oweals/openssl.git
11 years agoImprove WINCE support.
Andy Polyakov [Sat, 19 Jan 2013 20:23:13 +0000 (21:23 +0100)]
Improve WINCE support.

Submitted by: Pierre Delaage

11 years agoMerge branch 'master' of openssl.net:openssl
Ben Laurie [Sat, 19 Jan 2013 18:30:10 +0000 (18:30 +0000)]
Merge branch 'master' of openssl.net:openssl

11 years agoMore .gitignore adjustments.
Andy Polyakov [Sat, 19 Jan 2013 17:41:44 +0000 (18:41 +0100)]
More .gitignore adjustments.

11 years agoMerge branch 'master' of openssl.net:openssl
Ben Laurie [Sat, 19 Jan 2013 17:35:41 +0000 (17:35 +0000)]
Merge branch 'master' of openssl.net:openssl

11 years agoRemove kludge to use RC4 asm.
Ben Laurie [Sat, 19 Jan 2013 17:31:46 +0000 (17:31 +0000)]
Remove kludge to use RC4 asm.

11 years agoBuild/test cleanly on MacOS.
Ben Laurie [Sat, 19 Jan 2013 17:24:40 +0000 (17:24 +0000)]
Build/test cleanly on MacOS.

11 years agogost_crypt.c: add assertions.
Andy Polyakov [Sat, 19 Jan 2013 17:10:05 +0000 (18:10 +0100)]
gost_crypt.c: add assertions.

Submitted by: Seguei Leontiev
PR: 2821

11 years agoengines/ccgost: add test case.
Andy Polyakov [Sat, 19 Jan 2013 16:56:56 +0000 (17:56 +0100)]
engines/ccgost: add test case.

Submitted by: Serguei Leontiev
PR: 2821

11 years agosha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores.
Andy Polyakov [Sat, 19 Jan 2013 16:22:05 +0000 (17:22 +0100)]
sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores.

11 years agoRemove extraneous brackets (clang doesn't like them).
Ben Laurie [Sat, 19 Jan 2013 15:12:08 +0000 (15:12 +0000)]
Remove extraneous brackets (clang doesn't like them).

11 years agoCan't check a size_t for < 0.
Ben Laurie [Sat, 19 Jan 2013 15:00:27 +0000 (15:00 +0000)]
Can't check a size_t for < 0.

11 years agoMake "make depend" work on MacOS out of the box.
Ben Laurie [Sat, 19 Jan 2013 14:14:30 +0000 (14:14 +0000)]
Make "make depend" work on MacOS out of the box.

11 years ago.gitignore adjustments
Andy Polyakov [Sat, 19 Jan 2013 12:20:21 +0000 (13:20 +0100)]
.gitignore adjustments

11 years agoTypo (PR2959).
Dr. Stephen Henson [Thu, 17 Jan 2013 18:20:18 +0000 (18:20 +0000)]
Typo (PR2959).

11 years agoFix some clang warnings.
Ben Laurie [Sun, 13 Jan 2013 21:04:39 +0000 (21:04 +0000)]
Fix some clang warnings.

11 years agoCorrect EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).
Ben Laurie [Sat, 12 Jan 2013 12:25:30 +0000 (12:25 +0000)]
Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).

11 years agoChange default bits to 1024
Dr. Stephen Henson [Mon, 7 Jan 2013 16:13:48 +0000 (16:13 +0000)]
Change default bits to 1024

11 years agoAdd some missing files, make paths absolute.
Ben Laurie [Sun, 6 Jan 2013 19:06:40 +0000 (19:06 +0000)]
Add some missing files, make paths absolute.

11 years agoFix warning.
Ben Laurie [Sun, 6 Jan 2013 19:03:48 +0000 (19:03 +0000)]
Fix warning.

