Commit graph

10493 commits

Author SHA1 Message Date
Dr. Stephen Henson
bb4aa95c81 Remove ancient PATENTS section and FAQ reference.
(cherry picked from commit ce4555967e)
2013-09-08 21:25:38 +01:00
Dr. Stephen Henson
5117d50b7e Partial path fix.
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
(cherry picked from commit 52073b7675)
2013-09-08 21:25:10 +01:00
Dr. Stephen Henson
593605d3ec Document supported curve functions.
(cherry picked from commit c3eb33763b)
2013-09-03 15:43:59 +01:00
Dr. Stephen Henson
c9ea4df8f9 Document -force_pubkey option.
(cherry picked from commit b093a06866bf632a97a9a0286e2d08f69c3cf7dd)
2013-08-21 13:41:17 +01:00
Dr. Stephen Henson
89ff56faf1 Correct ECDSA example.
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
2013-08-20 17:30:16 +01:00
Dr. Stephen Henson
9855026c43 fix printout of expiry days if -enddate is used in ca
(cherry picked from commit f7ac0ec89d)
2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
904348a492 Time difference functions.
Backport of ASN1_TIME_diff and OPENSSL_gmtime_diff functions from master
branch.
2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
aaaa18392d new command line option -stdname to ciphers utility
(cherry picked from commit 51b9115b6d)
2013-08-19 20:25:39 +01:00
Dr. Stephen Henson
8c33e40d2e Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
(cherry picked from commit df316fd43c)
2013-08-19 18:10:04 +01:00
Dr. Stephen Henson
0d04af1e72 option to output corrupted signature in certificates for testing purposes
(cherry picked from commit 96cfba0fb4)
2013-08-19 18:09:44 +01:00
Dr. Stephen Henson
8f17495800 update usage messages
(cherry picked from commit 7c8ac50504)
2013-08-19 18:09:26 +01:00
Dr. Stephen Henson
95c1a24853 add -naccept <n> option to s_server to automatically exit after <n> connections
(cherry picked from commit b5cadfb564)
2013-08-19 17:42:02 +01:00
Dr. Stephen Henson
08374de10f with -rev close connection if client sends "CLOSE"
(cherry picked from commit 685755937a)
2013-08-19 14:14:05 +01:00
Dr. Stephen Henson
506e70a216 Add simple external session cache to s_server. This serialises sessions
just like a "real" server making it easier to trace any problems.

(manually applied from commit 35b0ea4efe)
2013-08-19 14:13:56 +01:00
Dr. Stephen Henson
0cca92cdd3 Remove commented out debug line. 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
5b430cfc44 Make no-ec compilation work.
(cherry picked from commit 14536c8c9c)
2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
171c4da568 Add -rev test option to s_server to just reverse order of characters received
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
(cherry picked from commit 4f3df8bea2)
2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
04611fb0f1 Add -brief option to s_client and s_server to summarise connection details.
New option -verify_quiet to shut up the verify callback unless there is
an error.

(manually applied from commit 2a7cbe77b3)
2013-08-19 14:13:24 +01:00
Dr. Stephen Henson
df430489cf Add documentation.
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
(cherry picked from commit eeb15452a0)
2013-08-18 13:53:32 +01:00
Dr. Stephen Henson
5085e57fb5 Return 1 when setting ECDH auto mode.
(cherry picked from commit 42082eda6f)
2013-08-18 13:53:00 +01:00
Michael Tuexen
75b81247a0 DTLS message_sequence number wrong in rehandshake ServerHello
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daac0)
2013-08-13 18:55:16 +01:00
Michael Tuexen
2c1a5c1039 DTLS handshake fix.
Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeacd3)
2013-08-08 13:31:54 +01:00
Dr. Stephen Henson
71c34b7f2d Fix verify loop with CRL checking.
PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit 4b26645c1a)
2013-08-06 16:08:04 +01:00
Kaspar Brand
b0cfaf58ad Fix for PEM_X509_INFO_read_bio.
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bcba)
2013-08-06 16:04:52 +01:00
Andy Polyakov
9dc07f04c3 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
2013-08-03 17:09:37 +02:00
Andy Polyakov
f15c16200b crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
(cherry picked from commit fd8ad019e1)
2013-08-03 16:30:40 +02:00
Andy Polyakov
4e09add6f8 crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI.
(cherry picked from commit 006784378d)
2013-07-31 23:52:21 +02:00
Trevor
355a6236be Cosmetic touchups. 2013-07-31 16:38:43 +01:00
Ben Laurie
6d7fa9c25c Support new rsaz asm stuff. 2013-07-31 16:37:19 +01:00
Andy Polyakov
82ae22ef4d bn/asm/rsaz-avx2.pl: Windows-specific fix.
(cherry picked from commit 5c57c69f9e)
2013-07-12 19:01:23 +02:00
Ben Laurie
b56bae5126 s/rsaz_eligible/rsaz_avx2_eligible/.
(cherry picked from commit 852f837f5e)
2013-07-12 18:53:05 +02:00
Andy Polyakov
2d3f31e0a1 sha512-586.pl: fix typo.
Submitted by: Gisle Vanem
(cherry picked from commit 241fba4ea9)
2013-07-10 10:02:34 +02:00
Andy Polyakov
ae74191e38 Remove RSAX engine, superseded by RSAZ module.
(cherry picked from commit f5b132d652)

