Dr. Stephen Henson
0a17b8de06
fix memory leak
2012-09-11 13:43:57 +00:00
Dr. Stephen Henson
e5db9c3b67
Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
...
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
2012-09-11 13:34:08 +00:00
Ben Laurie
2daceb0342
Call OCSP Stapling callback after ciphersuite has been chosen, so the
...
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent. See
http://rt.openssl.org/Ticket/Display.html?id=2836 .
2012-09-11 12:57:46 +00:00
Dr. Stephen Henson
147d4c96b0
fix memory leak
2012-09-09 21:19:32 +00:00
Dr. Stephen Henson
61d24f102d
update README
2012-09-09 20:47:36 +00:00
Dr. Stephen Henson
79b184fb4b
Extend certificate creation examples to include CRL generation and sample
...
scripts running the test OCSP responder.
2012-09-09 20:43:49 +00:00
Dr. Stephen Henson
648f551a4a
New -valid option to add a certificate to the ca index.txt that is valid and not revoked
2012-09-09 12:58:49 +00:00
Dr. Stephen Henson
33a8de69dc
new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
2012-09-08 13:59:51 +00:00
Dr. Stephen Henson
319354eb6c
store and print out message digest peer signed with in TLS 1.2
2012-09-07 12:53:42 +00:00
Andy Polyakov
e7db9896bb
bsaes-armv7.pl: closest shave. While 0.3 cpb improvement on S4 appears
...
insignificant, it's actually 4 cycles less for 14 instructions sequence!
2012-09-07 12:29:18 +00:00
Andy Polyakov
4f16215b9d
bsaes-armv7.pl: even closer shave.
2012-09-04 14:39:05 +00:00
Andy Polyakov
a903e6919c
bsaes-armv7.pl: minor performance squeeze on Snapdragon S4.
2012-09-04 08:26:50 +00:00
Andy Polyakov
f26328c2f3
sha512-armv4.pl: optimize for Snapdragon S4.
2012-09-04 08:25:37 +00:00
Andy Polyakov
a58fdc7a34
bn_lcl.h: gcc removed support for "h" constraint, which broke inline
...
assembler.
2012-09-01 13:17:32 +00:00
Dr. Stephen Henson
d21bf10dea
Don't load GOST ENGINE if it is already loaded.
...
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.
Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2012-09-01 11:30:53 +00:00
Dr. Stephen Henson
d47c01a31a
perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
2012-08-31 11:18:54 +00:00
Dr. Stephen Henson
ef6b34bec2
make EC test certificates usable for ECDH
2012-08-31 11:15:44 +00:00
Dr. Stephen Henson
becfdb995b
give more meaningful error if presented with wrong certificate type by server
2012-08-30 12:46:22 +00:00
Andy Polyakov
6206682a35
x86cpuid.pl: hide symbols [backport from x86_64].
2012-08-29 14:19:59 +00:00
Andy Polyakov
88d6b87fca
TABLE update addendum to commit#22775.
2012-08-29 14:15:18 +00:00
Andy Polyakov
0e1f390bad
Harmonize CHANGES in HEAD.
2012-08-29 14:14:05 +00:00
Andy Polyakov
be0d31b166
Add linux-x32 target.
2012-08-29 14:08:46 +00:00
Dr. Stephen Henson
ed83ba5321
Add compilation flag to disable certain protocol checks and allow use of
...
some invalid operations for testing purposes. Currently this can be used
to sign using digests the peer doesn't support, EC curves the peer
doesn't support and use certificates which don't match the type associated
with a ciphersuite.
2012-08-29 13:18:34 +00:00
Dr. Stephen Henson
81f57e5a69
oops, typo
2012-08-28 23:19:25 +00:00
Dr. Stephen Henson
1cf218bcaa
New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes
...
all derived keys to the message callback.
Add code to SSL_trace to include support for printing out keys.
2012-08-28 23:17:28 +00:00
Dr. Stephen Henson
093050b660
update debug-steve* configurations
2012-08-28 23:06:12 +00:00
Dr. Stephen Henson
0db17852cd
PR: 2786
...
