Commit graph

11284 commits

Author SHA1 Message Date
Andy Polyakov
8d08627c94 ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
PR: 3201
(cherry picked from commit 03da57fe14)
2014-02-25 22:23:49 +01:00
Andy Polyakov
aa1bb606f3 aes/asm/vpaes-ppc.pl: fix traceback info.
(cherry picked from commit e704741bf3)
2014-02-25 20:13:41 +01:00
Zoltan Arpadffy
dabd4f1986 OpenVMS fixes. 2014-02-25 15:16:03 +00:00
Dr. Stephen Henson
251c47001b update NEWS with v3_scts.c issue 2014-02-25 15:08:45 +00:00
Dr. Stephen Henson
3678161d71 Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. 2014-02-25 15:05:08 +00:00
Dr. Stephen Henson
6634416732 Fix for v3_scts.c
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
2014-02-25 14:54:09 +00:00
Dr. Stephen Henson
7101fd705c update NEWS 2014-02-25 13:56:40 +00:00
Dr. Stephen Henson
0f9bcf3319 Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
2014-02-25 13:41:53 +00:00
Rob Stradling
a948732e1c Parse non-v1 SCTs less awkwardly.
(cherry picked from commit 19f65ddbab)
2014-02-25 13:04:21 +00:00
Andy Polyakov
c3006e0f5a util/pl/VC-32.pl: harmonize with 1.0.1 and fix typo. 2014-02-25 13:41:40 +01:00
Andy Polyakov
efe835eb5a ms/do_win64a.bat: forward to NUL, not NUL:.
Allegedly formwarding to NUL: sometimes creates NUL file in file
system.

PR: 3250
(cherry picked from commit 63aff3001e)
2014-02-24 19:37:48 +01:00
Dr. Stephen Henson
ab03ead035 we need /MD for fips builds 2014-02-24 18:21:35 +00:00
Dr. Stephen Henson
6a6e08960e Update NEWS with known issue. 2014-02-24 16:31:44 +00:00
Andy Polyakov
aedabeee3a BC-32.pl: refresh Borland C support.
PR: 3251
Suggested by: Thorsten Schöning
(cherry picked from commit 779c51c644)
2014-02-24 16:45:15 +01:00
Andy Polyakov
83fe7b9c83 x509/by_dir.c: fix run-away pointer (and potential SEGV)
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
(cherry picked from commit 758954e0d8)
2014-02-24 15:21:37 +01:00
Dr. Stephen Henson
97654d7e28 Prepare for 1.0.2-beta2-dev 2014-02-24 13:52:51 +00:00
Dr. Stephen Henson
94f4166017 Prepare for 1.0.2-beta1 release 2014-02-24 13:51:34 +00:00
Dr. Stephen Henson
a74c9c9e10 OpenSSL 1.0.2 is now in beta 2014-02-24 13:50:38 +00:00
Dr. Stephen Henson
d2a3c4497f make update 2014-02-24 13:50:38 +00:00
Andy Polyakov
a129850922 config: recognize ARMv8/AArch64 target.
(cherry picked from commit d099f0ed6c)
2014-02-24 13:21:14 +01:00
Dr. Stephen Henson
c3f5d3d93a Only set current certificate to valid values.
When setting the current certificate check that it has a corresponding
private key.
(cherry picked from commit 358d352aa2)
2014-02-23 13:49:21 +00:00
Dr. Stephen Henson
c5ea65b157 New chain building flags.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
(cherry picked from commit 13dc3ce9ab)
2014-02-23 13:49:21 +00:00
Dr. Stephen Henson
58b86e4235 Option to set current cert to server certificate.
(cherry picked from commit daddd9a950)
2014-02-23 13:49:21 +00:00
Ben Laurie
a466be6243 Fix typo. 2014-02-23 11:21:39 +00:00
Ben Laurie
60327ce41a Add debug flag. 2014-02-23 11:21:28 +00:00
Andy Polyakov
2d4d9623da aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak.
(cherry picked from commit 214368ffee)
2014-02-21 12:15:07 +01:00
Andy Polyakov
6b3b6beaa1 ssl/ssl_cert.c: DANE update. 2014-02-21 12:12:25 +01:00
Dr. Stephen Henson
7743be3aac make update 2014-02-20 22:57:24 +00:00
Dr. Stephen Henson
b709f8ef54 fix WIN32 warnings 2014-02-20 22:41:06 +00:00
Rob Stradling
c74ce24cd2 Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions.
Add the RFC6962 OIDs to the objects table.
(backport from master branch)
2014-02-20 21:43:54 +00:00
Dr. Stephen Henson
612566e752 Don't use CRYPTO_AES_CTR if it isn't defined.
(cherry picked from commit 6ecbc2bb62)
2014-02-18 22:21:41 +00:00
Dr. Stephen Henson
3ecce3dbeb Don't use getcwd in non-copy builds.
(cherry picked from commit f3a3903260)
2014-02-15 20:17:59 +00:00
Dr. Stephen Henson
71eca86c30 Don't override $srcd for non copy builds. 2014-02-15 20:16:13 +00:00
Dr. Stephen Henson
dd1e3bd8d4 recognise multiblock 2014-02-15 18:19:35 +00:00
Dr. Stephen Henson
c55fef76f7 Add /fixed flag for FIPS links where appropriate. 2014-02-15 17:16:19 +00:00
Dr. Stephen Henson
eb70d4407f Remove duplicate statement.
(cherry picked from commit 5a7652c3e5)
2014-02-15 01:29:24 +00:00
Klaus-Peter Junghanns
b335b5440a Add support for aes-128/192/256-ctr to the cryptodev engine.
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
(cherry picked from commit be2c4d9bd9)
2014-02-15 00:06:43 +00:00
Kurt Roeckx
a8eeedb603 Use defaults bits in req when not given
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file.  However the value isn't used to generate the key, but it does
print it's generating such a key.  The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.

