Ben Laurie [Mon, 10 Dec 2012 16:52:17 +0000 (16:52 +0000)]
Tabification. Remove accidental duplication.
Dr. Stephen Henson [Mon, 10 Dec 2012 02:02:16 +0000 (02:02 +0000)]
revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead
Dr. Stephen Henson [Sun, 9 Dec 2012 16:21:46 +0000 (16:21 +0000)]
add -badsig option to ocsp utility too.
Dr. Stephen Henson [Sun, 9 Dec 2012 16:03:34 +0000 (16:03 +0000)]
allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode
Dr. Stephen Henson [Fri, 7 Dec 2012 23:42:33 +0000 (23:42 +0000)]
send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
Ben Laurie [Fri, 7 Dec 2012 18:47:47 +0000 (18:47 +0000)]
Fix OCSP checking.
Dr. Stephen Henson [Fri, 7 Dec 2012 13:23:49 +0000 (13:23 +0000)]
typo
Dr. Stephen Henson [Fri, 7 Dec 2012 12:41:13 +0000 (12:41 +0000)]
really fix automatic ;-)
Dr. Stephen Henson [Thu, 6 Dec 2012 23:26:11 +0000 (23:26 +0000)]
documentation fixes
Dr. Stephen Henson [Thu, 6 Dec 2012 21:53:05 +0000 (21:53 +0000)]
fix handling of "automatic" in file mode
Dr. Stephen Henson [Thu, 6 Dec 2012 18:43:40 +0000 (18:43 +0000)]
Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
Dr. Stephen Henson [Thu, 6 Dec 2012 18:36:51 +0000 (18:36 +0000)]
remove print_ssl_cert_checks() from openssl application: it is no longer used
Dr. Stephen Henson [Thu, 6 Dec 2012 18:24:28 +0000 (18:24 +0000)]
Fix two bugs which affect delta CRL handling:
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
Dr. Stephen Henson [Wed, 5 Dec 2012 18:35:20 +0000 (18:35 +0000)]
Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
Andy Polyakov [Wed, 5 Dec 2012 17:44:45 +0000 (17:44 +0000)]
aes-s390x.pl: fix XTS bugs in z196-specific code path.
Dr. Stephen Henson [Tue, 4 Dec 2012 23:18:44 +0000 (23:18 +0000)]
don't print verbose policy check messages when -quiet is selected even on error
Andy Polyakov [Tue, 4 Dec 2012 20:21:24 +0000 (20:21 +0000)]
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
Dr. Stephen Henson [Tue, 4 Dec 2012 18:35:36 +0000 (18:35 +0000)]
initial support for delta CRL generations by diffing two full CRLs
Dr. Stephen Henson [Tue, 4 Dec 2012 18:35:04 +0000 (18:35 +0000)]
make -subj always override config file
Dr. Stephen Henson [Tue, 4 Dec 2012 17:25:34 +0000 (17:25 +0000)]
check mval for NULL too
Dr. Stephen Henson [Mon, 3 Dec 2012 16:32:52 +0000 (16:32 +0000)]
fix leak
Dr. Stephen Henson [Mon, 3 Dec 2012 03:40:57 +0000 (03:40 +0000)]
oops, really check brief mode only ;-)
Dr. Stephen Henson [Mon, 3 Dec 2012 03:39:23 +0000 (03:39 +0000)]
don't check errno is zero, just print out message
Dr. Stephen Henson [Mon, 3 Dec 2012 03:33:44 +0000 (03:33 +0000)]
if no error code and -brief selected print out connection closed instead of read error
Dr. Stephen Henson [Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)]
add -badsig option to corrupt CRL signatures for testing too
Dr. Stephen Henson [Sun, 2 Dec 2012 16:16:28 +0000 (16:16 +0000)]
New option to add CRLs for s_client and s_server.
