Steve Marquess
7b112c2766
Remove gratuitous patent references
2013-10-20 22:19:47 +01:00
Dr. Stephen Henson
03ee8c2ed7
Fix no-ssl-trace
2013-10-20 22:07:33 +01:00
Dr. Stephen Henson
3495842bb0
Prevent use of RSA+MD5 in TLS 1.2 by default.
...
Removing RSA+MD5 from the default signature algorithm list
prevents its use by default.
If a broken implementation attempts to use RSA+MD5 anyway the sanity
checking of signature algorithms will cause a fatal alert.
(cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)
2013-10-20 22:07:33 +01:00
Ben Laurie
face65dab8
Add clang debug target.
2013-10-20 13:23:14 +01:00
Andy Polyakov
e41a49c625
PPC assembly pack: make new .size directives profiler-friendly.
...
Suggested by: Anton Blanchard
(cherry picked from commit 76c15d790e
)
2013-10-15 23:42:18 +02:00
Dr. Stephen Henson
3a55a42bff
Add brainpool curves to NID table too.
...
(cherry picked from commit 6699cb8491
)
2013-10-15 12:09:54 +01:00
Dr. Stephen Henson
72550c52ed
Fix warning.
...
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
a9d0c56de1
Add test vectors from RFC7027
...
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
469bcb0c24
RFC7027 (Brainpool for TLS) support.
...
(cherry picked from commit 695e8c36528f9c3275f5f56e9633ac6a0c11f2e3)
2013-10-15 11:33:58 +01:00
Andy Polyakov
43ce9cdde9
PPC assembly pack: update from master branch.
...
Includes multiple updates: AES module to comply with more ABI
flavors, SHA512 for PPC32, .size directives.
2013-10-15 00:31:45 +02:00
Andy Polyakov
011f89893c
Add support for Cygwin-x86_64.
...
PR: 3110
Submitted by Corinna Vinschen.
(cherry picked from commit b3ef742cbb
)
2013-10-14 16:59:05 +02:00
Andy Polyakov
958608ca1c
Initial aarch64 bits.
...
(cherry picked from commit 039081b809
)
2013-10-13 19:24:22 +02:00
Andy Polyakov
1aecb23f5b
MIPS assembly pack: get rid of deprecated instructions.
...
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit 0c2adb0a9b
)
2013-10-13 13:18:21 +02:00
Andy Polyakov
9ed6fba2b4
aes/asm/bsaes-x86_64.pl: update from master.
...
Performance improvement and Windows-specific bugfix (PR#3139).
2013-10-12 21:47:54 +02:00
Andy Polyakov
df5c435c0b
bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
...
(cherry picked from commit fa104be35e
)
2013-10-10 23:09:54 +02:00
Ben Laurie
1ebaf97c44
Constification.
2013-10-07 12:44:40 +01:00
Ben Laurie
c8c6914aac
Merge branch 'OpenSSL_1_0_2-stable' into pre-aead
2013-10-05 21:20:24 +01:00
Andy Polyakov
c99028f252
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
...
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da
)
2013-10-05 21:09:50 +01:00
Andy Polyakov
90d8c5862b
perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
...
PR: 3130
(cherry picked from commit 6b2cae0c16
)
2013-10-05 21:09:39 +01:00
Ben Laurie
2d5dd00f9e
Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead
2013-10-04 12:59:03 +01:00
Ben Laurie
cb52183836
Tidy.
2013-10-04 12:58:08 +01:00
Ben Laurie
ab3b624b0c
Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead
2013-10-04 12:48:24 +01:00
Ben Laurie
7c81de9a91
Make it build and test.
2013-10-03 19:02:58 +01:00
Andy Polyakov
4dfac659ff
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
...
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da
)
2013-10-03 10:57:45 +02:00
Andy Polyakov
66e0f9db08
perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
...
PR: 3130
(cherry picked from commit 6b2cae0c16
)
2013-10-03 10:45:36 +02:00
Adam Langley
a2eef41993
AEAD Tests.
...
Add tests for AEAD functions: AES-128-GCM, AES-256-GCM and
ChaCha20+Poly1305.
2013-10-01 15:34:44 -04:00
Adam Langley
9a8646510b
chacha20poly1305
...
Add support for Chacha20 + Poly1305.
2013-10-01 14:59:22 -04:00
Adam Langley
fa03d0117a
Use AEAD for AES-GCM.
...
Switches AES-GCM ciphersuites to use AEAD interfaces.
2013-10-01 13:09:12 -04:00
Adam Langley
03614034e9
AEAD support in ssl/
...
This change allows AEADs to be used in ssl/ to implement SSL/TLS
ciphersuites.
2013-10-01 12:49:50 -04:00
Adam Langley
444b1d416b
AEAD support.
...
This change adds an AEAD interface to EVP and an AES-GCM implementation
suitable for use in TLS.
2013-10-01 12:30:52 -04:00
Adam Langley
4055ca1f9e
Rework tls1_change_cipher_state.
...
The previous version of the function made adding AEAD changes very
difficult. This change should be a semantic no-op - it should be purely
a cleanup.
2013-10-01 11:31:30 -04:00
Ben Laurie
7a216dfee5
Constification.
2013-10-01 14:51:04 +01:00
Dr. Stephen Henson
a78b21fc67
Update cms docs.
...
(cherry picked from commit dfcb42c68e
)
2013-10-01 14:01:19 +01:00
Ben Laurie
a808002bc3
Correctly test for no-ec.
...
(cherry picked from commit d5605699a1
)
2013-10-01 14:01:19 +01:00
Dr. Stephen Henson
2fc368c111
Don't run ECDH CMS tests if EC disabled.
...
(cherry picked from commit b85f8afe37
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
6ed3af7d50
Add X9.42 DH test.
...
(cherry picked from commit bbc098ffb3
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
d037e0d30c
New CMS tests.
...
Add some ECDH CMS tests.
(cherry picked from commit 5cdc25a754
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
51cb950904
Add X9.42 DH certificate to S/MIME test
...
(cherry picked from commit 75787fd833
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
4bfa88bb4c
Scripts to recreate S/MIME test certificates.
...
Add a script to generate keys and certificates for the S/MIME and CMS
tests.
Update certificates and add EC examples.
(cherry picked from commit a0957d5505
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
9d1e475db6
Custom key wrap option for cms utility.
...
(cherry picked from commit 5711885a2b
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
3e792793f6
add cofactor ECDH support from fips branch
...
(cherry picked from commit a3a2e3a43d
)
2013-10-01 14:01:18 +01:00
Ben Laurie
ac5cb33356
Fix compile errors.
...
(cherry picked from commit a0aaa5660a
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
aaf74259ec
CMS RFC2631 X9.42 DH enveloped data support.
...
(cherry picked from commit bd59f2b91d
)
Conflicts:
crypto/dh/dh.h
crypto/dh/dh_err.c
Sync error codes with 1.0.1.
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
ecf9ceb90d
Minor optimisation to KDF algorithm.
...
Don't need to use temporary buffer if remaining length equals digest length.
(cherry picked from commit 3f6b6f0b8c
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
5c4ff8ad37
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
dc427fc8e2
Return correct enveloped data type in ASN1 methods.
...
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
(cherry picked from commit 41b920ef01
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
e1e6c4dae7
Algorithm parameter support.
...
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
1747fd1cc6
Add support for ECDH KARI.
...
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
(cherry picked from commit 88e20b8584
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
a119822b90
Add support for X9.62 KDF.
...
Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5dbc
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
8c798690ce
CMS support for key agreeement recipient info.
...
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e
)
2013-10-01 14:01:18 +01:00