Commit graph

11882 commits

Author SHA1 Message Date
Trevor
9cd50f738f Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.
2013-06-18 16:13:08 +01:00
Andy Polyakov
8ee3c7e676 SPARC T4 DES support: fix typo. 2013-06-18 10:42:08 +02:00
Andy Polyakov
4ddacd9921 Optimize SPARC T4 MONTMUL support.
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
2013-06-18 10:39:38 +02:00
Andy Polyakov
02450ec69d PA-RISC assembler pack: switch to bve in 64-bit builds.
PR: 3074
2013-06-18 10:37:00 +02:00
Adam Langley
8a99cb29d1 Add secure DSA nonce flag.
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Adam Langley
64a786a292 Limit the number of empty records that will be processed consecutively
in order to prevent ssl3_get_record from never returning.

Reported by "oftc_must_be_destroyed" and George Kadianakis.
2013-06-13 17:10:52 +01:00
Adam Langley
a54a61e7a9 Don't SEGFAULT when trying to export a public DSA key as a private key. 2013-06-13 17:03:35 +01:00
Adam Langley
adb46dbc6d This change alters the processing of invalid, RSA pre-master secrets so
that bad encryptions are treated like random session keys in constant
time.
2013-06-13 16:58:45 +01:00
Ben Laurie
7e25d81870 Ignore one-makefile stuff. 2013-06-13 15:39:23 +01:00
Matt Caswell
aafbe1ccd2 Document updates from wiki.
PR#3071

The primary changes made are:
- Updates to the "NAME" section of many pages to correctly reflect the
functions defined on those pages. This section is automatically parsed
by the util/extract-names.pl script, so if it is not correct then
running "man" will not correctly locate the right manual pages.
- Updates to take account of where functions are now deprecated
- Full documentation of the ec sub-library
- A number of other typo corrections and other minor tweaks
2013-06-12 23:42:08 +01:00
Dr. Stephen Henson
271fef0ef3 Exetended OAEP support.
Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
2013-06-12 18:48:17 +01:00
Dr. Stephen Henson
965e06da3c Typo. 2013-06-12 18:47:28 +01:00
Trevor
a398f821fa Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
2013-06-12 17:01:13 +01:00
Ben Laurie
6d84daa5d6 Add aesni-sha256-x86_64. 2013-06-12 14:18:33 +01:00
Andy Polyakov
3b848d3401 aesni-sha1-x86_64.pl: update performance data. 2013-06-10 22:35:22 +02:00
Andy Polyakov
42b9a4177b aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl. 2013-06-10 22:34:06 +02:00
Andy Polyakov
cd8d7335af sha1-x86_64.pl: add AVX2+BMI code path. 2013-06-10 22:30:34 +02:00
Andy Polyakov
c7f690c243 sha512-x86_64.pl: upcoming-Atom-specific optimization. 2013-06-10 22:29:01 +02:00
Andy Polyakov
32213d8d77 sha[256|512]-586.pl: add more SIMD code paths. 2013-06-10 22:26:53 +02:00
Andy Polyakov
b42759158d ghash-x86_64.pl: add Haswell performance data. 2013-06-10 22:25:12 +02:00
Andy Polyakov
1bc0b68d7b x86cpuid.pl: fix extended feature flags detection. 2013-06-10 22:20:46 +02:00
Dr. Stephen Henson
2f58cda4ce Fix PSS signature printing.
Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
2013-06-05 15:06:03 +01:00
Dr. Stephen Henson
c71fdaed58 Reencode with X509_CRL_ctx_sign too. 2013-06-05 15:06:03 +01:00
Adam Langley
96a4c31be3 Ensure that, when generating small primes, the result is actually of the
requested size. Fixes OpenSSL #2701.

This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.