Dr. Stephen Henson [Sun, 2 Dec 2012 14:00:22 +0000 (14:00 +0000)]
add option to get a certificate or CRL from a URL
Dr. Stephen Henson [Sat, 1 Dec 2012 18:33:21 +0000 (18:33 +0000)]
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
Andy Polyakov [Sat, 1 Dec 2012 18:24:20 +0000 (18:24 +0000)]
cryptlib.c: fix logical error.
Andy Polyakov [Sat, 1 Dec 2012 18:20:39 +0000 (18:20 +0000)]
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
Andy Polyakov [Sat, 1 Dec 2012 11:06:19 +0000 (11:06 +0000)]
aes-s390x.pl: harmonize software-only code path [and minor optimization].
Dr. Stephen Henson [Fri, 30 Nov 2012 19:24:13 +0000 (19:24 +0000)]
Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.
Dr. Stephen Henson [Thu, 29 Nov 2012 19:15:14 +0000 (19:15 +0000)]
PR: 2803
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
Dr. Stephen Henson [Thu, 29 Nov 2012 01:15:09 +0000 (01:15 +0000)]
add wrapper function for certificate download
Dr. Stephen Henson [Thu, 29 Nov 2012 01:13:38 +0000 (01:13 +0000)]
constify
Dr. Stephen Henson [Wed, 28 Nov 2012 16:22:53 +0000 (16:22 +0000)]
Generalise OCSP I/O functions to support dowloading of other ASN1
structures using HTTP. Add wrapper function to handle CRL download.
Andy Polyakov [Wed, 28 Nov 2012 13:19:10 +0000 (13:19 +0000)]
C64x+ assembly pack: improve EABI support.
Andy Polyakov [Wed, 28 Nov 2012 13:05:13 +0000 (13:05 +0000)]
Update support for Intel compiler: add linux-x86_64-icc and fix problems.
Dr. Stephen Henson [Tue, 27 Nov 2012 23:47:48 +0000 (23:47 +0000)]
New functions to set lookup_crls callback and to retrieve internal X509_STORE
from X509_STORE_CTX.
Dr. Stephen Henson [Mon, 26 Nov 2012 18:39:38 +0000 (18:39 +0000)]
Print out point format list for clients too.
Dr. Stephen Henson [Mon, 26 Nov 2012 18:38:10 +0000 (18:38 +0000)]
Use default point formats extension for server side as well as client
side, if possible.
Don't advertise compressed char2 for SuiteB as it is not supported.
Dr. Stephen Henson [Mon, 26 Nov 2012 15:47:32 +0000 (15:47 +0000)]
change inaccurate error message
Dr. Stephen Henson [Mon, 26 Nov 2012 15:10:50 +0000 (15:10 +0000)]
set auto ecdh parameter selction for Suite B
Dr. Stephen Henson [Mon, 26 Nov 2012 12:51:12 +0000 (12:51 +0000)]
set cmdline flag in s_server
Dr. Stephen Henson [Sun, 25 Nov 2012 22:29:52 +0000 (22:29 +0000)]
option to output corrupted signature in certificates for testing purposes
Andy Polyakov [Sat, 24 Nov 2012 21:55:23 +0000 (21:55 +0000)]
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
Dr. Stephen Henson [Sat, 24 Nov 2012 00:59:51 +0000 (00:59 +0000)]
add Suite B 128 bit mode offering only combination 2
Dr. Stephen Henson [Fri, 23 Nov 2012 18:56:25 +0000 (18:56 +0000)]
Don't display messages about verify depth in s_server if -quiet it set.
Add support for separate verify and chain stores in s_client.
Dr. Stephen Henson [Thu, 22 Nov 2012 15:20:53 +0000 (15:20 +0000)]
Add support for printing out and retrieving EC point formats extension.
