openssl.git
8 years agoadd FAQ about version numbers
Dr. Stephen Henson [Thu, 5 Apr 2012 13:16:37 +0000 (13:16 +0000)]
add FAQ about version numbers

8 years agoaes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].
Andy Polyakov [Thu, 5 Apr 2012 08:30:22 +0000 (08:30 +0000)]
aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].

8 years agoaes-s390x.pl: make it more foolproof [inspired by 1.0.1].
Andy Polyakov [Thu, 5 Apr 2012 08:22:09 +0000 (08:22 +0000)]
aes-s390x.pl: make it more foolproof [inspired by 1.0.1].

8 years agossl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).
Andy Polyakov [Wed, 4 Apr 2012 20:45:51 +0000 (20:45 +0000)]
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).

PR: 2778

8 years agoTidy up EC parameter check code: instead of accessing internal structures
Dr. Stephen Henson [Wed, 4 Apr 2012 14:41:01 +0000 (14:41 +0000)]
Tidy up EC parameter check code: instead of accessing internal structures
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.

8 years agoUpdate ordinals.
Dr. Stephen Henson [Tue, 3 Apr 2012 23:13:23 +0000 (23:13 +0000)]
Update ordinals.

8 years agoCHANGES: harmonize with 1.0.0 and 1.0.1.
Andy Polyakov [Sat, 31 Mar 2012 18:56:27 +0000 (18:56 +0000)]
CHANGES: harmonize with 1.0.0 and 1.0.1.

8 years agoPR: 2778(part)
Dr. Stephen Henson [Sat, 31 Mar 2012 18:03:02 +0000 (18:03 +0000)]
PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

8 years agomodes_lcl.h: make it work on i386.
Andy Polyakov [Sat, 31 Mar 2012 17:02:46 +0000 (17:02 +0000)]
modes_lcl.h: make it work on i386.
PR: 2780

8 years agovpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt.
Andy Polyakov [Sat, 31 Mar 2012 16:53:34 +0000 (16:53 +0000)]
vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt.
PR: 2775

8 years agoutil/cygwin.sh update.
Andy Polyakov [Sat, 31 Mar 2012 11:06:46 +0000 (11:06 +0000)]
util/cygwin.sh update.
PR: 2761
Submitted by: Corinna Vinschen

8 years agodon't shadow
Dr. Stephen Henson [Fri, 30 Mar 2012 15:43:32 +0000 (15:43 +0000)]
don't shadow

8 years agobn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND.
Andy Polyakov [Thu, 29 Mar 2012 21:35:28 +0000 (21:35 +0000)]
bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND.

8 years agomodes/gcm128.c: fix self-test.
Andy Polyakov [Thu, 29 Mar 2012 18:25:38 +0000 (18:25 +0000)]
modes/gcm128.c: fix self-test.

8 years agosha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select.
Andy Polyakov [Thu, 29 Mar 2012 18:20:11 +0000 (18:20 +0000)]
sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select.

8 years agoperlasm/x86masm.pl: fix last fix.
Andy Polyakov [Thu, 29 Mar 2012 18:09:36 +0000 (18:09 +0000)]
perlasm/x86masm.pl: fix last fix.

8 years agoans1/tasn_prn.c: avoid bool in variable names.
Andy Polyakov [Thu, 29 Mar 2012 17:48:19 +0000 (17:48 +0000)]
ans1/tasn_prn.c: avoid bool in variable names.
PR: 2776

8 years agoInitial revision of ECC extension handling.
Dr. Stephen Henson [Wed, 28 Mar 2012 15:05:04 +0000 (15:05 +0000)]
Initial revision of ECC extension handling.

Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.

8 years agofix leak
Dr. Stephen Henson [Thu, 22 Mar 2012 16:28:07 +0000 (16:28 +0000)]
fix leak

8 years agoSubmitted by: Markus Friedl <mfriedl@gmail.com>
Dr. Stephen Henson [Thu, 22 Mar 2012 15:44:51 +0000 (15:44 +0000)]
Submitted by: Markus Friedl <mfriedl@gmail.com>

Fix memory leaks in 'goto err' cases.

