openssl.git
6 years agoremove print_ssl_cert_checks() from openssl application: it is no longer used
Dr. Stephen Henson [Thu, 6 Dec 2012 18:36:51 +0000 (18:36 +0000)]
remove print_ssl_cert_checks() from openssl application: it is no longer used

6 years agoFix two bugs which affect delta CRL handling:
Dr. Stephen Henson [Thu, 6 Dec 2012 18:24:28 +0000 (18:24 +0000)]
Fix two bugs which affect delta CRL handling:

Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.

6 years agoIntegrate host, email and IP address checks into X509_verify.
Dr. Stephen Henson [Wed, 5 Dec 2012 18:35:20 +0000 (18:35 +0000)]
Integrate host, email and IP address checks into X509_verify.

Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.

6 years agoaes-s390x.pl: fix XTS bugs in z196-specific code path.
Andy Polyakov [Wed, 5 Dec 2012 17:44:45 +0000 (17:44 +0000)]
aes-s390x.pl: fix XTS bugs in z196-specific code path.

6 years agodon't print verbose policy check messages when -quiet is selected even on error
Dr. Stephen Henson [Tue, 4 Dec 2012 23:18:44 +0000 (23:18 +0000)]
don't print verbose policy check messages when -quiet is selected even on error

6 years agoghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
Andy Polyakov [Tue, 4 Dec 2012 20:21:24 +0000 (20:21 +0000)]
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.

6 years agoinitial support for delta CRL generations by diffing two full CRLs
Dr. Stephen Henson [Tue, 4 Dec 2012 18:35:36 +0000 (18:35 +0000)]
initial support for delta CRL generations by diffing two full CRLs

6 years agomake -subj always override config file
Dr. Stephen Henson [Tue, 4 Dec 2012 18:35:04 +0000 (18:35 +0000)]
make -subj always override config file

6 years agocheck mval for NULL too
Dr. Stephen Henson [Tue, 4 Dec 2012 17:25:34 +0000 (17:25 +0000)]
check mval for NULL too

6 years agofix leak
Dr. Stephen Henson [Mon, 3 Dec 2012 16:32:52 +0000 (16:32 +0000)]
fix leak

6 years agooops, really check brief mode only ;-)
Dr. Stephen Henson [Mon, 3 Dec 2012 03:40:57 +0000 (03:40 +0000)]
oops, really check brief mode only ;-)

6 years agodon't check errno is zero, just print out message
Dr. Stephen Henson [Mon, 3 Dec 2012 03:39:23 +0000 (03:39 +0000)]
don't check errno is zero, just print out message

6 years agoif no error code and -brief selected print out connection closed instead of read...
Dr. Stephen Henson [Mon, 3 Dec 2012 03:33:44 +0000 (03:33 +0000)]
if no error code and -brief selected print out connection closed instead of read error

6 years agoadd -badsig option to corrupt CRL signatures for testing too
Dr. Stephen Henson [Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)]
add -badsig option to corrupt CRL signatures for testing too

6 years agoNew option to add CRLs for s_client and s_server.
Dr. Stephen Henson [Sun, 2 Dec 2012 16:16:28 +0000 (16:16 +0000)]
New option to add CRLs for s_client and s_server.

6 years agoadd option to get a certificate or CRL from a URL
Dr. Stephen Henson [Sun, 2 Dec 2012 14:00:22 +0000 (14:00 +0000)]
add option to get a certificate or CRL from a URL

6 years agoreturn error if Suite B mode is selected and TLS 1.2 can't be used. Correct error...
Dr. Stephen Henson [Sat, 1 Dec 2012 18:33:21 +0000 (18:33 +0000)]
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded

6 years agocryptlib.c: fix logical error.
Andy Polyakov [Sat, 1 Dec 2012 18:24:20 +0000 (18:24 +0000)]
cryptlib.c: fix logical error.

6 years agoaesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
Andy Polyakov [Sat, 1 Dec 2012 18:20:39 +0000 (18:20 +0000)]
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.

6 years agoaes-s390x.pl: harmonize software-only code path [and minor optimization].
Andy Polyakov [Sat, 1 Dec 2012 11:06:19 +0000 (11:06 +0000)]
aes-s390x.pl: harmonize software-only code path [and minor optimization].

