wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10613 commits 20 branches 302 tags 153 MiB
Commit graph

10613 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
3495842bb0 Prevent use of RSA+MD5 in TLS 1.2 by default. 
Removing RSA+MD5 from the default signature algorithm list
prevents its use by default.

If a broken implementation attempts to use RSA+MD5 anyway the sanity
checking of signature algorithms will cause a fatal alert.
(cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)
 2013-10-20 22:07:33 +01:00
Ben Laurie
face65dab8 Add clang debug target. 2013-10-20 13:23:14 +01:00
Andy Polyakov
e41a49c625 PPC assembly pack: make new .size directives profiler-friendly. 
Suggested by: Anton Blanchard
(cherry picked from commit 76c15d790e)
 2013-10-15 23:42:18 +02:00
Dr. Stephen Henson
3a55a42bff Add brainpool curves to NID table too. 
(cherry picked from commit 6699cb8491)
 2013-10-15 12:09:54 +01:00
Dr. Stephen Henson
72550c52ed Fix warning. 
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
 2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
a9d0c56de1 Add test vectors from RFC7027 
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
 2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
469bcb0c24 RFC7027 (Brainpool for TLS) support. 
(cherry picked from commit 695e8c36528f9c3275f5f56e9633ac6a0c11f2e3)
 2013-10-15 11:33:58 +01:00
Andy Polyakov
43ce9cdde9 PPC assembly pack: update from master branch. 
Includes multiple updates: AES module to comply with more ABI
flavors, SHA512 for PPC32, .size directives.
 2013-10-15 00:31:45 +02:00
Andy Polyakov
011f89893c Add support for Cygwin-x86_64. 
PR: 3110
Submitted by Corinna Vinschen.
(cherry picked from commit b3ef742cbb)
 2013-10-14 16:59:05 +02:00
Andy Polyakov
958608ca1c Initial aarch64 bits. 
(cherry picked from commit 039081b809)
 2013-10-13 19:24:22 +02:00
Andy Polyakov
1aecb23f5b MIPS assembly pack: get rid of deprecated instructions. 
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit 0c2adb0a9b)
 2013-10-13 13:18:21 +02:00
Andy Polyakov
9ed6fba2b4 aes/asm/bsaes-x86_64.pl: update from master. 
Performance improvement and Windows-specific bugfix (PR#3139).
 2013-10-12 21:47:54 +02:00
Andy Polyakov
df5c435c0b bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache]. 
(cherry picked from commit fa104be35e)
 2013-10-10 23:09:54 +02:00
Ben Laurie
1ebaf97c44 Constification. 2013-10-07 12:44:40 +01:00
Ben Laurie
c8c6914aac Merge branch 'OpenSSL_1_0_2-stable' into pre-aead 2013-10-05 21:20:24 +01:00
Andy Polyakov
c99028f252 evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. 
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)
 2013-10-05 21:09:50 +01:00
Andy Polyakov
90d8c5862b perlasm/sparcv9_modes.pl: make it work even with seasoned perl. 
PR: 3130
(cherry picked from commit 6b2cae0c16)
 2013-10-05 21:09:39 +01:00
Ben Laurie
2d5dd00f9e Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead 2013-10-04 12:59:03 +01:00
Ben Laurie
cb52183836 Tidy. 2013-10-04 12:58:08 +01:00
Ben Laurie
ab3b624b0c Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead 2013-10-04 12:48:24 +01:00
Ben Laurie
7c81de9a91 Make it build and test. 2013-10-03 19:02:58 +01:00
Andy Polyakov
4dfac659ff evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. 
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)
 2013-10-03 10:57:45 +02:00
Andy Polyakov
66e0f9db08 perlasm/sparcv9_modes.pl: make it work even with seasoned perl. 
PR: 3130
(cherry picked from commit 6b2cae0c16)
 2013-10-03 10:45:36 +02:00
Adam Langley
a2eef41993 AEAD Tests. 
Add tests for AEAD functions: AES-128-GCM, AES-256-GCM and
ChaCha20+Poly1305.
 2013-10-01 15:34:44 -04:00
Adam Langley
9a8646510b chacha20poly1305 
Add support for Chacha20 + Poly1305.
 2013-10-01 14:59:22 -04:00
Adam Langley
fa03d0117a Use AEAD for AES-GCM. 
Switches AES-GCM ciphersuites to use AEAD interfaces.
 2013-10-01 13:09:12 -04:00
Adam Langley
03614034e9 AEAD support in ssl/ 
This change allows AEADs to be used in ssl/ to implement SSL/TLS
ciphersuites.
 2013-10-01 12:49:50 -04:00
Adam Langley
444b1d416b AEAD support. 
This change adds an AEAD interface to EVP and an AES-GCM implementation
suitable for use in TLS.
 2013-10-01 12:30:52 -04:00
Adam Langley
4055ca1f9e Rework tls1_change_cipher_state. 
The previous version of the function made adding AEAD changes very
difficult. This change should be a semantic no-op - it should be purely
a cleanup.
 2013-10-01 11:31:30 -04:00
Ben Laurie
7a216dfee5 Constification. 2013-10-01 14:51:04 +01:00
Dr. Stephen Henson
a78b21fc67 Update cms docs. 
(cherry picked from commit dfcb42c68e)
 2013-10-01 14:01:19 +01:00
Ben Laurie
a808002bc3 Correctly test for no-ec. 
(cherry picked from commit d5605699a1)
 2013-10-01 14:01:19 +01:00
Dr. Stephen Henson
2fc368c111 Don't run ECDH CMS tests if EC disabled. 
(cherry picked from commit b85f8afe37)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
6ed3af7d50 Add X9.42 DH test. 
(cherry picked from commit bbc098ffb3)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
d037e0d30c New CMS tests. 
Add some ECDH CMS tests.
(cherry picked from commit 5cdc25a754)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
51cb950904 Add X9.42 DH certificate to S/MIME test 
(cherry picked from commit 75787fd833)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
4bfa88bb4c Scripts to recreate S/MIME test certificates. 
Add a script to generate keys and certificates for the S/MIME and CMS
tests.