We now read the config first and use the value from the config file when no size
is given.

PR: 2592
(cherry picked from commit 3343220327)
2014-02-14 22:35:15 +00:00
Kurt Roeckx
b3d8de7903 Fix additional pod errors with numbered items.
(cherry picked from commit e547c45f1c)
2014-02-14 22:35:15 +00:00
Scott Schaefer
0413ea5801 Fix various spelling errors
(cherry picked from commit 2b4ffc659e)
2014-02-14 22:35:15 +00:00
Scott Schaefer
2f6fba6772 Document pkcs12 -password behavior
apps/pkcs12.c accepts -password as an argument.  The document author
almost certainly meant to write "-password, -passin".

However, that is not correct, either.  Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
(cherry picked from commit 856c6dfb09)
2014-02-14 22:35:15 +00:00
Dr. Stephen Henson
d69acceca9 Fix error discrepancy with 1.0.1 2014-02-14 17:50:20 +00:00
Andy Polyakov
aff78bb39a ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
(cherry picked from commit 701134320a)
2014-02-14 17:45:33 +01:00
Andy Polyakov
104c032b7b x86[_64]cpuid.pl: add low-level RDSEED.
(cherry picked from commit f4d456408d)
2014-02-14 17:25:14 +01:00
Andy Polyakov
b347341c75 aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont.
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33%
improvement over "pre-Silvermont" version. [Add performance table to
aesni-x86.pl].
(cherry picked from commit 5599c7331b)
2014-02-14 17:17:39 +01:00
Dr. Stephen Henson
c00f8d697a Include self-signed flag in certificates by checking SKID/AKID as well
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
(cherry picked from commit b1efb7161f)
2014-02-14 15:27:30 +00:00
Dr. Stephen Henson
b07e4f2f46 Include TA in checks/callback with partial chains.
When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
(cherry picked from commit 385b348666)
2014-02-14 15:12:53 +00:00
Dr. Stephen Henson
ced6dc5cef Add cert_self_signed function to simplify verify
(from master)
2014-02-14 15:12:52 +00:00
Dr. Stephen Henson
bf2d129194 Simplify X509_STORE_CTX_get1_chain (from master). 2014-02-14 15:12:52 +00:00
Andy Polyakov
d59d0b7c21 ssl/ssl[3].h: retain binary compatibility. 2014-02-13 17:03:14 +01:00