root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
10,959 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

10959 Commits

Author SHA1 Message Date
Dr. Stephen Henson 5180f57c65 reinclude crypto.h: this is needed in HEAD only to get the __fips_constseg definition 2012-07-18 14:07:50 +00:00
Dr. Stephen Henson 63fe4ee14c update trace messages 2012-07-18 13:53:56 +00:00
Andy Polyakov 69f45c520c sha1-[586|x86_64].pl: shave off one instruction from body_40_59, it's 
2% less instructions in SIMD code paths, so 2% improvement in average:-)
 2012-07-15 20:33:30 +00:00
Andy Polyakov 7bb98eee3c mk1mf.pl: replace chop to make it work in mixture of perls for Windows. 2012-07-15 13:40:04 +00:00
Andy Polyakov 799379215e test_aesni: harmonize with AES-NI support at EVP layer. 2012-07-15 13:38:51 +00:00
Andy Polyakov 701d593f70 wp-x86_64.pl: ~10% performance improvement. 2012-07-15 13:37:35 +00:00
Andy Polyakov ee923b4cef sha512-s390x.pl: lingering comment update. 2012-07-15 13:36:57 +00:00
Andy Polyakov 46a2b3387a sha512-ia64.pl: 15-20% performance improvement. 2012-07-15 13:36:25 +00:00
Andy Polyakov e09039c01c sha256-armv4.pl: 4% performance improvement. 2012-07-15 13:35:10 +00:00
Andy Polyakov da3bd2779d sha1-s390x.pl: lingering comment update. 2012-07-15 13:34:26 +00:00
Andy Polyakov b046d70676 rc5.h: stop wasting space on 64-bit platforms [breaks binary compatibility!]. 2012-07-15 13:33:05 +00:00
Andy Polyakov ae007d4d09 wp-mmx.pl: ~10% performance improvement. 2012-07-15 13:29:23 +00:00
Andy Polyakov 660164a9ed sha512-586.pl: optimize SSE2 code path, +5-7% on most CPUs, +13% on AMD K8. 2012-07-15 13:28:15 +00:00
Andy Polyakov 367b126491 sha1-586.pl: let masm compile AVX code. 2012-07-15 13:25:31 +00:00
Andy Polyakov ac82e51f57 x86gas.pl: treat OPENSSL_ia32cap_P accordingly to .hidden status. 2012-07-15 13:24:43 +00:00
Dr. Stephen Henson 9f27b1eec3 Add new ctrl to retrieve client certificate types, print out 
details in s_client.

Also add ctrl to set client certificate types. If not used sensible values
will be included based on supported signature algorithms: for example if
we don't include any DSA signing algorithms the DSA certificate type is
omitted.