8 years agouse client version when deciding whether to send supported signature algorithms extension
Dr. Stephen Henson [Wed, 21 Mar 2012 21:33:23 +0000 (21:33 +0000)]
use client version when deciding whether to send supported signature algorithms extension

8 years agoe_padlock-x86[_64].pl: better understanding of prefetch errata and proper
Andy Polyakov [Mon, 19 Mar 2012 20:23:32 +0000 (20:23 +0000)]
e_padlock-x86[_64].pl: better understanding of prefetch errata and proper
workaround.

8 years agoeng_all.c: revert previous "disable Padlock" commit, which was unjustified.
Andy Polyakov [Mon, 19 Mar 2012 20:20:41 +0000 (20:20 +0000)]
eng_all.c: revert previous "disable Padlock" commit, which was unjustified.

8 years agoAlways use SSLv23_{client,server}_method in s_client.c and s_server.c,
Dr. Stephen Henson [Sun, 18 Mar 2012 18:16:46 +0000 (18:16 +0000)]
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.

8 years agovpaes-x86_64.pl: out-of-date Apple assembler fails to calculate
Andy Polyakov [Sat, 17 Mar 2012 16:06:31 +0000 (16:06 +0000)]
vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate
distance between local labels.
PR: 2762

8 years agobsaes-x86_64.pl: optimize key conversion.
Andy Polyakov [Fri, 16 Mar 2012 21:44:19 +0000 (21:44 +0000)]
bsaes-x86_64.pl: optimize key conversion.

8 years agobsaes-armv7.pl: optmize Sbox and key conversion.
Andy Polyakov [Fri, 16 Mar 2012 21:41:48 +0000 (21:41 +0000)]
bsaes-armv7.pl: optmize Sbox and key conversion.

8 years agooops, revert unrelated patches
Dr. Stephen Henson [Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)]
oops, revert unrelated patches

8 years agoupdate FAQ, NEWS
Dr. Stephen Henson [Wed, 14 Mar 2012 13:44:57 +0000 (13:44 +0000)]
update FAQ, NEWS

8 years agoghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build.
Andy Polyakov [Tue, 13 Mar 2012 19:43:42 +0000 (19:43 +0000)]
ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build.

8 years agossl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.
Andy Polyakov [Tue, 13 Mar 2012 19:20:55 +0000 (19:20 +0000)]
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.

8 years agox86_64-xlate.pl: remove old kludge.
Andy Polyakov [Tue, 13 Mar 2012 19:19:08 +0000 (19:19 +0000)]
x86_64-xlate.pl: remove old kludge.
PR: 2435,2440

8 years agocorrected fix to PR#2711 and also cover mime_param_cmp
Dr. Stephen Henson [Mon, 12 Mar 2012 16:32:19 +0000 (16:32 +0000)]
corrected fix to PR#2711 and also cover mime_param_cmp

8 years agoFix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
Dr. Stephen Henson [Mon, 12 Mar 2012 16:31:39 +0000 (16:31 +0000)]
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)

8 years agoupdate NEWS
Dr. Stephen Henson [Mon, 12 Mar 2012 16:23:00 +0000 (16:23 +0000)]
update NEWS

8 years agoPR: 2744
Dr. Stephen Henson [Sun, 11 Mar 2012 13:40:17 +0000 (13:40 +0000)]
PR: 2744
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine

8 years agoSubmitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Dr. Stephen Henson [Fri, 9 Mar 2012 18:38:35 +0000 (18:38 +0000)]
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Add more extension names in s_cb.c extension printing code.

8 years agoPR: 2756
Dr. Stephen Henson [Fri, 9 Mar 2012 15:52:33 +0000 (15:52 +0000)]
PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.

8 years agocheck return value of BIO_write in PKCS7_decrypt
Dr. Stephen Henson [Thu, 8 Mar 2012 14:10:23 +0000 (14:10 +0000)]
check return value of BIO_write in PKCS7_decrypt

8 years agoNew ctrls to retrieve supported signature algorithms and curves and
Dr. Stephen Henson [Tue, 6 Mar 2012 14:28:21 +0000 (14:28 +0000)]
New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.

8 years agoPR: 2755
Dr. Stephen Henson [Tue, 6 Mar 2012 13:47:43 +0000 (13:47 +0000)]
PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

8 years agoPR: 2748
Dr. Stephen Henson [Tue, 6 Mar 2012 13:26:15 +0000 (13:26 +0000)]
PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.

