aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)AuthorFilesLines
2018-03-22include/openssl/rand.h: omit intermediate typedef.Andy Polyakov1-2/+0
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4159)
2018-03-22openssl/rand.h: fix formatting.Andy Polyakov1-1/+0
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4159)
2018-03-21Convert _meth_get_ functions to const gettersJack Bates5-30/+30
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2181)
2018-03-20Prepare for 1.1.1-pre4-devMatt Caswell1-2/+2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-03-20Prepare for 1.1.1-pre3 releaseOpenSSL_1_1_1-pre3Matt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-03-20Update copyright yearMatt Caswell3-3/+3
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
2018-03-19Fix no-sm3 (and no-sm2)Todd Short1-0/+8
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5677)
2018-03-19Fix no-sm2Matt Caswell1-2/+6
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5673)
2018-03-19Don't use a ssl specific DRBG anymoreKurt Roeckx1-2/+0
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
2018-03-19Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLENJack Lloyd1-0/+4
Without actually using EVP_PKEY_FLAG_AUTOARGLEN Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
2018-03-19Add SM2 signature and ECIES schemesJack Lloyd5-15/+188
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
2018-03-17Return error when trying to use prediction resistanceKurt Roeckx1-0/+1
There is a requirements of having access to a live entropy source which we can't do with the default callbacks. If you need prediction resistance you need to set up your own callbacks that follow the requirements of NIST SP 800-90C. Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5402
2018-03-17Propagate the request for prediction resistance to the get entropy callKurt Roeckx1-2/+4
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5402
2018-03-16RAND_DRBG: add a function for setting the default DRBG type and flagsDr. Matthias St. Pierre2-3/+10
This commit adds a new api RAND_DRBG_set_defaults() which sets the default type and flags for new DRBG instances. See also #5576. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5632)
2018-03-15Publish the RAND_DRBG APIDr. Matthias St. Pierre2-36/+15
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)
2018-03-15Fix no-chacha and no-poly1305Matt Caswell1-3/+8
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5623)
2018-03-15Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()Matt Caswell2-8/+8
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15Add functions for setting the new EVP_PKEY_ASN1_METHOD functionsMatt Caswell1-0/+10
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15Add the function EVP_PKEY_new_CMAC_key()Matt Caswell2-0/+4
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15Add support for setting raw private HMAC keysMatt Caswell1-2/+4
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15Add functions to create an EVP_PKEY from raw private/public key dataMatt Caswell2-0/+6
Not all algorithms will support this, since their keys are not a simple block of data. But many can. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15Missings OIDs for XTS added.Pauli1-8/+19
Added two missing OIDs for AES-{128,256}-XTS. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5622)
2018-03-14Fix an error number clashMatt Caswell1-1/+1
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5616)
2018-03-14Put the default set of TLSv1.3 ciphersuites in a header fileMatt Caswell1-0/+5
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
2018-03-14Split configuration of TLSv1.3 ciphers from older ciphersMatt Caswell3-12/+3
With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
2018-03-14Update version numbers for TLSv1.3 draft-26Matt Caswell1-3/+3
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5604)
2018-03-13update SRP copyright noticeTim Hudson1-1/+5
As per discussion with Peter Sylvester Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5603)
2018-03-12Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cbBenjamin Saunders1-2/+13
These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb, but used for the application-controlled portion of TLS1.3 stateless handshake cookies rather than entire DTLSv1 cookies. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5463)
2018-03-12Add OIDs for DSTU-4145gmile1-0/+98
Original source: https://github.com/dstucrypt/openssl-dstu/commit/2c5fc4c92b8244c5026f4f871eb9497f9c28d5af Full list of OIDs is available on related enactment page at http://zakon2.rada.gov.ua/laws/show/z0423-17 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5216)
2018-03-12Session Ticket app dataTodd Short1-0/+32
Adds application data into the encrypted session ticket Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3802)
2018-03-10RAND_DRBG: add a function for setting the reseeding defaultsDr. Matthias St. Pierre1-0/+7
