Dr. Stephen Henson [Mon, 30 Sep 2013 11:44:18 +0000 (12:44 +0100)]
Sync OID numbers with 1.0.2 branch.
Andy Polyakov [Mon, 14 Oct 2013 22:14:39 +0000 (00:14 +0200)]
PPC assembly pack: add .size directives.
Andy Polyakov [Mon, 14 Oct 2013 20:41:00 +0000 (22:41 +0200)]
bn/asm/*x86_64*.pl: correct assembler requirement for ad*x.
Andy Polyakov [Sun, 13 Oct 2013 17:15:15 +0000 (19:15 +0200)]
Initial aarch64 bits.
Andy Polyakov [Sun, 13 Oct 2013 11:14:52 +0000 (13:14 +0200)]
MIPS assembly pack: get rid of deprecated instructions.
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
Andy Polyakov [Sat, 12 Oct 2013 20:10:28 +0000 (22:10 +0200)]
evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.
Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.
Andy Polyakov [Sat, 12 Oct 2013 19:37:55 +0000 (21:37 +0200)]
aes/asm/bsaes-x86_64.pl: fix Windows-specific bug in XTS.
PR: 3139
Andy Polyakov [Thu, 10 Oct 2013 21:06:43 +0000 (23:06 +0200)]
bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
Andy Polyakov [Wed, 9 Oct 2013 09:08:52 +0000 (11:08 +0200)]
bn/bn_exp.c: prefer MULX/AD*X over AVX2.
Andy Polyakov [Tue, 8 Oct 2013 21:41:31 +0000 (23:41 +0200)]
Configure: recognize experimental-multiblock.
Andy Polyakov [Tue, 8 Oct 2013 21:40:09 +0000 (23:40 +0200)]
ssl/s3_pkt.c: add initial multi-block encrypt.
Andy Polyakov [Tue, 8 Oct 2013 21:39:26 +0000 (23:39 +0200)]
evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs.
Andy Polyakov [Tue, 8 Oct 2013 21:38:05 +0000 (23:38 +0200)]
evp/evp.h: add multi-block contstants and parameter type.
Andy Polyakov [Tue, 8 Oct 2013 21:36:55 +0000 (23:36 +0200)]
sha/asm/sha*-mb-x86_64.pl: commentary update.
Ben Laurie [Mon, 7 Oct 2013 11:41:43 +0000 (12:41 +0100)]
Constification.
Andy Polyakov [Thu, 3 Oct 2013 21:08:31 +0000 (23:08 +0200)]
aes/asm/bsaes-*.pl: improve decrypt performance.
Improve decrypt performance by 10-20% depending on platform. Thanks
to Jussi Kivilinna for providing valuable hint. Also thanks to Ard
Biesheuvel.
Ben Laurie [Thu, 3 Oct 2013 10:36:43 +0000 (11:36 +0100)]
Support new asm files.
Andy Polyakov [Thu, 3 Oct 2013 08:55:49 +0000 (10:55 +0200)]
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
Andy Polyakov [Thu, 3 Oct 2013 08:42:11 +0000 (10:42 +0200)]
perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
PR: 3130
Andy Polyakov [Wed, 2 Oct 2013 22:45:04 +0000 (00:45 +0200)]
bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path.
Andy Polyakov [Wed, 2 Oct 2013 22:30:12 +0000 (00:30 +0200)]
rsaz-x86_64.pl: add MULX/ADCX/ADOX code path.
Andy Polyakov [Wed, 2 Oct 2013 22:26:09 +0000 (00:26 +0200)]
x86_64-xlate.pl: fix jrcxz in nasm case.
Andy Polyakov [Wed, 2 Oct 2013 22:24:03 +0000 (00:24 +0200)]
evp/e_aes_cbc_hmac_sha*.c: multi-block glue code.
Andy Polyakov [Wed, 2 Oct 2013 22:21:10 +0000 (00:21 +0200)]
Configire: take multi-block modules into build loop.
Andy Polyakov [Wed, 2 Oct 2013 22:18:58 +0000 (00:18 +0200)]
x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256.
Andy Polyakov [Wed, 2 Oct 2013 22:16:51 +0000 (00:16 +0200)]
evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX.