8 years agodon't do loop check for single self signed certificate
Dr. Stephen Henson [Mon, 5 Mar 2012 15:48:13 +0000 (15:48 +0000)]
don't do loop check for single self signed certificate

8 years agoConfigure: make no-whirlpool work.
Andy Polyakov [Sat, 3 Mar 2012 13:17:47 +0000 (13:17 +0000)]
Configure: make no-whirlpool work.

8 years agobsaes-armv7.pl: change preferred contact.
Andy Polyakov [Sat, 3 Mar 2012 13:04:53 +0000 (13:04 +0000)]
bsaes-armv7.pl: change preferred contact.

8 years agoAdd bit-sliced AES for ARM NEON. This initial version is effectively
Andy Polyakov [Sat, 3 Mar 2012 12:33:28 +0000 (12:33 +0000)]
Add bit-sliced AES for ARM NEON. This initial version is effectively
reference implementation, it does not interface to OpenSSL yet.

8 years agoPR: 2743
Dr. Stephen Henson [Wed, 29 Feb 2012 14:13:00 +0000 (14:13 +0000)]
PR: 2743
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.

8 years agoPR: 2742
Dr. Stephen Henson [Wed, 29 Feb 2012 14:02:02 +0000 (14:02 +0000)]
PR: 2742
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.

8 years agoFix memory leak cause by race condition when creating public keys.
Dr. Stephen Henson [Tue, 28 Feb 2012 14:47:02 +0000 (14:47 +0000)]
Fix memory leak cause by race condition when creating public keys.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

8 years agox86cpuid.pl: fix processor capability detection on pre-586.
Andy Polyakov [Tue, 28 Feb 2012 14:20:21 +0000 (14:20 +0000)]
x86cpuid.pl: fix processor capability detection on pre-586.

8 years agoPR: 2736
Dr. Stephen Henson [Mon, 27 Feb 2012 18:45:28 +0000 (18:45 +0000)]
PR: 2736
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.

8 years agoPR: 2737
Dr. Stephen Henson [Mon, 27 Feb 2012 16:46:34 +0000 (16:46 +0000)]
PR: 2737
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

8 years agoPR: 2739
Dr. Stephen Henson [Mon, 27 Feb 2012 16:38:24 +0000 (16:38 +0000)]
PR: 2739
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.

8 years agoPR: 2735
Dr. Stephen Henson [Mon, 27 Feb 2012 16:33:34 +0000 (16:33 +0000)]
PR: 2735

Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.

8 years agofree headers after use in error message
Dr. Stephen Henson [Mon, 27 Feb 2012 16:27:17 +0000 (16:27 +0000)]
free headers after use in error message

8 years agoDetect symmetric crypto errors in PKCS7_decrypt.
Dr. Stephen Henson [Mon, 27 Feb 2012 15:22:41 +0000 (15:22 +0000)]
Detect symmetric crypto errors in PKCS7_decrypt.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

8 years agoConfigure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for
Andy Polyakov [Sun, 26 Feb 2012 22:02:59 +0000 (22:02 +0000)]
Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for
following reasons:

- it's not the way to engage XPG4v2 mode, defining _XOPEN_SOURCE to
  value less than 500 is (see standards(5));
- we need to work out strategy to handle _XOPEN_SOURCE, current state
  when we define e.g. _XOPEN_SOURCE to 500 in some files is inappropriate;
- sctp implementation on Solaris is incomplete, in sense that bss_dgram.c
  doesn't compile, because not all structures are defined, so that
  enabling sctp doesn't work anyway;

8 years agoseed.c: incredibly enough seed.c can fail to compile on Solaris with certain
Andy Polyakov [Sun, 26 Feb 2012 21:52:43 +0000 (21:52 +0000)]
seed.c: incredibly enough seed.c can fail to compile on Solaris with certain
flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>

8 years agoPR: 2730
Dr. Stephen Henson [Sat, 25 Feb 2012 17:59:40 +0000 (17:59 +0000)]
PR: 2730
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.

