openssl.git
6 years agoMerge remote-tracking branch 'trevp/pemfix' into trev-pem-fix
Ben Laurie [Fri, 20 Sep 2013 13:39:33 +0000 (14:39 +0100)]
Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix

6 years agoMore diagnostics for invalid OIDs.
Ben Laurie [Fri, 20 Sep 2013 13:38:02 +0000 (14:38 +0100)]
More diagnostics for invalid OIDs.

6 years agoaes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
Andy Polyakov [Fri, 20 Sep 2013 11:22:57 +0000 (13:22 +0200)]
aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.

Submitted by: Ard Biesheuvel

6 years agoAdd functions to set ECDSA_METHOD structure.
Dr. Stephen Henson [Tue, 17 Sep 2013 23:50:15 +0000 (00:50 +0100)]
Add functions to set ECDSA_METHOD structure.

Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.

6 years agoFix error code clashes.
Dr. Stephen Henson [Wed, 18 Sep 2013 00:02:35 +0000 (01:02 +0100)]
Fix error code clashes.

6 years agoDTLS version usage fixes.
Dr. Stephen Henson [Tue, 17 Sep 2013 17:10:37 +0000 (18:10 +0100)]
DTLS version usage fixes.

Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.

Tolerate different version numbers if version hasn't been negotiated
yet.

6 years agoMove change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.
Bodo Moeller [Tue, 17 Sep 2013 08:06:34 +0000 (10:06 +0200)]
Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.
(This went into 1.0.2 too, so it's not actually a change
between 1.0.x and 1.1.0.)

6 years agoMove the change note for partial chain verification: this is code from
Bodo Moeller [Tue, 17 Sep 2013 07:48:23 +0000 (09:48 +0200)]
Move the change note for partial chain verification: this is code from
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added
to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and
thus not a change "between 1.0.2 and 1.1.0".

6 years agoRedo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
Trevor Perrin [Sat, 14 Sep 2013 01:31:48 +0000 (18:31 -0700)]
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.

6 years agoSync CHANGES and NEWS files.
Bodo Moeller [Mon, 16 Sep 2013 12:55:03 +0000 (14:55 +0200)]
Sync CHANGES and NEWS files.

(Various changes from the master branch are now in the 1.0.2 branch too.)

6 years ago Fix overly lenient comparisons:
Bodo Moeller [Mon, 16 Sep 2013 10:59:21 +0000 (12:59 +0200)]
Fix overly lenient comparisons:

    - EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

6 years agocrypto/armcap.c: fix typo in rdtsc subroutine.
Andy Polyakov [Sun, 15 Sep 2013 20:07:49 +0000 (22:07 +0200)]
crypto/armcap.c: fix typo in rdtsc subroutine.

PR: 3125
Submitted by: Kyle McMartin

6 years agoAdd support for Cygwin-x86_64.
Andy Polyakov [Sun, 15 Sep 2013 19:59:25 +0000 (21:59 +0200)]
Add support for Cygwin-x86_64.

PR: 3110
Submitted by Corinna Vinschen.

6 years agobsaes-armv7.pl: remove partial register operations in CTR subroutine.
Andy Polyakov [Sun, 15 Sep 2013 17:47:51 +0000 (19:47 +0200)]
bsaes-armv7.pl: remove partial register operations in CTR subroutine.

6 years agobsaes-armv7.pl: remove byte order dependency and minor optimization.
Andy Polyakov [Sun, 15 Sep 2013 17:44:43 +0000 (19:44 +0200)]
bsaes-armv7.pl: remove byte order dependency and minor optimization.

6 years agoAdded support for ARM/NEON based bit sliced AES in XTS mode
Ard Biesheuvel [Mon, 5 Aug 2013 11:52:46 +0000 (13:52 +0200)]
Added support for ARM/NEON based bit sliced AES in XTS mode

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
6 years agoUpdate docs to mention "BEGIN SERVERINFO FOR ".
Trevor Perrin [Sat, 14 Sep 2013 02:48:09 +0000 (19:48 -0700)]
Update docs to mention "BEGIN SERVERINFO FOR ".

6 years agoRequire ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"...
Trevor Perrin [Sat, 14 Sep 2013 02:32:55 +0000 (19:32 -0700)]
Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"...

6 years agoRedo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
Trevor Perrin [Sat, 14 Sep 2013 01:31:48 +0000 (18:31 -0700)]
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.

6 years agoUpdate CHANGES.
Rob Stradling [Thu, 12 Sep 2013 21:12:21 +0000 (22:12 +0100)]
Update CHANGES.