Fix restriction in old code where certificate types would be truncated
if it exceeded TLS_CT_NUMBER.
 2012-07-08 14:22:45 +00:00
Richard Levitte 9fd603be07 Install srtp.h 2012-07-05 13:20:19 +00:00
Richard Levitte bec44866f1 Add d1_srtp and t1_trce. 2012-07-05 13:20:02 +00:00
Richard Levitte 5dbf4f42fb Add the missing modules for Camellia, as well as dh_rfc5114 and evp_cnf. 2012-07-05 13:19:06 +00:00
Richard Levitte c58de759c8 Harmonise symhacks.h in this branch with lower versions. 
Add aliases for SSL_CTX_set_not_resumable_session_callback and
SSL_set_not_resumable_session_callback on top of that.
 2012-07-05 13:17:44 +00:00
Dr. Stephen Henson 44488723de add missing evp_cnf.c file 2012-07-04 13:15:10 +00:00
Dr. Stephen Henson ea1d84358b PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:30:40 +00:00
Dr. Stephen Henson dd25165968 Fix memory leak. 
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
 2012-07-03 16:37:50 +00:00
Dr. Stephen Henson 657e29c199 cert_flags is unsigned 2012-07-03 14:54:59 +00:00
Dr. Stephen Henson 3208fc59db add support for client certificate callbak, fix memory leak 2012-07-03 14:53:27 +00:00
Dr. Stephen Henson 87adf1fa96 new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server 2012-07-03 14:25:17 +00:00
Dr. Stephen Henson 15a70fe510 no need to check s->server as default_nid is never used for TLS 1.2 client authentication 2012-07-03 14:24:33 +00:00
Dr. Stephen Henson 3dbc46dfcd Separate client and server permitted signature algorithm support: by default 
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
 2012-07-03 12:51:14 +00:00
Andy Polyakov 32e03a3016 bn_nist.c: compensate for VC bug [with optimization off!]. 
PR: 2837
 2012-07-02 13:30:32 +00:00
Andy Polyakov 8d00f34239 crypto/bn/*.h: move PTR_SIZE_INT to private header. 2012-07-02 13:27:30 +00:00
Dr. Stephen Henson df53820170 remove unnecessary attempt to automatically call OPENSSL_init 2012-07-01 22:25:04 +00:00
Dr. Stephen Henson c65c5d05fd Fix Win32 build. 2012-07-01 22:14:32 +00:00
Dr. Stephen Henson 8fdb4f1af3 recognise OPENSSL_NO_SSL_TRACE 2012-07-01 22:12:03 +00:00
Andy Polyakov ae432028d1 bss_dgram.c: fix typos in Windows code. 2012-07-01 09:11:47 +00:00
Andy Polyakov 2dce10c56d sha256-586.pl: fix typos. 2012-07-01 08:46:38 +00:00
Dr. Stephen Henson 18d7158809 Add certificate callback. If set this is called whenever a certificate 
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
 2012-06-29 14:24:42 +00:00
Dr. Stephen Henson 0f39bab0df Function tls1_check_ec_server_key is now redundant as we make 
appropriate checks in tls1_check_chain.
 2012-06-28 13:02:14 +00:00
Dr. Stephen Henson d61ff83be9 Add new "valid_flags" field to CERT_PKEY structure which determines what 
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
 2012-06-28 12:45:49 +00:00
Dr. Stephen Henson be681e123c don't use pseudo digests for default values of keys 2012-06-27 14:12:47 +00:00
Andy Polyakov 6251989eb6 x86_64 assembly pack: make it possible to compile with Perl located on 
path with spaces.

PR: 2835
 2012-06-27 10:08:23 +00:00
Andy Polyakov faee82c1bc sha512-x86_64.pl: fix typo. 2012-06-25 17:13:15 +00:00
Dr. Stephen Henson 4453cd8c73 Reorganise supported signature algorithm extension processing. 
Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
 2012-06-25 14:32:30 +00:00
Andy Polyakov a8f3b8b519 sha512-x86_64.pl: add SIMD code paths. 2012-06-24 19:22:06 +00:00
Dr. Stephen Henson 0f229cce65 Add support for application defined signature algorithms for use with 
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
 2012-06-22 14:03:31 +00:00
Dr. Stephen Henson 020091406c oops, add -debug_decrypt option which was accidenatally left out 2012-06-19 13:39:30 +00:00
Andy Polyakov ad880dc469 sha512-x86_64.pl: fix typo. 2012-06-19 07:50:10 +00:00
Andy Polyakov 42a36658c1 sha256-586.pl: fix linking error. 2012-06-19 07:49:36 +00:00
Dr. Stephen Henson c4ff5d1147 fix clashing error code 2012-06-18 13:11:09 +00:00
Dr. Stephen Henson a5ee80b910 Make it possible to delete all certificates from an SSL structure. 2012-06-18 12:56:59 +00:00
Dr. Stephen Henson 93ab9e421e Initial record tracing code. Print out all fields in SSL/TLS records 
for debugging purposes. Needs "enable-ssl-trace" configuration option.
 2012-06-15 12:46:09 +00:00