Commit graph

19 commits

Author SHA1 Message Date
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
af17d99245 make EVP_dss() work for DSA signing 2011-06-20 20:05:51 +00:00
Dr. Stephen Henson
fc683d7213 allow SHA384, SHA512 wit DSA 2011-05-08 12:38:35 +00:00
Dr. Stephen Henson
198ce9a611 Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:35:53 +00:00
Dr. Stephen Henson
6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
fc68056917 PR: 2029
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix so that the legacy digest EVP_dss1() still works.
2009-09-02 15:51:19 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
156ee88285 Indicate support for digest init ctrl. 2008-05-02 11:24:40 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Nils Larsch
357d5de5b9 add support for DSA with SHA2 2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
8bdcef40e4 New function to dup EVP_PKEY_CTX. This will be needed to make new signing
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412 Use size_t for new crypto size parameters. 2006-05-24 12:33:46 +00:00
Dr. Stephen Henson
b010b7c434 Use more flexible method of determining output length, by setting &outlen
value of the passed output buffer is NULL.

The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
2006-04-15 18:50:56 +00:00
Dr. Stephen Henson
d87e615209 Add key derivation support. 2006-04-13 12:56:41 +00:00
Dr. Stephen Henson
75ef718820 Support for DSA keygen, fix for genpkey. 2006-04-12 11:14:11 +00:00
Dr. Stephen Henson
c927df3fa1 Initial DSA EVP_PKEY_METHOD. Fixup some error codes. 2006-04-12 10:20:47 +00:00