openssl.git
3 years agoRename sec_mem to mem_sec, like other files.
Rich Salz [Wed, 16 Dec 2015 22:05:20 +0000 (17:05 -0500)]
Rename sec_mem to mem_sec, like other files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agoFix typo.
Rich Salz [Wed, 16 Dec 2015 22:58:32 +0000 (17:58 -0500)]
Fix typo.

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agoProvide better "make depend" warning.
Rich Salz [Thu, 10 Dec 2015 17:31:01 +0000 (12:31 -0500)]
Provide better "make depend" warning.

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoFix no-dgram.
Ben Laurie [Wed, 16 Dec 2015 13:25:07 +0000 (13:25 +0000)]
Fix no-dgram.

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agoRename some BUF_xxx to OPENSSL_xxx
Rich Salz [Wed, 16 Dec 2015 21:12:24 +0000 (16:12 -0500)]
Rename some BUF_xxx to OPENSSL_xxx

Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agofix for no-ec
Dr. Stephen Henson [Wed, 16 Dec 2015 14:45:40 +0000 (14:45 +0000)]
fix for no-ec

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agomake update
Dr. Stephen Henson [Wed, 16 Dec 2015 13:21:52 +0000 (13:21 +0000)]
make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoUse EVP_PKEY for client side EC.
Dr. Stephen Henson [Mon, 14 Dec 2015 00:33:33 +0000 (00:33 +0000)]
Use EVP_PKEY for client side EC.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoUse EVP_PKEY for server EC.
Dr. Stephen Henson [Sun, 13 Dec 2015 13:41:32 +0000 (13:41 +0000)]
Use EVP_PKEY for server EC.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoAdd ECDH/DH utility functions.
Dr. Stephen Henson [Tue, 15 Dec 2015 18:15:16 +0000 (18:15 +0000)]
Add ECDH/DH utility functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoremove unnecessary key copy
Dr. Stephen Henson [Sun, 13 Dec 2015 00:18:31 +0000 (00:18 +0000)]
remove unnecessary key copy

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoConstify EC_KEY in ECDH_compute_key.
Dr. Stephen Henson [Sun, 13 Dec 2015 00:11:42 +0000 (00:11 +0000)]
Constify EC_KEY in ECDH_compute_key.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoRemove ECDH client auth code.
Dr. Stephen Henson [Sat, 12 Dec 2015 17:41:18 +0000 (17:41 +0000)]
Remove ECDH client auth code.

Remove incomplete non-functional ECDH client authentication code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoRemove SSL_OP_SINGLE_ECDH_USE code.
Dr. Stephen Henson [Sat, 12 Dec 2015 14:00:01 +0000 (14:00 +0000)]
Remove SSL_OP_SINGLE_ECDH_USE code.

Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is
redundant. Simplify associated code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoUse EC_KEY_key2buf and EC_oct2key in libssl.
Dr. Stephen Henson [Sat, 12 Dec 2015 01:13:42 +0000 (01:13 +0000)]
Use EC_KEY_key2buf and EC_oct2key in libssl.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoNew EC functions.
Dr. Stephen Henson [Sat, 12 Dec 2015 01:04:25 +0000 (01:04 +0000)]
New EC functions.

New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.

New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix build on Solaris
Matt Caswell [Tue, 15 Dec 2015 23:35:31 +0000 (23:35 +0000)]
Fix build on Solaris

Solaris builds were failing during async compilation because the .o files
created from compiling the corresponding .c files held in async/arch were
ending up in the top level async directory. Consequently the link fails
because it can't find the .o files.

Thanks to Richard Levitte for pointing me in the right direction on this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix updating via mkdef.pl
Matt Caswell [Tue, 15 Dec 2015 13:06:26 +0000 (13:06 +0000)]
Fix updating via mkdef.pl

The previous commit introduced a new file format for ssleay.num and
libeay.num, i.e. the introduction of a version field. Therefore the update
capability in mkdef.pl needs updating to take account of the new format.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoDon't export internal symbols
Matt Caswell [Mon, 14 Dec 2015 09:22:58 +0000 (09:22 +0000)]
Don't export internal symbols

On Linux when creating the .so file we were exporting all symbols. We should
only be exporting public symbols. This commit fixes the issue. It is only
applicable to linux currently although the same technique may work for other
platforms (e.g. Solaris should work the same way).