6 years agoAdd new test option set the version in generated certificates: this
Dr. Stephen Henson [Fri, 30 Nov 2012 19:24:13 +0000 (19:24 +0000)]
Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.

6 years agoPR: 2803
Dr. Stephen Henson [Thu, 29 Nov 2012 19:15:14 +0000 (19:15 +0000)]
PR: 2803
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.

6 years agoadd wrapper function for certificate download
Dr. Stephen Henson [Thu, 29 Nov 2012 01:15:09 +0000 (01:15 +0000)]
add wrapper function for certificate download

6 years agoconstify
Dr. Stephen Henson [Thu, 29 Nov 2012 01:13:38 +0000 (01:13 +0000)]
constify

6 years agoGeneralise OCSP I/O functions to support dowloading of other ASN1
Dr. Stephen Henson [Wed, 28 Nov 2012 16:22:53 +0000 (16:22 +0000)]
Generalise OCSP I/O functions to support dowloading of other ASN1
structures using HTTP. Add wrapper function to handle CRL download.

6 years agoC64x+ assembly pack: improve EABI support.
Andy Polyakov [Wed, 28 Nov 2012 13:19:10 +0000 (13:19 +0000)]
C64x+ assembly pack: improve EABI support.

6 years agoUpdate support for Intel compiler: add linux-x86_64-icc and fix problems.
Andy Polyakov [Wed, 28 Nov 2012 13:05:13 +0000 (13:05 +0000)]
Update support for Intel compiler: add linux-x86_64-icc and fix problems.

6 years agoNew functions to set lookup_crls callback and to retrieve internal X509_STORE
Dr. Stephen Henson [Tue, 27 Nov 2012 23:47:48 +0000 (23:47 +0000)]
New functions to set lookup_crls callback and to retrieve internal X509_STORE
from X509_STORE_CTX.

6 years agoPrint out point format list for clients too.
Dr. Stephen Henson [Mon, 26 Nov 2012 18:39:38 +0000 (18:39 +0000)]
Print out point format list for clients too.

6 years agoUse default point formats extension for server side as well as client
Dr. Stephen Henson [Mon, 26 Nov 2012 18:38:10 +0000 (18:38 +0000)]
Use default point formats extension for server side as well as client
side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.

6 years agochange inaccurate error message
Dr. Stephen Henson [Mon, 26 Nov 2012 15:47:32 +0000 (15:47 +0000)]
change inaccurate error message

6 years agoset auto ecdh parameter selction for Suite B
Dr. Stephen Henson [Mon, 26 Nov 2012 15:10:50 +0000 (15:10 +0000)]
set auto ecdh parameter selction for Suite B

6 years agoset cmdline flag in s_server
Dr. Stephen Henson [Mon, 26 Nov 2012 12:51:12 +0000 (12:51 +0000)]
set cmdline flag in s_server

6 years agooption to output corrupted signature in certificates for testing purposes
Dr. Stephen Henson [Sun, 25 Nov 2012 22:29:52 +0000 (22:29 +0000)]
option to output corrupted signature in certificates for testing purposes

6 years agoAES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
Andy Polyakov [Sat, 24 Nov 2012 21:55:23 +0000 (21:55 +0000)]
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.

6 years agoadd Suite B 128 bit mode offering only combination 2
Dr. Stephen Henson [Sat, 24 Nov 2012 00:59:51 +0000 (00:59 +0000)]
add Suite B 128 bit mode offering only combination 2

6 years agoDon't display messages about verify depth in s_server if -quiet it set.
Dr. Stephen Henson [Fri, 23 Nov 2012 18:56:25 +0000 (18:56 +0000)]
Don't display messages about verify depth in s_server if -quiet it set.

Add support for separate verify and chain stores in s_client.

6 years agoAdd support for printing out and retrieving EC point formats extension.
Dr. Stephen Henson [Thu, 22 Nov 2012 15:20:53 +0000 (15:20 +0000)]
Add support for printing out and retrieving EC point formats extension.

