270 Commits

Author	SHA1	Message	Date
Dr. Stephen Henson	c01ff880d4	New function X509_get0_pubkey ... Reviewed-by: Viktor Dukhovni <viktor@openssl.org>	2015-12-14 23:06:14 +00:00
Dr. Stephen Henson	2872dbe1c4	Add EVP_PKEY_get0_* functions. ... Reviewed-by: Viktor Dukhovni <viktor@openssl.org>	2015-12-14 23:06:14 +00:00
Dr. Stephen Henson	7538cb82f9	remove ancient SSLeay bug workaround ... Reviewed-by: Matt Caswell <matt@openssl.org>	2015-12-13 00:43:43 +00:00
Richard Levitte	601ab3151f	Adapt PEM routines to the opaque EVP_ENCODE_CTX ... Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-11 16:18:01 +01:00
Richard Levitte	a0be4fd17b	Make EVP_ENCODE_CTX opaque ... Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-11 16:18:01 +01:00
Rob Stradling	ba67253db1	Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). ... Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org> GH: #495, MR: #1435	2015-12-10 19:27:40 +01:00
Viktor Dukhovni	f8137a62d9	Restore full support for EVP_CTX_create() etc. ... Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 11:05:07 -05:00
Matt Caswell	278d6b3663	Prepare for 1.1.0-pre2-dev ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 14:24:22 +00:00
Matt Caswell	22c21b60af	Prepare for 1.1.0-pre1 release ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 14:23:10 +00:00
Matt Caswell	ac7f47dce1	OpenSSL 1.1.0 is now in pre release ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 14:21:59 +00:00
Andy Polyakov	bd30091c97	x86[_64] assembly pack: add optimized AES-NI OCB subroutines. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 13:11:26 +01:00
Andy Polyakov	a76ba82ccb	Wire ChaCha20-Poly1305 to TLS. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 12:05:30 +01:00
Andy Polyakov	bd989745b7	crypto/evp: add e_chacha20_poly1305.c. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 12:00:29 +01:00
Andy Polyakov	72bb2f64fc	Add ChaCha20-Poly1305 and ChaCha20 NIDs. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-10 11:59:49 +01:00
Richard Levitte	f8d3ab4928	Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h ... Most of all, that has inclusion of openssl/engine.h work even if EC has been disabled. This is the same as has been done for DH, DSA, RSA and more... Reviewed-by: Stephen Henson <steve@openssl.org>	2015-12-09 23:56:57 +01:00
Dr. Stephen Henson	970e7b5bf8	add compatibility headers ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:20 +00:00
Dr. Stephen Henson	7bb75a5d08	add block comment ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:20 +00:00
Dr. Stephen Henson	f8d7d2d6df	EC_KEY_METHOD accessors. ... Set of accessors to set and get each field. Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	89313de5cb	make errors ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	7d711cbc33	Engine EC_KEY_METHOD functionality. ... Rename ENGINE _EC_KEY functions to _EC. Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy ec_meth. Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	1eb97c3ecd	remove ECDSA_METHOD from ENGINE ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	c8bfd40a92	remove ECDSA_METHOD typedef ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	180eec1666	add missing prototypes ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	fb29bb5926	remove ecdsa.h header ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	cf517a6d3d	add ECDSA_size to ec_asn1.c ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	6e73d12e76	return errors for unsupported operations ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:19 +00:00
Dr. Stephen Henson	bd3602eb89	Move and adapt ECDSA sign and verify functions. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	7236e3c8f7	Add ECDSA_SIG accessor. ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	ef5b2ba6fb	move ECDSA_SIG prototypes ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	8c661f76b6	make errors ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	714b2abb29	move ECDSA_SIG definition ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	1e8622297d	remove ECDH_METHOD typedef ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	30243c9523	remove ecdh.h header ... Remove redundant ecdh.h header and any references to it. Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:18 +00:00
Dr. Stephen Henson	f517ffbb83	remove ECDH_METHOD from ENGINE ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	53e3189d0c	make errors ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	a22a7e7089	Add compute key support to EC_KEY_METHOD ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	768c53e1b6	Move ECDH_KDF_X9_62 to crypto/ec ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	5a6a1029d2	EC_KEY_METHOD keygen support. ... Add keygen to EC_KEY_METHOD. Redirect EC_KEY_generate_key through method and set the current EC key generation function as the default. Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	d2fa70d82b	make errors ... Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	28572b577c	Support for EC_KEY_METHOD. ... Add EC_KEY_METHOD. This is part of the EC revision and will make EC behave more like other algorithms. Specifically: EC_KEY_METHOD is part of EC_KEY. It is part of ENGINE. Default or key specific implementations can be provided to redirect some or all operations. Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-12-09 22:09:17 +00:00
Dr. Stephen Henson	4160936143	update errors ... Reviewed-by: Matt Caswell <matt@openssl.org>	2015-12-08 16:32:39 +00:00
Dr. Stephen Henson	e7f0d9210c	Extended master secret fixes and checks. ... Add new flag TLS1_FLAGS_RECEIVED_EXTMS which is set when the peer sends the extended master secret extension. Server now sends extms if and only if the client sent extms. Check consistency of extms extension when resuming sessions following (where practical) RFC7627. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-12-08 16:32:39 +00:00
Matt Caswell	686cf15e9d	Fix merge error ... Commit 6140f0365 added some new ctrl constants. However due to a merge error one of these values was duplicated with an existing value. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-08 13:00:59 +00:00
Dmitry Belyavskiy	6140f03653	Add some new cipher ctrl constants ... These are needed for GOST Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2015-12-08 11:56:39 +00:00
Richard Levitte	dc0099e1dd	Cleanup: rename HMAC_CTX_init to HMAC_CTX_reset ... Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-07 17:40:20 +01:00
Richard Levitte	e0a3a803d9	Cleanup: support EVP_MD_CTX_(create|init|destroy) for deprecated use ... Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-07 17:40:20 +01:00
Richard Levitte	959ed5316c	Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free) ... Looking over names, it seems like we usually use names ending with _new and _free as object constructors and destructors. Also, since EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be named accordingly. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-07 17:39:23 +01:00
Richard Levitte	32fd54a9a3	Remove HMAC_CTX_cleanup and combine its functionality into EVP_MD_CTX_init ... This follows the same idea as the combination of EVP_MD_CTX_cleanup and EVP_MD_CTX_init into one function. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-07 17:39:23 +01:00
Richard Levitte	74cabf3fef	Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init ... The idea is that with EVP_MD_CTX_create() and EVP_MD_CTX_destroy(), EVP_MD_CTX_cleanup and EVP_MD_CTX_init is not used the same as before. Instead, we need a single function that can be used to reinitialise an existing EVP_MD_CTX that's been created with EVP_MD_CTX_create() previously. Combining EVP_MD_CTX_cleanup and EVP_MD_CTX_init into that one function is the answer. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-07 17:39:23 +01:00
Richard Levitte	3f43aecc59	Make the definition of HMAC_CTX opaque ... This moves the definition to crypto/hmac/hmac_lcl.h. Constructor and destructor added, and the typedef moved to include/openssl/ossl_typ.h. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-12-07 17:39:23 +01:00