Dr. Stephen Henson [Thu, 22 Nov 2012 14:15:44 +0000 (14:15 +0000)]
reject zero length point format list or supported curves extensions
Dr. Stephen Henson [Wed, 21 Nov 2012 17:11:42 +0000 (17:11 +0000)]
support -quiet with -msg or -trace
Dr. Stephen Henson [Wed, 21 Nov 2012 17:01:46 +0000 (17:01 +0000)]
curves can be set in both client and server
Dr. Stephen Henson [Wed, 21 Nov 2012 16:59:33 +0000 (16:59 +0000)]
use correct return values when callin cmd
Dr. Stephen Henson [Wed, 21 Nov 2012 16:47:25 +0000 (16:47 +0000)]
only use a default curve if not already set
Dr. Stephen Henson [Wed, 21 Nov 2012 14:13:20 +0000 (14:13 +0000)]
Reorganise parameters for OPENSSL_gmtime_diff.
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
Dr. Stephen Henson [Wed, 21 Nov 2012 14:10:48 +0000 (14:10 +0000)]
Submitted by: Florian Weimer <fweimer@redhat.com>
PR: 2909
Update test cases to cover internal error return values.
Remove IDNA wildcard filter.
Dr. Stephen Henson [Wed, 21 Nov 2012 14:02:40 +0000 (14:02 +0000)]
PR: 2908
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
Dr. Stephen Henson [Tue, 20 Nov 2012 15:22:15 +0000 (15:22 +0000)]
fix printout of expiry days if -enddate is used in ca
Dr. Stephen Henson [Tue, 20 Nov 2012 15:20:40 +0000 (15:20 +0000)]
don't use psec or pdays if NULL
Dr. Stephen Henson [Tue, 20 Nov 2012 15:19:53 +0000 (15:19 +0000)]
first parameter is difference in days, not years
Dr. Stephen Henson [Tue, 20 Nov 2012 01:01:33 +0000 (01:01 +0000)]
reorganise SSL_CONF_cmd manual page and update some links
Dr. Stephen Henson [Tue, 20 Nov 2012 00:24:52 +0000 (00:24 +0000)]
fix leaks
Dr. Stephen Henson [Mon, 19 Nov 2012 23:41:24 +0000 (23:41 +0000)]
with -rev close connection if client sends "CLOSE"
Dr. Stephen Henson [Mon, 19 Nov 2012 23:20:40 +0000 (23:20 +0000)]
update usage messages
Dr. Stephen Henson [Mon, 19 Nov 2012 20:06:44 +0000 (20:06 +0000)]
correct docs
Dr. Stephen Henson [Mon, 19 Nov 2012 16:37:18 +0000 (16:37 +0000)]
document -trace and -msgfile options
Dr. Stephen Henson [Mon, 19 Nov 2012 16:07:53 +0000 (16:07 +0000)]
update docs for s_server/s_client
Dr. Stephen Henson [Mon, 19 Nov 2012 15:13:33 +0000 (15:13 +0000)]
make depend
Dr. Stephen Henson [Mon, 19 Nov 2012 15:12:07 +0000 (15:12 +0000)]
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
Andy Polyakov [Mon, 19 Nov 2012 15:02:00 +0000 (15:02 +0000)]
x86_64-gcc.c: resore early clobber constraint.
Submitted by: Florian Weimer
Dr. Stephen Henson [Mon, 19 Nov 2012 13:18:09 +0000 (13:18 +0000)]
make depend
Dr. Stephen Henson [Mon, 19 Nov 2012 12:36:04 +0000 (12:36 +0000)]
don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set
Dr. Stephen Henson [Mon, 19 Nov 2012 03:46:49 +0000 (03:46 +0000)]
remove obsolete code
Dr. Stephen Henson [Mon, 19 Nov 2012 02:46:46 +0000 (02:46 +0000)]
fix typo and warning
Dr. Stephen Henson [Sun, 18 Nov 2012 18:06:16 +0000 (18:06 +0000)]
clarify docs
Dr. Stephen Henson [Sun, 18 Nov 2012 17:58:45 +0000 (17:58 +0000)]
fix manual page file name
Dr. Stephen Henson [Sun, 18 Nov 2012 15:51:26 +0000 (15:51 +0000)]
document -naccept option
Dr. Stephen Henson [Sun, 18 Nov 2012 15:45:16 +0000 (15:45 +0000)]
add -naccept <n> option to s_server to automatically exit after <n> connections
Dr. Stephen Henson [Sun, 18 Nov 2012 15:24:37 +0000 (15:24 +0000)]
PR: 2880
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>
Correctly handle local machine keys in the capi ENGINE.
