Commit graph

8544 commits

Author SHA1 Message Date
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension.
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Geoff Thorpe
ab9c689ad3 Correct the FAQ and the threads man page re: CRYPTO_THREADID changes. 2008-08-06 16:41:50 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Andy Polyakov
96826bfc84 sha1-armv4-large cosmetics. 2008-08-06 08:58:45 +00:00
Andy Polyakov
eb1aa135d8 sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on
8KB block, +60% on 1KB, +160% on 256B...
2008-08-06 08:47:07 +00:00
Geoff Thorpe
99649b5990 Fix signed/unsigned warning. 2008-08-05 17:48:02 +00:00
Dr. Stephen Henson
6d6c47980e Correctly handle errors in CMS I/O code. 2008-08-05 15:55:53 +00:00
Bodo Möller
474b3b1cc8 Fix error codes for memory-saving patch.
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
2008-08-04 22:10:38 +00:00
Dr. Stephen Henson
3e727a3b37 Add support for nameRelativeToCRLIssuer field in distribution point name
fields.
2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42 Make explicit_policy handling match expected RFC3280 behaviour. 2008-08-02 11:16:35 +00:00
Lutz Jänicke
787287af40 Refer to SSL_pending from the man page for SSL_read 2008-08-01 15:03:20 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
592a207b94 Policy validation fixes.
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
2008-07-30 15:41:42 +00:00
Ralf S. Engelschall
6bcbac0abb remove a doubled entry for '-binary' in the usage message 2008-07-27 15:51:35 +00:00
Andy Polyakov
4c048211f1 Split ms/uplink.pl to corresponding platform versions. 2008-07-22 08:47:35 +00:00
Andy Polyakov
b94551e823 perlasm update: implement dataseg directive. 2008-07-22 08:44:31 +00:00
Andy Polyakov
9b634c9b37 x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH. 2008-07-22 08:42:06 +00:00
Bodo Möller
5b331ab77a We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
2008-07-17 22:11:53 +00:00
Andy Polyakov
dd6f479ea8 mem_dbg.c: avoid compiler warnings.
PR: 1693
Submitted by: Stefan Neis
2008-07-17 13:58:21 +00:00
Andy Polyakov
87facba376 Remove junk argument to function_begin in sha/asm/*-586.pl.
PR: 1681
2008-07-17 09:50:56 +00:00
Andy Polyakov
e4662fdb62 x86masm.pl: harmonize functions' alignment. 2008-07-17 09:46:09 +00:00
Bodo Möller
efa73a77e4 Make sure not to read beyond end of buffer 2008-07-16 18:10:27 +00:00
Andy Polyakov
89778b7f3f x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules. 2008-07-15 19:52:20 +00:00
Andy Polyakov
c79c5a256b des-596.pl update: short-circuit reference to DES_SPtrans. 2008-07-15 13:24:16 +00:00
Andy Polyakov
9960bdc6fa x86masm.pl cosmetics. 2008-07-15 13:16:42 +00:00
Andy Polyakov
23dcb447ff x86nasm.pl update: use pre-defined macros and allow for /safeseh link. 2008-07-15 12:50:44 +00:00
Andy Polyakov
39c63e162c Reaffirm that NASM is the only supported assembler for Win32 build. 2008-07-15 12:48:53 +00:00
Dr. Stephen Henson
34d05a4023 Zero is a valid value for any_skip and map_skip 2008-07-13 22:38:18 +00:00
Dr. Stephen Henson
dcc0c29876 We support inhibit any policy extension, add to table. 2008-07-13 15:55:37 +00:00
Dr. Stephen Henson
db50661fce X509 verification fixes.
Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Geoff Thorpe
f9afd9f861 If --prefix="C:\foo\bar" is supplied to Configure for a windows target,
then the backslashes need escaping to avoid being treated as switches in
the auto-generated strings in opensslconf.h. Perl users are welcome to
suggest a less hokey way of doing this ...
2008-07-10 20:08:47 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically:
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Dr. Stephen Henson
a0f3679b52 Update from stable branch. 2008-06-25 10:43:07 +00:00
Bodo Möller
8228fd89fc avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
2008-06-23 20:46:24 +00:00
Dr. Stephen Henson
869eb9e767 Update ordinals. 2008-06-22 01:09:14 +00:00
Dr. Stephen Henson
6c2878344f Fix from stable branch. 2008-06-21 23:28:55 +00:00
Dr. Stephen Henson
2836cb3816 Update from stable branch. 2008-06-18 15:08:41 +00:00
Dr. Stephen Henson
46d4782888 Update from stable branch. 2008-06-18 12:06:10 +00:00
Dr. Stephen Henson
a01a351cc2 Update from stable branch. 2008-06-16 15:51:48 +00:00
Dr. Stephen Henson
adb92d56eb Add acknowledgement. 2008-06-09 16:48:42 +00:00
Dr. Stephen Henson
ce04f91951 Sync ordinals. 2008-06-06 15:57:16 +00:00
Dr. Stephen Henson
6cb9fca70d Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
2008-06-06 11:26:07 +00:00
Dr. Stephen Henson
ec0bfca7e7 Remove uidlg library from VC-32.pl, it is now bound at runtime. 2008-06-05 23:42:04 +00:00
Dr. Stephen Henson
1cd504e7be Don't change _WIN32_WINNT and detect GetConsoleWindow() and
CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function
for selection mechanism.
2008-06-05 23:19:56 +00:00
Dr. Stephen Henson
11f3cee93b Update from stable branch. 2008-06-05 17:04:16 +00:00
Dr. Stephen Henson
6bf79e30ea Update CHANGES. 2008-06-05 15:34:24 +00:00
Dr. Stephen Henson
7555c9337f Update from stable branch. 2008-06-05 15:13:45 +00:00