- Feb 01, 2016
-
-
Viktor Dukhovni authored
When auxiliary data contains only reject entries, continue to trust self-signed objects just as when no auxiliary data is present. This makes it possible to reject specific uses without changing what's accepted (and thus overring the underlying EKU). Added new supported certs and doubled test count from 38 to 76. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jan 31, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
d2i_ECPrivateKey always caculates the public key so there is no need to caculate it again in eckey_priv_decode(). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
New functions to return internal pointer for order and cofactor. This avoids the need to allocate a new BIGNUM which to copy the value to. Simplify code to use new functions. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Daniel Kahn Gillmor authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
When the target is {something}-icc, we're doing some extra checks of the icc compiler. However, all such targets were cleaned away in March 2015, so this Configure section is dead code. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Jan 30, 2016
-
-
Rich Salz authored
Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
There was an unused macro in ssl_locl.h that used an internal type, so I removed it. Move bio_st from bio.h to ossl_type.h Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Can't hurt and seems to prevent problems from some over-aggressive (LTO?) compilers. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
top_dir() are used to create directory names, top_file() should be used for files. In a Unixly environment, that doesn't matter, but... Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
PR#4280 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Not all architectures have a time_t defined the same way. To make sure we get the same result, we need to cast &checkoffset to (intmax_t *) and make sure that intmax_t is defined somehow. To make really sure we don't pass a variable with the wrong size down to opt_imax(), we use a temporary intmax_t. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Jan 29, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Also remove $Makefile variable :) Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
As a side-effect of opaque x509, ex_flags were looked up too early, before additional policy cache updates. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
This is a time_t and can be zero or negative. So use 'M' (maximal signed int) not 'p' (positive int). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Some last lflags to convert to ex_libs or a combo of lflags and ex_libs Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The lflags configuration had a weird syntax with a % as separator. If it was present, whatever came before ended up as PEX_LIBS in Makefile (usually, this is LDFLAGS), while whatever came after ended up as EX_LIBS. This change splits that item into lflags and ex_libs, making their use more explicit. Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
A few more sub-joins could be replaced with calls to add() and add_before() Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This reverts commit a450326e . Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Remove depend hacks from demos/engines. Remove clean-depend; just call makedepend (or $CC -M) and use that. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
This is a followin from !1738, we no longer need those variables. Reviewed-by: Richard Levitte <levitte@openssl.org>
-