6 years agoTidy up comments.
Rob Stradling [Tue, 10 Sep 2013 11:25:57 +0000 (12:25 +0100)]
Tidy up comments.

6 years agoUse TLS version supplied by client when fingerprinting Safari.
Rob Stradling [Tue, 10 Sep 2013 11:21:27 +0000 (12:21 +0100)]
Use TLS version supplied by client when fingerprinting Safari.

6 years agoFix compilation with no-ec and/or no-tlsext.
Rob Stradling [Tue, 10 Sep 2013 11:20:29 +0000 (12:20 +0100)]
Fix compilation with no-ec and/or no-tlsext.

6 years agotypo
Mat [Tue, 13 Aug 2013 12:45:39 +0000 (14:45 +0200)]
typo

6 years agoInitialize next_proto in s_server - resolves incorrect attempts to free
Scott Deboy [Thu, 12 Sep 2013 00:22:00 +0000 (17:22 -0700)]
Initialize next_proto in s_server - resolves incorrect attempts to free

6 years agoConstification.
Ben Laurie [Tue, 10 Sep 2013 16:58:44 +0000 (17:58 +0100)]
Constification.

6 years agocrypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
Andy Polyakov [Mon, 9 Sep 2013 19:43:21 +0000 (21:43 +0200)]
crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.

Avoid occasional up to 8% performance drops.

6 years agocrypto/bn/asm/x86_64-mont.pl: minor optimization.
Andy Polyakov [Mon, 9 Sep 2013 19:40:33 +0000 (21:40 +0200)]
crypto/bn/asm/x86_64-mont.pl: minor optimization.

6 years agoRemove ancient PATENTS section and FAQ reference.
Dr. Stephen Henson [Sun, 8 Sep 2013 20:22:57 +0000 (21:22 +0100)]
Remove ancient PATENTS section and FAQ reference.

6 years agoPartial path fix.
Dr. Stephen Henson [Sun, 8 Sep 2013 18:26:59 +0000 (19:26 +0100)]
Partial path fix.

When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.

6 years agoDocument extension clash.
Dr. Stephen Henson [Sun, 8 Sep 2013 14:07:44 +0000 (15:07 +0100)]
Document extension clash.

6 years agoExperimental encrypt-then-mac support.
Dr. Stephen Henson [Fri, 22 Mar 2013 17:12:33 +0000 (17:12 +0000)]
Experimental encrypt-then-mac support.

Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

For non-compliant peers (i.e. just about everything) this should have no
effect.

6 years agoSet TLS v1.2 disabled mask properly.
Dr. Stephen Henson [Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)]
Set TLS v1.2 disabled mask properly.

6 years agoConst fix.
Ben Laurie [Fri, 6 Sep 2013 13:03:28 +0000 (14:03 +0100)]
Const fix.

6 years agoFree generated supp data after handshake completion, add comment regarding use of...
Scott Deboy [Thu, 1 Aug 2013 18:54:09 +0000 (11:54 -0700)]
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks

6 years agoMore cleanup.
Ben Laurie [Thu, 1 Aug 2013 11:33:15 +0000 (12:33 +0100)]
More cleanup.

6 years agoMake it build.
Ben Laurie [Thu, 1 Aug 2013 10:14:23 +0000 (11:14 +0100)]
Make it build.

6 years agoAdd callbacks supporting generation and retrieval of supplemental data entries, facil...
Scott Deboy [Tue, 18 Jun 2013 21:34:38 +0000 (14:34 -0700)]
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.

6 years agos/recommend/recommended/
Ben Laurie [Thu, 5 Sep 2013 20:43:50 +0000 (21:43 +0100)]
s/recommend/recommended/

6 years agomisspellings fixes by https://github.com/vlajos/misspell_fixer
Veres Lajos [Wed, 12 Jun 2013 23:22:32 +0000 (00:22 +0100)]
misspellings fixes by https://github.com/vlajos/misspell_fixer

6 years agoClean up layout.
Ben Laurie [Thu, 5 Sep 2013 16:28:05 +0000 (17:28 +0100)]
Clean up layout.