Reported by: Tomas Mraz <tmraz@redhat.com>
Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.
2012-08-22 22:43:23 +00:00
Andy Polyakov
1a9d60d2e3
sha1-armv4-large.pl: comply with ABI.
2012-08-17 19:57:04 +00:00
Andy Polyakov
9a10ea3fc0
Configure: add mips-mont to MIPS32 builds.
2012-08-17 09:38:45 +00:00
Andy Polyakov
1a002d88ad
MIPS assembly pack: assign default value to $flavour.
2012-08-17 09:10:31 +00:00
Bodo Möller
619aab841c
Oops - didn't mean to change Makefile on previous submit
2012-08-16 13:49:34 +00:00
Bodo Möller
a4aafeeef4
Enable message names for TLS 1.1, 1.2 with -msg.
2012-08-16 13:41:40 +00:00
Dr. Stephen Henson
2ea8035460
Add three Suite B modes to TLS code, supporting RFC6460.
2012-08-15 15:15:05 +00:00
Andy Polyakov
5833e4f5d6
bss_dgram.c: fix compilation failure and warning on Windows with
...
contemporary SDK.
2012-08-14 09:53:24 +00:00
Andy Polyakov
99e59d634a
gosthash.c: use memmove in circle_xor8, as input pointers can be equal.
...
PR: 2858
2012-08-13 16:36:51 +00:00
Andy Polyakov
cb726fe8d4
./Configure: libcrypto.a can grow to many GB because of ar bug.
...
PR: 2838
2012-08-13 16:10:08 +00:00
Andy Polyakov
9ddd859d2a
gcm128.c: fix AAD-only case with AAD length not divisible by 16.
...
PR: 2859
Submitted by: John Foley
2012-08-13 15:07:37 +00:00
Andy Polyakov
f6ff1aa8e0
sha512-x86_64.pl: revert previous change and solve the problem through
...
perlasm/x86_64-xlate.pl instead.
2012-08-13 12:34:36 +00:00
Andy Polyakov
3a5485a9f8
sha512-x86_64.pl: minimum gas requirement for AMD XOP.
2012-08-13 11:01:44 +00:00
Dr. Stephen Henson
9053c139fd
update ordinals
2012-08-05 18:14:21 +00:00
Dr. Stephen Henson
3b0648ebc9
Rename Suite B functions for consistency.
...
New function X509_chain_up_ref to dup and up the reference count of
a STACK_OF(X509): replace equivalent functionality in several places
by the equivalent call.
2012-08-03 15:58:15 +00:00
Dr. Stephen Henson
3ad344a517
add suite B chain validation flags and associated verify errors
2012-08-03 13:51:43 +00:00
Dr. Stephen Henson
6dbb6219e7
Make tls1_check_chain return a set of flags indicating checks passed
...
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.
Print out results of checks for each candidate chain tested in
s_server/s_client.
2012-07-27 13:39:23 +00:00
Dr. Stephen Henson
ec4a50b3c3
Abort handshake if signature algorithm used not supported by peer.
2012-07-24 18:11:27 +00:00
Dr. Stephen Henson
d18b716d25
check EC tmp key matches preferences
2012-07-24 13:47:40 +00:00
Dr. Stephen Henson
1e4cb467e1
typo
2012-07-24 13:32:40 +00:00
Dr. Stephen Henson
74ecfab401
Add support for certificate stores in CERT structure. This makes it
...
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.
Note: if the CERT based stores are not set then the parent SSL_CTX
store is used to retain compatibility with existing behaviour.
2012-07-23 23:34:28 +00:00
Dr. Stephen Henson
5818a07a4f
update NEWS
2012-07-20 15:24:06 +00:00
Dr. Stephen Henson
050ce4ca42
set ciphers to NULL before calling cert_cb
2012-07-20 15:21:23 +00:00
Dr. Stephen Henson
8e2a06bf5c
stop warning
2012-07-19 16:57:19 +00:00