11 years agoInitial .gitignore
Dr. Stephen Henson [Sun, 6 Jan 2013 16:47:36 +0000 (16:47 +0000)]
Initial .gitignore

11 years agomake no-comp compile
Dr. Stephen Henson [Sun, 30 Dec 2012 16:04:51 +0000 (16:04 +0000)]
make no-comp compile

11 years agomake JPAKE work again, fix memory leaks
Dr. Stephen Henson [Sat, 29 Dec 2012 23:38:20 +0000 (23:38 +0000)]
make JPAKE work again, fix memory leaks

11 years agostop warning when compiling with no-comp
Dr. Stephen Henson [Sat, 29 Dec 2012 23:37:56 +0000 (23:37 +0000)]
stop warning when compiling with no-comp

11 years agoPortability fix: use BIO_snprintf and pick up strcasecmp alternative
Dr. Stephen Henson [Wed, 26 Dec 2012 23:51:56 +0000 (23:51 +0000)]
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
definitions from e_os.h

11 years agomissing tab
Dr. Stephen Henson [Wed, 26 Dec 2012 19:12:57 +0000 (19:12 +0000)]
missing tab

11 years agotypo
Dr. Stephen Henson [Wed, 26 Dec 2012 15:23:42 +0000 (15:23 +0000)]
typo

11 years agoFix tocsp: we don't need -trust_other any more.
Dr. Stephen Henson [Fri, 21 Dec 2012 18:32:33 +0000 (18:32 +0000)]
Fix tocsp: we don't need -trust_other any more.

Fix typo.

11 years agoMake partial chain checking work if we only have the EE certificate in
Dr. Stephen Henson [Fri, 21 Dec 2012 18:31:32 +0000 (18:31 +0000)]
Make partial chain checking work if we only have the EE certificate in
the trust store.

11 years agoadd missing newline
Dr. Stephen Henson [Fri, 21 Dec 2012 16:24:48 +0000 (16:24 +0000)]
add missing newline

11 years agorevert OCSP_basic_verify changes: they aren't needed now we support partial chain...
Dr. Stephen Henson [Thu, 20 Dec 2012 18:51:00 +0000 (18:51 +0000)]
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility

11 years agoUpdate test OCSP script "tocsp" to use shell functions and to use
Dr. Stephen Henson [Thu, 20 Dec 2012 18:48:11 +0000 (18:48 +0000)]
Update test OCSP script "tocsp" to use shell functions and to use
December 17th as check date to avoid certificate expiry errors.

11 years agogost_crypt.c: more intuitive ceiling.
Andy Polyakov [Wed, 19 Dec 2012 17:24:46 +0000 (17:24 +0000)]
gost_crypt.c: more intuitive ceiling.

11 years agocorrect CHANGES
Dr. Stephen Henson [Wed, 19 Dec 2012 14:34:39 +0000 (14:34 +0000)]
correct CHANGES

11 years agoengines/cchost/gost_crypt.c: fix typo.
Andy Polyakov [Wed, 19 Dec 2012 11:06:00 +0000 (11:06 +0000)]
engines/cchost/gost_crypt.c: fix typo.

11 years agoengines/e_capi.c: fix typo.
Andy Polyakov [Wed, 19 Dec 2012 10:54:47 +0000 (10:54 +0000)]
engines/e_capi.c: fix typo.

Submitted by: Pierre Delaage

11 years agoengine/cchost: fix bugs.
Andy Polyakov [Wed, 19 Dec 2012 10:45:13 +0000 (10:45 +0000)]
engine/cchost: fix bugs.

PR: 2821
Submitted by: Dmitry Belyavsky, Serguei Leontiev

11 years agodso/dso_win32.c: fix compiler warning.
Andy Polyakov [Tue, 18 Dec 2012 18:19:54 +0000 (18:19 +0000)]
dso/dso_win32.c: fix compiler warning.

11 years agoutil/pl/VC-32.pl fix typo.
Andy Polyakov [Tue, 18 Dec 2012 18:07:20 +0000 (18:07 +0000)]
util/pl/VC-32.pl fix typo.

11 years agoUse client version when deciding which cipher suites to disable.
Dr. Stephen Henson [Tue, 18 Dec 2012 13:25:47 +0000 (13:25 +0000)]
Use client version when deciding which cipher suites to disable.

11 years agoutil/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
Andy Polyakov [Tue, 18 Dec 2012 09:42:31 +0000 (09:42 +0000)]
util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on
suggestions from Pierre Delaage).

11 years agoVC-32.pl: fix typo.
Andy Polyakov [Sun, 16 Dec 2012 19:39:24 +0000 (19:39 +0000)]
VC-32.pl: fix typo.

