ANS X9.82 specifies that an Approved DRBG must consist of an Approved
algorithm wrapped inside an envelope which handles entropy gathering,
prediction resistance, automatic reseeding and other housekeeping
tasks.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

Cryptographic random number generation requires an entropy source,
which is used as the input to a Deterministic Random Bit Generator
(DRBG).

iPXE does not currently have a suitable entropy source.  Provide a
dummy source to allow the DRBG code to be implemented.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

ANS X9.82 specifies several Approved algorithms for use in a
Deterministic Random Bit Generator (DRBG).  One such algorithm is
HMAC_DRBG, which can be implemented using the existing iPXE SHA-1 and
HMAC functionality.  This algorithm provides a maximum security
strength of 128 bits.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

The version field of an X.509 certificate appears to be optional.

Reported-by: Sebastiano Manusia <Sebastiano.Manusia@chuv.ch>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

Changes were made to files where the licence text within the files
themselves confirms that the files are GPL version 2 or later.

Signed-off-by: Shao Miller <shao.miller@yrdsb.edu.on.ca>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

Access to the gpxe.org and etherboot.org domains and associated
resources has been revoked by the registrant of the domain.  Work
around this problem by renaming project from gPXE to iPXE, and
updating URLs to match.

Also update README, LOG and COPYRIGHTS to remove obsolete information.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

Currently it just calls random().

Signed-off-by: Marty Connor <mdc@etherboot.org>

The unwrapping half is used by WPA2 code; the wrapping half is currently
unused.

Signed-off-by: Marty Connor <mdc@etherboot.org>

This is required to support modes of AES beyond cipher-block chaining.

Signed-off-by: Marty Connor <mdc@etherboot.org>

Both of these routines are used by 802.11 WPA, but they are generic
and could be needed by other protocols as well.

Signed-off-by: Marty Connor <mdc@etherboot.org>

Signed-off-by: Marty Connor <mdc@etherboot.org>

Signed-off-by: Marty Connor <mdc@etherboot.org>

Add FILE_LICENCE declarations to almost all files that make up the
various standard builds of gPXE.

Given any block cipher, a corresponding CBC mode of behaviour for the
cipher can be created using the CBC_CIPHER() macro.

It is a programming error, not a runtime error, if we attempt to use
block ciphers with an incorrect blocksize, so use an assert() rather
than an error status return.

The various types of cryptographic algorithm are fundamentally
different, and it was probably a mistake to try to handle them via a
single common type.

pubkey_algorithm is a placeholder type for now.

Although the nature of the hack is essentially unchanged, this allows
us to remove the hardcoded assumption in tls.c that the RX cipher is
AES.

Use our own, more robust, ASN.1 parsing routines to extract the RSA
public key from a server certificate.  Remove the now-unused AXTLS
ASN.1 parser.

Allow initiator to verify target authentication using CHAP.

wasn't meant for my local "master" branch ;)
This reverts commit 373022108b.