Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
(cherry picked from commit 97cf1f6c28)
Conflicts:
CHANGES
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.
This means that the FIPS capable OpenSSL isn't forced to use the
(often lower perfomance) FIPS implementations outside FIPS mode.
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
not implemented. (Bug reported by Martin Szotkowski)
This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.
See crypto/engine/README for details.
- it also removes openbsd_hw.c from the build (that functionality is
going to be available in the openbsd ENGINE in a upcoming commit)
- evp_test has had the extra initialisation added so it will use (if
possible) any ENGINEs supporting the algorithms required.
Change EVP_SealInit() and EVP_OpenInit() to
handle cipher parameters.
Make it possible to set RC2 and RC5 params.
Make RC2 ASN1 code use the effective key bits
and not the key length.
TODO: document how new API works.
Declare ciphers in terms of macros. This reduces
the amount of code and places each block cipher EVP
definition in a single file instead of being spread
over 4 files.
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