6 years agoAdd an "-xmpphost" option to s_client
Carlos Alberto Lopez Perez [Mon, 6 Aug 2012 00:24:51 +0000 (02:24 +0200)]
Add an "-xmpphost" option to s_client

 * Many XMPP servers are configured with multiple domains (virtual hosts)
 * In order to establish successfully the TLS connection you have to specify
   which virtual host you are trying to connect.
 * Test this, for example with ::
   * Fail:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp
   * Works:
       openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com

6 years agoAdd "xmpp" to the list of supported starttls protocols on s_client manpage
Carlos Alberto Lopez Perez [Mon, 6 Aug 2012 00:12:40 +0000 (02:12 +0200)]
Add "xmpp" to the list of supported starttls protocols on s_client manpage

6 years agoFix infinite loop on s_client starttls xmpp
Carlos Alberto Lopez Perez [Mon, 6 Aug 2012 00:00:07 +0000 (02:00 +0200)]
Fix infinite loop on s_client starttls xmpp

 * When the host used in "-connect" is not what the remote XMPP server expects
   the server will return an error like this:
     <stream:error>
       <host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
     </stream:error>
 * But the actual code will stay on the loop forever because the stop condition
   "/stream:features>" will never happen,
 * Make this more robust: The stop condition should be that BIO_read failed
 * Test if for example with ::

    openssl s_client  -connect random.jabb3r.net:5222 -starttls xmpp

6 years agoFix XMPP code detection on s_client starttls xmpp
Carlos Alberto Lopez Perez [Sun, 5 Aug 2012 23:45:51 +0000 (01:45 +0200)]
Fix XMPP code detection on s_client starttls xmpp

 * Some XMPP Servers (OpenFire) use double quotes.
 * This makes s_client starttls work with this servers.
 * Tested with OpenFire servers from http://xmpp.net/ ::

     openssl s_client -connect coderollers.com:5222 -starttls xmpp

6 years agoDon't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
Rob Stradling [Thu, 5 Sep 2013 12:09:03 +0000 (13:09 +0100)]
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.

6 years agoDocument supported curve functions.
Dr. Stephen Henson [Tue, 3 Sep 2013 14:42:40 +0000 (15:42 +0100)]
Document supported curve functions.

6 years agoDocument -force_pubkey option.
Dr. Stephen Henson [Wed, 21 Aug 2013 12:39:27 +0000 (13:39 +0100)]
Document -force_pubkey option.

6 years agoCorrect ECDSA example.
Dr. Stephen Henson [Tue, 20 Aug 2013 15:33:02 +0000 (16:33 +0100)]
Correct ECDSA example.

6 years agoCorrectly test for no-ec.
Ben Laurie [Wed, 21 Aug 2013 03:21:57 +0000 (04:21 +0100)]
Correctly test for no-ec.

6 years agoFix compile errors.
Ben Laurie [Wed, 21 Aug 2013 03:21:42 +0000 (04:21 +0100)]
Fix compile errors.

6 years agoTypo: don't call RAND_cleanup during app startup.
Dr. Stephen Henson [Wed, 12 Jun 2013 20:16:31 +0000 (21:16 +0100)]
Typo: don't call RAND_cleanup during app startup.
(cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)

6 years agoAdd documentation.
Dr. Stephen Henson [Fri, 16 Aug 2013 17:11:29 +0000 (18:11 +0100)]
Add documentation.

Preliminary documentation for chain and verify stores and certificate chain
setting functions.

6 years agoDon't run ECDH CMS tests if EC disabled.
Dr. Stephen Henson [Sat, 17 Aug 2013 16:39:48 +0000 (17:39 +0100)]
Don't run ECDH CMS tests if EC disabled.

6 years agoMake no-ec compilation work.
Dr. Stephen Henson [Sat, 17 Aug 2013 16:40:08 +0000 (17:40 +0100)]
Make no-ec compilation work.

6 years agoReturn 1 when setting ECDH auto mode.
Dr. Stephen Henson [Sat, 17 Aug 2013 13:21:54 +0000 (14:21 +0100)]
Return 1 when setting ECDH auto mode.

6 years agoAdd the server 'hang' issue to the FAQ
Dr. Stephen Henson [Wed, 14 Aug 2013 15:34:17 +0000 (16:34 +0100)]
Add the server 'hang' issue to the FAQ

6 years agoDTLS message_sequence number wrong in rehandshake ServerHello
Michael Tuexen [Tue, 13 Aug 2013 17:53:19 +0000 (18:53 +0100)]
DTLS message_sequence number wrong in rehandshake ServerHello

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.

6 years agoDTLS handshake fix.
Michael Tuexen [Thu, 8 Aug 2013 12:28:55 +0000 (13:28 +0100)]
DTLS handshake fix.

Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.

