Commit graph

11076 commits

Author SHA1 Message Date
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75 Get FIPS checking logic right.
We need to lock when *not* in FIPS mode.
2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd remove obsolete STATUS file 2013-12-10 00:10:41 +00:00
Dr. Stephen Henson
d43b040773 Add release dates to NEWS 2013-12-10 00:08:33 +00:00
Andy Polyakov
422c8c36e5 ARM assembly pack: SHA update from master. 2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576 bn/asm/armv4-mont.pl: add NEON code path.
(cherry picked from commit d1671f4f1a)
2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c crypto/bn/asm/x86_64-mont*.pl: update from master.
Add MULX/AD*X code paths and optimize even original code path.
2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb x86_64-xlate.pl: fix jrcxz in nasm case.
(cherry picked from commit 667053a2f3)
2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9 x86_64-xlate.pl: minor update.
(cherry picked from commit 41965a84c4)
2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
86b81ecb73 update $default_depflags 2013-12-08 13:21:02 +00:00
Dr. Stephen Henson
c43dc3dd77 Avoid multiple locks in FIPS mode.
PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199 bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f)
2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
(cherry picked from commit 8bd7ca9996)
2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c crypto/bn/rsaz*: fix licensing note.
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131)
2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a bn/asm/rsaz-x86_64.pl: fix prototype.
(cherry picked from commit 6efef384c6)
2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
c97ec5631b Fix warning. 2013-12-01 23:30:21 +00:00
Dr. Stephen Henson
fdb0d5dd8f Change header order to pick up OPENSSL_SYS_WIN32 2013-12-01 23:29:40 +00:00
Dr. Stephen Henson
81b6dfe40d Recongnise no-dane and no-libunbound 2013-12-01 23:12:27 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
6859f3fc12 Fix warnings. 2013-12-01 23:08:13 +00:00
Dr. Stephen Henson
8b2d5cc4a7 WIN32 fixes. 2013-12-01 23:07:18 +00:00
Dr. Stephen Henson
74184b6f21 RSAX no longer compiled. 2013-12-01 23:06:33 +00:00
Dr. Stephen Henson
6416aed586 Simplify and update openssl.spec 2013-11-27 15:35:02 +00:00
Dr. Stephen Henson
2a1b7bd380 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
(cherry picked from commit a25f9adc77)
2013-11-18 18:59:18 +00:00
Dr. Stephen Henson
4bba0bda61 Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
(cherry picked from commit 60aeb18750)
2013-11-18 18:59:03 +00:00
Dr. Stephen Henson
27baa8317a Use correct header length in ssl3_send_certifcate_request
(cherry picked from commit fdeaf55bf9)
2013-11-17 17:50:11 +00:00
Dr. Stephen Henson
1abfa78a8b Constify. 2013-11-14 21:00:40 +00:00
Piotr Sikora
edc687ba0f Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
ff0bdbed85 Allow match selecting of current certificate.
If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
2013-11-13 23:47:49 +00:00
Rob Stradling
dc4bdf592f Additional "chain_cert" functions.
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
(cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)
2013-11-13 23:47:37 +00:00
Krzysztof Kwiatkowski
b03d0513d0 Delete duplicate entry.
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
2013-11-13 23:47:26 +00:00
Andy Polyakov
0de70011ad srp/srp_grps.h: make it Compaq C-friendly.
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5)
2013-11-12 22:19:40 +01:00
Andy Polyakov
220d1e5353 modes/asm/ghash-alpha.pl: update from HEAD.
PR: 3165
2013-11-12 21:59:01 +01:00
Andy Polyakov
ca44f72938 Make Makefiles OSF-make-friendly.
PR: 3165
(cherry picked from commit d1cf23ac86)
2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5 Fix memory leak.
(cherry picked from commit 16bc45ba95)
2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
5c50462e1e Typo. 2013-11-11 22:24:08 +00:00
Dr. Stephen Henson
a257865303 Fix for some platforms where "char" is unsigned.
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
2013-11-11 22:18:07 +00:00
Andy Polyakov
60adefa610 Makefile.org: make FIPS build work with BSD make. 2013-11-10 23:06:41 +01:00
Dr. Stephen Henson
b5dde6bcc6 Check for missing components in RSA_check.
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
024dbfd44c Document RSAPublicKey_{in,out} options.
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
233069f8db Add CMS_SignerInfo_get0_signature function.
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
(cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
2013-11-09 15:09:22 +00:00
Andy Polyakov
c76d6922b1 engines/ccgost/gost89.h: make word32 defintion unconditional.
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
(cherry picked from commit 96180cac04)
2013-11-08 23:10:21 +01:00
Andy Polyakov
3241496144 modes/asm/ghash-alpha.pl: make it work with older assembler.
PR: 3165
(cherry picked from commit d24d1d7daf)
2013-11-08 23:10:09 +01:00
Dr. Stephen Henson
63fe69c12e Enable PSK in FIPS mode.
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129c1)
2013-11-06 14:39:41 +00:00
Dr. Stephen Henson
a4947e4e06 Initialise context before using it. 2013-11-06 13:16:50 +00:00
Ben Laurie
262f1c524e PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.
2013-11-03 17:27:12 +00:00
Dr. Stephen Henson
bd80d0229c Add brainpool curves to trace output. 2013-11-02 14:07:21 +00:00
Dr. Stephen Henson
163d794845 Fix warning.
(cherry picked from commit 96e16bddb4)
2013-11-02 14:02:00 +00:00
Dr. Stephen Henson
0b33466b3f Add SSL_CONF command to set DH Parameters.
(cherry picked from commit c557f921dc)
2013-11-02 13:42:03 +00:00