Conflicts:
	crypto/bn/bn.h
	crypto/bn/bn_err.c
2013-06-04 18:52:30 +01:00
Adam Langley
2b0180c37f Ensure that x**0 mod 1 = 0. 2013-06-04 18:47:11 +01:00
Adam Langley
7753a3a684 Add volatile qualifications to two blocks of inline asm to stop GCC from
eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
2013-06-04 18:46:25 +01:00
Ben Laurie
5dcd2deb3e Remove added ;. 2013-06-04 17:27:18 +01:00
Ben Laurie
b25b8417a7 Missing prototypes. 2013-06-04 16:34:45 +01:00
Andy Polyakov
b69437e1e5 crypto/bn/bn_exp.c: SPARC portability fix. 2013-06-01 09:58:07 +02:00
Andy Polyakov
36df342f9b aesni-x86_64.pl: optimize XTS.
PR: 3042
2013-05-25 19:23:09 +02:00
Andy Polyakov
4df2280b4f aesni-sha1-x86_64.pl: Atom-specific optimization. 2013-05-25 19:08:39 +02:00
Andy Polyakov
504bbcf3cd sha512-x86_64.pl: +16% optimization for Atom.
(and pending AVX2 changes).
2013-05-25 19:02:57 +02:00
Andy Polyakov
988d11b641 vpaes-x86[_64].pl: minor Atom-specific optimization. 2013-05-25 18:57:03 +02:00
Andy Polyakov
8a97a33063 Add AES-SHA256 stitch. 2013-05-13 22:49:58 +02:00
Andy Polyakov
22de0e6583 x86_64-xlate.pl: minor size/performance improvement. 2013-05-13 16:06:25 +02:00
Andy Polyakov
cd54249c21 aesni-x86_64.pl: minor CTR performance improvement. 2013-05-13 15:49:03 +02:00
Ben Laurie
92584bd3d5 Tests pass! 2013-05-05 16:15:34 +01:00
Ben Laurie
342ec250c3 Ugly hack to avoid recompiling the same thing multiple times in parallel. 2013-05-05 15:06:33 +01:00
Dr. Stephen Henson
c6d8adb8a4 Reencode certificates in X509_sign_ctx.
Reencode certificates in X509_sign_ctx as well as X509_sign.

This was causing a problem in the x509 application when it modified an
existing certificate.
2013-05-02 12:19:40 +01:00
Andy Polyakov
9575d1a91a bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks.
Submitted by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Contributor claims ~50% improvement in CTR and ~9% in CBC decrypt
on Cortex-A15.
2013-04-23 17:52:14 +02:00
Andy Polyakov
75fe422323 bsaes-armv7.pl: take it into build loop. 2013-04-23 17:49:54 +02:00
Dr. Stephen Henson
412834dcf0 Typo. 2013-04-14 01:19:07 +01:00
Andy Polyakov
db05b447a5 Fix Windows linking error in GOST test case. 2013-04-13 23:03:31 +02:00
Andy Polyakov
3bdd80521a crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
2013-04-13 20:57:37 +02:00
Dr. Stephen Henson
4544f0a691 Suite B support for DTLS 1.2
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.

Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
2013-04-09 16:49:13 +01:00
Dr. Stephen Henson
c56f5b8edf Always return errors in ssl3_get_client_hello
If we successfully match a cookie don't set return value to 2 as this
results in other error conditions returning 2 as well.

Instead set return value to -2 which can be checked later if everything
else is OK.
2013-04-09 15:59:47 +01:00
Dr. Stephen Henson
c6913eeb76 Dual DTLS version methods.
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
2013-04-09 14:02:48 +01:00
Dr. Stephen Henson
04638f2fc3 Set s->d1 to NULL after freeing it. 2013-04-08 18:24:42 +01:00
Dr. Stephen Henson
045b2809f8 Asm build portability.
Don't use Win32 specific options in mk1mf.pl to build assembly language
files.
2013-04-08 14:53:54 +01:00
Ben Laurie
29d422e2a0 Make sure all tests are actually run, plus some fixups for things that
turn out to be made somewhere by existing Makefiles.
2013-04-07 16:52:54 +01:00