Ben Laurie
8a02a46a5c
RFC 5878 support.
2012-05-29 17:27:48 +00:00
Dr. Stephen Henson
65a0f68484
Add options to set additional type specific certificate chains to
...
s_server.
2012-04-11 16:54:07 +00:00
Dr. Stephen Henson
c3cb069108
transparently handle X9.42 DH parameters
...
(backport from HEAD)
2012-04-07 20:42:44 +00:00
Dr. Stephen Henson
e46c807e4f
Add support for automatic ECDH temporary key parameter selection. When
...
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
2012-04-06 20:15:50 +00:00
Dr. Stephen Henson
6b870763ac
Initial revision of ECC extension handling.
...
Tidy some code up.
Don't allocate a structure to handle ECC extensions when it is used for
default values.
Make supported curves configurable.
Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)
2012-04-06 20:12:35 +00:00
Dr. Stephen Henson
5505818199
New ctrls to retrieve supported signature algorithms and curves and
...
extensions to s_client and s_server to print out retrieved valued.
Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)
2012-04-06 19:29:49 +00:00
Dr. Stephen Henson
a068a1d0e3
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)
2012-04-06 17:35:01 +00:00
Dr. Stephen Henson
3bf4e14cc3
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
...
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:16:05 +00:00
Richard Levitte
49f6cb968f
cipher should only be set to PSK if JPAKE is used.
2012-03-14 12:39:00 +00:00
Dr. Stephen Henson
267c950c5f
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
c714e43c8d
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
cdf9d6f6ed
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:21:09 +00:00
Andy Polyakov
69e9c69e70
apps/s_cb.c: recognize latest TLS versions [from HEAD].
2012-02-11 13:31:16 +00:00
Dr. Stephen Henson
26c6857a59
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
508bd3d1aa
PR: 2714
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
2012-02-10 19:44:00 +00:00
Dr. Stephen Henson
c944a9696e
add fips hmac option and fips blocking overrides to command line utilities
2012-02-10 16:46:19 +00:00
Andy Polyakov
9b2a29660b
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:28:03 +00:00
Andy Polyakov
b9cbcaad58
speed.c: typo in pkey_print_message [from HEAD].
...
PR: 2681
Submitted by: Annie Yousar
2012-01-11 21:49:16 +00:00
Bodo Möller
767d3e0054
Update for 0.9.8s and 1.0.0f.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
bd6941cfaa
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
5c05f69450
make update
2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
b300fb7734
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:23:22 +00:00
Andy Polyakov
1d05ff2779
apps/speed.c: fix typo in last commit.
2011-12-19 14:33:37 +00:00
Andy Polyakov
941811ccb9
apps/speed.c: Cygwin alarm() fails sometimes.
...
PR: 2655
2011-12-15 22:30:11 +00:00
Dr. Stephen Henson
b8a22c40e0
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Dr. Stephen Henson
8173960305
remove old -attime code, new version includes all old functionality
2011-12-10 00:42:48 +00:00
Dr. Stephen Henson
f2e590942e
implement -attime option as a verify parameter then it works with all relevant applications
2011-12-10 00:37:42 +00:00
Dr. Stephen Henson
97d0c596a1
Replace expired test server and client certificates with new ones.
2011-12-08 14:45:15 +00:00
Dr. Stephen Henson
5713411893
The default CN prompt message can be confusing when often the CN needs to
...
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:00:51 +00:00
Ben Laurie
825e1a7c56
Fix warnings.
2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
a310428527
Workaround so "make depend" works for fips builds.
2011-11-22 12:50:59 +00:00
Ben Laurie
b1d7429186
Add TLS exporter.
2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0
Add DTLS-SRTP.
2011-11-15 23:02:16 +00:00
Andy Polyakov
db896db5a7
speed.c: add ghash benchmark [from HEAD].
2011-11-14 21:09:30 +00:00
Ben Laurie
68b33cc5c7
Add Next Protocol Negotiation.
2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc
make depend.
2011-11-13 20:23:34 +00:00
Dr. Stephen Henson
efbb7ee432
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
6bd173fced
Don't disable TLS v1.2 by default any more.
2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
9309ea6617
Backport PSS signature support from HEAD.
2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
dc100d87b5
Backport of password based CMS support from HEAD.
2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
1fe83b4afe
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:48:50 +00:00
Dr. Stephen Henson
370385571c
PR: 2347
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
2011-09-23 13:12:41 +00:00
Dr. Stephen Henson
e34a303ce1
make depend
2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5
Improved error checking for DRBG calls.
...
New functionality to allow default DRBG type to be set during compilation
or during runtime.
2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
4a18d5c89b
Don't add trailing slash to FIPSDIR: it causes problems with Windows builds.
2011-06-18 19:02:12 +00:00
Ben Laurie
be23b71e87
Add -attime.
2011-06-09 17:09:31 +00:00
Ben Laurie
78ef9b0205
Fix warnings.
2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
c6fa97a6d6
FIPS low level blocking for AES, RC4 and Camellia. This is complicated by
...
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
916bcab28e
Prohibit low level cipher APIs in FIPS mode.
...
Not complete: ciphers with assembly language key setup are not
covered yet.
2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
7207eca1ee
The first of many changes to make OpenSSL 1.0.1 FIPS capable.
...
Add static build support to openssl utility.
Add new "fips" option to Configure.
Make use of installed fipsld and fips_standalone_sha1
Initialise FIPS error callbacks, locking and DRBG.
Doesn't do anything much yet: no crypto is redirected to the FIPS module.
Doesn't completely build either but the openssl utility can enter FIPS mode:
which doesn't do anything much either.
2011-05-26 14:19:19 +00:00