Andy Polyakov [Tue, 1 Oct 2013 18:33:06 +0000 (20:33 +0200)]
aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains.
Suggested by: Ard Biesheuvel
Ben Laurie [Wed, 25 Sep 2013 12:55:06 +0000 (13:55 +0100)]
Produce PEM we would consume.
Ben Laurie [Tue, 24 Sep 2013 22:13:22 +0000 (23:13 +0100)]
Show useful errors.
Conflicts:
apps/s_server.c
Ben Laurie [Fri, 20 Sep 2013 15:52:07 +0000 (16:52 +0100)]
Mix time into the pool to avoid repetition of the Android duplicated PID problem.
Ben Laurie [Fri, 20 Sep 2013 13:39:33 +0000 (14:39 +0100)]
Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix
Ben Laurie [Fri, 20 Sep 2013 13:38:02 +0000 (14:38 +0100)]
More diagnostics for invalid OIDs.
Andy Polyakov [Fri, 20 Sep 2013 11:22:57 +0000 (13:22 +0200)]
aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
Submitted by: Ard Biesheuvel
Dr. Stephen Henson [Tue, 17 Sep 2013 23:50:15 +0000 (00:50 +0100)]
Add functions to set ECDSA_METHOD structure.
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
Dr. Stephen Henson [Wed, 18 Sep 2013 00:02:35 +0000 (01:02 +0100)]
Fix error code clashes.
Dr. Stephen Henson [Tue, 17 Sep 2013 17:10:37 +0000 (18:10 +0100)]
DTLS version usage fixes.
Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.
Tolerate different version numbers if version hasn't been negotiated
yet.
Bodo Moeller [Tue, 17 Sep 2013 08:06:34 +0000 (10:06 +0200)]
Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.
(This went into 1.0.2 too, so it's not actually a change
between 1.0.x and 1.1.0.)
Bodo Moeller [Tue, 17 Sep 2013 07:48:23 +0000 (09:48 +0200)]
Move the change note for partial chain verification: this is code from
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added
to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and
thus not a change "between 1.0.2 and 1.1.0".
Trevor Perrin [Sat, 14 Sep 2013 01:31:48 +0000 (18:31 -0700)]
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
Bodo Moeller [Mon, 16 Sep 2013 12:55:03 +0000 (14:55 +0200)]
Sync CHANGES and NEWS files.
(Various changes from the master branch are now in the 1.0.2 branch too.)
Bodo Moeller [Mon, 16 Sep 2013 10:59:21 +0000 (12:59 +0200)]
Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
Andy Polyakov [Sun, 15 Sep 2013 20:07:49 +0000 (22:07 +0200)]
crypto/armcap.c: fix typo in rdtsc subroutine.
PR: 3125
Submitted by: Kyle McMartin
Andy Polyakov [Sun, 15 Sep 2013 19:59:25 +0000 (21:59 +0200)]
Add support for Cygwin-x86_64.
PR: 3110
Submitted by Corinna Vinschen.
Andy Polyakov [Sun, 15 Sep 2013 17:47:51 +0000 (19:47 +0200)]
bsaes-armv7.pl: remove partial register operations in CTR subroutine.
Andy Polyakov [Sun, 15 Sep 2013 17:44:43 +0000 (19:44 +0200)]
bsaes-armv7.pl: remove byte order dependency and minor optimization.
Ard Biesheuvel [Mon, 5 Aug 2013 11:52:46 +0000 (13:52 +0200)]
Added support for ARM/NEON based bit sliced AES in XTS mode
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Trevor Perrin [Sat, 14 Sep 2013 02:48:09 +0000 (19:48 -0700)]
Update docs to mention "BEGIN SERVERINFO FOR ".
Trevor Perrin [Sat, 14 Sep 2013 02:32:55 +0000 (19:32 -0700)]
Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"...
Trevor Perrin [Sat, 14 Sep 2013 01:31:48 +0000 (18:31 -0700)]
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
Rob Stradling [Thu, 12 Sep 2013 21:12:21 +0000 (22:12 +0100)]
Update CHANGES.
Rob Stradling [Tue, 10 Sep 2013 11:25:57 +0000 (12:25 +0100)]
Tidy up comments.
Rob Stradling [Tue, 10 Sep 2013 11:21:27 +0000 (12:21 +0100)]
Use TLS version supplied by client when fingerprinting Safari.