Submitted by: Pierre Delaage

11 years agod1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
Andy Polyakov [Sun, 16 Dec 2012 19:02:59 +0000 (19:02 +0000)]
d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.

11 years agoadd -rmd option to set OCSP response signing digest
Dr. Stephen Henson [Sun, 16 Dec 2012 00:10:03 +0000 (00:10 +0000)]
add -rmd option to set OCSP response signing digest

11 years agoCheck chain is not NULL before assuming we have a validated chain.
Dr. Stephen Henson [Sat, 15 Dec 2012 02:58:00 +0000 (02:58 +0000)]
Check chain is not NULL before assuming we have a validated chain.

The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.

11 years agoReturn success when the responder is active.
Dr. Stephen Henson [Sat, 15 Dec 2012 02:56:02 +0000 (02:56 +0000)]
Return success when the responder is active.

Don't verify our own responses.

11 years agotypo
Dr. Stephen Henson [Sat, 15 Dec 2012 00:29:12 +0000 (00:29 +0000)]
typo

11 years agoAdd support for '-' as input and output filenames in ocsp utility.
Dr. Stephen Henson [Fri, 14 Dec 2012 23:30:56 +0000 (23:30 +0000)]
Add support for '-' as input and output filenames in ocsp utility.

Recognise verification arguments.

11 years agooops, revert, committed in error
Dr. Stephen Henson [Fri, 14 Dec 2012 23:29:58 +0000 (23:29 +0000)]
oops, revert, committed in error

11 years agoapps/ocsp.c
Dr. Stephen Henson [Fri, 14 Dec 2012 23:28:19 +0000 (23:28 +0000)]
apps/ocsp.c

11 years agoDocumentation improvements by Chris Palmer (Google).
Ben Laurie [Fri, 14 Dec 2012 13:28:49 +0000 (13:28 +0000)]
Documentation improvements by Chris Palmer (Google).

11 years agofips/fipsld: improve cross-compile support.
Andy Polyakov [Thu, 13 Dec 2012 22:51:01 +0000 (22:51 +0000)]
fips/fipsld: improve cross-compile support.

11 years agoUse new partial chain flag instead of modifying input parameters.
Dr. Stephen Henson [Thu, 13 Dec 2012 18:20:47 +0000 (18:20 +0000)]
Use new partial chain flag instead of modifying input parameters.

11 years agoNew verify flag to return success if we have any certificate in the
Dr. Stephen Henson [Thu, 13 Dec 2012 18:14:46 +0000 (18:14 +0000)]
New verify flag to return success if we have any certificate in the
trusted store instead of the default which is to return an error if
we can't build the complete chain.

11 years agoDocument -pubkey.
Ben Laurie [Thu, 13 Dec 2012 16:17:55 +0000 (16:17 +0000)]
Document -pubkey.

11 years agoImprove my 64-bit debug target.
Ben Laurie [Wed, 12 Dec 2012 14:14:43 +0000 (14:14 +0000)]
Improve my 64-bit debug target.

11 years agoadd -crl_download option to s_server
Dr. Stephen Henson [Wed, 12 Dec 2012 03:35:31 +0000 (03:35 +0000)]
add -crl_download option to s_server

11 years agoadd -cert_chain option to s_client
Dr. Stephen Henson [Wed, 12 Dec 2012 00:50:26 +0000 (00:50 +0000)]
add -cert_chain option to s_client

11 years agoMake openssl verify return errors.
Ben Laurie [Tue, 11 Dec 2012 16:05:14 +0000 (16:05 +0000)]
Make openssl verify return errors.

11 years agoUpdate ignores.
Ben Laurie [Tue, 11 Dec 2012 15:52:10 +0000 (15:52 +0000)]
Update ignores.

11 years agoTabification. Remove accidental duplication.
Ben Laurie [Mon, 10 Dec 2012 16:52:17 +0000 (16:52 +0000)]
Tabification. Remove accidental duplication.

11 years agorevert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead
Dr. Stephen Henson [Mon, 10 Dec 2012 02:02:16 +0000 (02:02 +0000)]
revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead

11 years agoadd -badsig option to ocsp utility too.
Dr. Stephen Henson [Sun, 9 Dec 2012 16:21:46 +0000 (16:21 +0000)]
add -badsig option to ocsp utility too.