This also adds symbol version information to our exported symbols.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoBetter splitting regexp for test_ordinals
Richard Levitte [Tue, 15 Dec 2015 15:54:22 +0000 (16:54 +0100)]
Better splitting regexp for test_ordinals

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoRemove GMP engine.
Rich Salz [Mon, 14 Dec 2015 18:34:14 +0000 (13:34 -0500)]
Remove GMP engine.

Reviewed-by: Ben Laurie <ben@openssl.org>
3 years agoFix s_server problem with no-ec
Matt Caswell [Tue, 15 Dec 2015 10:43:44 +0000 (10:43 +0000)]
Fix s_server problem with no-ec

s_server was trying to set the ECDH curve when no-ec was defined. This also
highlighted the fact that the -no_ecdhe option to s_server is broken, and
doesn't make any sense any more (ECDHE is on by default and the only way it
can be disabled is through the cipherstring). Therefore this commit removes
the option.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoFix no-psk compile failure
Matt Caswell [Mon, 14 Dec 2015 09:58:55 +0000 (09:58 +0000)]
Fix no-psk compile failure

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agoFix compile failure with no-srp
Matt Caswell [Mon, 14 Dec 2015 09:57:06 +0000 (09:57 +0000)]
Fix compile failure with no-srp

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agoUpdate EVP_PKEY documentation.
Dr. Stephen Henson [Mon, 14 Dec 2015 18:10:16 +0000 (18:10 +0000)]
Update EVP_PKEY documentation.

Add EVP_PKEY_up_ref() documentation and fix various typos.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agomake update
Dr. Stephen Henson [Mon, 14 Dec 2015 14:15:45 +0000 (14:15 +0000)]
make update

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agoNew function X509_get0_pubkey
Dr. Stephen Henson [Mon, 14 Dec 2015 13:13:32 +0000 (13:13 +0000)]
New function X509_get0_pubkey

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agoAdd EVP_PKEY_get0_* functions.
Dr. Stephen Henson [Sun, 13 Dec 2015 17:57:01 +0000 (17:57 +0000)]
Add EVP_PKEY_get0_* functions.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agoExtend EVP_PKEY_copy_parameters()
Dr. Stephen Henson [Sun, 13 Dec 2015 17:28:40 +0000 (17:28 +0000)]
Extend EVP_PKEY_copy_parameters()

Make EVP_PKEY_copy_parameters() work if the destination has no type
(e.g. if obtained from EVP_PKEY_new()) or the underlying key is NULL.
This is useful where we want to copy the parameters from an existing
key to a new key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agoFix a ** 0 mod 1 = 0 for real this time.
Emilia Kasper [Mon, 14 Dec 2015 15:38:15 +0000 (16:38 +0100)]
Fix a ** 0 mod 1 = 0 for real this time.

Commit 2b0180c37fa6ffc48ee40caa831ca398b828e680 attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.

Thanks to Hanno Boeck for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
3 years agocrpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc.
Andy Polyakov [Fri, 13 Nov 2015 23:16:37 +0000 (00:16 +0100)]
crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agocrypto/ppccap.c: add SIGILL-free processor capability detection code.
Andy Polyakov [Fri, 13 Nov 2015 23:10:19 +0000 (00:10 +0100)]
crypto/ppccap.c: add SIGILL-free processor capability detection code.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoadd malloc fail check & fix memory leak
Hongze Zhu [Mon, 14 Dec 2015 09:38:56 +0000 (17:38 +0800)]
add malloc fail check & fix memory leak

Signed-off-by: Hongze Zhu <hongze.zhu@gmail.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoFix erroneous SO suffix in darwin64-debug-test-64-clang target
Viktor Dukhovni [Mon, 14 Dec 2015 01:30:16 +0000 (20:30 -0500)]
Fix erroneous SO suffix in darwin64-debug-test-64-clang target

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix typo
Ben Kaduk [Mon, 14 Dec 2015 03:02:52 +0000 (22:02 -0500)]
Fix typo

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix option value parsing in crl2pkcs7 -certfile
Viktor Dukhovni [Mon, 14 Dec 2015 01:25:16 +0000 (20:25 -0500)]
Fix option value parsing in crl2pkcs7 -certfile

Reviewed-by: Rich Saltz <rsalz@openssl.org>
3 years agoAvoid erroneous "assert(private)" failures.
Viktor Dukhovni [Sun, 13 Dec 2015 07:51:44 +0000 (02:51 -0500)]
Avoid erroneous "assert(private)" failures.

When processing a public key input via "-pubin", "private" was
sometimes erroneously set, or else not set and incorrectly asserted.