Rob Stradling [Tue, 10 Sep 2013 11:20:29 +0000 (12:20 +0100)]
Fix compilation with no-ec and/or no-tlsext.
Mat [Tue, 13 Aug 2013 12:45:39 +0000 (14:45 +0200)]
typo
Scott Deboy [Thu, 12 Sep 2013 00:22:00 +0000 (17:22 -0700)]
Initialize next_proto in s_server - resolves incorrect attempts to free
Ben Laurie [Tue, 10 Sep 2013 16:58:44 +0000 (17:58 +0100)]
Constification.
Andy Polyakov [Mon, 9 Sep 2013 19:43:21 +0000 (21:43 +0200)]
crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
Avoid occasional up to 8% performance drops.
Andy Polyakov [Mon, 9 Sep 2013 19:40:33 +0000 (21:40 +0200)]
crypto/bn/asm/x86_64-mont.pl: minor optimization.
Dr. Stephen Henson [Sun, 8 Sep 2013 20:22:57 +0000 (21:22 +0100)]
Remove ancient PATENTS section and FAQ reference.
Dr. Stephen Henson [Sun, 8 Sep 2013 18:26:59 +0000 (19:26 +0100)]
Partial path fix.
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
Dr. Stephen Henson [Sun, 8 Sep 2013 14:07:44 +0000 (15:07 +0100)]
Document extension clash.
Dr. Stephen Henson [Fri, 22 Mar 2013 17:12:33 +0000 (17:12 +0000)]
Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
For non-compliant peers (i.e. just about everything) this should have no
effect.
Dr. Stephen Henson [Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)]
Set TLS v1.2 disabled mask properly.
Ben Laurie [Fri, 6 Sep 2013 13:03:28 +0000 (14:03 +0100)]
Const fix.
Scott Deboy [Thu, 1 Aug 2013 18:54:09 +0000 (11:54 -0700)]
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
Ben Laurie [Thu, 1 Aug 2013 11:33:15 +0000 (12:33 +0100)]
More cleanup.
Ben Laurie [Thu, 1 Aug 2013 10:14:23 +0000 (11:14 +0100)]
Make it build.
Scott Deboy [Tue, 18 Jun 2013 21:34:38 +0000 (14:34 -0700)]
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
Ben Laurie [Thu, 5 Sep 2013 20:43:50 +0000 (21:43 +0100)]
s/recommend/recommended/
Veres Lajos [Wed, 12 Jun 2013 23:22:32 +0000 (00:22 +0100)]
misspellings fixes by https://github.com/vlajos/misspell_fixer
Ben Laurie [Thu, 5 Sep 2013 16:28:05 +0000 (17:28 +0100)]
Clean up layout.
Carlos Alberto Lopez Perez [Mon, 6 Aug 2012 00:24:51 +0000 (02:24 +0200)]
Add an "-xmpphost" option to s_client
* Many XMPP servers are configured with multiple domains (virtual hosts)
* In order to establish successfully the TLS connection you have to specify
which virtual host you are trying to connect.
* Test this, for example with ::
* Fail:
openssl s_client -connect talk.google.com:5222 -starttls xmpp
* Works:
openssl s_client -connect talk.google.com:5222 -starttls xmpp -xmpphost gmail.com
Carlos Alberto Lopez Perez [Mon, 6 Aug 2012 00:12:40 +0000 (02:12 +0200)]
Add "xmpp" to the list of supported starttls protocols on s_client manpage
Carlos Alberto Lopez Perez [Mon, 6 Aug 2012 00:00:07 +0000 (02:00 +0200)]
Fix infinite loop on s_client starttls xmpp
* When the host used in "-connect" is not what the remote XMPP server expects
the server will return an error like this:
<stream:error>
<host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
</stream:error>
* But the actual code will stay on the loop forever because the stop condition
"/stream:features>" will never happen,
* Make this more robust: The stop condition should be that BIO_read failed
* Test if for example with ::
openssl s_client -connect random.jabb3r.net:5222 -starttls xmpp
Carlos Alberto Lopez Perez [Sun, 5 Aug 2012 23:45:51 +0000 (01:45 +0200)]
Fix XMPP code detection on s_client starttls xmpp
* Some XMPP Servers (OpenFire) use double quotes.
