Dr. Stephen Henson [Sat, 12 Dec 2015 18:39:38 +0000 (18:39 +0000)]
remove ancient SSLeay bug workaround
Reviewed-by: Matt Caswell <matt@openssl.org>
tjmao [Fri, 11 Dec 2015 19:48:09 +0000 (14:48 -0500)]
Allow ChaCha20-Poly1305 in DTLS
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Sun, 13 Dec 2015 00:28:31 +0000 (19:28 -0500)]
Revert "Allow ChaCha20-Poly1305 in DTLS"
This reverts commit
777f482d993322d69025014bf1b99c270c978fc0.
Author credit missing. Reverting this and re-committing with
an Author line.
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Sun, 13 Dec 2015 00:25:25 +0000 (19:25 -0500)]
Use SHA256 not MD5 as default digest.
(Documentation update was in the MR but not the commit. Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Ben Laurie [Sat, 12 Dec 2015 13:33:20 +0000 (13:33 +0000)]
Support ccache.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Sat, 12 Dec 2015 14:26:22 +0000 (14:26 +0000)]
Fix compile failure with no-threads
The async code was causing a compile failure if no-threads was used.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Fri, 11 Dec 2015 02:59:10 +0000 (02:59 +0000)]
Add extension utility documentation.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Fri, 11 Dec 2015 00:36:06 +0000 (00:36 +0000)]
add X509_up_ref() documentation
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Thu, 10 Dec 2015 19:13:57 +0000 (19:13 +0000)]
extension documentation
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Kurt Roeckx [Sat, 12 Dec 2015 10:12:22 +0000 (11:12 +0100)]
Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 11 Dec 2015 22:18:00 +0000 (22:18 +0000)]
Fix compile failure
Fix compile failure introduced by commit
94d61512360c due to a typo.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Thu, 10 Dec 2015 20:53:01 +0000 (21:53 +0100)]
evp/e_chacha20_poly1305.c: TLS interop fixes.
Thanks to: David Benjamin of Chromuim.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Thu, 10 Dec 2015 19:07:22 +0000 (20:07 +0100)]
Configurations/10-main.conf: fix typos in mingw/cygwin configs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Fri, 11 Dec 2015 19:48:09 +0000 (14:48 -0500)]
Allow ChaCha20-Poly1305 in DTLS
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Ben Laurie [Sat, 12 Sep 2015 16:17:33 +0000 (17:17 +0100)]
Make no-dh work, plus other no-dh problems found by Richard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 11 Dec 2015 17:07:05 +0000 (18:07 +0100)]
make update, missed file
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Sat, 13 Jun 2015 21:03:39 +0000 (17:03 -0400)]
Use SHA256 not MD5 as default digest.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Fri, 11 Dec 2015 15:16:32 +0000 (16:16 +0100)]
make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 11 Dec 2015 15:10:53 +0000 (16:10 +0100)]
Adapt EVP tests to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 11 Dec 2015 15:10:38 +0000 (16:10 +0100)]
Adapt PEM routines to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 11 Dec 2015 15:09:52 +0000 (16:09 +0100)]
Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 11 Dec 2015 15:07:48 +0000 (16:07 +0100)]
Make EVP_ENCODE_CTX opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 16:58:50 +0000 (16:58 +0000)]
Fix OCB link
The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rob Stradling [Fri, 4 Dec 2015 14:35:43 +0000 (14:35 +0000)]
Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
GH: #495, MR: #1435
Viktor Dukhovni [Thu, 10 Dec 2015 05:44:00 +0000 (00:44 -0500)]
Restore full support for EVP_CTX_create() etc.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 14:24:22 +0000 (14:24 +0000)]
Prepare for 1.1.0-pre2-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 14:23:10 +0000 (14:23 +0000)]
Prepare for 1.1.0-pre1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 14:21:59 +0000 (14:21 +0000)]
OpenSSL 1.1.0 is now in pre release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 14:21:59 +0000 (14:21 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 10 Dec 2015 14:03:52 +0000 (15:03 +0100)]
Don't run rehash as part of building the openssl app
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 13:04:39 +0000 (13:04 +0000)]