11 years agoallow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode
Dr. Stephen Henson [Sun, 9 Dec 2012 16:03:34 +0000 (16:03 +0000)]
allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode

11 years agosend out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
Dr. Stephen Henson [Fri, 7 Dec 2012 23:42:33 +0000 (23:42 +0000)]
send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace

11 years agoFix OCSP checking.
Ben Laurie [Fri, 7 Dec 2012 18:47:47 +0000 (18:47 +0000)]
Fix OCSP checking.

11 years agotypo
Dr. Stephen Henson [Fri, 7 Dec 2012 13:23:49 +0000 (13:23 +0000)]
typo

11 years agoreally fix automatic ;-)
Dr. Stephen Henson [Fri, 7 Dec 2012 12:41:13 +0000 (12:41 +0000)]
really fix automatic ;-)

11 years agodocumentation fixes
Dr. Stephen Henson [Thu, 6 Dec 2012 23:26:11 +0000 (23:26 +0000)]
documentation fixes

11 years agofix handling of "automatic" in file mode
Dr. Stephen Henson [Thu, 6 Dec 2012 21:53:05 +0000 (21:53 +0000)]
fix handling of "automatic" in file mode

11 years agoAdd code to download CRLs based on CRLDP extension.
Dr. Stephen Henson [Thu, 6 Dec 2012 18:43:40 +0000 (18:43 +0000)]
Add code to download CRLs based on CRLDP extension.

Just a sample, real world applications would have to be cleverer.

11 years agoremove print_ssl_cert_checks() from openssl application: it is no longer used
Dr. Stephen Henson [Thu, 6 Dec 2012 18:36:51 +0000 (18:36 +0000)]
remove print_ssl_cert_checks() from openssl application: it is no longer used

11 years agoFix two bugs which affect delta CRL handling:
Dr. Stephen Henson [Thu, 6 Dec 2012 18:24:28 +0000 (18:24 +0000)]
Fix two bugs which affect delta CRL handling:

Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.

11 years agoIntegrate host, email and IP address checks into X509_verify.
Dr. Stephen Henson [Wed, 5 Dec 2012 18:35:20 +0000 (18:35 +0000)]
Integrate host, email and IP address checks into X509_verify.

Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.

11 years agoaes-s390x.pl: fix XTS bugs in z196-specific code path.
Andy Polyakov [Wed, 5 Dec 2012 17:44:45 +0000 (17:44 +0000)]
aes-s390x.pl: fix XTS bugs in z196-specific code path.

11 years agodon't print verbose policy check messages when -quiet is selected even on error
Dr. Stephen Henson [Tue, 4 Dec 2012 23:18:44 +0000 (23:18 +0000)]
don't print verbose policy check messages when -quiet is selected even on error

11 years agoghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
Andy Polyakov [Tue, 4 Dec 2012 20:21:24 +0000 (20:21 +0000)]
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.

11 years agoinitial support for delta CRL generations by diffing two full CRLs
Dr. Stephen Henson [Tue, 4 Dec 2012 18:35:36 +0000 (18:35 +0000)]
initial support for delta CRL generations by diffing two full CRLs

11 years agomake -subj always override config file
Dr. Stephen Henson [Tue, 4 Dec 2012 18:35:04 +0000 (18:35 +0000)]
make -subj always override config file

11 years agocheck mval for NULL too
Dr. Stephen Henson [Tue, 4 Dec 2012 17:25:34 +0000 (17:25 +0000)]
check mval for NULL too

11 years agofix leak
Dr. Stephen Henson [Mon, 3 Dec 2012 16:32:52 +0000 (16:32 +0000)]
fix leak

11 years agooops, really check brief mode only ;-)
Dr. Stephen Henson [Mon, 3 Dec 2012 03:40:57 +0000 (03:40 +0000)]
oops, really check brief mode only ;-)

11 years agodon't check errno is zero, just print out message
Dr. Stephen Henson [Mon, 3 Dec 2012 03:39:23 +0000 (03:39 +0000)]
don't check errno is zero, just print out message