8 years agoABI fixes from 1.0.1-stable
Dr. Stephen Henson [Thu, 23 Feb 2012 22:25:52 +0000 (22:25 +0000)]
ABI fixes from 1.0.1-stable

8 years agoPR: 2711
Dr. Stephen Henson [Thu, 23 Feb 2012 21:50:44 +0000 (21:50 +0000)]
PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.

8 years agoPR: 2696
Dr. Stephen Henson [Thu, 23 Feb 2012 21:31:37 +0000 (21:31 +0000)]
PR: 2696
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

8 years agoPR: 2727
Dr. Stephen Henson [Thu, 23 Feb 2012 13:49:35 +0000 (13:49 +0000)]
PR: 2727
Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.

8 years agoABI compliance fixes.
Dr. Stephen Henson [Wed, 22 Feb 2012 15:39:54 +0000 (15:39 +0000)]
ABI compliance fixes.

Move new structure fields to end of structures.

8 years agoSSL export fixes (from Adam Langley) [original from 1.0.1]
Dr. Stephen Henson [Wed, 22 Feb 2012 15:06:56 +0000 (15:06 +0000)]
SSL export fixes (from Adam Langley) [original from 1.0.1]

8 years agoinitialise i if n == 0
Dr. Stephen Henson [Wed, 22 Feb 2012 15:03:44 +0000 (15:03 +0000)]
initialise i if n == 0

8 years agoAdd new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
Dr. Stephen Henson [Tue, 21 Feb 2012 14:41:13 +0000 (14:41 +0000)]
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.

8 years agoFix bug in CVE-2011-4619: check we have really received a client hello
Dr. Stephen Henson [Thu, 16 Feb 2012 15:26:04 +0000 (15:26 +0000)]
Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.

8 years agoAdditional compatibility fix for MDC2 signature format.
Dr. Stephen Henson [Wed, 15 Feb 2012 14:27:25 +0000 (14:27 +0000)]
Additional compatibility fix for MDC2 signature format.

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.

8 years agoAn incompatibility has always existed between the format used for RSA
Dr. Stephen Henson [Wed, 15 Feb 2012 14:04:00 +0000 (14:04 +0000)]
An incompatibility has always existed between the format used for RSA
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.

8 years agoPR: 2713
Dr. Stephen Henson [Sun, 12 Feb 2012 18:47:47 +0000 (18:47 +0000)]
PR: 2713
Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files

8 years agoPR: 2717
Dr. Stephen Henson [Sat, 11 Feb 2012 23:41:19 +0000 (23:41 +0000)]
PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7

8 years agoPR: 2716
Dr. Stephen Henson [Sat, 11 Feb 2012 23:20:53 +0000 (23:20 +0000)]
PR: 2716
Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.

8 years agoPR: 2703
Dr. Stephen Henson [Sat, 11 Feb 2012 23:13:10 +0000 (23:13 +0000)]
PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.

8 years agoPR: 2705
Dr. Stephen Henson [Sat, 11 Feb 2012 23:08:08 +0000 (23:08 +0000)]
PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.

8 years agoSubmitted by: Eric Rescorla <ekr@rtfm.com>
Dr. Stephen Henson [Sat, 11 Feb 2012 22:53:31 +0000 (22:53 +0000)]
Submitted by: Eric Rescorla <ekr@rtfm.com>

Further fixes for use_srtp extension.

8 years agoapps/s_cb.c: recognized latest TLS version.
Andy Polyakov [Sat, 11 Feb 2012 13:30:47 +0000 (13:30 +0000)]
apps/s_cb.c: recognized latest TLS version.

8 years agoPR: 2704
Dr. Stephen Henson [Fri, 10 Feb 2012 20:08:36 +0000 (20:08 +0000)]
PR: 2704
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.

8 years agoPR: 2710
Dr. Stephen Henson [Fri, 10 Feb 2012 19:54:54 +0000 (19:54 +0000)]
PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.

8 years agoPR: 2714
Dr. Stephen Henson [Fri, 10 Feb 2012 19:43:14 +0000 (19:43 +0000)]
PR: 2714
Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.