6 years agoreject zero length point format list or supported curves extensions
Dr. Stephen Henson [Thu, 22 Nov 2012 14:15:44 +0000 (14:15 +0000)]
reject zero length point format list or supported curves extensions

6 years agosupport -quiet with -msg or -trace
Dr. Stephen Henson [Wed, 21 Nov 2012 17:11:42 +0000 (17:11 +0000)]
support -quiet with -msg or -trace

6 years agocurves can be set in both client and server
Dr. Stephen Henson [Wed, 21 Nov 2012 17:01:46 +0000 (17:01 +0000)]
curves can be set in both client and server

6 years agouse correct return values when callin cmd
Dr. Stephen Henson [Wed, 21 Nov 2012 16:59:33 +0000 (16:59 +0000)]
use correct return values when callin cmd

6 years agoonly use a default curve if not already set
Dr. Stephen Henson [Wed, 21 Nov 2012 16:47:25 +0000 (16:47 +0000)]
only use a default curve if not already set

6 years agoReorganise parameters for OPENSSL_gmtime_diff.
Dr. Stephen Henson [Wed, 21 Nov 2012 14:13:20 +0000 (14:13 +0000)]
Reorganise parameters for OPENSSL_gmtime_diff.

Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.

6 years agoSubmitted by: Florian Weimer <fweimer@redhat.com>
Dr. Stephen Henson [Wed, 21 Nov 2012 14:10:48 +0000 (14:10 +0000)]
Submitted by: Florian Weimer <fweimer@redhat.com>
PR: 2909

Update test cases to cover internal error return values.

Remove IDNA wildcard filter.

6 years agoPR: 2908
Dr. Stephen Henson [Wed, 21 Nov 2012 14:02:40 +0000 (14:02 +0000)]
PR: 2908
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.

6 years agofix printout of expiry days if -enddate is used in ca
Dr. Stephen Henson [Tue, 20 Nov 2012 15:22:15 +0000 (15:22 +0000)]
fix printout of expiry days if -enddate is used in ca

6 years agodon't use psec or pdays if NULL
Dr. Stephen Henson [Tue, 20 Nov 2012 15:20:40 +0000 (15:20 +0000)]
don't use psec or pdays if NULL

6 years agofirst parameter is difference in days, not years
Dr. Stephen Henson [Tue, 20 Nov 2012 15:19:53 +0000 (15:19 +0000)]
first parameter is difference in days, not years

6 years agoreorganise SSL_CONF_cmd manual page and update some links
Dr. Stephen Henson [Tue, 20 Nov 2012 01:01:33 +0000 (01:01 +0000)]
reorganise SSL_CONF_cmd manual page and update some links

6 years agofix leaks
Dr. Stephen Henson [Tue, 20 Nov 2012 00:24:52 +0000 (00:24 +0000)]
fix leaks

6 years agowith -rev close connection if client sends "CLOSE"
Dr. Stephen Henson [Mon, 19 Nov 2012 23:41:24 +0000 (23:41 +0000)]
with -rev close connection if client sends "CLOSE"

6 years agoupdate usage messages
Dr. Stephen Henson [Mon, 19 Nov 2012 23:20:40 +0000 (23:20 +0000)]
update usage messages

6 years agocorrect docs
Dr. Stephen Henson [Mon, 19 Nov 2012 20:06:44 +0000 (20:06 +0000)]
correct docs

6 years agodocument -trace and -msgfile options
Dr. Stephen Henson [Mon, 19 Nov 2012 16:37:18 +0000 (16:37 +0000)]
document -trace and -msgfile options

6 years agoupdate docs for s_server/s_client
Dr. Stephen Henson [Mon, 19 Nov 2012 16:07:53 +0000 (16:07 +0000)]
update docs for s_server/s_client

6 years agomake depend
Dr. Stephen Henson [Mon, 19 Nov 2012 15:13:33 +0000 (15:13 +0000)]
make depend

6 years agonew function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
Dr. Stephen Henson [Mon, 19 Nov 2012 15:12:07 +0000 (15:12 +0000)]
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures

6 years agox86_64-gcc.c: resore early clobber constraint.
Andy Polyakov [Mon, 19 Nov 2012 15:02:00 +0000 (15:02 +0000)]
x86_64-gcc.c: resore early clobber constraint.