Dr. Stephen Henson [Sun, 18 Nov 2012 15:13:55 +0000 (15:13 +0000)]
PR: 2909
Contributed by: Florian Weimer <fweimer@redhat.com>
Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
Dr. Stephen Henson [Sun, 18 Nov 2012 14:47:25 +0000 (14:47 +0000)]
remove redundant code from demo
Andy Polyakov [Sat, 17 Nov 2012 21:42:57 +0000 (21:42 +0000)]
cryptlib.c: revert typo.
Andy Polyakov [Sat, 17 Nov 2012 19:04:15 +0000 (19:04 +0000)]
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.
Andy Polyakov [Sat, 17 Nov 2012 18:34:17 +0000 (18:34 +0000)]
perlasm/sparcv9_modes.pl: addendum to commit#22966.
Dr. Stephen Henson [Sat, 17 Nov 2012 15:22:50 +0000 (15:22 +0000)]
fix error messages
Dr. Stephen Henson [Sat, 17 Nov 2012 14:42:22 +0000 (14:42 +0000)]
Delegate command line handling for many common options in s_client/s_server
to the SSL_CONF APIs.
This is complicated a little because the SSL_CTX structure is not available
when the command line is processed: so just check syntax of commands initially
and store them, ready to apply later.
Dr. Stephen Henson [Sat, 17 Nov 2012 14:38:20 +0000 (14:38 +0000)]
initial decription of GCM/CCM usage via EVP
Andy Polyakov [Sat, 17 Nov 2012 10:34:11 +0000 (10:34 +0000)]
Support for SPARC T4 MONT[MUL|SQR] instructions.
Submitted by: David Miller, Andy Polyakov
Dr. Stephen Henson [Sat, 17 Nov 2012 00:21:34 +0000 (00:21 +0000)]
fix typos in SSL_CONF documentation
Dr. Stephen Henson [Fri, 16 Nov 2012 19:12:24 +0000 (19:12 +0000)]
add SSL_CONF functions and documentation
Dr. Stephen Henson [Fri, 16 Nov 2012 12:49:14 +0000 (12:49 +0000)]
typo
Dr. Stephen Henson [Fri, 16 Nov 2012 01:15:15 +0000 (01:15 +0000)]
update ciphers documentation to indicate implemented fixed DH ciphersuites
Dr. Stephen Henson [Fri, 16 Nov 2012 00:42:38 +0000 (00:42 +0000)]
initial update of ciphers doc
Dr. Stephen Henson [Fri, 16 Nov 2012 00:35:46 +0000 (00:35 +0000)]
new command line option -stdname to ciphers utility
Dr. Stephen Henson [Thu, 15 Nov 2012 19:14:47 +0000 (19:14 +0000)]
add "missing" TLSv1.2 cipher alias
Andy Polyakov [Mon, 12 Nov 2012 17:52:41 +0000 (17:52 +0000)]
aes-x86_64.pl: Atom-specific optimizations, +10%.
vpaes-x86_64.pl: minor performance squeeze.
Andy Polyakov [Mon, 12 Nov 2012 17:50:19 +0000 (17:50 +0000)]
aes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others.
vpaes-x86.pl: minor performance squeeze.
Andy Polyakov [Sat, 10 Nov 2012 20:27:18 +0000 (20:27 +0000)]
ppccap.c: fix typo.
Andy Polyakov [Sat, 10 Nov 2012 20:24:51 +0000 (20:24 +0000)]
ppccap.c: restrict features on AIX 5.
Andy Polyakov [Fri, 9 Nov 2012 13:58:40 +0000 (13:58 +0000)]
bn_word.c: fix overflow bug in BN_add_word.