Reviewed-by: Rich salz <rsalz@openssl.org>
3 years agox86_64 assembly pack: tune clang version detection even further.
Andy Polyakov [Mon, 7 Dec 2015 21:59:11 +0000 (22:59 +0100)]
x86_64 assembly pack: tune clang version detection even further.

RT#4171

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoConfigure: add framework for ChaCha and Poly1305 assembly.
Andy Polyakov [Sat, 12 Dec 2015 11:29:37 +0000 (12:29 +0100)]
Configure: add framework for ChaCha and Poly1305 assembly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoConfigure: 'reconf' to respect CROSS_COMPILE and CC.
Andy Polyakov [Sat, 12 Dec 2015 11:23:41 +0000 (12:23 +0100)]
Configure: 'reconf' to respect CROSS_COMPILE and CC.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoDon't use EC when no-ec.
Ben Laurie [Sun, 13 Dec 2015 15:07:54 +0000 (15:07 +0000)]
Don't use EC when no-ec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoRemove no longer existant structure member and direct references to EVP_MD_CTX internals.
Ben Laurie [Sun, 13 Dec 2015 05:51:03 +0000 (05:51 +0000)]
Remove no longer existant structure member and direct references to EVP_MD_CTX internals.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix (incorrect) uninitialised variable warning.
Ben Laurie [Sun, 13 Dec 2015 09:34:36 +0000 (09:34 +0000)]
Fix (incorrect) uninitialised variable warning.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agofix warning
Dr. Stephen Henson [Sun, 13 Dec 2015 03:01:26 +0000 (03:01 +0000)]
fix warning

Reviewed-by: Ben Laurie <ben@openssl.org>
3 years agoremove ancient SSLeay bug workaround
Dr. Stephen Henson [Sat, 12 Dec 2015 18:39:38 +0000 (18:39 +0000)]
remove ancient SSLeay bug workaround

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoAllow ChaCha20-Poly1305 in DTLS
tjmao [Fri, 11 Dec 2015 19:48:09 +0000 (14:48 -0500)]
Allow ChaCha20-Poly1305 in DTLS

GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoRevert "Allow ChaCha20-Poly1305 in DTLS"
Rich Salz [Sun, 13 Dec 2015 00:28:31 +0000 (19:28 -0500)]
Revert "Allow ChaCha20-Poly1305 in DTLS"

This reverts commit 777f482d993322d69025014bf1b99c270c978fc0.
Author credit missing.  Reverting this and re-committing with
an Author line.

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoUse SHA256 not MD5 as default digest.
Rich Salz [Sun, 13 Dec 2015 00:25:25 +0000 (19:25 -0500)]
Use SHA256 not MD5 as default digest.

(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agoSupport ccache.
Ben Laurie [Sat, 12 Dec 2015 13:33:20 +0000 (13:33 +0000)]
Support ccache.

Reviewed-by: Tim Hudson <tjh@openssl.org>
3 years agoFix compile failure with no-threads
Matt Caswell [Sat, 12 Dec 2015 14:26:22 +0000 (14:26 +0000)]
Fix compile failure with no-threads

The async code was causing a compile failure if no-threads was used.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoAdd extension utility documentation.
Dr. Stephen Henson [Fri, 11 Dec 2015 02:59:10 +0000 (02:59 +0000)]
Add extension utility documentation.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoadd X509_up_ref() documentation
Dr. Stephen Henson [Fri, 11 Dec 2015 00:36:06 +0000 (00:36 +0000)]
add X509_up_ref() documentation

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoextension documentation
Dr. Stephen Henson [Thu, 10 Dec 2015 19:13:57 +0000 (19:13 +0000)]
extension documentation

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agoUse OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1
Kurt Roeckx [Sat, 12 Dec 2015 10:12:22 +0000 (11:12 +0100)]
Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix compile failure
Matt Caswell [Fri, 11 Dec 2015 22:18:00 +0000 (22:18 +0000)]
Fix compile failure

Fix compile failure introduced by commit 94d61512360c due to a typo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoevp/e_chacha20_poly1305.c: TLS interop fixes.
Andy Polyakov [Thu, 10 Dec 2015 20:53:01 +0000 (21:53 +0100)]
evp/e_chacha20_poly1305.c: TLS interop fixes.

Thanks to: David Benjamin of Chromuim.

