mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
14,581 Commits 33 Branches 385 Tags 484 MiB
777f482d99
Commit Graph

14581 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rich Salz
777f482d99 Allow ChaCha20-Poly1305 in DTLS 
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-11 14:48:09 -05:00
Ben Laurie
94d6151236 Make no-dh work, plus other no-dh problems found by Richard. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 18:38:38 +00:00
Richard Levitte
ea11c6e920 make update, missed file 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-11 18:07:05 +01:00
Rich Salz
f8547f62c2 Use SHA256 not MD5 as default digest. 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2015-12-11 11:59:59 -05:00
Richard Levitte
6ebe8dac3e make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:35 +01:00
Richard Levitte
254b26af20 Adapt EVP tests to the opaque EVP_ENCODE_CTX 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Richard Levitte
601ab3151f Adapt PEM routines to the opaque EVP_ENCODE_CTX 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Richard Levitte
b518d2d5f8 Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Richard Levitte
a0be4fd17b Make EVP_ENCODE_CTX opaque 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Matt Caswell
1ee3b17fa0 Fix OCB link 
The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 14:15:20 +00:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
 2015-12-10 19:27:40 +01:00
Viktor Dukhovni
f8137a62d9 Restore full support for EVP_CTX_create() etc. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 11:05:07 -05:00
Matt Caswell
278d6b3663 Prepare for 1.1.0-pre2-dev 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:24:22 +00:00
Matt Caswell
22c21b60af Prepare for 1.1.0-pre1 release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:23:10 +00:00
Matt Caswell
ac7f47dce1 OpenSSL 1.1.0 is now in pre release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:21:59 +00:00
Matt Caswell
b0cae88cc2 make update 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:21:59 +00:00
Richard Levitte
e798664726 Don't run rehash as part of building the openssl app 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-10 15:03:52 +01:00
Matt Caswell
7c31419693 Update CHANGES and NEWS for alpha release 
Misc updates to the CHANGES and NEWS files ready for the alpha release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 13:10:32 +00:00
Matt Caswell
67f60be8c9 Ensure |rwstate| is set correctly on BIO_flush 
A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:44:07 +00:00
Matt Caswell
2ad226e88b Fix DTLS handshake fragment retries 
If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:44:07 +00:00
Andy Polyakov
02dc0b82ab evp/e_aes.c: wire hardware-assisted block function to OCB. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 13:11:46 +01:00
Andy Polyakov
bd30091c97 x86[_64] assembly pack: add optimized AES-NI OCB subroutines. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 13:11:26 +01:00
Matt Caswell
2fb5535e64 Fix mkfiles for new directories 
Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-12-10 11:58:58 +00:00
Matt Caswell
330dcb09b2 Add a return value check 
If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 11:50:20 +00:00
Andy Polyakov
44bf7119d6 modes/ocb128.c: fix overstep. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:36:25 +01:00
Andy Polyakov
c7b5b9f4b1 make update. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:06:05 +01:00
Andy Polyakov
48f1484555 Configure: make no-chacha and no-poly1305 work. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:05:50 +01:00
Andy Polyakov
a76ba82ccb Wire ChaCha20-Poly1305 to TLS. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:05:30 +01:00
Andy Polyakov
bd3385d845 evp/c_allc.c: wire ChaCha20-Poly1305 and add tests. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:03:41 +01:00
Andy Polyakov
eb85cb8632 test/evp_test.c: allow generic AEAD ciphers to be tested. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:00:46 +01:00
Andy Polyakov
bd989745b7 crypto/evp: add e_chacha20_poly1305.c. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:00:29 +01:00
Andy Polyakov
f6b9427923 evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0. 
In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:00:05 +01:00
Andy Polyakov
72bb2f64fc Add ChaCha20-Poly1305 and ChaCha20 NIDs. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 11:59:49 +01:00
Andy Polyakov
7dcb21869b Add reference ChaCha20 and Poly1305 implementations. 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-10 11:58:56 +01:00
Dr. Stephen Henson
a0ffedaf7b make default_ec_key_meth static 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-10 04:00:09 +00:00
Dr. Stephen Henson
59ff61f357 remove deleted directories from mkfiles.pl 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-09 23:57:19 +00:00
Richard Levitte
60f43e9e4d Fix warnings about unused variables when EC is disabled. 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-12-09 23:59:04 +01:00
Richard Levitte
f8d3ab4928 Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h 
Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled.  This is the same as has been done for DH, DSA, RSA
and more...

Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-12-09 23:56:57 +01:00
Dr. Stephen Henson
5e03052560 add CHANGES and NEWS entry 
Todo: update documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
8b8689aefa remove ECDSA error line 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
970e7b5bf8 add compatibility headers 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
91e7bcc264 Use NULL comparison 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
7bb75a5d08 add block comment 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
77d0d10db7 set standard EC method in eng_openssl 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
3c4e064e78 make update 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
62690c6acf remove ecdsa.h header references. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
f8d7d2d6df EC_KEY_METHOD accessors. 
Set of accessors to set and get each field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
89313de5cb make errors 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
a200a817ad Top level ECDSA sign/verify redirection. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
7d711cbc33 Engine EC_KEY_METHOD functionality. 
Rename ENGINE _EC_KEY functions to _EC.
Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy
ec_meth.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-09 22:09:19 +00:00