Update certificates and add EC examples.
(cherry picked from commit a0957d5505)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
9d1e475db6 Custom key wrap option for cms utility. 
(cherry picked from commit 5711885a2b)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
3e792793f6 add cofactor ECDH support from fips branch 
(cherry picked from commit a3a2e3a43d)
 2013-10-01 14:01:18 +01:00
Ben Laurie
ac5cb33356 Fix compile errors. 
(cherry picked from commit a0aaa5660a)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
aaf74259ec CMS RFC2631 X9.42 DH enveloped data support. 
(cherry picked from commit bd59f2b91d)

Conflicts:

	crypto/dh/dh.h
	crypto/dh/dh_err.c

Sync error codes with 1.0.1.
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
ecf9ceb90d Minor optimisation to KDF algorithm. 
Don't need to use temporary buffer if remaining length equals digest length.
(cherry picked from commit 3f6b6f0b8c)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
5c4ff8ad37 Add KDF for DH. 
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
dc427fc8e2 Return correct enveloped data type in ASN1 methods. 
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
(cherry picked from commit 41b920ef01)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
e1e6c4dae7 Algorithm parameter support. 
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
1747fd1cc6 Add support for ECDH KARI. 
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
(cherry picked from commit 88e20b8584)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
a119822b90 Add support for X9.62 KDF. 
Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5dbc)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
8c798690ce CMS support for key agreeement recipient info. 
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
ea6bf26657 Add new CMS tests. 
Add new tests to cms-test.pl covering PSS and OAEP.
(cherry picked from commit 32b18e0338)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
4a26fd6e3b Add -keyopt option to cms utility. 
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
(cherry picked from commit 02498cc885)
 2013-10-01 14:01:18 +01:00