mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
12,347 Commits 33 Branches 385 Tags 484 MiB
07e3b31fae
Commit Graph

1651 Commits

Author SHA1 Message Date
Dr. Stephen Henson
0cfefe4b6d Rename some callbacks, fix alignment. 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-08-28 17:06:53 +01:00
Dr. Stephen Henson
8cafe9e8bf Use consistent function naming. 
Instead of SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_srv_ext
use SSL_CTX_add_client_custom_ext and SSL_CTX_add_server_custom_ext.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-08-28 17:06:53 +01:00
Dr. Stephen Henson
33f653adf3 New extension callback features. 
Support separate parse and add callback arguments.
Add new callback so an application can free extension data.
Change return value for send functions so < 0 is an error 0
omits extension and > 0 includes it. This is more consistent
with the behaviour of other functions in OpenSSL.

Modify parse_cb handling so <= 0 is an error.

Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument
order consistent.

NOTE: these changes WILL break existing code.

Remove (now inaccurate) in line documentation.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-08-28 17:06:53 +01:00
Dr. Stephen Henson
de2a9e38f3 Callback revision. 
Use "parse" and "add" for function and callback names instead of
"first" and "second".

Change arguments to callback so the extension type is unsigned int
and the buffer length is size_t. Note: this *will* break existing code.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-08-28 17:06:53 +01:00
Emilia Kasper
f0ca9ccaef make depend 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-08-14 15:24:58 +02:00
Nick Lewis
9aaa7be8d4 PR 2580: dgst missing current SHA algorithms 
Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to add them to the digest command table.

Reviewed-by: Tim Hudson <tjh@cryptosoft.com>
 2014-08-12 11:29:20 -04:00
Rich Salz
f642ebc1e2 Undo a90081576c 
Undo unapproved commit that removed DJGPP and WATT32
 2014-08-09 08:02:20 -04:00
Rich Salz
a90081576c Remove DJGPP (and therefore WATT32) #ifdef's. 
DJGPP is no longer a supported platform.  Remove all #ifdef, etc.,
cases that refer to it.  DJGPP also #define'd WATT32, so that
is now removed as well.
 2014-08-08 16:54:14 -04:00
Matt Caswell
2097a17c57 Disabled XTS mode in enc utility as it is not supported 
PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-07-16 20:59:35 +01:00
Dr. Stephen Henson
199772e534 Don't allow -www etc options with DTLS. 
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
 2014-07-15 12:32:41 +01:00
Dr. Stephen Henson
1c3e9a7c67 Use case insensitive compare for servername. 
PR#3445
 2014-07-14 23:59:13 +01:00
Andy Polyakov
c4f8efab34 apps/speed.c: fix compiler warnings in multiblock_speed(). 2014-07-07 17:02:26 +02:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames 
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
 2014-07-07 19:11:38 +10:00
Dr. Stephen Henson
ee724df75d Usage for -hack and -prexit -verify_return_error 2014-07-06 22:42:50 +01:00
Dr. Stephen Henson
a44f219c00 s_server usage for certificate status requests 2014-07-06 22:40:01 +01:00
Andy Polyakov
375a64e349 apps/speed.c: add multi-block benchmark. 2014-07-05 23:53:55 +02:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds. 
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
 2014-07-06 01:50:50 +10:00
Dr. Stephen Henson
b948ee27b0 Remove all RFC5878 code. 
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
 2014-07-04 13:26:35 +01:00
Rich Salz
a5a3178728 RT3408; fix some (not all suggested) typo's in openssl.cnf 2014-07-02 23:18:39 -04:00
Dr. Stephen Henson
9cd86abb51 Make NO_SYS_UN_H compile. 2014-07-01 12:44:00 +01:00
Ben Laurie
e3ba6a5f83 Make depend. 2014-06-30 16:03:29 +01:00
Dr. Stephen Henson
90c1946e7a Don't core dump when using CMAC with dgst. 
We can't unfortunately print the CMAC cipher used without extending the API.

PR#2579
 2014-06-29 23:44:44 +01:00
Oscar Jacobsson
7e6a01bdd4 Add 3072, 7680 and 15360 bit RSA tests to openssl speed 
PR#3412
 2014-06-29 21:38:09 +01:00
Dr. Stephen Henson
a30bdb55d1 Show errors on CSR verification failure. 
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
 2014-06-29 13:33:44 +01:00
Dr. Stephen Henson
7ae6a4b659 Make no-ssl3 no-ssl2 do more sensible things. 2014-06-29 03:04:45 +01:00
Dr. Stephen Henson
7c206db928 Typo. 
PR#3107
 2014-06-28 12:42:04 +01:00
Dr. Stephen Henson
d2aea03829 Memory leak and NULL dereference fixes. 
PR#3403
 2014-06-27 14:35:07 +01:00
Hubert Kario
6d3d579367 Document -trusted_first option in man pages and help. 
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
 2014-06-19 23:09:21 +01:00
Matt Caswell
2d7153e8f9 Tidied up, added include to stdlib, removed "goto bad" usage 2014-06-17 23:35:53 +01:00
rfkrocktk
8a531c22b0 Conform to whitespace conventions 2014-06-17 23:10:14 +01:00
Naftuli Tzvi Kay
8a6c6bbf21 Added custom PBKDF2 iteration count to PKCS8 tool. 2014-06-17 23:10:14 +01:00
Dr. Stephen Henson
9494e99b40 Fix compilation with no-comp 2014-06-11 14:41:00 +01:00
Dr. Stephen Henson
14f47acf23 Allow reordering of certificates when signing. 
Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
 2014-06-02 14:22:07 +01:00
Dr. Stephen Henson
a09220d823 Recognise padding extension. 2014-06-01 18:15:21 +01:00
Ben Laurie
0382950c6c Zero prime doits. 2014-06-01 15:31:27 +01:00
Ben Laurie
5efa13ca7e Add option to run all prime tests. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
a77889f560 Only count successful generations. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
982c42cb20 Try skipping over the adding and just picking a new random number. 
Generates a number coprime to 2, 3, 5, 7, 11.

Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
7e965dcc38 Remove editor barf on updating copyright. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
c09ec5d2a0 Generate safe primes not divisible by 3, 5 or 7. 
~2% speed improvement on trial division.
 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b0513819e0 Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5. 
Possibly some reduction in bias, but no speed gains.
 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b359642ffd Run the prime speed tests for 10 seconds. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
8c9336ce2b Tidy up speed.c a little. 2014-06-01 15:31:26 +01:00
Felix Laurie von Massenbach
b5419b81ac Add speed test for prime trial division. 2014-06-01 15:31:26 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Martin Kaiser
c5f0b9bd86 Modify the description of -noout to match the manpage. PR#3364 2014-05-24 00:04:25 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3. 
PR#3357
 2014-05-21 11:28:57 +01:00
Dr. Stephen Henson
c358651218 Enc doesn't support AEAD ciphers. 
(cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
 2014-05-15 14:16:46 +01:00