[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

OpenSSL git user openssl-git at openssl.org
Tue Feb 24 23:36:44 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  36b619a06e5a2a296058f8dbf11a74f95cb3f71d (commit)
       via  13c1807041c9e2a502ee9af418f723bbf135e24c (commit)
      from  f243def213b24256db997bb30f729bc23d2c9d0a (commit)


- Log -----------------------------------------------------------------
commit 36b619a06e5a2a296058f8dbf11a74f95cb3f71d
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Feb 24 13:52:21 2015 +0000

    Document -no_explicit
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b)

commit 13c1807041c9e2a502ee9af418f723bbf135e24c
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Feb 22 17:43:11 2015 +0100

    Fix crash in SPARC T4 XTS.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 775b669de3ba84d8dce16ff5e2bdffe263c05c4b)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/Makefile             |  2 +-
 crypto/camellia/Makefile        |  2 +-
 crypto/perlasm/sparcv9_modes.pl |  1 +
 doc/apps/ocsp.pod               | 10 ++++++++--
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile
index 709b1af..b94ca72 100644
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@@ -72,7 +72,7 @@ aesni-mb-x86_64.s:	asm/aesni-mb-x86_64.pl
 
 aes-sparcv9.s: asm/aes-sparcv9.pl
 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
-aest4-sparcv9.s: asm/aest4-sparcv9.pl
+aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl
 	$(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@
 
 aes-ppc.s:	asm/aes-ppc.pl
diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile
index 88535f9..60e8960 100644
--- a/crypto/camellia/Makefile
+++ b/crypto/camellia/Makefile
@@ -48,7 +48,7 @@ cmll-x86.s:	asm/cmll-x86.pl ../perlasm/x86asm.pl
 	$(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 cmll-x86_64.s:  asm/cmll-x86_64.pl
 	$(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@
-cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl
+cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl
 	$(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@
 
 files:
diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
index dc55b34..eb267a5 100644
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
@@ -1249,6 +1249,7 @@ $code.=<<___;
 	fxor		%f8,  %f4, %f4
 	fxor		%f10, %f6, %f6
 
+	subcc		$len, 2, $len
 	stda		%f0, [$out]0xe2		! ASI_BLK_INIT, T4-specific
 	add		$out, 8, $out
 	stda		%f2, [$out]0xe2		! ASI_BLK_INIT, T4-specific
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 38f026a..2372b37 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -40,6 +40,7 @@ B<openssl> B<ocsp>
 [B<-no_cert_verify>]
 [B<-no_chain>]
 [B<-no_cert_checks>]
+[B<-no_explicit>]
 [B<-port num>]
 [B<-index file>]
 [B<-CA file>]
@@ -189,6 +190,10 @@ testing purposes.
 do not use certificates in the response as additional untrusted CA
 certificates.
 
+=item B<-no_explicit>
+
+do not explicitly trust the root CA if it is set to be trusted for OCSP signing.
+
 =item B<-no_cert_checks>
 
 don't perform any additional checks on the OCSP response signers certificate.
@@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning
 extended key usage is present in the OCSP responder certificate then the
 OCSP verify succeeds.
 
-Otherwise the root CA of the OCSP responders CA is checked to see if it
-is trusted for OCSP signing. If it is the OCSP verify succeeds.
+Otherwise, if B<-no_explicit> is B<not> set the root CA of the OCSP responders
+CA is checked to see if it is trusted for OCSP signing. If it is the OCSP
+verify succeeds.
 
 If none of these checks is successful then the OCSP verify fails.
 


More information about the openssl-commits mailing list