Fix erroneous SO suffix in darwin64-debug-test-64-clang target

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix typo

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix option value parsing in crl2pkcs7 -certfile

Reviewed-by: Rich Saltz <rsalz@openssl.org>

Avoid erroneous "assert(private)" failures.

When processing a public key input via "-pubin", "private" was
sometimes erroneously set, or else not set and incorrectly asserted.

Reviewed-by: Rich salz <rsalz@openssl.org>

x86_64 assembly pack: tune clang version detection even further.

RT#4171

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Configure: add framework for ChaCha and Poly1305 assembly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Configure: 'reconf' to respect CROSS_COMPILE and CC.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Don't use EC when no-ec.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove no longer existant structure member and direct references to EVP_MD_CTX internals.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix (incorrect) uninitialised variable warning.

Reviewed-by: Richard Levitte <levitte@openssl.org>

fix warning

Reviewed-by: Ben Laurie <ben@openssl.org>

remove ancient SSLeay bug workaround

Reviewed-by: Matt Caswell <matt@openssl.org>

Allow ChaCha20-Poly1305 in DTLS

GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

Revert "Allow ChaCha20-Poly1305 in DTLS"

This reverts commit 777f482d993322d69025014bf1b99c270c978fc0.
Author credit missing.  Reverting this and re-committing with
an Author line.

Reviewed-by: Matt Caswell <matt@openssl.org>

Use SHA256 not MD5 as default digest.

(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Support ccache.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix compile failure with no-threads

The async code was causing a compile failure if no-threads was used.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Add extension utility documentation.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

add X509_up_ref() documentation

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

extension documentation

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix compile failure

Fix compile failure introduced by commit 94d61512360c due to a typo.

Reviewed-by: Richard Levitte <levitte@openssl.org>

evp/e_chacha20_poly1305.c: TLS interop fixes.

Thanks to: David Benjamin of Chromuim.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Configurations/10-main.conf: fix typos in mingw/cygwin configs.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Allow ChaCha20-Poly1305 in DTLS

GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

Make no-dh work, plus other no-dh problems found by Richard.

Reviewed-by: Rich Salz <rsalz@openssl.org>

make update, missed file

Reviewed-by: Matt Caswell <matt@openssl.org>

Use SHA256 not MD5 as default digest.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

make update

Reviewed-by: Rich Salz <rsalz@openssl.org>

Adapt EVP tests to the opaque EVP_ENCODE_CTX

Reviewed-by: Rich Salz <rsalz@openssl.org>

Adapt PEM routines to the opaque EVP_ENCODE_CTX

Reviewed-by: Rich Salz <rsalz@openssl.org>

Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX

Reviewed-by: Rich Salz <rsalz@openssl.org>

Make EVP_ENCODE_CTX opaque

Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix OCB link

The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
GH: #495, MR: #1435

Restore full support for EVP_CTX_create() etc.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Prepare for 1.1.0-pre2-dev

Reviewed-by: Richard Levitte <levitte@openssl.org>

Prepare for 1.1.0-pre1 release

Reviewed-by: Richard Levitte <levitte@openssl.org>

OpenSSL 1.1.0 is now in pre release

Reviewed-by: Richard Levitte <levitte@openssl.org>

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>

Don't run rehash as part of building the openssl app

Reviewed-by: Matt Caswell <matt@openssl.org>

Update CHANGES and NEWS for alpha release

Misc updates to the CHANGES and NEWS files ready for the alpha release.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Ensure |rwstate| is set correctly on BIO_flush

A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix DTLS handshake fragment retries

If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.

Reviewed-by: Richard Levitte <levitte@openssl.org>

evp/e_aes.c: wire hardware-assisted block function to OCB.

Reviewed-by: Richard Levitte <levitte@openssl.org>

x86[_64] assembly pack: add optimized AES-NI OCB subroutines.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix mkfiles for new directories

Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Add a return value check

If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then
we should set the NID to NID_undef.

Reviewed-by: Richard Levitte <levitte@openssl.org>

modes/ocb128.c: fix overstep.