Submitted by: Florian Weimer

6 years agomake depend
Dr. Stephen Henson [Mon, 19 Nov 2012 13:18:09 +0000 (13:18 +0000)]
make depend

6 years agodon't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set
Dr. Stephen Henson [Mon, 19 Nov 2012 12:36:04 +0000 (12:36 +0000)]
don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set

6 years agoremove obsolete code
Dr. Stephen Henson [Mon, 19 Nov 2012 03:46:49 +0000 (03:46 +0000)]
remove obsolete code

6 years agofix typo and warning
Dr. Stephen Henson [Mon, 19 Nov 2012 02:46:46 +0000 (02:46 +0000)]
fix typo and warning

6 years agoclarify docs
Dr. Stephen Henson [Sun, 18 Nov 2012 18:06:16 +0000 (18:06 +0000)]
clarify docs

6 years agofix manual page file name
Dr. Stephen Henson [Sun, 18 Nov 2012 17:58:45 +0000 (17:58 +0000)]
fix manual page file name

6 years agodocument -naccept option
Dr. Stephen Henson [Sun, 18 Nov 2012 15:51:26 +0000 (15:51 +0000)]
document -naccept option

6 years agoadd -naccept <n> option to s_server to automatically exit after <n> connections
Dr. Stephen Henson [Sun, 18 Nov 2012 15:45:16 +0000 (15:45 +0000)]
add -naccept <n> option to s_server to automatically exit after <n> connections

6 years agoPR: 2880
Dr. Stephen Henson [Sun, 18 Nov 2012 15:24:37 +0000 (15:24 +0000)]
PR: 2880
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.

6 years agoPR: 2909
Dr. Stephen Henson [Sun, 18 Nov 2012 15:13:55 +0000 (15:13 +0000)]
PR: 2909
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.

6 years agoremove redundant code from demo
Dr. Stephen Henson [Sun, 18 Nov 2012 14:47:25 +0000 (14:47 +0000)]
remove redundant code from demo

6 years agocryptlib.c: revert typo.
Andy Polyakov [Sat, 17 Nov 2012 21:42:57 +0000 (21:42 +0000)]
cryptlib.c: revert typo.

6 years agoExtend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.
Andy Polyakov [Sat, 17 Nov 2012 19:04:15 +0000 (19:04 +0000)]
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.

6 years agoperlasm/sparcv9_modes.pl: addendum to commit#22966.
Andy Polyakov [Sat, 17 Nov 2012 18:34:17 +0000 (18:34 +0000)]
perlasm/sparcv9_modes.pl: addendum to commit#22966.

6 years agofix error messages
Dr. Stephen Henson [Sat, 17 Nov 2012 15:22:50 +0000 (15:22 +0000)]
fix error messages

6 years agoDelegate command line handling for many common options in s_client/s_server
Dr. Stephen Henson [Sat, 17 Nov 2012 14:42:22 +0000 (14:42 +0000)]
Delegate command line handling for many common options in s_client/s_server
to the SSL_CONF APIs.

This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.

6 years agoinitial decription of GCM/CCM usage via EVP
Dr. Stephen Henson [Sat, 17 Nov 2012 14:38:20 +0000 (14:38 +0000)]
initial decription of GCM/CCM usage via EVP

6 years agoSupport for SPARC T4 MONT[MUL|SQR] instructions.
Andy Polyakov [Sat, 17 Nov 2012 10:34:11 +0000 (10:34 +0000)]
Support for SPARC T4 MONT[MUL|SQR] instructions.