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoConfigurations/10-main.conf: fix typos in mingw/cygwin configs.
Andy Polyakov [Thu, 10 Dec 2015 19:07:22 +0000 (20:07 +0100)]
Configurations/10-main.conf: fix typos in mingw/cygwin configs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoAllow ChaCha20-Poly1305 in DTLS
Rich Salz [Fri, 11 Dec 2015 19:48:09 +0000 (14:48 -0500)]
Allow ChaCha20-Poly1305 in DTLS

GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoMake no-dh work, plus other no-dh problems found by Richard.
Ben Laurie [Sat, 12 Sep 2015 16:17:33 +0000 (17:17 +0100)]
Make no-dh work, plus other no-dh problems found by Richard.

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agomake update, missed file
Richard Levitte [Fri, 11 Dec 2015 17:07:05 +0000 (18:07 +0100)]
make update, missed file

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoUse SHA256 not MD5 as default digest.
Rich Salz [Sat, 13 Jun 2015 21:03:39 +0000 (17:03 -0400)]
Use SHA256 not MD5 as default digest.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
3 years agomake update
Richard Levitte [Fri, 11 Dec 2015 15:16:32 +0000 (16:16 +0100)]
make update

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoAdapt EVP tests to the opaque EVP_ENCODE_CTX
Richard Levitte [Fri, 11 Dec 2015 15:10:53 +0000 (16:10 +0100)]
Adapt EVP tests to the opaque EVP_ENCODE_CTX

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoAdapt PEM routines to the opaque EVP_ENCODE_CTX
Richard Levitte [Fri, 11 Dec 2015 15:10:38 +0000 (16:10 +0100)]
Adapt PEM routines to the opaque EVP_ENCODE_CTX

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoAdapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
Richard Levitte [Fri, 11 Dec 2015 15:09:52 +0000 (16:09 +0100)]
Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoMake EVP_ENCODE_CTX opaque
Richard Levitte [Fri, 11 Dec 2015 15:07:48 +0000 (16:07 +0100)]
Make EVP_ENCODE_CTX opaque

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoFix OCB link
Matt Caswell [Thu, 10 Dec 2015 16:58:50 +0000 (16:58 +0000)]
Fix OCB link

The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoSupport the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Rob Stradling [Fri, 4 Dec 2015 14:35:43 +0000 (14:35 +0000)]
Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
GH: #495, MR: #1435

3 years agoRestore full support for EVP_CTX_create() etc.
Viktor Dukhovni [Thu, 10 Dec 2015 05:44:00 +0000 (00:44 -0500)]
Restore full support for EVP_CTX_create() etc.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoPrepare for 1.1.0-pre2-dev
Matt Caswell [Thu, 10 Dec 2015 14:24:22 +0000 (14:24 +0000)]
Prepare for 1.1.0-pre2-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoPrepare for 1.1.0-pre1 release OpenSSL_1_1_0-pre1
Matt Caswell [Thu, 10 Dec 2015 14:23:10 +0000 (14:23 +0000)]
Prepare for 1.1.0-pre1 release

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoOpenSSL 1.1.0 is now in pre release
Matt Caswell [Thu, 10 Dec 2015 14:21:59 +0000 (14:21 +0000)]
OpenSSL 1.1.0 is now in pre release

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agomake update
Matt Caswell [Thu, 10 Dec 2015 14:21:59 +0000 (14:21 +0000)]
make update

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoDon't run rehash as part of building the openssl app
Richard Levitte [Thu, 10 Dec 2015 14:03:52 +0000 (15:03 +0100)]
Don't run rehash as part of building the openssl app

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoUpdate CHANGES and NEWS for alpha release
Matt Caswell [Thu, 10 Dec 2015 13:04:39 +0000 (13:04 +0000)]
Update CHANGES and NEWS for alpha release

Misc updates to the CHANGES and NEWS files ready for the alpha release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoEnsure |rwstate| is set correctly on BIO_flush
Matt Caswell [Wed, 4 Nov 2015 11:20:50 +0000 (11:20 +0000)]
Ensure |rwstate| is set correctly on BIO_flush

A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix DTLS handshake fragment retries
Matt Caswell [Tue, 3 Nov 2015 14:45:07 +0000 (14:45 +0000)]
Fix DTLS handshake fragment retries

If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoevp/e_aes.c: wire hardware-assisted block function to OCB.
Andy Polyakov [Tue, 8 Dec 2015 18:46:28 +0000 (19:46 +0100)]
evp/e_aes.c: wire hardware-assisted block function to OCB.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agox86[_64] assembly pack: add optimized AES-NI OCB subroutines.
Andy Polyakov [Wed, 2 Dec 2015 13:27:23 +0000 (14:27 +0100)]
x86[_64] assembly pack: add optimized AES-NI OCB subroutines.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoFix mkfiles for new directories
Matt Caswell [Thu, 10 Dec 2015 11:37:03 +0000 (11:37 +0000)]
Fix mkfiles for new directories

Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.

