.https.any.worker.html
AK/Random is already the same as SecureRandom. See PR for more details.
ProcessPrng is used on Windows for compatibility w/ sandboxing measures
See e.g. https://crbug.com/40277768
Introduce a new SHAKE hash wrapper in LibCrypto backed by OpenSSL.
Wire cSHAKE128 and cSHAKE256 into WebCrypto.
Note that cSHAKE with non-empty functionName or customization is
currently rejected due to OpenSSL EVP limitations.
This fixes WPT:
WebCryptoAPI/digest/cshake.tentative.https.any.html
This first pass only applies to the following two cases:
- Public functions returning a view type into an object they own
- Public ctors storing a view type
This catches a grand total of one (1) issue, which is fixed in
the previous commit.
* Remove completely unused methods.
* Deduplicate methods that were overloaded with both StringView and
char const* parameters.
A future commit will templatize GenericLexer by char type. This patch
serves to make that a tiny bit easier.
This helps make callers only use the slice of the output buffer that
was written to.
As part of updating the callers of the API several bugs were fixed and
useless code paths were removed:
- The exported data is not host-endianess dependent (always big endian)
- The exported data does not contain leading zeros
- The output buffer is only written up to the result's size
This contains an API change that disallows setting the salt to a null
value. See:
4f5ffddfcb
This seems to be the opposite of the intended effect of that change,
but this patch includes a workaround nonetheless.
Co-Authored-By: devgianlu <altomanigianluca@gmail.com>
