Commit graph

15356 commits

Author SHA1 Message Date
Dr. Stephen Henson
cda302d94f remove ECDH from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
1e8622297d remove ECDH_METHOD typedef
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
30243c9523 remove ecdh.h header
Remove redundant ecdh.h header and any references to it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
fe74cc0432 remove ECDH error loading
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
d3bcab845e Remove crypto/ecdh update Makefile.org
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
f517ffbb83 remove ECDH_METHOD from ENGINE
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
53e3189d0c make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
a22a7e7089 Add compute key support to EC_KEY_METHOD
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
647b223875 Adapt ecdh_compute_key
Rename ecdh_compute_key into ossl_ecdh_compute_key and modify it
to use EC error codes. Remove superfluous old ECDH functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
168e8374ee move ECDH implementation to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
768c53e1b6 Move ECDH_KDF_X9_62 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
5a6a1029d2 EC_KEY_METHOD keygen support.
Add keygen to EC_KEY_METHOD. Redirect EC_KEY_generate_key through
method and set the current EC key generation function as the default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
d2fa70d82b make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Dr. Stephen Henson
28572b577c Support for EC_KEY_METHOD.
Add EC_KEY_METHOD. This is part of the EC revision and will make EC behave
more like other algorithms. Specifically:

EC_KEY_METHOD is part of EC_KEY.
It is part of ENGINE.
Default or key specific implementations can be provided to redirect some
or all operations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:17 +00:00
Ben Laurie
28cbe2ab4a Link library for backtrace() on BSD...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-09 13:37:30 +00:00
Richard Levitte
23fe34b47a NEWS: Add a bit of precision regarding removal of cipher suites
Suggested by Benjamin Kaduk <bkaduk@akamai.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-09 00:35:58 +01:00
Richard Levitte
6f9a3c37db Additional NEWS
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-08 23:36:18 +01:00
Rich Salz
ab29c82a55 Refer to website for acknowledgements.
Reviewed-by: Steve Marquess <marquess@openssl.com>
2015-12-08 16:07:09 -05:00
Richard Levitte
3cd7aef34d Not all 'find's know -xtype, use -type instead
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-08 21:04:53 +01:00
Richard Levitte
382af61f62 Adapt the OS X build to use the OS X tar
As part of this, move release creation to a script to be called from
.travis.yml.  That makes it much easier to test outside of travis.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-08 21:04:53 +01:00
Richard Levitte
4d3c30a179 Make it possible to affect the way dists are made
Introducing DISTTARVARS to propagate changed variables down to the
tar-making target.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-08 21:04:53 +01:00
Dr. Stephen Henson
d05775d703 Update NEWS
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:49:12 +00:00
Dr. Stephen Henson
42a8b3f90a Extended master secret test script.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Dr. Stephen Henson
b3fce9c91e Add extms extension
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Dr. Stephen Henson
040c878350 TLSProxy update
Add function to delete extensions and fix ClientHello repacking.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Dr. Stephen Henson
4160936143 update errors
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:32:39 +00:00
Dr. Stephen Henson
e7f0d9210c Extended master secret fixes and checks.
Add new flag TLS1_FLAGS_RECEIVED_EXTMS which is set when the peer sends
the extended master secret extension.

Server now sends extms if and only if the client sent extms.

Check consistency of extms extension when resuming sessions following (where
practical) RFC7627.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:32:39 +00:00
Matt Caswell
686cf15e9d Fix merge error
Commit 6140f0365 added some new ctrl constants. However due to a
merge error one of these values was duplicated with an existing
value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-08 13:00:59 +00:00
Dmitry Belyavskiy
6140f03653 Add some new cipher ctrl constants
These are needed for GOST

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 11:56:39 +00:00
Richard Levitte
c376d170d1 Cleanup the EVP_MD_CTX before exit rather than after
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 01:01:13 +01:00
Richard Levitte
3cb9fd97ce Remove double semi (;)
When in the middle of declarations, some C compilers will complain.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 00:11:47 +01:00
Richard Levitte
47abe38004 Remove typedef of HMAC_CTX from crypto/hmac/hmac_lcl.h
This is already defined in include/openssl/ossl_typ.h.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-07 20:53:17 +01:00
Richard Levitte
39d5193201 Fix clang complaints about uninitialised variables.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 20:37:08 +01:00
Richard Levitte
b91dd150d2 Change tar owner and group to just 0
It seems like some tar versions don't like the name:id form for
--owner and --group.  The closest known anonymous user being 0 (root),
that seems to be the most appropriate user/group to assign ownership
to.  It matters very little when unpacking either way.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:49:15 +01:00
Richard Levitte
507db4c531 Add an entry in CHANGES
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
706e2462f1 Document EVP_MD constructors, destructors and manipulators
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
716854d74e Document the HMAC changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
25191fffb9 Document the EVP_MD_CTX changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
b3bb779997 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
a87a0a6e5e Cleanup: fix all sources that used HMAC_CTX_init
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
dc0099e1dd Cleanup: rename HMAC_CTX_init to HMAC_CTX_reset
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
e0a3a803d9 Cleanup: support EVP_MD_CTX_(create|init|destroy) for deprecated use
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
bfb0641f93 Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
959ed5316c Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free)
Looking over names, it seems like we usually use names ending with
_new and _free as object constructors and destructors.  Also, since
EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be
named accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
6756532358 Cleanup: Remove M_EVP_MD_* macros
These macros were only meant for crypto/evp, and are now entirely
unused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
eda34e4bef Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanup
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
32fd54a9a3 Remove HMAC_CTX_cleanup and combine its functionality into EVP_MD_CTX_init
This follows the same idea as the combination of EVP_MD_CTX_cleanup
and EVP_MD_CTX_init into one function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
74cabf3fef Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init
The idea is that with EVP_MD_CTX_create() and EVP_MD_CTX_destroy(),
EVP_MD_CTX_cleanup and EVP_MD_CTX_init is not used the same as before.
Instead, we need a single function that can be used to reinitialise an
existing EVP_MD_CTX that's been created with EVP_MD_CTX_create()
previously.  Combining EVP_MD_CTX_cleanup and EVP_MD_CTX_init into
that one function is the answer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
bf7c68177b Adapt the rest of the source to the opaque HMAC_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
3f43aecc59 Make the definition of HMAC_CTX opaque
This moves the definition to crypto/hmac/hmac_lcl.h.  Constructor and
destructor added, and the typedef moved to include/openssl/ossl_typ.h.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00