* This makes s_client starttls work with this servers.
* Tested with OpenFire servers from http://xmpp.net/ ::
openssl s_client -connect coderollers.com:5222 -starttls xmpp
Rob Stradling [Thu, 5 Sep 2013 12:09:03 +0000 (13:09 +0100)]
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
Dr. Stephen Henson [Tue, 3 Sep 2013 14:42:40 +0000 (15:42 +0100)]
Document supported curve functions.
Dr. Stephen Henson [Wed, 21 Aug 2013 12:39:27 +0000 (13:39 +0100)]
Document -force_pubkey option.
Dr. Stephen Henson [Tue, 20 Aug 2013 15:33:02 +0000 (16:33 +0100)]
Correct ECDSA example.
Ben Laurie [Wed, 21 Aug 2013 03:21:57 +0000 (04:21 +0100)]
Correctly test for no-ec.
Ben Laurie [Wed, 21 Aug 2013 03:21:42 +0000 (04:21 +0100)]
Fix compile errors.
Dr. Stephen Henson [Wed, 12 Jun 2013 20:16:31 +0000 (21:16 +0100)]
Typo: don't call RAND_cleanup during app startup.
(cherry picked from commit
90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
Dr. Stephen Henson [Fri, 16 Aug 2013 17:11:29 +0000 (18:11 +0100)]
Add documentation.
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
Dr. Stephen Henson [Sat, 17 Aug 2013 16:39:48 +0000 (17:39 +0100)]
Don't run ECDH CMS tests if EC disabled.
Dr. Stephen Henson [Sat, 17 Aug 2013 16:40:08 +0000 (17:40 +0100)]
Make no-ec compilation work.
Dr. Stephen Henson [Sat, 17 Aug 2013 13:21:54 +0000 (14:21 +0100)]
Return 1 when setting ECDH auto mode.
Dr. Stephen Henson [Wed, 14 Aug 2013 15:34:17 +0000 (16:34 +0100)]
Add the server 'hang' issue to the FAQ
Michael Tuexen [Tue, 13 Aug 2013 17:53:19 +0000 (18:53 +0100)]
DTLS message_sequence number wrong in rehandshake ServerHello
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
Michael Tuexen [Thu, 8 Aug 2013 12:28:55 +0000 (13:28 +0100)]
DTLS handshake fix.
Reported by: Prashant Jaikumar <rmstar@gmail.com>
Fix handling of application data received before a handshake.
Kaspar Brand [Tue, 6 Aug 2013 15:01:47 +0000 (16:01 +0100)]
Fix for PEM_X509_INFO_read_bio.
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
Dr. Stephen Henson [Mon, 5 Aug 2013 14:56:01 +0000 (15:56 +0100)]
Update cms docs.
Dr. Stephen Henson [Fri, 2 Aug 2013 14:57:54 +0000 (15:57 +0100)]
Add X9.42 DH test.
Dr. Stephen Henson [Fri, 2 Aug 2013 14:51:46 +0000 (15:51 +0100)]
Add X9.42 DH certificate to S/MIME test
Dr. Stephen Henson [Sat, 20 Jul 2013 20:31:10 +0000 (21:31 +0100)]
CMS RFC2631 X9.42 DH enveloped data support.
Dr. Stephen Henson [Tue, 30 Jul 2013 17:05:08 +0000 (18:05 +0100)]
Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
Dr. Stephen Henson [Wed, 31 Jul 2013 17:10:16 +0000 (18:10 +0100)]
Extend DH parameter generation support.
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
Dr. Stephen Henson [Sat, 20 Jul 2013 20:25:50 +0000 (21:25 +0100)]
Enhance DH dup functions.
Make DHparams_dup work properly with X9.42 DH parameters.
Dr. Stephen Henson [Fri, 2 Aug 2013 13:40:00 +0000 (14:40 +0100)]
If present print j, seed and counter values for DH
Dr. Stephen Henson [Thu, 1 Aug 2013 14:48:44 +0000 (15:48 +0100)]
Minor optimisation to KDF algorithm.
Don't need to use temporary buffer if remaining length equals digest length.
Dr. Stephen Henson [Mon, 5 Aug 2013 14:40:50 +0000 (15:40 +0100)]
Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.