Commit graph

10774 commits

Author SHA1 Message Date
Ben Laurie
d65db21976 Const fix. 2014-02-09 08:07:16 -08:00
Ben Laurie
8acf1ff4b4 More cleanup.
(cherry picked from commit 5eda213ebe)
Conflicts:
	apps/s_client.c
	apps/s_server.c
2014-02-09 08:07:04 -08:00
Ben Laurie
8b41df41c2 Make it build.
(cherry picked from commit a6a48e87bc)
Conflicts:
	ssl/s3_clnt.c
	ssl/t1_lib.c
2014-02-09 08:02:40 -08:00
Scott Deboy
c32ebefaa8 Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests from commit 835d104f46 2014-02-09 07:49:44 -08:00
Scott Deboy
5a32dd8930 Don't break out of the custom extension callback loop - continue instead
The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
2014-02-08 16:19:30 -08:00
Ben Laurie
130ebe34c8 Fix whitespace, new-style comments. 2014-02-08 16:19:30 -08:00
Scott Deboy
7612511b3b Re-add alert variables removed during rebase
Whitespace fixes

(cherry picked from commit e9add063b5)
Conflicts:
	ssl/s3_clnt.c
2014-02-08 16:19:01 -08:00
Scott Deboy
19a28a8aa3 Updating DTCP authorization type to expected value 2014-02-08 16:18:11 -08:00
Scott Deboy
fc213217e8 Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.

Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.

(cherry picked from commit ac20719d99)
Conflicts:
	ssl/t1_lib.c
2014-02-08 16:17:24 -08:00
Trevor Perrin
7198c5af1f Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated. 2014-02-08 16:15:10 -08:00
Scott Deboy
40632f6b77 Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
(cherry picked from commit 67c408cee9)
Conflicts:
	apps/s_client.c
	apps/s_server.c
2014-02-08 16:14:23 -08:00
Scott Deboy
038bec784e Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.

(cherry picked from commit 36086186a9)
Conflicts:
	Configure
	apps/s_client.c
	apps/s_server.c
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c
2014-02-08 16:12:15 -08:00
Dr. Stephen Henson
f407eec799 make update 2014-02-06 14:31:09 +00:00
Dr. Stephen Henson
bd618bebbe update default depflags 2014-02-06 14:28:49 +00:00
Andy Polyakov
e2884b3e9a Configure: recognize experimental-multiblock.
(cherry picked from commit 2d752737c5)
2014-02-06 14:26:01 +00:00
Dr. Stephen Henson
c41e242e5c Return previous compression methods when setting them.
(cherry picked from commit b45e874d7c)
2014-02-06 13:58:18 +00:00
Andy Polyakov
9578319394 ssl/s3_pkt.c: add multi-block processing [from master]. 2014-02-05 21:43:17 +01:00
Andy Polyakov
16eaca2c79 config: recognize little-endian Linux PPC64. 2014-02-05 20:36:11 +01:00
Dr. Stephen Henson
3bff195dca Oops, get selection logic right.
(cherry picked from commit 3880579240d476d21f68fd01a391dd325920f479)
2014-02-05 18:57:23 +00:00
Andy Polyakov
41cf2d2518 evp/e_aes_cbc_hmac_sha[1|256].c: add multi-block implementations [from master]. 2014-02-05 19:52:38 +01:00
Dr. Stephen Henson
e0d4272a58 Return per-certificate chain if extra chain is NULL.
If an application calls the macro SSL_CTX_get_extra_chain_certs
return either the old "shared" extra certificates or those associated
with the current certificate.

