indent will not alter them when reformatting comments
(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)
Conflicts:
crypto/bn/bn_lcl.h
crypto/bn/bn_prime.c
crypto/engine/eng_all.c
crypto/rc4/rc4_utl.c
crypto/sha/sha.h
ssl/kssl.c
ssl/t1_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c1669e1c205dc8e695fb0c10a655f434e758b9f7)
Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.
This reverts commit 738911cde68b2b3706e502cf8daf5b14738f2f42.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e)
Conflicts:
crypto/evp/evp_enc.c
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ffc4fc9d120a0faad579ce96473e6a2f)
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.
PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
This patch resolves RT ticket #2608.
Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.
PR#3289
(cherry picked from commit 10378fb5f4c67270b800e8f7c600cd0548874811)
Don't set the fips flags in cipher and digests as the implementations
aren't suitable for FIPS mode and will be redirected to the FIPS module
versions anyway.
Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.
Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
used to build a FIPS module.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc0072e75023be8971ae6e849643f466)
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e6fc5a010ad3c12662068689ed2ad17)
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
(cherry picked from commit 97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef)
Conflicts:
CHANGES
