Rich Salz 
							
						 
					 
					
						
						
							
						
						5320c07193 
					 
					
						
						
							
							Revert "Allow ChaCha20-Poly1305 in DTLS"  
						
						... 
						
						
						
						This reverts commit 777f482d99matt@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 19:28:31 -05:00 
						 
				 
			
				
					
						
							
							
								Rich Salz 
							
						 
					 
					
						
						
							
						
						9e8b6f0427 
					 
					
						
						
							
							Use SHA256 not MD5 as default digest.  
						
						... 
						
						
						
						(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 19:25:25 -05:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						40abdf8e39 
					 
					
						
						
							
							Support ccache.  
						
						... 
						
						
						
						Reviewed-by: Tim Hudson <tjh@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 23:05:41 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						7a93c85826 
					 
					
						
						
							
							Fix compile failure with no-threads  
						
						... 
						
						
						
						The async code was causing a compile failure if no-threads was used.
Reviewed-by: Kurt Roeckx <kurt@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 14:26:22 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						9391ba1b51 
					 
					
						
						
							
							Add extension utility documentation.  
						
						... 
						
						
						
						Reviewed-by: Kurt Roeckx <kurt@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 14:11:20 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						3a59ad98e9 
					 
					
						
						
							
							add X509_up_ref() documentation  
						
						... 
						
						
						
						Reviewed-by: Kurt Roeckx <kurt@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 14:11:20 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						e989e54f66 
					 
					
						
						
							
							extension documentation  
						
						... 
						
						
						
						Reviewed-by: Kurt Roeckx <kurt@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 14:11:20 +00:00 
						 
				 
			
				
					
						
							
							
								Kurt Roeckx 
							
						 
					 
					
						
						
							
						
						a5ecdc6af8 
					 
					
						
						
							
							Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-12 12:07:14 +01:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						8ca8fc4804 
					 
					
						
						
							
							Fix compile failure  
						
						... 
						
						
						
						Fix compile failure introduced by commit 94d6151236levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 22:18:00 +00:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						30a5f32227 
					 
					
						
						
							
							evp/e_chacha20_poly1305.c: TLS interop fixes.  
						
						... 
						
						
						
						Thanks to: David Benjamin of Chromuim.
Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 21:07:51 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						80b1247fe6 
					 
					
						
						
							
							Configurations/10-main.conf: fix typos in mingw/cygwin configs.  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 21:04:02 +01:00 
						 
				 
			
				
					
						
							
							
								Rich Salz 
							
						 
					 
					
						
						
							
						
						777f482d99 
					 
					
						
						
							
							Allow ChaCha20-Poly1305 in DTLS  
						
						... 
						
						
						
						GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.
Signed-off-by: Rich Salz <rsalz@akamai.com >
Reviewed-by: Matt Caswell <matt@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 14:48:09 -05:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						94d6151236 
					 
					
						
						
							
							Make no-dh work, plus other no-dh problems found by Richard.  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 18:38:38 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						ea11c6e920 
					 
					
						
						
							
							make update, missed file  
						
						... 
						
						
						
						Reviewed-by: Matt Caswell <matt@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 18:07:05 +01:00 
						 
				 
			
				
					
						
							
							
								Rich Salz 
							
						 
					 
					
						
						
							
						
						f8547f62c2 
					 
					
						
						
							
							Use SHA256 not MD5 as default digest.  
						
						... 
						
						
						
						Reviewed-by: Viktor Dukhovni <viktor@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 11:59:59 -05:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						6ebe8dac3e 
					 
					
						
						
							
							make update  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 16:18:35 +01:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						254b26af20 
					 
					
						
						
							
							Adapt EVP tests to the opaque EVP_ENCODE_CTX  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 16:18:01 +01:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						601ab3151f 
					 
					
						
						
							
							Adapt PEM routines to the opaque EVP_ENCODE_CTX  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 16:18:01 +01:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						b518d2d5f8 
					 
					
						
						
							
							Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 16:18:01 +01:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						a0be4fd17b 
					 
					
						
						
							
							Make EVP_ENCODE_CTX opaque  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 16:18:01 +01:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						1ee3b17fa0 
					 
					
						
						
							
							Fix OCB link  
						
						... 
						
						
						
						The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.
Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-11 14:15:20 +00:00 
						 
				 
			
				
					
						
							
							
								Rob Stradling 
							
						 
					 
					
						
						
							
						
						ba67253db1 
					 
					
						
						
							
							Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).  
						
						... 
						
						
						
						Signed-off-by: Kurt Roeckx <kurt@roeckx.be >
Reviewed-by: Rich Salz <rsalz@openssl.org >
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
GH: #495 , MR: #1435  
						
						
							
						
					 
					
						2015-12-10 19:27:40 +01:00 
						 
				 
			
				
					
						
							
							
								Viktor Dukhovni 
							
						 
					 
					
						
						
							
						
						f8137a62d9 
					 
					
						
						
							
							Restore full support for EVP_CTX_create() etc.  
						
