Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Don't require an application to work out the appropriate buffer size for
ASN1_bn_print(), which is unsafe. Ignore the supplied buffer and allocate
it internally instead.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key
equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert
between the private key octet format and EC_KEY.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Add no-async option to Configure that forces ASYNC_NULL.
Related to RT1979
An embedded system or replacement C library (e.g. musl or uClibc)
may not support the *context APIs that are needed for async operation.
Compiles with musl. Ran unit tests, async tests skipped as expected.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Both getaddrinfo() and getnameinfo() have to be preceeded with a call
to BIO_sock_init().
Also, make sure to give gai_strerror() the actual error code.
Reviewed-by: Stephen Henson <steve@openssl.org>
Those even order that do not play nicely with Montgomery arithmetic
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC,
we can allow it to signal an empty key for convenience.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
The control commands that previously took a struct sockaddr * have
been changed to take a BIO_ADDR * instead.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Because of the way bio_lcl.h is organised, we must not include
internal/cryptlib.h before it. As a matter of fact, bio_lcl.h
includes internal/cryptlib.h on its own.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Because different platforms have different levels of support for IPv6,
different kinds of sockaddr variants, and some have getaddrinfo et al
while others don't, we could end up with a mess if ifdefs, duplicate
code and other maintainance nightmares.
Instead, we're introducing wrappers around the common form for socket
communication:
BIO_ADDR, closely related to struct sockaddr and some of its variants.
BIO_ADDRINFO, closely related to struct addrinfo.
With that comes support routines, both convenient creators and
accessors, plus a few utility functions:
BIO_parse_hostserv, takes a string of the form host:service and
splits it into host and service. It checks for * in both parts, and
converts any [ipv6-address] syntax to ust the IPv6 address.
BIO_lookup, looks up information on a host.
All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and
there is support for local sockets (AF_UNIX) as well.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is
stripped by BN_bn2bin but external callers may have other expectations.
Reviewed-by: Kurt Roeckx<kurt@openssl.org>
Add new function BN_bn2binpad() which checks the length of the output
buffer and pads the result with zeroes if necessary.
New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian
format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
PACKET contents should be read-only. To achieve this, also
- constify two user callbacks
- constify BUF_reverse.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files. They have been generated from the
Makefiles in the same directories. Things that are platform specific
will appear in later commits.
Reviewed-by: Andy Polyakov <appro@openssl.org>
The "unified" build scheme revolves around small information files,
build.info, which each describe their own bit of everything that needs
to be built, using a mini-language described in Configurations/README.
The information in build.info file contain references to source files
and final result. Object files are not mentioned at all, they are
simply from source files. Because of this, all the *_obj items in
Configurations/*.conf are renamed to *_asm_src and the files listed
in the values are change from object files to their corresponding
source files. For the sake of the other build schemes, Configure
generates corresponding *_obj entries in %target.
Furthermore, the "unified" build scheme supports having a build
directory tree separate from the source directry tree.
All paths in a build.info file is assumed to be relative to its
location, either within the source tree or within the build tree.
Reviewed-by: Andy Polyakov <appro@openssl.org>
When auxiliary data contains only reject entries, continue to trust
self-signed objects just as when no auxiliary data is present.
This makes it possible to reject specific uses without changing
what's accepted (and thus overring the underlying EKU).
Added new supported certs and doubled test count from 38 to 76.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).
Added tests and updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
d2i_ECPrivateKey always caculates the public key so there is
no need to caculate it again in eckey_priv_decode().
Reviewed-by: Rich Salz <rsalz@openssl.org>
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
