Commit graph

171 commits

Author SHA1 Message Date
Marek Klein
f0ef20bf38 Added support for ESSCertIDv2
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/771)
2017-05-03 09:04:23 +02:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Dr. Stephen Henson
7114af3054 Add NID_auth_any and NID_kx_any NIDs.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:26 +00:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Todd Short
52ad5b60e3 Add support for Poly1305 in EVP_PKEY
Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-24 15:40:37 +01:00
Dr. Stephen Henson
4950f8885c Use OIDs from draft-ietf-curdle-pkix-02
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Richard Levitte
ef8938c3e8 Forgotten make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 16:14:41 +02:00
Rich Salz
43cb309053 Cleanup obj_dat.h, obj_dat.pl
The recent merge of https://github.com/openssl/openssl/pull/1264
removed some trailing whitespace from the generated file obj_dat.h.
Unfortunately obj_dat.pl kept re-adding it.  Clean up the
script and the output it generates.

Add 'use strict / use warnings'

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-01 13:53:37 -04:00
FdaSilvaYY
02e112a885 Whitespace cleanup in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
Rich Salz
3fb2cf1ad1 Update copyright; generated files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:33:15 -04:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Todd Short
3ec13237f0 Add cipher query functions
Add functions to determine authentication, key-exchange, FIPS and AEAD.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:19:15 -05:00
Alessandro Ghedini
aacfb134be GH355: Implement HKDF
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.

It is required to implement the QUIC and TLS 1.3 protocols (among others).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-03 18:21:20 -05:00
Dr. Stephen Henson
899cf48f17 Rename OIDs.
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
da15ce2212 update OID tables
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 14:10:52 +00:00
Rich Salz
d9f7772674 RT2752: Add some EKU OID's
And some others found in the Internet.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-03 23:33:55 -05:00
Rich Salz
b5c5a97141 RT2353: Add ipsec IKE OID
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-02 14:41:06 -05:00
Rich Salz
ced2c2c598 Templatize util/domd
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 16:56:07 -05:00
Emilia Kasper
d8ca44ba41 Always DPURIFY
The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-29 16:33:13 +01:00
Richard Levitte
d20a161f46 Complete the removal of /* foo.c */ comments
Some files that are automatically generated still had those comments
added by the generating scripts.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-27 18:42:23 +01:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Dr. Stephen Henson
1eff3485b6 Add TLS PRF method.
Add EVP_PKEY algorithm for TLS1 PRF.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-19 14:00:32 +00:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
2015-12-10 19:27:40 +01:00
Andy Polyakov
72bb2f64fc Add ChaCha20-Poly1305 and ChaCha20 NIDs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:59:49 +01:00
Dmitry Belyavskiy
52ee3ed3a1 New cipher and cipher modes standardized in Russia
This change introduces short names and NIDs for Russian GOST ciphers
according to GOST R 34.13-2015

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-10-05 21:55:10 +01:00
Dmitry Belyavsky
31001f8131 Add new GOST OIDs
Add new OIDs for latest GOST updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-17 15:34:30 +01:00
Dr. Stephen Henson
96b96d6c45 Add scrypt OID from draft-josefsson-scrypt-kdf-03
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-21 12:48:02 +01:00
Richard Levitte
2ed42bf639 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-05 21:49:51 +02:00
Rich Salz
8332f91cc0 fix various typo's
https://github.com/openssl/openssl/pull/176 (CHANGES)
 https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt)
 https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:50:34 -04:00
Rich Salz
c81f425eaa RT937: Enable pilotAttributeType uniqueIdentifier
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12 14:38:31 -05:00
Andy Polyakov
c79e17731f Add more Camellia OIDs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-11 20:28:47 +01:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Dr. Stephen Henson
abac8e0e08 Rebuild OID table. 2014-06-27 14:35:07 +01:00
Rob Stradling
52f71f8181 CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. 2014-02-26 15:33:11 +00:00
Rob Stradling
dcfe8df148 Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions.
Add the RFC6962 OIDs to the objects table.
2014-02-14 23:24:35 +00:00
Dr. Stephen Henson
7f5fd314c0 Sync OID numbers with 1.0.2 branch. 2013-10-15 11:33:30 +01:00
Dr. Stephen Henson
6af440ced4 Add new OIDs from RFC5753
Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
e423c360fd Add new OID to pSpecified from PKCS#1 2013-06-21 21:33:00 +01:00
Andy Polyakov
8a97a33063 Add AES-SHA256 stitch. 2013-05-13 22:49:58 +02:00
Dr. Stephen Henson
b36bab7812 PR: 2239
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>

Add Brainpool curves from RFC5639.

Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Dr. Stephen Henson
b333905011 incomplete provisional OAEP CMS decrypt support 2012-01-02 18:25:37 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
32a2d8ddfe Provisional AES XTS support. 2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
ff04bbe363 Add PSS algorithm printing. This is an initial step towards full PSS support.
Uses ASN1 module in Martin Kaiser's PSS patch.
2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
df4c395c6d add anyExtendedKeyUsage OID 2010-02-24 15:53:58 +00:00
Andy Polyakov
e5a4de9e44 Add assigned OIDs, as well as "anonymous" ones for AES counter mode. 2010-02-23 16:47:17 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
cab6de03a2 PR: 2149
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
2010-01-25 16:07:42 +00:00