Rob Stradling
52f71f8181
CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration.
2014-02-26 15:33:11 +00:00
Dr. Stephen Henson
031ea2d14a
Fix for WIN32 builds with KRB5
...
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
2014-02-26 15:33:11 +00:00
Andy Polyakov
d49135e7ea
sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2.
2014-02-26 10:22:13 +01:00
Andy Polyakov
147cca8f53
sha/asm/sha512-x86_64.pl: fix compilation error on Solaris.
2014-02-26 09:30:03 +01:00
Andy Polyakov
7bb9d84e35
Configure: blended processor target in solaris-x86-cc.
2014-02-26 09:28:22 +01:00
Andy Polyakov
03da57fe14
ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
...
PR: 3201
2014-02-25 22:21:54 +01:00
Andy Polyakov
e704741bf3
aes/asm/vpaes-ppc.pl: fix traceback info.
2014-02-25 20:11:34 +01:00
Dr. Stephen Henson
e0520c65d5
Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP.
...
(cherry picked from commit 3678161d71
)
2014-02-25 15:06:51 +00:00
Dr. Stephen Henson
3a325c60a3
Fix for v3_scts.c
...
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732
)
2014-02-25 14:56:31 +00:00
Dr. Stephen Henson
86a2f966d0
Add -show_chain option to print out verified chain.
2014-02-25 14:05:22 +00:00
Dr. Stephen Henson
a4cc3c8041
Avoid Windows 8 Getversion deprecated errors.
...
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
2014-02-25 13:40:33 +00:00
Rob Stradling
19f65ddbab
Parse non-v1 SCTs less awkwardly.
2014-02-25 10:14:51 +00:00
Andy Polyakov
63aff3001e
ms/do_win64a.bat: forward to NUL, not NUL:.
...
Allegedly formwarding to NUL: sometimes creates NUL file in file
system.
PR: 3250
2014-02-24 19:29:49 +01:00
Andy Polyakov
779c51c644
BC-32.pl: refresh Borland C support.
...
PR: 3251
Suggested by: Thorsten Schöning
2014-02-24 16:42:40 +01:00
Andy Polyakov
758954e0d8
x509/by_dir.c: fix run-away pointer (and potential SEGV)
...
when adding duplicates in add_cert_dir.
PR: 3261
Reported by: Marian Done
2014-02-24 15:16:56 +01:00
Andy Polyakov
d099f0ed6c
config: recognize ARMv8/AArch64 target.
2014-02-24 13:18:40 +01:00
Dr. Stephen Henson
358d352aa2
Only set current certificate to valid values.
...
When setting the current certificate check that it has a corresponding
private key.
2014-02-23 13:46:52 +00:00
Dr. Stephen Henson
13dc3ce9ab
New chain building flags.
...
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.
Add verify error code when building chain.
Update docs.
2014-02-23 13:36:38 +00:00
Dr. Stephen Henson
daddd9a950
Option to set current cert to server certificate.
2014-02-21 19:44:09 +00:00
Andy Polyakov
214368ffee
aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak.
2014-02-21 12:14:04 +01:00
Dr. Stephen Henson
47739161c6
fix WIN32 warnings
...
(cherry picked from commit b709f8ef54
)
2014-02-20 22:55:24 +00:00
Dr. Stephen Henson
8764e86339
make depend
2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
ded18639d7
Move CT viewer extension code to crypto/x509v3
2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5
Remove references to o_time.h
2014-02-19 20:06:13 +00:00
Ben Laurie
ff49a94439
Move gmtime functions to crypto.h.
2014-02-19 18:02:04 +00:00
Ben Laurie
e91fb53b38
Make i2r_sctlist static.
2014-02-19 17:57:44 +00:00
Ben Laurie
c0482547b3
Reverse export of o_time.h.
2014-02-19 17:57:07 +00:00
Ben Laurie
765e9ba911
Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer
2014-02-19 17:17:14 +00:00
Rob Stradling
b263f21246
Move the SCT List extension parser into libssl.
...
Add the extension parser in the s_client, ocsp and x509 apps.
2014-02-19 13:12:46 +00:00
Dr. Stephen Henson
6ecbc2bb62
Don't use CRYPTO_AES_CTR if it isn't defined.
2014-02-18 22:20:30 +00:00
Dr. Stephen Henson
3c6c139a07
Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
...
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d1d
)
2014-02-16 11:43:46 +00:00
Dr. Stephen Henson
f3a3903260
Don't use getcwd in non-copy builds.
2014-02-15 20:16:54 +00:00
Dr. Stephen Henson
5a7652c3e5
Remove duplicate statement.
2014-02-15 01:27:56 +00:00
Klaus-Peter Junghanns
be2c4d9bd9
Add support for aes-128/192/256-ctr to the cryptodev engine.
...
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
2014-02-15 00:01:40 +00:00
Rob Stradling
dcfe8df148
Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions.
...
Add the RFC6962 OIDs to the objects table.
2014-02-14 23:24:35 +00:00
Kurt Roeckx
3343220327
Use defaults bits in req when not given
...
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file. However the value isn't used to generate the key, but it does
print it's generating such a key. The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.
We now read the config first and use the value from the config file when no size
is given.
PR: 2592
2014-02-14 22:30:27 +00:00
Kurt Roeckx
e547c45f1c
Fix additional pod errors with numbered items.
2014-02-14 22:30:26 +00:00
Scott Schaefer
2b4ffc659e
Fix various spelling errors
2014-02-14 22:29:12 +00:00
Scott Schaefer
856c6dfb09
Document pkcs12 -password behavior
...
apps/pkcs12.c accepts -password as an argument. The document author
almost certainly meant to write "-password, -passin".
However, that is not correct, either. Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
2014-02-14 22:28:37 +00:00
Andy Polyakov
701134320a
ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
2014-02-14 17:43:31 +01:00
Andy Polyakov
f4d456408d
x86[_64]cpuid.pl: add low-level RDSEED.
2014-02-14 17:24:12 +01:00
Andy Polyakov
5599c7331b
aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont.
...
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33%
improvement over "pre-Silvermont" version. [Add performance table to
aesni-x86.pl].
2014-02-14 17:06:15 +01:00
Dr. Stephen Henson
385b348666
Include TA in checks/callback with partial chains.
...
When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
2014-02-14 15:07:01 +00:00
Dr. Stephen Henson
2dac2667d1
Don't do loop detection for self signed check.
2014-02-14 14:52:23 +00:00
Dr. Stephen Henson
847865d0f9
Add suppot for ASCII with CRLF canonicalisation.
2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
4dce704145
fix error discrepancy
...
(cherry picked from commit a2317c3ffd
)
2014-02-13 14:35:22 +00:00
Andy Polyakov
9587429fa0
evp/e_aes_cbc_hmac_sha*.c: improve cache locality.
2014-02-13 14:39:55 +01:00
Andy Polyakov
98e143f118
ghash-x86[_64].pl: ~15% improvement on Atom Silvermont
...
(other processors unaffected).
2014-02-13 14:37:28 +01:00
Ben Laurie
fc92396976
Fix warning.
2014-02-13 03:11:58 +00:00