6 years agoFix for PEM_X509_INFO_read_bio.
Kaspar Brand [Tue, 6 Aug 2013 15:01:47 +0000 (16:01 +0100)]
Fix for PEM_X509_INFO_read_bio.

PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.

6 years agoUpdate cms docs.
Dr. Stephen Henson [Mon, 5 Aug 2013 14:56:01 +0000 (15:56 +0100)]
Update cms docs.

6 years agoAdd X9.42 DH test.
Dr. Stephen Henson [Fri, 2 Aug 2013 14:57:54 +0000 (15:57 +0100)]
Add X9.42 DH test.

6 years agoAdd X9.42 DH certificate to S/MIME test
Dr. Stephen Henson [Fri, 2 Aug 2013 14:51:46 +0000 (15:51 +0100)]
Add X9.42 DH certificate to S/MIME test

6 years agoCMS RFC2631 X9.42 DH enveloped data support.
Dr. Stephen Henson [Sat, 20 Jul 2013 20:31:10 +0000 (21:31 +0100)]
CMS RFC2631 X9.42 DH enveloped data support.

6 years agoAdd KDF for DH.
Dr. Stephen Henson [Tue, 30 Jul 2013 17:05:08 +0000 (18:05 +0100)]
Add KDF for DH.

Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.

6 years agoExtend DH parameter generation support.
Dr. Stephen Henson [Wed, 31 Jul 2013 17:10:16 +0000 (18:10 +0100)]
Extend DH parameter generation support.

Add support for DH parameter generation using DSA methods including
FIPS 186-3.

6 years agoEnhance DH dup functions.
Dr. Stephen Henson [Sat, 20 Jul 2013 20:25:50 +0000 (21:25 +0100)]
Enhance DH dup functions.

Make DHparams_dup work properly with X9.42 DH parameters.

6 years agoIf present print j, seed and counter values for DH
Dr. Stephen Henson [Fri, 2 Aug 2013 13:40:00 +0000 (14:40 +0100)]
If present print j, seed and counter values for DH

6 years agoMinor optimisation to KDF algorithm.
Dr. Stephen Henson [Thu, 1 Aug 2013 14:48:44 +0000 (15:48 +0100)]
Minor optimisation to KDF algorithm.

Don't need to use temporary buffer if remaining length equals digest length.

6 years agoAlgorithm parameter support.
Dr. Stephen Henson [Mon, 5 Aug 2013 14:40:50 +0000 (15:40 +0100)]
Algorithm parameter support.

Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.

6 years agocrypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
Andy Polyakov [Sat, 3 Aug 2013 14:56:58 +0000 (16:56 +0200)]
crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.

Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.

6 years agocrypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
Andy Polyakov [Sat, 3 Aug 2013 14:28:50 +0000 (16:28 +0200)]
crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.

6 years agocrypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI.
Andy Polyakov [Wed, 31 Jul 2013 21:50:15 +0000 (23:50 +0200)]
crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI.

6 years agoVarious custom extension fixes.
Trevor Perrin [Sun, 28 Jul 2013 06:10:14 +0000 (23:10 -0700)]
Various custom extension fixes.

Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.

6 years agoAdd tests for ALPN functionality.
Adam Langley [Mon, 15 Jul 2013 19:57:16 +0000 (15:57 -0400)]
Add tests for ALPN functionality.

Conflicts:
ssl/ssltest.c

6 years agoAdd a no-opt 64-bit target.
Ben Laurie [Fri, 12 Jul 2013 16:23:27 +0000 (17:23 +0100)]
Add a no-opt 64-bit target.

6 years agoSupport ALPN.
Adam Langley [Mon, 15 Apr 2013 22:07:47 +0000 (18:07 -0400)]
Support ALPN.

This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Conflicts:
ssl/ssl3.h
ssl/t1_lib.c

6 years agoMake ecdsatest work with nonces.
Dr. Stephen Henson [Fri, 19 Jul 2013 13:11:43 +0000 (14:11 +0100)]
Make ecdsatest work with nonces.

Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.

Reinstate ecdsatest.

6 years agoTemporarily disable ECDSA test.
Dr. Stephen Henson [Fri, 19 Jul 2013 12:46:48 +0000 (13:46 +0100)]
Temporarily disable ECDSA test.

Disable ECDSA test temporarily: it is incompatible with ECDSA nonces.

6 years agoNew CMS tests.
Dr. Stephen Henson [Wed, 17 Jul 2013 17:20:29 +0000 (18:20 +0100)]
New CMS tests.

Add some ECDH CMS tests.

