Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64)
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
(cherry picked from commit 41b920ef01)
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc)
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
(cherry picked from commit 88e20b8584)
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e)
Extend RSA ASN1 method to support CMS PSS signatures for both sign
and verify.
For signing the EVP_PKEY_CTX parameters are read and the appropriate
CMS structures set up.
For verification the CMS structures are analysed and the corresponding
parameters in the EVP_PKEY_CTX set.
Also add RSA-OAEP support.
For encrypt the EVP_PKEY_CTX parameters are used.
For decrypt the CMS structure is uses to set the appropriate EVP_PKEY_CTX
parameters.
(cherry picked from commit 0574cadf85)
Also sync error codes with OpenSSL 1.0.1 and add new ones.
Add OAEP ctrls to retrieve MD and label. Return errors if
an attempt is made to set or retrieve OAEP parameters when
padding mode is not OAEP.
(cherry picked from commit 211a14f627)
Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
(cherry picked from commit 271fef0ef3)
Conflicts:
CHANGES
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.
This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
(cherry picked from commit e365352d6a)
Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.
(cherry picked from commit 6af440ced4)
Conflicts:
crypto/objects/obj_dat.h
crypto/objects/obj_mac.num
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
(cherry picked from commit 97cf1f6c28)
Conflicts:
CHANGES
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.
Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
(cherry picked from commit 15652f9825)
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
(cherry picked from commit 52073b7675)
