Permalink
Switch branches/tags
rsaref master-pre-reformat master-pre-auto-reformat master-post-reformat master-post-auto-reformat STATE_before_zlib STATE_after_zlib SSLeay_0_9_1b SSLeay_0_9_0b SSLeay_0_8_1b OpenSSL_1_1_1 OpenSSL_1_1_1a OpenSSL_1_1_1-pre9 OpenSSL_1_1_1-pre8 OpenSSL_1_1_1-pre7 OpenSSL_1_1_1-pre6 OpenSSL_1_1_1-pre5 OpenSSL_1_1_1-pre4 OpenSSL_1_1_1-pre3 OpenSSL_1_1_1-pre2 OpenSSL_1_1_1-pre1 OpenSSL_1_1_0 OpenSSL_1_1_0j OpenSSL_1_1_0i OpenSSL_1_1_0h OpenSSL_1_1_0g OpenSSL_1_1_0f OpenSSL_1_1_0e OpenSSL_1_1_0d OpenSSL_1_1_0c OpenSSL_1_1_0b OpenSSL_1_1_0a OpenSSL_1_1_0-pre6 OpenSSL_1_1_0-pre5 OpenSSL_1_1_0-pre4 OpenSSL_1_1_0-pre3 OpenSSL_1_1_0-pre2 OpenSSL_1_1_0-pre1 OpenSSL_1_0_2 OpenSSL_1_0_2q OpenSSL_1_0_2p OpenSSL_1_0_2o OpenSSL_1_0_2n OpenSSL_1_0_2m OpenSSL_1_0_2l OpenSSL_1_0_2k OpenSSL_1_0_2j OpenSSL_1_0_2i OpenSSL_1_0_2h OpenSSL_1_0_2g OpenSSL_1_0_2f OpenSSL_1_0_2e OpenSSL_1_0_2d OpenSSL_1_0_2c OpenSSL_1_0_2b OpenSSL_1_0_2a OpenSSL_1_0_2-pre-reformat OpenSSL_1_0_2-pre-auto-reformat OpenSSL_1_0_2-post-reformat OpenSSL_1_0_2-post-auto-reformat OpenSSL_1_0_2-beta3 OpenSSL_1_0_2-beta2 OpenSSL_1_0_2-beta1 OpenSSL_1_0_1 OpenSSL_1_0_1u OpenSSL_1_0_1t OpenSSL_1_0_1s OpenSSL_1_0_1r OpenSSL_1_0_1q OpenSSL_1_0_1p OpenSSL_1_0_1o OpenSSL_1_0_1n OpenSSL_1_0_1m OpenSSL_1_0_1l OpenSSL_1_0_1k OpenSSL_1_0_1j OpenSSL_1_0_1i OpenSSL_1_0_1h OpenSSL_1_0_1g OpenSSL_1_0_1f OpenSSL_1_0_1e OpenSSL_1_0_1d OpenSSL_1_0_1c OpenSSL_1_0_1b OpenSSL_1_0_1a OpenSSL_1_0_1-pre-reformat OpenSSL_1_0_1-pre-auto-reformat OpenSSL_1_0_1-post-reformat OpenSSL_1_0_1-post-auto-reformat OpenSSL_1_0_1-beta3 OpenSSL_1_0_1-beta2 OpenSSL_1_0_1-beta1 OpenSSL_1_0_0 OpenSSL_1_0_0t OpenSSL_1_0_0s OpenSSL_1_0_0r OpenSSL_1_0_0q OpenSSL_1_0_0p OpenSSL_1_0_0o OpenSSL_1_0_0n
Nothing to show
Commits on Oct 12, 2017
  1. make update

    snhenson committed Oct 12, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  2. Add RFC7919 documentation.

    snhenson committed Oct 7, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  3. Add RFC7919 tests.

    snhenson committed Oct 7, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  4. Add pad support

    snhenson committed Sep 21, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  5. Don't assume shared key length matches expected length

    snhenson committed Oct 6, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  6. Add RFC7919 support to EVP

    snhenson committed May 30, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  7. Add objects for RFC7919 parameters

    snhenson committed Sep 19, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  8. DH named parameter support

    snhenson committed May 30, 2017
    Add functions to return DH parameters using NID and to return the
    NID if parameters match a named set. Currently this supports only
    RFC7919 parameters but could be expanded in future.
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  9. Add primes from RFC7919

    snhenson committed May 29, 2017
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
  10. Support constant BN for DH parameters

    snhenson committed Oct 8, 2017
    If BN_FLG_STATIC_DATA is set don't cleanse a->d as it will reside
    in read only memory. If BN_FLG_MALLOCED is not set don't modify the
    BIGNUM at all.
    