Reviewed-by: Andy Polyakov <appro@openssl.org>
3 years agoAdd a return value check
Matt Caswell [Wed, 11 Nov 2015 10:44:07 +0000 (10:44 +0000)]
Add a return value check

If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agomodes/ocb128.c: fix overstep.
Andy Polyakov [Wed, 2 Dec 2015 13:26:03 +0000 (14:26 +0100)]
modes/ocb128.c: fix overstep.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agomake update.
Andy Polyakov [Wed, 9 Dec 2015 23:03:06 +0000 (00:03 +0100)]
make update.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoConfigure: make no-chacha and no-poly1305 work.
Andy Polyakov [Wed, 9 Dec 2015 22:02:11 +0000 (23:02 +0100)]
Configure: make no-chacha and no-poly1305 work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoWire ChaCha20-Poly1305 to TLS.
Andy Polyakov [Wed, 9 Dec 2015 20:47:00 +0000 (21:47 +0100)]
Wire ChaCha20-Poly1305 to TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoevp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
Andy Polyakov [Wed, 9 Dec 2015 20:36:19 +0000 (21:36 +0100)]
evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agotest/evp_test.c: allow generic AEAD ciphers to be tested.
Andy Polyakov [Wed, 9 Dec 2015 20:35:30 +0000 (21:35 +0100)]
test/evp_test.c: allow generic AEAD ciphers to be tested.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agocrypto/evp: add e_chacha20_poly1305.c.
Andy Polyakov [Wed, 9 Dec 2015 20:30:56 +0000 (21:30 +0100)]
crypto/evp: add e_chacha20_poly1305.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoevp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
Andy Polyakov [Wed, 9 Dec 2015 20:18:00 +0000 (21:18 +0100)]
evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.

In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoAdd ChaCha20-Poly1305 and ChaCha20 NIDs.
Andy Polyakov [Wed, 9 Dec 2015 20:15:28 +0000 (21:15 +0100)]
Add ChaCha20-Poly1305 and ChaCha20 NIDs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoAdd reference ChaCha20 and Poly1305 implementations.
Andy Polyakov [Wed, 9 Dec 2015 20:11:49 +0000 (21:11 +0100)]
Add reference ChaCha20 and Poly1305 implementations.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
3 years agomake default_ec_key_meth static
Dr. Stephen Henson [Thu, 10 Dec 2015 03:58:31 +0000 (03:58 +0000)]
make default_ec_key_meth static

Reviewed-by: Rich Salz <rsalz@openssl.org>
3 years agoremove deleted directories from mkfiles.pl
Dr. Stephen Henson [Wed, 9 Dec 2015 23:51:13 +0000 (23:51 +0000)]
remove deleted directories from mkfiles.pl

Reviewed-by: Matt Caswell <matt@openssl.org>
3 years agoFix warnings about unused variables when EC is disabled.
Richard Levitte [Wed, 9 Dec 2015 22:59:04 +0000 (23:59 +0100)]
Fix warnings about unused variables when EC is disabled.

Reviewed-by: Stephen Henson <steve@openssl.org>
3 years agoMove the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
Richard Levitte [Wed, 9 Dec 2015 22:56:57 +0000 (23:56 +0100)]
Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h

Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled.  This is the same as has been done for DH, DSA, RSA
and more...

Reviewed-by: Stephen Henson <steve@openssl.org>
3 years agoadd CHANGES and NEWS entry
Dr. Stephen Henson [Wed, 9 Dec 2015 13:41:44 +0000 (13:41 +0000)]
add CHANGES and NEWS entry

Todo: update documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoremove ECDSA error line
Dr. Stephen Henson [Wed, 9 Dec 2015 16:12:46 +0000 (16:12 +0000)]
remove ECDSA error line

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoadd compatibility headers
Dr. Stephen Henson [Wed, 9 Dec 2015 13:49:41 +0000 (13:49 +0000)]
add compatibility headers

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoUse NULL comparison
Dr. Stephen Henson [Wed, 9 Dec 2015 13:10:36 +0000 (13:10 +0000)]
Use NULL comparison

Reviewed-by: Richard Levitte <levitte@openssl.org>
3 years agoadd block comment
Dr. Stephen Henson [Wed, 9 Dec 2015 00:27:10 +0000 (00:27 +0000)]
add block comment

Reviewed-by: Richard Levitte <levitte@openssl.org>