11 years agoif no error code and -brief selected print out connection closed instead of read...
Dr. Stephen Henson [Mon, 3 Dec 2012 03:33:44 +0000 (03:33 +0000)]
if no error code and -brief selected print out connection closed instead of read error

11 years agoadd -badsig option to corrupt CRL signatures for testing too
Dr. Stephen Henson [Sun, 2 Dec 2012 16:48:25 +0000 (16:48 +0000)]
add -badsig option to corrupt CRL signatures for testing too

11 years agoNew option to add CRLs for s_client and s_server.
Dr. Stephen Henson [Sun, 2 Dec 2012 16:16:28 +0000 (16:16 +0000)]
New option to add CRLs for s_client and s_server.

11 years agoadd option to get a certificate or CRL from a URL
Dr. Stephen Henson [Sun, 2 Dec 2012 14:00:22 +0000 (14:00 +0000)]
add option to get a certificate or CRL from a URL

11 years agoreturn error if Suite B mode is selected and TLS 1.2 can't be used. Correct error...
Dr. Stephen Henson [Sat, 1 Dec 2012 18:33:21 +0000 (18:33 +0000)]
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded

11 years agocryptlib.c: fix logical error.
Andy Polyakov [Sat, 1 Dec 2012 18:24:20 +0000 (18:24 +0000)]
cryptlib.c: fix logical error.

11 years agoaesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
Andy Polyakov [Sat, 1 Dec 2012 18:20:39 +0000 (18:20 +0000)]
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.

11 years agoaes-s390x.pl: harmonize software-only code path [and minor optimization].
Andy Polyakov [Sat, 1 Dec 2012 11:06:19 +0000 (11:06 +0000)]
aes-s390x.pl: harmonize software-only code path [and minor optimization].

11 years agoAdd new test option set the version in generated certificates: this
Dr. Stephen Henson [Fri, 30 Nov 2012 19:24:13 +0000 (19:24 +0000)]
Add new test option set the version in generated certificates: this
is needed to test some profiles/protocols which reject certificates
with unsupported versions.

11 years agoPR: 2803
Dr. Stephen Henson [Thu, 29 Nov 2012 19:15:14 +0000 (19:15 +0000)]
PR: 2803
Submitted by: jean-etienne.schwartz@bull.net

In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.

11 years agoadd wrapper function for certificate download
Dr. Stephen Henson [Thu, 29 Nov 2012 01:15:09 +0000 (01:15 +0000)]
add wrapper function for certificate download

11 years agoconstify
Dr. Stephen Henson [Thu, 29 Nov 2012 01:13:38 +0000 (01:13 +0000)]
constify

11 years agoGeneralise OCSP I/O functions to support dowloading of other ASN1
Dr. Stephen Henson [Wed, 28 Nov 2012 16:22:53 +0000 (16:22 +0000)]
Generalise OCSP I/O functions to support dowloading of other ASN1
structures using HTTP. Add wrapper function to handle CRL download.

11 years agoC64x+ assembly pack: improve EABI support.
Andy Polyakov [Wed, 28 Nov 2012 13:19:10 +0000 (13:19 +0000)]
C64x+ assembly pack: improve EABI support.

11 years agoUpdate support for Intel compiler: add linux-x86_64-icc and fix problems.
Andy Polyakov [Wed, 28 Nov 2012 13:05:13 +0000 (13:05 +0000)]
Update support for Intel compiler: add linux-x86_64-icc and fix problems.

11 years agoNew functions to set lookup_crls callback and to retrieve internal X509_STORE
Dr. Stephen Henson [Tue, 27 Nov 2012 23:47:48 +0000 (23:47 +0000)]
New functions to set lookup_crls callback and to retrieve internal X509_STORE
from X509_STORE_CTX.

12 years agoPrint out point format list for clients too.
Dr. Stephen Henson [Mon, 26 Nov 2012 18:39:38 +0000 (18:39 +0000)]
Print out point format list for clients too.

12 years agoUse default point formats extension for server side as well as client
Dr. Stephen Henson [Mon, 26 Nov 2012 18:38:10 +0000 (18:38 +0000)]
Use default point formats extension for server side as well as client
side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.