    This change applies to BN_clear_free() and BN_free(). Now the BIGNUM
    structure is opaque applications cannot create a BIGNUM structure
    without BN_FLG_MALLOCED being set so they are unaffected.
    
    Update internal DH routines so they only copy pointers for read only
    parameters.
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4485)
Commits on Oct 11, 2017
  1. Document EVP_PKEY_set1_engine()

    snhenson committed Oct 10, 2017
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #4503)
  2. Add EVP_PKEY_METHOD redirection test

    snhenson committed Oct 9, 2017
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #4503)
  3. make update

    snhenson committed Oct 10, 2017
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #4503)
  4. Add EVP_PKEY_set1_engine() function.

    snhenson committed Oct 9, 2017
    Add an ENGINE to EVP_PKEY structure which can be used for cryptographic
    operations: this will typically be used by an HSM key to redirect calls
    to a custom EVP_PKEY_METHOD.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #4503)
  5. Fix memory leak on lookup failure

    snhenson committed Oct 9, 2017
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #4503)
  6. Don't ignore passed ENGINE.

    snhenson committed Oct 9, 2017
    If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new()
    use it instead of the default.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #4503)
Commits on Oct 6, 2017
  1. Merge tls1_check_curve into tls1_check_group_id

    snhenson committed Sep 26, 2017
    The function tls_check_curve is only called on clients and contains
    almost identical functionaity to tls1_check_group_id when called from
    a client. Merge the two.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from #4475)
  2. Change curves to groups where relevant

    snhenson committed Sep 26, 2017
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from #4475)
  3. Use separate functions for supported and peer groups lists

    snhenson committed Sep 26, 2017
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from #4475)
Commits on Sep 26, 2017
  1. Add and use function tls1_in_list to avoid code duplication.

    snhenson committed Sep 24, 2017
    [extended tests]
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  2. Use tls1_group_id_lookup in tls1_curve_allowed

    snhenson committed Sep 24, 2017
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  3. Rename tls1_get_curvelist.

    snhenson committed Sep 24, 2017
    Rename tls1_get_curvelist to tls1_get_grouplist, change to void as
    it can never fail and remove unnecessary return value checks. Clean
    up the code.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  4. Rewrite compression and group checks.

    snhenson committed Sep 24, 2017
    Replace existing compression and groups check with two functions.
    
    tls1_check_pkey_comp() checks a keys compression algorithms is consistent
    with extensions.
    
    tls1_check_group_id() checks is a group is consistent with extensions
    and preferences.
    
    Rename tls1_ec_nid2curve_id() to tls1_nid2group_id() and make it static.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  5. New function ssl_generate_param_group

    snhenson committed Sep 23, 2017
    Setup EVP_PKEY structure from a group ID in ssl_generate_param_group,
    replace duplicate code with this function.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  6. Replace tls1_ec_curve_id2nid.

    snhenson committed Sep 22, 2017
    Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns
    the TLS_GROUP_INFO for the group.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  7. Rename tls_curve_info to TLS_GROUP_INFO, move to ssl_locl.h

    snhenson committed Sep 22, 2017
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  8. Return group id in tls1_shared_group

    snhenson committed Sep 22, 2017
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
  9. Return correct Suite B curve, fix comment.

    snhenson committed Sep 24, 2017
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/=4412)
Commits on Sep 23, 2017
  1. Remove dhparam from SSL_CONF list.

    snhenson committed Sep 23, 2017
    Avoid duplicate assertion by removing dhparam from SSL_CONF parameter list:
    dhparam is handled manually by s_server.
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    (Merged from #4408)
Commits on Sep 22, 2017
  1. Store groups as uint16_t

    snhenson committed Sep 22, 2017
    Instead of storing supported groups in on-the-wire format store
    them as parsed uint16_t values. This simplifies handling of groups
    as the values can be directly used instead of being converted.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    (Merged from #4406)
Commits on Sep 20, 2017
  1. Add RSA-PSS certificate type TLS tests

    snhenson committed Sep 14, 2017
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #4368)
  2. Add RSA-PSS test certificates

    snhenson committed Sep 14, 2017
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #4368)
  3. Allow use of RSA-PSS certificates in TLS 1.2

    snhenson committed Sep 14, 2017
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #4368)
  4. Allow RSA certificates to be used for RSA-PSS

    snhenson committed Sep 14, 2017
    Allo RSA certificate to be used for RSA-PSS signatures: this needs
    to be explicit because RSA and RSA-PSS certificates are now distinct
    types.
    
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #4368)
  5. Add RSA-PSS key certificate type.

    snhenson committed Sep 13, 2017
    Recognise RSA-PSS certificate algorithm and add a new certificate
    type.
    
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #4368)