Rich Salz
9e8b6f0427
Use SHA256 not MD5 as default digest.
...
(Documentation update was in the MR but not the commit. Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-12 19:25:25 -05:00
Ben Laurie
40abdf8e39
Support ccache.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-12 23:05:41 +00:00
Matt Caswell
7a93c85826
Fix compile failure with no-threads
...
The async code was causing a compile failure if no-threads was used.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:26:22 +00:00
Dr. Stephen Henson
9391ba1b51
Add extension utility documentation.
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:11:20 +00:00
Dr. Stephen Henson
3a59ad98e9
add X509_up_ref() documentation
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:11:20 +00:00
Dr. Stephen Henson
e989e54f66
extension documentation
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:11:20 +00:00
Kurt Roeckx
a5ecdc6af8
Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-12 12:07:14 +01:00
Matt Caswell
8ca8fc4804
Fix compile failure
...
Fix compile failure introduced by commit 94d6151236
due to a typo.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-11 22:18:00 +00:00
Andy Polyakov
30a5f32227
evp/e_chacha20_poly1305.c: TLS interop fixes.
...
Thanks to: David Benjamin of Chromuim.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 21:07:51 +01:00
Andy Polyakov
80b1247fe6
Configurations/10-main.conf: fix typos in mingw/cygwin configs.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 21:04:02 +01:00
Rich Salz
777f482d99
Allow ChaCha20-Poly1305 in DTLS
...
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-11 14:48:09 -05:00
Ben Laurie
94d6151236
Make no-dh work, plus other no-dh problems found by Richard.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 18:38:38 +00:00
Richard Levitte
ea11c6e920
make update, missed file
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-11 18:07:05 +01:00
Rich Salz
f8547f62c2
Use SHA256 not MD5 as default digest.
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-11 11:59:59 -05:00
Richard Levitte
6ebe8dac3e
make update
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:35 +01:00
Richard Levitte
254b26af20
Adapt EVP tests to the opaque EVP_ENCODE_CTX
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
601ab3151f
Adapt PEM routines to the opaque EVP_ENCODE_CTX
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
b518d2d5f8
Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
a0be4fd17b
Make EVP_ENCODE_CTX opaque
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Matt Caswell
1ee3b17fa0
Fix OCB link
...
The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 14:15:20 +00:00
Rob Stradling
ba67253db1
Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
GH: #495 , MR: #1435
2015-12-10 19:27:40 +01:00
Viktor Dukhovni
f8137a62d9
Restore full support for EVP_CTX_create() etc.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:05:07 -05:00
Matt Caswell
278d6b3663
Prepare for 1.1.0-pre2-dev
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:24:22 +00:00
Matt Caswell
22c21b60af
Prepare for 1.1.0-pre1 release
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:23:10 +00:00
Matt Caswell
ac7f47dce1
OpenSSL 1.1.0 is now in pre release
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:21:59 +00:00
Matt Caswell
b0cae88cc2
make update
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 14:21:59 +00:00
Richard Levitte
e798664726
Don't run rehash as part of building the openssl app
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-10 15:03:52 +01:00
Matt Caswell
7c31419693
Update CHANGES and NEWS for alpha release
...
Misc updates to the CHANGES and NEWS files ready for the alpha release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:10:32 +00:00
Matt Caswell
67f60be8c9
Ensure |rwstate| is set correctly on BIO_flush
...
A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:44:07 +00:00
Matt Caswell
2ad226e88b
Fix DTLS handshake fragment retries
...
If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:44:07 +00:00
Andy Polyakov
02dc0b82ab
evp/e_aes.c: wire hardware-assisted block function to OCB.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:46 +01:00
Andy Polyakov
bd30091c97
x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:26 +01:00
Matt Caswell
2fb5535e64
Fix mkfiles for new directories
...
Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-10 11:58:58 +00:00
Matt Caswell
330dcb09b2
Add a return value check
...
If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:50:20 +00:00
Andy Polyakov
44bf7119d6
modes/ocb128.c: fix overstep.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:36:25 +01:00
Andy Polyakov
c7b5b9f4b1
make update.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:06:05 +01:00
Andy Polyakov
48f1484555
Configure: make no-chacha and no-poly1305 work.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:50 +01:00
Andy Polyakov
a76ba82ccb
Wire ChaCha20-Poly1305 to TLS.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:30 +01:00
Andy Polyakov
bd3385d845
evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:03:41 +01:00
Andy Polyakov
eb85cb8632
test/evp_test.c: allow generic AEAD ciphers to be tested.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:46 +01:00
Andy Polyakov
bd989745b7
crypto/evp: add e_chacha20_poly1305.c.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:29 +01:00
Andy Polyakov
f6b9427923
evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
...
In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:05 +01:00
Andy Polyakov
72bb2f64fc
Add ChaCha20-Poly1305 and ChaCha20 NIDs.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 11:59:49 +01:00
Andy Polyakov
7dcb21869b
Add reference ChaCha20 and Poly1305 implementations.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-10 11:58:56 +01:00
Dr. Stephen Henson
a0ffedaf7b
make default_ec_key_meth static
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-10 04:00:09 +00:00
Dr. Stephen Henson
59ff61f357
remove deleted directories from mkfiles.pl
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-09 23:57:19 +00:00
Richard Levitte
60f43e9e4d
Fix warnings about unused variables when EC is disabled.
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-09 23:59:04 +01:00
Richard Levitte
f8d3ab4928
Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
...
Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled. This is the same as has been done for DH, DSA, RSA
and more...
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-09 23:56:57 +01:00
Dr. Stephen Henson
5e03052560
add CHANGES and NEWS entry
...
Todo: update documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
8b8689aefa
remove ECDSA error line
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00