8 years agoonly cleanup ctx if we need to, save ctx flags when we do
Dr. Stephen Henson [Fri, 10 Feb 2012 16:55:17 +0000 (16:55 +0000)]
only cleanup ctx if we need to, save ctx flags when we do

8 years agoadd fips blocking overrides to command line utilities
Dr. Stephen Henson [Fri, 10 Feb 2012 16:47:40 +0000 (16:47 +0000)]
add fips blocking overrides to command line utilities

8 years agoSubmitted by: Eric Rescorla <ekr@rtfm.com>
Dr. Stephen Henson [Fri, 10 Feb 2012 00:07:18 +0000 (00:07 +0000)]
Submitted by: Eric Rescorla <ekr@rtfm.com>

Fix encoding of use_srtp extension to be compliant with RFC5764

8 years agooops, revert unrelated changes
Dr. Stephen Henson [Thu, 9 Feb 2012 15:43:58 +0000 (15:43 +0000)]
oops, revert unrelated changes

8 years agoModify client hello version when renegotiating to enhance interop with
Dr. Stephen Henson [Thu, 9 Feb 2012 15:42:10 +0000 (15:42 +0000)]
Modify client hello version when renegotiating to enhance interop with
some servers.

8 years agotypo
Dr. Stephen Henson [Thu, 2 Feb 2012 19:18:24 +0000 (19:18 +0000)]
typo

8 years agobn_nist.c: make new optimized code dependent on BN_LLONG.
Andy Polyakov [Thu, 2 Feb 2012 07:46:05 +0000 (07:46 +0000)]
bn_nist.c: make new optimized code dependent on BN_LLONG.

8 years agohpux-parisc2-*: engage assembler.
Andy Polyakov [Thu, 2 Feb 2012 07:41:29 +0000 (07:41 +0000)]
hpux-parisc2-*: engage assembler.

8 years agoAdd support for distinct certificate chains per key type and per SSL
Dr. Stephen Henson [Tue, 31 Jan 2012 14:00:10 +0000 (14:00 +0000)]
Add support for distinct certificate chains per key type and per SSL
structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.

8 years agocode tidy
Dr. Stephen Henson [Fri, 27 Jan 2012 14:21:38 +0000 (14:21 +0000)]
code tidy

8 years agoRevise ssl code to use a CERT_PKEY structure when outputting a
Dr. Stephen Henson [Thu, 26 Jan 2012 16:00:34 +0000 (16:00 +0000)]
Revise ssl code to use a CERT_PKEY structure when outputting a
certificate chain instead of an X509 structure.

This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.

8 years agoTidy/enhance certificate chain output code.
Dr. Stephen Henson [Thu, 26 Jan 2012 15:47:32 +0000 (15:47 +0000)]
Tidy/enhance certificate chain output code.

New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.

8 years agoallow key agreement for SSL/TLS certificates
Dr. Stephen Henson [Thu, 26 Jan 2012 14:57:45 +0000 (14:57 +0000)]
allow key agreement for SSL/TLS certificates

8 years agoinitialise dh_clnt
Dr. Stephen Henson [Thu, 26 Jan 2012 14:37:46 +0000 (14:37 +0000)]
initialise dh_clnt

8 years agoghash-x86.pl: engage original MMX version in no-sse2 builds.
Andy Polyakov [Wed, 25 Jan 2012 17:56:08 +0000 (17:56 +0000)]
ghash-x86.pl: engage original MMX version in no-sse2 builds.

8 years agoadd example for DH certificate generation
Dr. Stephen Henson [Wed, 25 Jan 2012 16:33:39 +0000 (16:33 +0000)]
add example for DH certificate generation

8 years agoadd support for use of fixed DH client certificates
Dr. Stephen Henson [Wed, 25 Jan 2012 14:51:49 +0000 (14:51 +0000)]
add support for use of fixed DH client certificates

8 years agooops revert debug change
Dr. Stephen Henson [Sun, 22 Jan 2012 13:52:39 +0000 (13:52 +0000)]
oops revert debug change

8 years agoreturn error if md is NULL
Dr. Stephen Henson [Sun, 22 Jan 2012 13:12:14 +0000 (13:12 +0000)]
return error if md is NULL

8 years agox86_64-xlate.pl: proper solution for RT#2620.
Andy Polyakov [Sat, 21 Jan 2012 11:34:53 +0000 (11:34 +0000)]
x86_64-xlate.pl: proper solution for RT#2620.