| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
|
| | |
|
| |
|
|
|
| |
Keep original function names for nonce versions so we don't have to change
error function codes.
|
| |
|
|
|
|
|
|
|
| |
This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.
In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
PR #3090
Reported by: Franck Youssef <fry@open.ch>
If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.
This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Submitted by: Gisle Vanem
|
| | |
|
| |
|
|
| |
RT: 2582, 2850
|
| |
|
|
| |
RT: 2582, 2850
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Submitted by: Bryan Drewery
PR: 3075
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Document use of -keyopt to use RSA-PSS and RSA-OAEP modes.
|
| |
|
|
| |
Add new tests to cms-test.pl covering PSS and OAEP.
|
| |
|
|
|
| |
Add support for custom public key parameters in the cms utility using
the -keyopt switch. Works for -sign and also -encrypt if -recip is used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend RSA ASN1 method to support CMS PSS signatures for both sign
and verify.
For signing the EVP_PKEY_CTX parameters are read and the appropriate
CMS structures set up.
For verification the CMS structures are analysed and the corresponding
parameters in the EVP_PKEY_CTX set.
Also add RSA-OAEP support.
For encrypt the EVP_PKEY_CTX parameters are used.
For decrypt the CMS structure is uses to set the appropriate EVP_PKEY_CTX
parameters.
|
| |
|
|
|
|
|
|
| |
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.
This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
|
| |
|
|
|
|
| |
Add OAEP ctrls to retrieve MD and label. Return errors if
an attempt is made to set or retrieve OAEP parameters when
padding mode is not OAEP.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
serverinfo rejects non-empty extensions.
Omit extension if no relevant serverinfo data.
Improve error-handling in serverinfo callback.
Cosmetic cleanups.
s_client documentation.
s_server documentation.
SSL_CTX_serverinfo documentation.
Cleaup -1 and NULL callback handling for custom extensions, add tests.
Cleanup ssl_rsa.c serverinfo code.
Whitespace cleanup.
Improve comments in ssl.h for serverinfo.
Whitespace.
Cosmetic cleanup.
Reject non-zero-len serverinfo extensions.
Whitespace.
Make it build.
|
| | |
|
| |
|
|
|
|
|
| |
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
|
| |
|
|
| |
PR: 3074
|
| |
|
|
|
|
| |
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
|
| |
|
|
|
|
| |
in order to prevent ssl3_get_record from never returning.
Reported by "oftc_must_be_destroyed" and George Kadianakis.
|
| | |
|
| |
|
|
|
| |
that bad encryptions are treated like random session keys in constant
time.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
PR#3071
The primary changes made are:
- Updates to the "NAME" section of many pages to correctly reflect the
functions defined on those pages. This section is automatically parsed
by the util/extract-names.pl script, so if it is not correct then
running "man" will not correctly locate the right manual pages.
- Updates to take account of where functions are now deprecated
- Full documentation of the ec sub-library
- A number of other typo corrections and other minor tweaks
|
| |
|
|
|
|
| |
Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
|
| | |
|
| |
|
|
| |
Contributed by Trevor Perrin.
|
| | |
|
| | |
|
| | |
|
