When d2i_ECPrivateKey reads a private key with a missing (optional)
public key, generate one automatically from the group and private key.
(Imported from upstream's 2083f7c465d07867dd9867b8742bb71c03d1f203)
Change-Id: I9e5090de87cf846ab92e4be5b6bf64e6091d02e4
Remove the existing md5_test and sha1_test. They now are all covered by
digest_test. For good measure, test the one-shot functions too.
Change-Id: I8e144cc563fb8817144e26cbd2e10c15642464ba
Reviewed-on: https://boringssl-review.googlesource.com/2211
Reviewed-by: Adam Langley <agl@google.com>
This stopped being a sample program a bit ago.
Change-Id: I23301fd71a373f995847dcfd64346bd262811f39
Reviewed-on: https://boringssl-review.googlesource.com/2131
Reviewed-by: Adam Langley <agl@google.com>
Reorder the tests in all_tests.sh to be in alphabetical order.
Change-Id: Idc6df6ab4a25709312a6f58635061bb643582c70
Reviewed-on: https://boringssl-review.googlesource.com/1680
Reviewed-by: Adam Langley <agl@google.com>
This is cleaner than the OpenSSL code was, at least, but it's hardly
beautiful due to the "standard" that it's trying to implement. (See
[1].)
The references from the PKCS#8 code to various ciphers have digests have
been made into function pointer references rather than NIDs so that the
linker will be able to drop RC2 code for binaries that don't call PKCS#8
or #12 functions.
A bug that crashed OpenSSL/BoringSSL when parsing a malformed PKCS#8
structure has been fixed too.
See https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html
Change-Id: Iaa1039e04ed7877b90792835e8ce3ebc3b29f89e
Reviewed-on: https://boringssl-review.googlesource.com/1592
Reviewed-by: Adam Langley <agl@google.com>
This will have the effect that all dead error codes are removed
from given lib when make_errors.go runs with --reset flag.
Change-Id: I6303721c5d7cd18af7d47c95fdf3702a7628ad5a
Reviewed-on: https://boringssl-review.googlesource.com/1570
Reviewed-by: Adam Langley <agl@google.com>
This function serialises a PKCS#7 structure containing a number of
certificates.
Change-Id: Iaf15887e1060d5d201d5a3dd3dca8d51105ee6d6
Reviewed-on: https://boringssl-review.googlesource.com/1431
Reviewed-by: Adam Langley <agl@google.com>
Remove the assumption that the build directory is a subdirectory of the source
directory.
Change-Id: Iab89e4165b3ee2f9337bcc6e76a48c8fb94a0b92
Reviewed-on: https://boringssl-review.googlesource.com/1417
Reviewed-by: Adam Langley <agl@google.com>
Another signedness error. Leave a TODO to possibly resolve EVP_DecodeBlock's
ignoring padding. Document some of the Init/Update/Finish versions' behavior.
Change-Id: I78a72c3163f8543172a7008b2d09fb10e003d957
Reviewed-on: https://boringssl-review.googlesource.com/1230
Reviewed-by: Adam Langley <agl@google.com>
SSL reason codes corresponding to alerts have special values. Teach
make_errors.go that values above 1000 are reserved (otherwise it will assign
new values in that namespace). Also fix all the existing reason codes which
corresponded to alerts.
Change-Id: Ieabdf8fd59f4802938616934e1d84e659227cf84
Reviewed-on: https://boringssl-review.googlesource.com/1212
Reviewed-by: Adam Langley <agl@google.com>
Previously, public headers lived next to the respective code and there
were symlinks from include/openssl to them.
This doesn't work on Windows.
This change moves the headers to live in include/openssl. In cases where
some symlinks pointed to the same header, I've added a file that just
includes the intended target. These cases are all for backwards-compat.
Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92
Reviewed-on: https://boringssl-review.googlesource.com/1180
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
This change adds the stitched RC4-MD5 code from upstream OpenSSL but
exposes it as an AEAD. It's not a normal AEAD (it's stateful thus
doesn't take an nonce) but forcing pre-AEAD cipher suites in the AEAD
interface is less painful than forcing AEADs into the EVP_CIPHER
interface. Over time, more and more cipher suites will be exposed as
TLS-specific AEADs and then ssl/ can drop support for EVP_CIPHER.
See original code from upstream:
https://github.com/openssl/openssl/blob/master/crypto/evp/e_rc4_hmac_md5.c
Change-Id: Ia9267b224747f02be6b934ea0b2b50e1f529fab9
Reviewed-on: https://boringssl-review.googlesource.com/1043
Reviewed-by: Adam Langley <agl@google.com>
Regression test against CVE-2014-0160 (Heartbleed).
More info: http://mike-bland.com/tags/heartbleed.html
(Imported from upstream's 2312a84ca17c5ac133581552df7024957cf15bc8)
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).
(This change contains substantial changes from the original and
effectively starts a new history.)