Update CHANGES and NEWS for alpha release
Misc updates to the CHANGES and NEWS files ready for the alpha release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 4 Nov 2015 11:20:50 +0000 (11:20 +0000)]
Ensure |rwstate| is set correctly on BIO_flush
A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 3 Nov 2015 14:45:07 +0000 (14:45 +0000)]
Fix DTLS handshake fragment retries
If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Tue, 8 Dec 2015 18:46:28 +0000 (19:46 +0100)]
evp/e_aes.c: wire hardware-assisted block function to OCB.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 2 Dec 2015 13:27:23 +0000 (14:27 +0100)]
x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 10 Dec 2015 11:37:03 +0000 (11:37 +0000)]
Fix mkfiles for new directories
Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Wed, 11 Nov 2015 10:44:07 +0000 (10:44 +0000)]
Add a return value check
If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 2 Dec 2015 13:26:03 +0000 (14:26 +0100)]
modes/ocb128.c: fix overstep.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 23:03:06 +0000 (00:03 +0100)]
make update.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 22:02:11 +0000 (23:02 +0100)]
Configure: make no-chacha and no-poly1305 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:47:00 +0000 (21:47 +0100)]
Wire ChaCha20-Poly1305 to TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:36:19 +0000 (21:36 +0100)]
evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:35:30 +0000 (21:35 +0100)]
test/evp_test.c: allow generic AEAD ciphers to be tested.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:30:56 +0000 (21:30 +0100)]
crypto/evp: add e_chacha20_poly1305.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:18:00 +0000 (21:18 +0100)]
evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:15:28 +0000 (21:15 +0100)]
Add ChaCha20-Poly1305 and ChaCha20 NIDs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 9 Dec 2015 20:11:49 +0000 (21:11 +0100)]
Add reference ChaCha20 and Poly1305 implementations.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Thu, 10 Dec 2015 03:58:31 +0000 (03:58 +0000)]
make default_ec_key_meth static
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 23:51:13 +0000 (23:51 +0000)]
remove deleted directories from mkfiles.pl
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 9 Dec 2015 22:59:04 +0000 (23:59 +0100)]
Fix warnings about unused variables when EC is disabled.
Reviewed-by: Stephen Henson <steve@openssl.org>
Richard Levitte [Wed, 9 Dec 2015 22:56:57 +0000 (23:56 +0100)]
Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled. This is the same as has been done for DH, DSA, RSA
and more...
Reviewed-by: Stephen Henson <steve@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 13:41:44 +0000 (13:41 +0000)]
add CHANGES and NEWS entry
Todo: update documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 16:12:46 +0000 (16:12 +0000)]
remove ECDSA error line
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 13:49:41 +0000 (13:49 +0000)]
add compatibility headers
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 13:10:36 +0000 (13:10 +0000)]
Use NULL comparison
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 00:27:10 +0000 (00:27 +0000)]
add block comment
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 00:12:34 +0000 (00:12 +0000)]
set standard EC method in eng_openssl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 9 Dec 2015 00:01:30 +0000 (00:01 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 8 Dec 2015 23:59:40 +0000 (23:59 +0000)]
remove ecdsa.h header references.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 28 Oct 2015 21:28:22 +0000 (21:28 +0000)]
EC_KEY_METHOD accessors.
Set of accessors to set and get each field.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 28 Oct 2015 16:51:47 +0000 (16:51 +0000)]
make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 28 Oct 2015 16:57:51 +0000 (16:57 +0000)]
Top level ECDSA sign/verify redirection.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 28 Oct 2015 12:29:43 +0000 (12:29 +0000)]
Engine EC_KEY_METHOD functionality.
Rename ENGINE _EC_KEY functions to _EC.
Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy
ec_meth.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 20:18:42 +0000 (20:18 +0000)]
remove ecdsa from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 20:02:13 +0000 (20:02 +0000)]
remove ECDSA_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:57:28 +0000 (19:57 +0000)]
remove ECDSA_METHOD typedef
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:56:15 +0000 (19:56 +0000)]
add missing prototypes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:39:32 +0000 (19:39 +0000)]
remove ecdsa.h header
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:34:17 +0000 (19:34 +0000)]
add ECDSA_size to ec_asn1.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:32:46 +0000 (19:32 +0000)]
remove errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:24:54 +0000 (19:24 +0000)]
remove crypto/ecdsa
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:23:29 +0000 (19:23 +0000)]
add sign/verify methods
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:18:59 +0000 (19:18 +0000)]
return errors for unsupported operations
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:18:00 +0000 (19:18 +0000)]
Remove reference to ECDSA_OpenSSL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 19:11:00 +0000 (19:11 +0000)]
Move and adapt ECDSA sign and verify functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:51:37 +0000 (18:51 +0000)]
modify ecdsatest to use accessor
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:51:04 +0000 (18:51 +0000)]
Add ECDSA_SIG accessor.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:39:07 +0000 (18:39 +0000)]
move ECDSA_SIG prototypes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:33:42 +0000 (18:33 +0000)]
make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:29:41 +0000 (18:29 +0000)]
extend EC_KEY_METHOD for signing support
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:19:32 +0000 (18:19 +0000)]
adapt ossl_ecdsa.c to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 18:18:18 +0000 (18:18 +0000)]
move ECDSA_SIG definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 16:48:36 +0000 (16:48 +0000)]
Move ECDSA implementation to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 27 Oct 2015 16:45:47 +0000 (16:45 +0000)]
Move ECDSA_SIG ASN.1 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 25 Oct 2015 13:09:50 +0000 (13:09 +0000)]
Add set methods.
Add set_group, set_public and set_private methods. An EC_KEY_METHOD can use
these to perform any appropriate operation when the key components are set,
such as caching data in some more convenient ENGINE specific format or
returning an error if the parameters are invalid or the operation is
not supported.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Fri, 23 Oct 2015 18:19:57 +0000 (19:19 +0100)]
EC_KEY_METHOD copy support
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Fri, 23 Oct 2015 18:10:24 +0000 (19:10 +0100)]
EC_KEY_METHOD init and finish support
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Fri, 23 Oct 2015 17:46:58 +0000 (18:46 +0100)]
ENGINE fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 18:22:53 +0000 (19:22 +0100)]
remove ECDH from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 15:17:50 +0000 (16:17 +0100)]
remove ECDH_METHOD typedef
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 18:02:49 +0000 (19:02 +0100)]
remove ecdh.h header
Remove redundant ecdh.h header and any references to it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 17:59:32 +0000 (18:59 +0100)]
remove ECDH error loading
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 17:54:49 +0000 (18:54 +0100)]
Remove crypto/ecdh update Makefile.org
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 15:17:50 +0000 (16:17 +0100)]
remove ECDH_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 17:51:25 +0000 (18:51 +0100)]
make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 17:48:59 +0000 (18:48 +0100)]
Add compute key support to EC_KEY_METHOD
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 17:47:11 +0000 (18:47 +0100)]
Adapt ecdh_compute_key
Rename ecdh_compute_key into ossl_ecdh_compute_key and modify it
to use EC error codes. Remove superfluous old ECDH functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 17:35:56 +0000 (18:35 +0100)]
move ECDH implementation to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 14:47:38 +0000 (15:47 +0100)]
Move ECDH_KDF_X9_62 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 22 Oct 2015 13:53:23 +0000 (14:53 +0100)]
EC_KEY_METHOD keygen support.
Add keygen to EC_KEY_METHOD. Redirect EC_KEY_generate_key through
method and set the current EC key generation function as the default.
Reviewed-by: Richard Levitte <levitte@openssl.org>