wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11818 commits 20 branches 302 tags 153 MiB
Commit graph

11818 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
a029788b0e typo 2014-03-10 15:47:33 +00:00
Dr. Stephen Henson
d628885e9a Simplify ssl_add_cert_chain logic. 2014-03-10 15:47:33 +00:00
Dr. Stephen Henson
ab0f880433 Remove -WX option from debug-VC-WIN32 
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
 2014-03-07 19:07:52 +00:00
Andy Polyakov
ea38f02049 engines/ccgost/gosthash.c: simplify and avoid SEGV. 
PR: 3275
 2014-03-07 11:02:25 +01:00
Andy Polyakov
5e44c144e6 SPARC T4 assembly pack: treat zero input length in CBC. 
The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775
 2014-03-07 10:30:37 +01:00
Andy Polyakov
53e5161231 dh_check.c: check BN_CTX_get's return value. 2014-03-06 14:19:37 +01:00
Andy Polyakov
687403fb24 test/Makefile: allow emulated test (e.g. under wine). 
Submitted by: Roumen Petrov
 2014-03-06 14:08:02 +01:00
Andy Polyakov
972b0dc350 bss_dgram.c,d1_lib.c: make it compile with mingw. 
Submitted by: Roumen Petrov
 2014-03-06 14:04:56 +01:00
Dr. Stephen Henson
315cd871c4 For self signed root only indicate one error. 
(cherry picked from commit bdfc0e284c)
 2014-03-03 23:36:46 +00:00
Dr. Stephen Henson
5693a30813 PKCS#8 support for alternative PRFs. 
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
(cherry picked from commit b60272b01f)
 2014-03-01 23:16:08 +00:00
Dr. Stephen Henson
01757858fe Fix memory leak. 
(cherry picked from commit 124d218889)
 2014-03-01 23:15:53 +00:00
Dr. Stephen Henson
db7b5e0d76 Add function to free compression methods. 
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
(cherry picked from commit 976c58302b)
 2014-03-01 23:15:25 +00:00
Andy Polyakov
65370f9bbc Makefile.org: fix syntax error on Solaris. 
PR: 3271
 2014-02-28 22:54:40 +01:00
Andy Polyakov
4ca026560a Configure: mark unixware target as elf-1. 2014-02-27 14:27:15 +01:00
Andy Polyakov
b62a4a1c0e perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms. 2014-02-27 14:26:12 +01:00
Andy Polyakov
ce876d8316 perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF. 2014-02-27 14:22:13 +01:00
Andy Polyakov
f861b1d433 rc4/asm/rc4-586.pl: allow for 386-only build. 2014-02-27 14:19:19 +01:00
Andy Polyakov
fd361a67ef des/asm/des-586.pl: shortcut reference to DES_SPtrans. 2014-02-27 14:17:43 +01:00
Rob Stradling
52f71f8181 CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. 2014-02-26 15:33:11 +00:00
Dr. Stephen Henson
031ea2d14a Fix for WIN32 builds with KRB5 
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
 2014-02-26 15:33:11 +00:00
Andy Polyakov
d49135e7ea sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2. 2014-02-26 10:22:13 +01:00
Andy Polyakov
147cca8f53 sha/asm/sha512-x86_64.pl: fix compilation error on Solaris. 2014-02-26 09:30:03 +01:00
Andy Polyakov
7bb9d84e35 Configure: blended processor target in solaris-x86-cc. 2014-02-26 09:28:22 +01:00
Andy Polyakov
03da57fe14 ssl/t1_enc.c: check EVP_MD_CTX_copy return value. 
PR: 3201
 2014-02-25 22:21:54 +01:00
Andy Polyakov
e704741bf3 aes/asm/vpaes-ppc.pl: fix traceback info. 2014-02-25 20:11:34 +01:00
Dr. Stephen Henson
e0520c65d5 Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. 
(cherry picked from commit 3678161d71)
 2014-02-25 15:06:51 +00:00
Dr. Stephen Henson
3a325c60a3 Fix for v3_scts.c 
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732)
 2014-02-25 14:56:31 +00:00
Dr. Stephen Henson
86a2f966d0 Add -show_chain option to print out verified chain. 2014-02-25 14:05:22 +00:00
Dr. Stephen Henson
a4cc3c8041 Avoid Windows 8 Getversion deprecated errors. 
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
 2014-02-25 13:40:33 +00:00
Rob Stradling
19f65ddbab Parse non-v1 SCTs less awkwardly. 2014-02-25 10:14:51 +00:00
Andy Polyakov
63aff3001e ms/do_win64a.bat: forward to NUL, not NUL:. 
Allegedly formwarding to NUL: sometimes creates NUL file in file
system.

PR: 3250
 2014-02-24 19:29:49 +01:00
Andy Polyakov
779c51c644 BC-32.pl: refresh Borland C support. 
PR: 3251
Suggested by: Thorsten Schöning
 2014-02-24 16:42:40 +01:00
Andy Polyakov
758954e0d8 x509/by_dir.c: fix run-away pointer (and potential SEGV) 
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
 2014-02-24 15:16:56 +01:00
Andy Polyakov
d099f0ed6c config: recognize ARMv8/AArch64 target. 2014-02-24 13:18:40 +01:00
Dr. Stephen Henson
358d352aa2 Only set current certificate to valid values. 
When setting the current certificate check that it has a corresponding
private key.
 2014-02-23 13:46:52 +00:00
Dr. Stephen Henson
13dc3ce9ab New chain building flags. 
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
 2014-02-23 13:36:38 +00:00
Dr. Stephen Henson
daddd9a950 Option to set current cert to server certificate. 2014-02-21 19:44:09 +00:00
Andy Polyakov
214368ffee aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak. 2014-02-21 12:14:04 +01:00
Dr. Stephen Henson
47739161c6 fix WIN32 warnings 
(cherry picked from commit b709f8ef54)
 2014-02-20 22:55:24 +00:00
Dr. Stephen Henson
8764e86339 make depend 2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
ded18639d7 Move CT viewer extension code to crypto/x509v3 2014-02-20 18:48:56 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5 Remove references to o_time.h 2014-02-19 20:06:13 +00:00
Ben Laurie
ff49a94439 Move gmtime functions to crypto.h. 2014-02-19 18:02:04 +00:00
Ben Laurie
e91fb53b38 Make i2r_sctlist static. 2014-02-19 17:57:44 +00:00
Ben Laurie
c0482547b3 Reverse export of o_time.h. 2014-02-19 17:57:07 +00:00
Ben Laurie
765e9ba911 Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer 2014-02-19 17:17:14 +00:00
Rob Stradling
b263f21246 Move the SCT List extension parser into libssl. 
Add the extension parser in the s_client, ocsp and x509 apps.
 2014-02-19 13:12:46 +00:00
Dr. Stephen Henson
6ecbc2bb62 Don't use CRYPTO_AES_CTR if it isn't defined. 2014-02-18 22:20:30 +00:00
Dr. Stephen Henson
3c6c139a07 Restore SSL_OP_MSIE_SSLV2_RSA_PADDING 
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d1d)
 2014-02-16 11:43:46 +00:00