Submitted by: David Miller, Andy Polyakov

6 years agofix typos in SSL_CONF documentation
Dr. Stephen Henson [Sat, 17 Nov 2012 00:21:34 +0000 (00:21 +0000)]
fix typos in SSL_CONF documentation

6 years agoadd SSL_CONF functions and documentation
Dr. Stephen Henson [Fri, 16 Nov 2012 19:12:24 +0000 (19:12 +0000)]
add SSL_CONF functions and documentation

6 years agotypo
Dr. Stephen Henson [Fri, 16 Nov 2012 12:49:14 +0000 (12:49 +0000)]
typo

6 years agoupdate ciphers documentation to indicate implemented fixed DH ciphersuites
Dr. Stephen Henson [Fri, 16 Nov 2012 01:15:15 +0000 (01:15 +0000)]
update ciphers documentation to indicate implemented fixed DH ciphersuites

6 years agoinitial update of ciphers doc
Dr. Stephen Henson [Fri, 16 Nov 2012 00:42:38 +0000 (00:42 +0000)]
initial update of ciphers doc

6 years agonew command line option -stdname to ciphers utility
Dr. Stephen Henson [Fri, 16 Nov 2012 00:35:46 +0000 (00:35 +0000)]
new command line option -stdname to ciphers utility

6 years agoadd "missing" TLSv1.2 cipher alias
Dr. Stephen Henson [Thu, 15 Nov 2012 19:14:47 +0000 (19:14 +0000)]
add "missing" TLSv1.2 cipher alias

6 years agoaes-x86_64.pl: Atom-specific optimizations, +10%.
Andy Polyakov [Mon, 12 Nov 2012 17:52:41 +0000 (17:52 +0000)]
aes-x86_64.pl: Atom-specific optimizations, +10%.
vpaes-x86_64.pl: minor performance squeeze.

6 years agoaes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others.
Andy Polyakov [Mon, 12 Nov 2012 17:50:19 +0000 (17:50 +0000)]
aes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others.
vpaes-x86.pl: minor performance squeeze.

6 years agoppccap.c: fix typo.
Andy Polyakov [Sat, 10 Nov 2012 20:27:18 +0000 (20:27 +0000)]
ppccap.c: fix typo.

6 years agoppccap.c: restrict features on AIX 5.
Andy Polyakov [Sat, 10 Nov 2012 20:24:51 +0000 (20:24 +0000)]
ppccap.c: restrict features on AIX 5.

6 years agobn_word.c: fix overflow bug in BN_add_word.
Andy Polyakov [Fri, 9 Nov 2012 13:58:40 +0000 (13:58 +0000)]
bn_word.c: fix overflow bug in BN_add_word.

6 years agonew feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some opera...
Dr. Stephen Henson [Thu, 8 Nov 2012 14:24:51 +0000 (14:24 +0000)]
new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms)

6 years agocontify
Dr. Stephen Henson [Mon, 5 Nov 2012 19:38:32 +0000 (19:38 +0000)]
contify

6 years agocrypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from
Andy Polyakov [Mon, 5 Nov 2012 17:03:39 +0000 (17:03 +0000)]
crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from
previous cbc128.c commit].

6 years agoMore strict aliasing fix.
Ben Laurie [Mon, 5 Nov 2012 14:23:55 +0000 (14:23 +0000)]
More strict aliasing fix.

6 years agocorrect error function code
Dr. Stephen Henson [Mon, 5 Nov 2012 13:34:29 +0000 (13:34 +0000)]
correct error function code

6 years agocbc128.c: fix strict aliasing warning.
Andy Polyakov [Mon, 5 Nov 2012 10:04:02 +0000 (10:04 +0000)]
cbc128.c: fix strict aliasing warning.

6 years agoe_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and
Andy Polyakov [Mon, 5 Nov 2012 09:20:41 +0000 (09:20 +0000)]
e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and
leave comment about CTR mode.

6 years agoghash-sparcv9.pl: 22% improvement on T4.
Andy Polyakov [Mon, 5 Nov 2012 08:47:26 +0000 (08:47 +0000)]
ghash-sparcv9.pl: 22% improvement on T4.

6 years agoRemove unused static function.
Ben Laurie [Mon, 5 Nov 2012 02:01:07 +0000 (02:01 +0000)]
Remove unused static function.

6 years agoFix gcc 4.8 warning (strict aliasing violation).
Ben Laurie [Mon, 5 Nov 2012 01:59:33 +0000 (01:59 +0000)]
Fix gcc 4.8 warning (strict aliasing violation).

6 years agomk1mf.pl: correct flags.
Andy Polyakov [Mon, 29 Oct 2012 22:23:58 +0000 (22:23 +0000)]
mk1mf.pl: correct flags.