Nils Larsch
6e119bb02e
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:29:54 +00:00
Bodo Möller
770bc596e1
recent DH change does not avoid *all* possible small-subgroup attacks;
...
let's be clear about that
2005-08-23 06:54:33 +00:00
Ben Laurie
bf3d6c0c9b
Make D-H safer, include well-known primes.
2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
eea374fd19
Command line support for RSAPublicKey format.
2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Andy Polyakov
0491e05833
Final(?) WinCE update.
2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
f3b656b246
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Dr. Stephen Henson
8f2e4fdf86
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:15:22 +00:00
Dr. Stephen Henson
0537f9689c
Add support for setting IDP too.
2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0745d0892d
Allow setting of all fields in CRLDP. Few cosmetic changes to output.
2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
9aa9d70ddb
Print out previously unsupported fields in CRLDP by i2r instead of i2v.
...
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c
Initial print only support for IDP CRL extension.
2005-07-23 23:33:06 +00:00
Richard Levitte
2bd2cd9b78
Changes from the 0.9.8 branch.
2005-07-05 19:16:24 +00:00
Richard Levitte
c83101248a
Changes from the 0.9.8 branch.
2005-07-05 18:36:42 +00:00
Andy Polyakov
8d3509b937
CHANGES and TABLE sync with 0.9.8.
2005-07-05 11:48:38 +00:00
Dr. Stephen Henson
cbdac46d58
Update from stable branch.
2005-07-04 23:12:04 +00:00
Dr. Stephen Henson
5d6c4985d1
Typo.
2005-06-02 20:29:32 +00:00
Dr. Stephen Henson
b615ad90c8
Update CHANGES.
2005-06-02 20:11:16 +00:00
Geoff Thorpe
a2c32e2d7f
Change the source and output paths for 'chil' and '4758cca' engines so that
...
dynamic loading is consistent with respect to engine ids.
2005-05-29 19:14:21 +00:00
Bodo Möller
0ebfcc8f92
make sure DSA signing exponentiations really are constant-time
2005-05-26 04:40:52 +00:00
Richard Levitte
28e4fe34e4
Version changes where needed.
2005-05-18 04:04:12 +00:00
Bodo Möller
91b17fbad4
Change wording for BN_mod_exp_mont_consttime() entry
2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
c6c2e3135d
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
0f4499360e
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-09 00:05:17 +00:00
Dr. Stephen Henson
05338b58ce
Support for smime-type MIME parameter.
2005-05-01 12:46:57 +00:00
Dr. Stephen Henson
6ec8e63af6
Port BN_MONT_CTX_set_locked() from stable branch.
...
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5
some updates for the blinding code; summary:
...
- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785 )
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555 )
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Bodo Möller
aa16a28631
first step to melt down ChangeLog.0_9_7-stable_not-in-head :-)
2005-04-25 21:06:05 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
bc3cae7e7d
Include error library value in C error source files instead of fixing up
...
at runtime.
2005-04-12 13:31:14 +00:00
Dr. Stephen Henson
0858b71b41
Make kerberos ciphersuite code work with newer header files
2005-04-09 23:55:55 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Nils Larsch
dc0ed30cfe
add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file()
...
and SSL_use_PrivateKey_file()
PR: 1035
Submitted by: Walter Goulet
Reviewed by: Nils Larsch
2005-04-08 22:52:42 +00:00
Nils Larsch
6049399baf
get rid of very buggy and very imcomplete DH cert support
...
Reviewed by: Bodo Moeller
2005-04-07 23:19:17 +00:00
Nils Larsch
12bdb64375
use SHA-1 as the default digest for the apps/openssl commands
2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Bodo Möller
b0ef321cc8
Harmonize with CHANGES as distributed in OpenSSL 0.9.7f.
2005-03-24 01:37:07 +00:00
Ulf Möller
7a8c728860
undo Cygwin change
2005-03-24 00:14:59 +00:00
Dr. Stephen Henson
59b6836ab2
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
...
client random values.
2005-03-22 14:11:06 +00:00
Ulf Möller
130db968b8
Use Windows randomness code on Cygwin
2005-03-19 11:39:17 +00:00
Bodo Möller
ecc5ef8793
In addition to RC5, also exclude MDC2 from compilation unless
...
the algorithm is explicitly requested.
2005-03-02 20:11:31 +00:00
Bodo Möller
c9a112f540
Change ./Configure so that certain algorithms can be disabled by default.
...
This is now the case for RC5.
As a side effect, the OPTIONS in the Makefile will usually look a
little different now, but they are essentially only for information
anyway.
2005-02-22 10:29:51 +00:00
Lutz Jänicke
f69a8aebab
Fix hang in EGD/PRNGD query when communication socket is closed
...
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:19:07 +00:00
Dr. Stephen Henson
e90faddaf8
Prompt for passphrases for PKCS12 input format
2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00