6 years agoScripts to recreate S/MIME test certificates.
Dr. Stephen Henson [Wed, 17 Jul 2013 15:30:04 +0000 (16:30 +0100)]
Scripts to recreate S/MIME test certificates.

Add a script to generate keys and certificates for the S/MIME and CMS
tests.

Update certificates and add EC examples.

6 years agoCustom key wrap option for cms utility.
Dr. Stephen Henson [Wed, 17 Jul 2013 14:21:31 +0000 (15:21 +0100)]
Custom key wrap option for cms utility.

6 years agoReturn correct enveloped data type in ASN1 methods.
Dr. Stephen Henson [Wed, 17 Jul 2013 14:18:01 +0000 (15:18 +0100)]
Return correct enveloped data type in ASN1 methods.

For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.

6 years agoAdd support for ECDH KARI.
Dr. Stephen Henson [Wed, 17 Jul 2013 14:13:37 +0000 (15:13 +0100)]
Add support for ECDH KARI.

Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.

6 years agoAdd support for X9.62 KDF.
Dr. Stephen Henson [Wed, 17 Jul 2013 14:01:08 +0000 (15:01 +0100)]
Add support for X9.62 KDF.

Add X9.62 KDF to EC EVP_PKEY_METHOD.

6 years agoAdd new OIDs from RFC5753
Dr. Stephen Henson [Wed, 17 Jul 2013 13:54:00 +0000 (14:54 +0100)]
Add new OIDs from RFC5753

Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.

6 years agoCMS support for key agreeement recipient info.
Dr. Stephen Henson [Wed, 17 Jul 2013 13:36:39 +0000 (14:36 +0100)]
CMS support for key agreeement recipient info.

Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.

6 years agoSet CMS EnvelopedData version correctly.
Dr. Stephen Henson [Wed, 10 Jul 2013 17:36:37 +0000 (18:36 +0100)]
Set CMS EnvelopedData version correctly.

6 years agoEVP support for wrapping algorithms.
Dr. Stephen Henson [Wed, 17 Jul 2013 13:05:19 +0000 (14:05 +0100)]
EVP support for wrapping algorithms.

Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt

6 years agoTypo.
Dr. Stephen Henson [Wed, 17 Jul 2013 13:19:40 +0000 (14:19 +0100)]
Typo.

6 years agoAvoid need to change function code.
Dr. Stephen Henson [Wed, 17 Jul 2013 17:05:43 +0000 (18:05 +0100)]
Avoid need to change function code.

Keep original function names for nonce versions so we don't have to change
error function codes.

6 years agoMake `safe' (EC)DSA nonces the default.
Adam Langley [Mon, 15 Jul 2013 11:42:15 +0000 (12:42 +0100)]
Make `safe' (EC)DSA nonces the default.

This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.

In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.

6 years agobn/asm/rsaz-avx2.pl: Windows-specific fix.
Andy Polyakov [Fri, 12 Jul 2013 16:59:17 +0000 (18:59 +0200)]
bn/asm/rsaz-avx2.pl: Windows-specific fix.

6 years agoFix verify loop with CRL checking.
Dr. Stephen Henson [Fri, 12 Jul 2013 16:35:08 +0000 (17:35 +0100)]
Fix verify loop with CRL checking.

PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.

6 years agoClarify FIXME.
Ben Laurie [Fri, 12 Jul 2013 14:03:43 +0000 (15:03 +0100)]
Clarify FIXME.

6 years agoNote non-export of CC.
Ben Laurie [Fri, 12 Jul 2013 13:48:13 +0000 (14:48 +0100)]
Note non-export of CC.

6 years agoSupport new rsaz asm stuff.
Ben Laurie [Fri, 12 Jul 2013 11:48:24 +0000 (12:48 +0100)]
Support new rsaz asm stuff.

6 years agos/rsaz_eligible/rsaz_avx2_eligible/.
Ben Laurie [Fri, 12 Jul 2013 11:47:39 +0000 (12:47 +0100)]
s/rsaz_eligible/rsaz_avx2_eligible/.

6 years agosha512-586.pl: fix typo.
Andy Polyakov [Wed, 10 Jul 2013 07:59:25 +0000 (09:59 +0200)]
sha512-586.pl: fix typo.

Submitted by: Gisle Vanem

6 years agoRemove RSAX engine, superseded by RSAZ module.
Andy Polyakov [Fri, 5 Jul 2013 20:11:28 +0000 (22:11 +0200)]
Remove RSAX engine, superseded by RSAZ module.