Conflicts [resloved]:

	Configure
2013-07-05 22:16:10 +02:00
Andy Polyakov
ab8233ab81 Take RSAZ modules into build loop, add glue and engage.
RT: 2582, 2850
(cherry picked from commit ca48ace5c5)

Conflicts:

	Configure
2013-07-05 21:53:05 +02:00
Andy Polyakov
d5572bdc64 Add RSAZ assembly modules.
RT: 2582, 2850
(cherry picked from commit 0b4bb91db6)
2013-07-05 21:49:19 +02:00
Andy Polyakov
e3990db59c bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family.
(cherry picked from commit 26e43b48a3)
2013-07-05 21:15:16 +02:00
Andy Polyakov
87d90528ac bn/bn_exp.c: harmonize.
(cherry picked from commit cbce8c4644)
2013-07-05 21:01:51 +02:00
Trevor
e27711cfdd Trying cherrypick:
Add support for arbitrary TLS extensions.

Contributed by Trevor Perrin.

Conflicts:

	CHANGES
	ssl/ssl.h
	ssl/ssltest.c
	test/testssl

Fix compilation due to #endif.

Cherrypicking more stuff.

Cleanup of custom extension stuff.

serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.

Conflicts:

	test/testssl
2013-07-03 11:53:30 +01:00
Andy Polyakov
28c08222c0 config: fix executable format detection on latest FreeBSD.
Submitted by: Bryan Drewery
PR: 3075
(cherry picked from commit c256e69d3f)
2013-06-30 23:59:30 +02:00
Andy Polyakov
8508a80998 bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca.
(cherry picked from commit b74ce8d948)
2013-06-30 23:14:31 +02:00
Andy Polyakov
7850a8bc04 x86_64-xlate.pl: Windows fixes.
(cherry picked from commit a9d14832fd)
2013-06-30 23:14:19 +02:00
Andy Polyakov
fccec89084 aesni-sha256-x86_64.pl: fix typo in Windows SEH.
(cherry picked from commit 42386fdb62)
2013-06-30 23:14:04 +02:00
Andy Polyakov
6c7fa27404 PA-RISC assembler pack: switch to bve in 64-bit builds.
PR: 3074
(cherry picked from commit 02450ec69d)
2013-06-30 23:13:23 +02:00
Andy Polyakov
e7f9c08ab8 SPARC T4 DES support: fix typo.
(cherry picked from commit 8ee3c7e676)
2013-06-18 11:07:24 +02:00
Andy Polyakov
03c8441b14 Optimize SPARC T4 MONTMUL support.
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
(cherry picked from commit 4ddacd9921)
2013-06-18 11:07:16 +02:00
Ben Laurie
e887c4187e Backport single makefile from master. 2013-06-13 15:09:48 +01:00
Ben Laurie
933aee6199 Wrong include path. 2013-06-13 13:26:22 +01:00
Dr. Stephen Henson
90e7f983b5 Typo: don't call RAND_cleanup during app startup. 2013-06-12 21:16:31 +01:00
Andy Polyakov
f00962aaf3 aesni-sha1-x86_64.pl: update performance data.
(cherry picked from commit 3b848d3401)
2013-06-10 22:52:06 +02:00
Andy Polyakov
3eccd2e53a aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl.
(cherry picked from commit 42b9a4177b)
2013-06-10 22:51:55 +02:00