This means applications which call SSL_CTX_use_certificate_chain_file
and retrieve the additional chain using SSL_CTX_get_extra_chain_certs
will still work. An application which only wants to check the shared
extra certificates can call the new macro
SSL_CTX_get_extra_chain_certs_only
(cherry picked from commit a51f767645)
2014-02-05 17:06:56 +00:00
Andy Polyakov
41c373fa3e [aesni|sha*]-mb-x86_64.pl: add multi-block assembly modules [from master]. 2014-02-05 14:33:44 +01:00
Dr. Stephen Henson
7f6e09b531 Add quotes as CC can contain spaces.
PR#3253
2014-02-03 14:13:04 +00:00
Dr. Stephen Henson
e2f06800bc New ctrl to set current certificate.
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
(cherry picked from commit 0f78819c8c)
2014-02-02 23:12:06 +00:00
Dr. Stephen Henson
1180833643 Fix various typos.
(cherry picked from commit f3efeaad54)
2014-02-02 23:12:06 +00:00
Dr. Stephen Henson
130eed01cc Update demo.
(cherry picked from commit 88c21c47a3)
2014-02-02 23:06:16 +00:00
Dr. Stephen Henson
2ded87355f Update demos/bio/README
(cherry picked from commit ea131a0644)
2014-02-02 23:05:52 +00:00
Dr. Stephen Henson
b1ae02e2ff Modify sample accept.cnf
(cherry picked from commit d80b0eeee5)
2014-02-02 23:05:34 +00:00
Dr. Stephen Henson
381417089a Add demo for SSL server using SSL_CONF.
(cherry picked from commit ebd14bfce9)
2014-02-02 23:05:15 +00:00
Ben Laurie
984a30423d Add extension free function. 2014-02-02 15:22:47 +00:00
Andy Polyakov
2ad673c611 engines/e_capi.c: TCHAR support (cumilative update from master). 2014-02-02 00:17:38 +01:00
Andy Polyakov
0693dd954e modes/asm/ghash-s390x.pl: +15% performance improvement on z10.
(cherry picked from commit d162584b11)
2014-02-02 00:10:41 +01:00
Andy Polyakov
9071b36d9a Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
Andy Polyakov
eb6af20d2e dso/dso_win32.c: fix compiler warning.
(cherry picked from commit 0a2d5003df)
2014-02-01 23:32:19 +01:00
Andy Polyakov
8087969c5b crypto/cryptlib.c: remove stdio dependency (update from master). 2014-02-01 23:27:49 +01:00
Andy Polyakov
cb437c66d1 camellia/asm/cmll-x86_64.pl: fix symptomless bugs (update from master). 2014-02-01 23:14:33 +01:00
Ben Laurie
40b0d0765e Remove redundant accessor (you can do the same thing, and more, with
X509_ALGOR_[gs]et0()).
2014-02-01 22:03:40 +00:00
Andy Polyakov
41235f30fb util/pl/VC-32.pl fix typo.
(cherry picked from commit fb0a520897)
2014-02-01 22:55:25 +01:00
Andy Polyakov
130c15ef5a util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
suggestions from Pierre Delaage).
(cherry picked from commit 668bcfd5ca)

Resolved conflicts:

	util/pl/VC-32.pl
2014-02-01 22:53:24 +01:00
Andy Polyakov
2cc5142fb1 Improve WINCE support.
Submitted by: Pierre Delaage
(cherry picked from commit a006fef78e)

Resolved conflicts:

	crypto/bio/bss_dgram.c
	ssl/d1_lib.c
	util/pl/VC-32.pl
2014-02-01 22:48:56 +01:00
Andy Polyakov
d451ece4e7 b_sock.c: make getsockopt work in cases when optlen is 64-bit value.
(cherry picked from commit 80c42f3e0c)
2014-02-01 22:33:02 +01:00
Andy Polyakov
1121ba1b74 wp-mmx.pl: ~10% performance improvement.
(cherry picked from commit ae007d4d09)
2014-02-01 22:27:07 +01:00
Andy Polyakov
1fb039fde2 wp-x86_64.pl: ~10% performance improvement.
(cherry picked from commit 701d593f70)
2014-02-01 22:26:45 +01:00
Andy Polyakov
3073927e42 sha512-ia64.pl: 15-20% performance improvement.
(cherry picked from commit 46a2b3387a)
2014-02-01 22:21:57 +01:00
Andy Polyakov
b6c2029931 objxref.pl: improve portability.
(cherry picked from commit 71fa3bc5ec)
2014-02-01 22:17:36 +01:00
Adam Langley
45d010255f Add volatile qualifications to two blocks of inline asm to stop GCC from
eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
(cherry picked from commit 7753a3a684)
2014-02-01 22:01:46 +01:00
Andy Polyakov
7e569022c5 PPC assembly pack: ppc64-mont update from master. 2014-02-01 21:51:51 +01:00
Andy Polyakov
50f1b47c7f PPC assembly pack: jumbo update from master.
Add Vector Permutation AES and little-endian support.
2014-02-01 21:48:31 +01:00
Andy Polyakov
5572bc4e2f crypto/aes/asm/aesni-x86[_64].pl: jumbo update from master. 2014-02-01 21:27:46 +01:00
Andy Polyakov
729d334106 crypto/sha/asm/sha1-x86_64.pl: jumbo update from master. 2014-02-01 21:24:55 +01:00