The introduction of thread local public and private DRBG instances (#5547) makes it very cumbersome to change the reseeding (time) intervals for those instances. This commit provides a function to set the default values for all subsequently created DRBG instances. int RAND_DRBG_set_reseed_defaults( unsigned int master_reseed_interval, unsigned int slave_reseed_interval, time_t master_reseed_time_interval, time_t slave_reseed_time_interval ); The function is intended only to be used during application initialization, before any threads are created and before any random bytes are generated. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5576)
2018-03-09Add SSL/SSL_CTX_use_cert_and_key()Todd Short2-0/+8
Add functions that will do the work of assigning certificate, privatekey and chain certs to an SSL or SSL_CTX. If no privatekey is given, use the publickey. This will permit the keys to pass validation for both ECDSA and RSA. If a private key has already been set for the certificate, it is discarded. A real private key can be set later. This is an all-or-nothing setting of these parameters. Unlike the SSL/SSL_CTX_use_certificate() and SSL/SSL_CTX_use_PrivateKey() functions, the existing cert or privatekey is not modified (i.e. parameters copied). This permits the existing cert/privatekey to be replaced. It replaces the sequence of: * SSL_use_certificate() * SSL_use_privatekey() * SSL_set1_chain() And may actually be faster, as multiple checks are consolidated. The private key can be NULL, if so an ENGINE module needs to contain the actual private key that is to be used. Note that ECDH (using the certificate's ECDSA key) ciphers do not work without the private key being present, based on how the private key is used in ECDH. ECDH does not offer PFS; ECDHE ciphers should be used instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/1130)
2018-03-09Give more information in the SSL_stateless return codeMatt Caswell1-0/+1
Allow users to distinguish between an error occurring and an HRR being issued. Fixes #5549 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5562)
2018-03-08Duplicate entries ssl_handshake_tbl trace entries...FdaSilvaYY1-0/+2
... and add some missing known values. Sort ssl/tls extension array list Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5304)
2018-03-07Add GOST OIDs for Edwards parameter setsSergey Zhuravlev1-0/+14
Add OIDs for parameter sets of Edwards elliptic curves. CLA: trivial Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5380)
2018-03-07Prepare to detect index changes in OCSP responder.Viktor Dukhovni1-0/+1
Retain open file handle and previous stat data for the CA index file, enabling detection and index reload (upcoming commit). Check requirements before entering accept loop. Reviewed-by: Matt Caswell <matt@openssl.org>
2018-03-06opensslconf.h.in: Use all the "openssl_api_defines"Richard Levitte1-1/+1
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5533)
2018-03-06Check the parent DRBG's strengthKurt Roeckx1-0/+2
We currently don't support the algorithm from NIST SP 800-90C 10.1.2 to use a weaker DRBG as source Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5506
2018-03-05Add support for .include directive in config filesTomas Mraz1-0/+3
Either files or directories of *.cnf or *.conf files can be included. Recursive inclusion of directories is not supported. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5351)
2018-03-02Integrate X448 and Ed448 into libcryptoMatt Caswell1-0/+3
This adds all of the relevant EVP plumbing required to make X448 and Ed448 work. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5481)
2018-03-02Add pkey types for curve448Matt Caswell1-0/+2
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5481)
2018-02-28Tell the ciphers which DRBG to use for generating random bytes.Kurt Roeckx1-0/+2
Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4672
2018-02-27Prepare for 1.1.1-pre3-devMatt Caswell1-2/+2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-27Prepare for 1.1.1-pre2 releaseOpenSSL_1_1_1-pre2Matt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-27Update copyright yearMatt Caswell2-2/+2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-26Export keying material using early exporter master secretTatsuhiro Tsujikawa1-0/+13
This commit adds SSL_export_keying_material_early() which exports keying material using early exporter master secret. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5252)
2018-02-23STORE 'file' scheme loader: Add search capibilityRichard Levitte1-0/+3
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-23STORE: Add the possibility to search for specific informationRichard Levitte3-2/+57
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-23STORE: Add the possibility to specify an expected info typeRichard Levitte2-0/+11
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-21Switch the DRBGs from AES-128-CTR to AES-256-CTRKurt Roeckx1-5/+13
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5401
generated by cgit v1.1 at 2024-08-11 05:32:33 +0000