In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal
or inappropriate. Add an "custom_data" field which curves can populate with
a custom structure to suit their needs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add support for optional overrides of various private key operations
in EC_METHOD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
When building with GNU C, clang or VMS C, it's more efficient to
generate dependency file and object file in one call rather than two.
Have the dependency output in a temporary file and compare it with the
previous one if available to see if replacement is waranted, thereby
avoiding unnecessary reconstruction of Makefile / descrip.mms.
Github issue #750
Reviewed-by: Rich Salz <rsalz@openssl.org>
Stack Overflow has a number of questions related to mutual authentication,
the client and its certificate. Those visiting the man pages for functions
like SSL_CTX_use_certificate and SSL_CTX_load_verify_locations don't
receive the benefit of a cross reference to SSL_CTX_set_client_CA_list.
Reviewed-by: Richard Levitte <levitte@openssl.org>
- srtp_profiles variable is defined when building with SRTP, keeping
the variable usage also under ifndef OPENSSL_NO_SRTP
- alpn help option was kept under ifndef OPENSSL_NO_SRTP
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
The INCLUDE statement can handle setting extra include directories for
individual object files, let's use it.
Reviewed-by: Andy Polyakov <appro@openssl.org>
I read the PROBLEMS, and they're outdated; nothing I'd put in the
online FAQ, for example. Test-builds work without using these files.
Had to remove the rehash.time stuff from Makefile.in
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reformat EC_POINT_new.pod and add parentheses to function names.
Clarify the octet form.
Add documentation for EC_POINT_oct2buf().
Reviewed-by: Rich Salz <rsalz@openssl.org>
In EC_KEY_priv2buf(), check for pbuf sanity.
If invoked with NULL, gracefully returns the key length.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
- In error paths, EVP_MD_CTX allocated by the callee is not released.
- Checking method before accessing
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
We are using strcmp() as the cmp_func, where in the EDK2 environment
strcmp actually ends up being the external AsciiStrCmp() function —
an EFI library function defined with the Microsoft ABI.
This means that we can't just assign function pointers to it, since
in GCC-hosted builds the ABI of any function *not* explicitly marked
EFIAPI is the native SysV ABI.
Arguably this stupidity ought to be resolved on the UEFI side, but in
the general case that would mean that we need to provide ABI-compatible
wrappers for *all* the "standard" functions, just in case they're used
like this.
And in fact we already have a workaround here for DEC C. So instead of
playing games with casting function pointers, it's nicer just to use a
simple function to wrap the strcmp() call. That cleans up the DEC C
workaround, *and* it works around the UEFI bogosity at the same time.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
mkdef.pl was issuing the following error:
Use of uninitialized value within %tag in numeric eq (==) at
util/mkdef.pl line 560, <IN> line 92
This was because it was treating a __cplusplus "#ifdef" check as a "tag"
but then skipping over the corresponding "#endif". Therefore after
processing a file it still had "left over" tags from processing the
previous file. It was also getting confused by "#if" checks that didn't
match is pre-defined styles.
Reviewed-by: Richard Levitte <levitte@openssl.org>