						... 
						
						
						
						Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
Reviewed-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Matt Caswell <matt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 11:05:07 -05:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						278d6b3663 
					 
					
						
						
							
							Prepare for 1.1.0-pre2-dev  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 14:24:22 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						22c21b60af 
					 
					
						
						
							
							Prepare for 1.1.0-pre1 release  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
 
						
					 
					
						2015-12-10 14:23:10 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						ac7f47dce1 
					 
					
						
						
							
							OpenSSL 1.1.0 is now in pre release  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 14:21:59 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						b0cae88cc2 
					 
					
						
						
							
							make update  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 14:21:59 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						e798664726 
					 
					
						
						
							
							Don't run rehash as part of building the openssl app  
						
						... 
						
						
						
						Reviewed-by: Matt Caswell <matt@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 15:03:52 +01:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						7c31419693 
					 
					
						
						
							
							Update CHANGES and NEWS for alpha release  
						
						... 
						
						
						
						Misc updates to the CHANGES and NEWS files ready for the alpha release.
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 13:10:32 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						67f60be8c9 
					 
					
						
						
							
							Ensure |rwstate| is set correctly on BIO_flush  
						
						... 
						
						
						
						A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:44:07 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						2ad226e88b 
					 
					
						
						
							
							Fix DTLS handshake fragment retries  
						
						... 
						
						
						
						If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:44:07 +00:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						02dc0b82ab 
					 
					
						
						
							
							evp/e_aes.c: wire hardware-assisted block function to OCB.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 13:11:46 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						bd30091c97 
					 
					
						
						
							
							x86[_64] assembly pack: add optimized AES-NI OCB subroutines.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 13:11:26 +01:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						2fb5535e64 
					 
					
						
						
							
							Fix mkfiles for new directories  
						
						... 
						
						
						
						Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.
Reviewed-by: Andy Polyakov <appro@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 11:58:58 +00:00 
						 
				 
			
				
					
						
							
							
								Matt Caswell 
							
						 
					 
					
						
						
							
						
						330dcb09b2 
					 
					
						
						
							
							Add a return value check  
						
						... 
						
						
						
						If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 11:50:20 +00:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						44bf7119d6 
					 
					
						
						
							
							modes/ocb128.c: fix overstep.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:36:25 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						c7b5b9f4b1 
					 
					
						
						
							
							make update.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:06:05 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						48f1484555 
					 
					
						
						
							
							Configure: make no-chacha and no-poly1305 work.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:05:50 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						a76ba82ccb 
					 
					
						
						
							
							Wire ChaCha20-Poly1305 to TLS.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:05:30 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						bd3385d845 
					 
					
						
						
							
							evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:03:41 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						eb85cb8632 
					 
					
						
						
							
							test/evp_test.c: allow generic AEAD ciphers to be tested.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:00:46 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						bd989745b7 
					 
					
						
						
							
							crypto/evp: add e_chacha20_poly1305.c.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:00:29 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						f6b9427923 
					 
					
						
						
							
							evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.  
						
						... 
						
						
						
						In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 12:00:05 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						72bb2f64fc 
					 
					
						
						
							
							Add ChaCha20-Poly1305 and ChaCha20 NIDs.  
						
						... 
						
						
						
						Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 11:59:49 +01:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						7dcb21869b 
					 
					
						
						
							
							Add reference ChaCha20 and Poly1305 implementations.  
						
						... 
						
						
						
						Reviewed-by: Emilia Käsper <emilia@openssl.org >
Reviewed-by: Richard Levitte <levitte@openssl.org >
Reviewed-by: Kurt Roeckx <kurt@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 11:58:56 +01:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						a0ffedaf7b 
					 
					
						
						
							
							make default_ec_key_meth static  
						
						... 
						
						
						
						Reviewed-by: Rich Salz <rsalz@openssl.org > 
						
						
							
						
					 
					
						2015-12-10 04:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						59ff61f357 
					 
					
						
						
							
							remove deleted directories from mkfiles.pl  
						
						... 
						
						
						
						Reviewed-by: Matt Caswell <matt@openssl.org > 
						
						
							
						
					 
					
						2015-12-09 23:57:19 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						60f43e9e4d 
					 
					
						
						
							
							Fix warnings about unused variables when EC is disabled.  
						
						... 
						
						
						
						Reviewed-by: Stephen Henson <steve@openssl.org > 
						
						
							
						
					 
					
						2015-12-09 23:59:04 +01:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						f8d3ab4928 
					 
					
						
						
							
							Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h  
						
						... 
						
						
						
						Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled.  This is the same as has been done for DH, DSA, RSA
and more...
Reviewed-by: Stephen Henson <steve@openssl.org > 
						
						
							
						
					 
					
						2015-12-09 23:56:57 +01:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						5e03052560 
					 
					
						
						
							
							add CHANGES and NEWS entry  
						
						... 
						
						
						
						Todo: update documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org > 
						
						
							
						
					 
					
						2015-12-09 22:09:20 +00:00