Commit graph

11674 commits

Author SHA1 Message Date
Dr. Stephen Henson
4a253652ee Add opaque ID structure.
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73e3)

Conflicts:

	crypto/x509/x509_vpm.c
2013-12-13 15:42:16 +00:00
Dr. Stephen Henson
4fcdd66fff Update to pad extension.
Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
102302b05b Fix for partial chain notification.
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
7af31968dd Verify parameter retrieval functions.
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
8a1956f3ea Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
e3bc1f4955 remove obsolete STATUS file 2013-12-10 00:10:05 +00:00
Dr. Stephen Henson
57d7ee3a91 Add release dates to NEWS 2013-12-10 00:08:34 +00:00
Andy Polyakov
41965a84c4 x86_64-xlate.pl: minor update. 2013-12-09 21:23:19 +01:00
Andy Polyakov
ec9cc70f72 bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a bn/asm/armv4-mont.pl: add NEON code path. 2013-12-04 22:37:49 +01:00
Andy Polyakov
26e18383ef perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX.
Suggested by: Marcello Cerri
2013-12-04 22:01:31 +01:00
Andy Polyakov
f586d97191 perlasm/ppc-xlate.pl: improve linux64le support.
Suggested by: Marcello Cerri
2013-12-04 21:47:43 +01:00
Andy Polyakov
a61e51220f aes/asm/vpaes-ppc.pl: comply with ABI. 2013-12-04 21:46:40 +01:00
Andy Polyakov
34b1008c93 Configure: remove vpaes-ppc from aix targets.
AIX assembler doesn't hanle .align, which is essential for vpaes module.
2013-12-04 21:45:20 +01:00
Andy Polyakov
c5d5f5bd0f bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. 2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131 crypto/bn/rsaz*: fix licensing note.
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6 bn/asm/rsaz-x86_64.pl: fix prototype. 2013-12-03 09:43:06 +01:00
Dr. Stephen Henson
4b27bab993 Simplify and update openssl.spec 2013-11-30 14:11:05 +00:00
Andy Polyakov
89bb96e51d vpaes-ppc.pl: fix bug in IV handling and comply with ABI. 2013-11-29 14:40:51 +01:00
Andy Polyakov
b9e87d07cb ppc64-mont.pl: eliminate dependency on GPRs' upper halves. 2013-11-27 22:50:00 +01:00
Andy Polyakov
07f3e4f3f9 Take vpaes-ppc module into loop. 2013-11-27 22:39:13 +01:00
Andy Polyakov
b5c54c914f Add Vector Permutation AES for PPC. 2013-11-27 22:32:56 +01:00
Dr. Stephen Henson
a25f9adc77 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
2013-11-18 18:56:48 +00:00
Dr. Stephen Henson
60aeb18750 Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set 2013-11-18 16:52:10 +00:00
Dr. Stephen Henson
fdeaf55bf9 Use correct header length in ssl3_send_certifcate_request 2013-11-17 17:48:18 +00:00
Dr. Stephen Henson
0f7fa1b190 Constify.
(cherry picked from commit 1abfa78a8b)
2013-11-14 21:05:36 +00:00
Piotr Sikora
2911575c6e Fix compilation with no-nextprotoneg.
PR#3106
2013-11-14 01:20:12 +00:00
Dr. Stephen Henson
afa23c46d9 Flag to disable automatic copying of contexts.
Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.
2013-11-13 23:48:35 +00:00
Dr. Stephen Henson
629b640bbc Allow match selecting of current certificate.
If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
2013-11-13 23:48:35 +00:00
Rob Stradling
7b6b246fd3 Additional "chain_cert" functions.
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
2013-11-13 23:48:35 +00:00
Krzysztof Kwiatkowski
44314cf64d Delete duplicate entry.
PR#3172
2013-11-13 23:48:35 +00:00
Andy Polyakov
f1982acc12 Configure: add linux-ppc64le target.
Submitted by: Marcelo Cerri
2013-11-12 22:36:24 +01:00
Andy Polyakov
2df9ec01d5 srp/srp_grps.h: make it Compaq C-friendly.
PR: 3165
Submitted by: Daniel Richard G.
2013-11-12 22:09:55 +01:00
Andy Polyakov
5b63a39241 modes/asm/ghash-alpha.pl: fix typo. 2013-11-12 21:52:18 +01:00
Andy Polyakov
d1cf23ac86 Make Makefiles OSF-make-friendly.
PR: 3165
2013-11-12 21:51:37 +01:00
Dr. Stephen Henson
16bc45ba95 Fix memory leak. 2013-11-11 22:39:40 +00:00
Dr. Stephen Henson
85c9ba2342 Support setting of "no purpose" for trust.
If the oid parameter is set to NULL in X509_add1_trust_object
create an empty list of trusted purposes corresponding to
"no purpose" if trust is checked.
2013-11-11 22:39:23 +00:00
Dr. Stephen Henson
5fad2c93bc Update FAQ 2013-11-11 22:25:00 +00:00
Andy Polyakov
d0f1d924ad Makfile.org: make FIPS build work with BSD make. 2013-11-10 23:09:22 +01:00
Dr. Stephen Henson
9b69a63874 Update FAQ with PGP note. 2013-11-10 16:46:54 +00:00
Dr. Stephen Henson
dd274b1c1c Fix for some platforms where "char" is unsigned. 2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
9c75461bef Document RSAPublicKey_{in,out} options. 2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
da15c61608 Add CMS_SignerInfo_get0_signature function.
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
534e5fabad Check for missing components in RSA_check. 2013-11-09 15:09:23 +00:00
Andy Polyakov
33446493f4 modes/asm/ghash-alpha.pl: make it work with older assembler for real.
PR: 3165
2013-11-09 11:41:59 +01:00
Andy Polyakov
96180cac04 engines/ccgost/gost89.h: make word32 defintion unconditional.
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
2013-11-08 23:00:35 +01:00
Andy Polyakov
d24d1d7daf modes/asm/ghash-alpha.pl: make it work with older assembler.
PR: 3165
2013-11-08 22:56:44 +01:00
Dr. Stephen Henson
0467ea6862 Experimental workaround TLS filler (WTF) extension.
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
if the TLS Client Hello record length value would otherwise be > 255 and less
that 512 pad with a dummy extension containing zeroes so it is at least 512.

To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242

WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
2013-11-06 20:49:47 +00:00
Dr. Stephen Henson
e0ffd129c1 Enable PSK in FIPS mode.
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
2013-11-06 14:38:28 +00:00