Reviewed-by: Richard Levitte <levitte@openssl.org>

make update.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Configure: make no-chacha and no-poly1305 work.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Wire ChaCha20-Poly1305 to TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>

evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>

test/evp_test.c: allow generic AEAD ciphers to be tested.

Reviewed-by: Richard Levitte <levitte@openssl.org>

crypto/evp: add e_chacha20_poly1305.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>

evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.

In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add ChaCha20-Poly1305 and ChaCha20 NIDs.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add reference ChaCha20 and Poly1305 implementations.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

make default_ec_key_meth static

Reviewed-by: Rich Salz <rsalz@openssl.org>

remove deleted directories from mkfiles.pl

Reviewed-by: Matt Caswell <matt@openssl.org>

Fix warnings about unused variables when EC is disabled.

Reviewed-by: Stephen Henson <steve@openssl.org>

Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h

Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled.  This is the same as has been done for DH, DSA, RSA
and more...

Reviewed-by: Stephen Henson <steve@openssl.org>

add CHANGES and NEWS entry

Todo: update documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ECDSA error line

Reviewed-by: Richard Levitte <levitte@openssl.org>

add compatibility headers

Reviewed-by: Richard Levitte <levitte@openssl.org>

Use NULL comparison

Reviewed-by: Richard Levitte <levitte@openssl.org>

add block comment

Reviewed-by: Richard Levitte <levitte@openssl.org>

set standard EC method in eng_openssl

Reviewed-by: Richard Levitte <levitte@openssl.org>

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ecdsa.h header references.

Reviewed-by: Richard Levitte <levitte@openssl.org>

EC_KEY_METHOD accessors.

Set of accessors to set and get each field.

Reviewed-by: Richard Levitte <levitte@openssl.org>

make errors

Reviewed-by: Richard Levitte <levitte@openssl.org>

Top level ECDSA sign/verify redirection.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Engine EC_KEY_METHOD functionality.

Rename ENGINE _EC_KEY functions to _EC.
Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy
ec_meth.

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ecdsa from mkdef.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ECDSA_METHOD from ENGINE

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ECDSA_METHOD typedef

Reviewed-by: Richard Levitte <levitte@openssl.org>

add missing prototypes

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ecdsa.h header

Reviewed-by: Richard Levitte <levitte@openssl.org>

add ECDSA_size to ec_asn1.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove errors

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove crypto/ecdsa

Reviewed-by: Richard Levitte <levitte@openssl.org>

add sign/verify methods

Reviewed-by: Richard Levitte <levitte@openssl.org>

return errors for unsupported operations

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove reference to ECDSA_OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move and adapt ECDSA sign and verify functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>

modify ecdsatest to use accessor

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add ECDSA_SIG accessor.

Reviewed-by: Richard Levitte <levitte@openssl.org>

move ECDSA_SIG prototypes

Reviewed-by: Richard Levitte <levitte@openssl.org>

make errors

Reviewed-by: Richard Levitte <levitte@openssl.org>

extend EC_KEY_METHOD for signing support

Reviewed-by: Richard Levitte <levitte@openssl.org>

adapt ossl_ecdsa.c to crypto/ec

Reviewed-by: Richard Levitte <levitte@openssl.org>

move ECDSA_SIG definition

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move ECDSA implementation to crypto/ec

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move ECDSA_SIG ASN.1 to crypto/ec

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add set methods.

Add set_group, set_public and set_private methods. An EC_KEY_METHOD can use
these to perform any appropriate operation when the key components are set,
such as caching data in some more convenient ENGINE specific format or
returning an error if the parameters are invalid or the operation is
not supported.

Reviewed-by: Richard Levitte <levitte@openssl.org>

EC_KEY_METHOD copy support

Reviewed-by: Richard Levitte <levitte@openssl.org>

EC_KEY_METHOD init and finish support

Reviewed-by: Richard Levitte <levitte@openssl.org>

ENGINE fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove ECDH from mkdef.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>