Dr. Stephen Henson
a32ba49352
Check EVP errors for handshake digests.
...
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f
)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b
verify parameter enumeration functions
...
(cherry picked from commit 9b3d75706e
)
Conflicts:
crypto/x509/x509_vpm.c
2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3
Add opaque ID structure.
...
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49
Backport TLS padding extension from master.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d
Fix for partial chain notification.
...
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5
Verify parameter retrieval functions.
...
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989
Don't use rdrand engine as default unless explicitly requested.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75
Get FIPS checking logic right.
...
We need to lock when *not* in FIPS mode.
2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd
remove obsolete STATUS file
2013-12-10 00:10:41 +00:00
Dr. Stephen Henson
d43b040773
Add release dates to NEWS
2013-12-10 00:08:33 +00:00
Andy Polyakov
422c8c36e5
ARM assembly pack: SHA update from master.
2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74
ARM assembly pack: AES update from master (including bit-sliced module).
2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576
bn/asm/armv4-mont.pl: add NEON code path.
...
(cherry picked from commit d1671f4f1a
)
2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c
crypto/bn/asm/x86_64-mont*.pl: update from master.
...
Add MULX/AD*X code paths and optimize even original code path.
2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb
x86_64-xlate.pl: fix jrcxz in nasm case.
...
(cherry picked from commit 667053a2f3
)
2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9
x86_64-xlate.pl: minor update.
...
(cherry picked from commit 41965a84c4
)
2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
86b81ecb73
update $default_depflags
2013-12-08 13:21:02 +00:00
Dr. Stephen Henson
c43dc3dd77
Avoid multiple locks in FIPS mode.
...
PR: 3176.
In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
...
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f
)
2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0
crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
...
(cherry picked from commit 8bd7ca9996
)
2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c
crypto/bn/rsaz*: fix licensing note.
...
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131
)
2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a
bn/asm/rsaz-x86_64.pl: fix prototype.
...
(cherry picked from commit 6efef384c6
)
2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
c97ec5631b
Fix warning.
2013-12-01 23:30:21 +00:00
Dr. Stephen Henson
fdb0d5dd8f
Change header order to pick up OPENSSL_SYS_WIN32
2013-12-01 23:29:40 +00:00
Dr. Stephen Henson
81b6dfe40d
Recongnise no-dane and no-libunbound
2013-12-01 23:12:27 +00:00
Dr. Stephen Henson
bc35b8e435
make update
2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
6859f3fc12
Fix warnings.
2013-12-01 23:08:13 +00:00
Dr. Stephen Henson
8b2d5cc4a7
WIN32 fixes.
2013-12-01 23:07:18 +00:00
Dr. Stephen Henson
74184b6f21
RSAX no longer compiled.
2013-12-01 23:06:33 +00:00
Dr. Stephen Henson
6416aed586
Simplify and update openssl.spec
2013-11-27 15:35:02 +00:00
Dr. Stephen Henson
2a1b7bd380
New functions to retrieve certificate from SSL_CTX
...
New functions to retrieve current certificate or private key
from an SSL_CTX.
Constify SSL_get_private_key().
(cherry picked from commit a25f9adc77
)
2013-11-18 18:59:18 +00:00
Dr. Stephen Henson
4bba0bda61
Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
...
(cherry picked from commit 60aeb18750
)
2013-11-18 18:59:03 +00:00
Dr. Stephen Henson
27baa8317a
Use correct header length in ssl3_send_certifcate_request
...
(cherry picked from commit fdeaf55bf9
)
2013-11-17 17:50:11 +00:00
Dr. Stephen Henson
1abfa78a8b
Constify.
2013-11-14 21:00:40 +00:00
Piotr Sikora
edc687ba0f
Fix compilation with no-nextprotoneg.
...
PR#3106
2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
ff0bdbed85
Allow match selecting of current certificate.
...
If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
2013-11-13 23:47:49 +00:00
Rob Stradling
dc4bdf592f
Additional "chain_cert" functions.
...
PR#3169
This patch, which currently applies successfully against master and
1_0_2, adds the following functions:
SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.
SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.
SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.
The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
(cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)
2013-11-13 23:47:37 +00:00
Krzysztof Kwiatkowski
b03d0513d0
Delete duplicate entry.
...
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
2013-11-13 23:47:26 +00:00
Andy Polyakov
0de70011ad
srp/srp_grps.h: make it Compaq C-friendly.
...
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5
)
2013-11-12 22:19:40 +01:00
Andy Polyakov
220d1e5353
modes/asm/ghash-alpha.pl: update from HEAD.
...
PR: 3165
2013-11-12 21:59:01 +01:00
Andy Polyakov
ca44f72938
Make Makefiles OSF-make-friendly.
...
PR: 3165
(cherry picked from commit d1cf23ac86
)
2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5
Fix memory leak.
...
(cherry picked from commit 16bc45ba95
)
2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
5c50462e1e
Typo.
2013-11-11 22:24:08 +00:00
Dr. Stephen Henson
a257865303
Fix for some platforms where "char" is unsigned.
...
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
2013-11-11 22:18:07 +00:00
Andy Polyakov
60adefa610
Makefile.org: make FIPS build work with BSD make.
2013-11-10 23:06:41 +01:00
Dr. Stephen Henson
b5dde6bcc6
Check for missing components in RSA_check.
...
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
024dbfd44c
Document RSAPublicKey_{in,out} options.
...
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
233069f8db
Add CMS_SignerInfo_get0_signature function.
...
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
(cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
2013-11-09 15:09:22 +00:00
Andy Polyakov
c76d6922b1
engines/ccgost/gost89.h: make word32 defintion unconditional.
...
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.
PR: 3165
(cherry picked from commit 96180cac04
)
2013-11-08 23:10:21 +01:00
Andy Polyakov
3241496144
modes/asm/ghash-alpha.pl: make it work with older assembler.
...
PR: 3165
(cherry picked from commit d24d1d7daf
)
2013-11-08 23:10:09 +01:00