Dr. Stephen Henson
0fce007b8e
Add two extra verify flags functions.
2005-09-02 22:48:21 +00:00
Nils Larsch
3c0e39c539
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:43:04 +00:00
Bodo Möller
19fddebf0e
recent DH change does not avoid *all* possible small-subgroup attacks;
...
let's be clear about that
2005-08-23 06:55:45 +00:00
Ben Laurie
6086422193
Missed stuff.
2005-08-20 21:30:33 +00:00
Ben Laurie
9ddb11f11c
Avoid weak subgroups in Diffie Hellman.
2005-08-20 18:35:53 +00:00
Andy Polyakov
98e986141b
Windows CE update from HEAD.
2005-08-07 22:29:58 +00:00
Dr. Stephen Henson
222f224664
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:52:08 +00:00
Dr. Stephen Henson
1682e8fb12
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:10:05 +00:00
Richard Levitte
750cb3d248
Now that 0.9.8 has been tagged, it's time to move on.
2005-07-05 19:11:56 +00:00
Richard Levitte
f254b540b8
Time to release OpenSSL 0.9.8.
...
The tag will be OpenSSL_0_9_8.
2005-07-05 18:49:43 +00:00
Richard Levitte
1d01c9d43d
Last additions to the release documentation.
2005-07-05 18:32:05 +00:00
Andy Polyakov
e32ea81876
Mention Win64 support in CHANGES and throw in building instructions.
2005-07-05 10:53:13 +00:00
Dr. Stephen Henson
09c1a425a9
Add utf8 options to ca utility.
...
PR:1109
2005-07-04 23:04:28 +00:00
Dr. Stephen Henson
ab95eac286
Typo.
2005-06-02 20:30:46 +00:00
Dr. Stephen Henson
1cd76233d1
Update CHANGES.
2005-06-02 20:09:43 +00:00
Geoff Thorpe
a4578a5413
Change the source and output paths for 'chil' and '4758cca' engines so that
...
dynamic loading is consistent with respect to engine ids.
2005-05-29 19:16:26 +00:00
Bodo Möller
e4106a4e24
make sure DSA signing exponentiations really are constant-time
2005-05-26 04:40:57 +00:00
Bodo Möller
91b17fbad4
Change wording for BN_mod_exp_mont_consttime() entry
2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
c6c2e3135d
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
0f4499360e
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-09 00:05:17 +00:00
Dr. Stephen Henson
05338b58ce
Support for smime-type MIME parameter.
2005-05-01 12:46:57 +00:00
Dr. Stephen Henson
6ec8e63af6
Port BN_MONT_CTX_set_locked() from stable branch.
...
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5
some updates for the blinding code; summary:
...
- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785 )
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555 )
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Bodo Möller
aa16a28631
first step to melt down ChangeLog.0_9_7-stable_not-in-head :-)
2005-04-25 21:06:05 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
bc3cae7e7d
Include error library value in C error source files instead of fixing up
...
at runtime.
2005-04-12 13:31:14 +00:00
Dr. Stephen Henson
0858b71b41
Make kerberos ciphersuite code work with newer header files
2005-04-09 23:55:55 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Nils Larsch
dc0ed30cfe
add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file()
...
and SSL_use_PrivateKey_file()
PR: 1035
Submitted by: Walter Goulet
Reviewed by: Nils Larsch
2005-04-08 22:52:42 +00:00
Nils Larsch
6049399baf
get rid of very buggy and very imcomplete DH cert support
...
Reviewed by: Bodo Moeller
2005-04-07 23:19:17 +00:00
Nils Larsch
12bdb64375
use SHA-1 as the default digest for the apps/openssl commands
2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Bodo Möller
b0ef321cc8
Harmonize with CHANGES as distributed in OpenSSL 0.9.7f.
2005-03-24 01:37:07 +00:00
Ulf Möller
7a8c728860
undo Cygwin change
2005-03-24 00:14:59 +00:00
Dr. Stephen Henson
59b6836ab2
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
...
client random values.
2005-03-22 14:11:06 +00:00
Ulf Möller
130db968b8
Use Windows randomness code on Cygwin
2005-03-19 11:39:17 +00:00
Bodo Möller
ecc5ef8793
In addition to RC5, also exclude MDC2 from compilation unless
...
the algorithm is explicitly requested.
2005-03-02 20:11:31 +00:00
Bodo Möller
c9a112f540
Change ./Configure so that certain algorithms can be disabled by default.
...
This is now the case for RC5.
As a side effect, the OPTIONS in the Makefile will usually look a
little different now, but they are essentially only for information
anyway.
2005-02-22 10:29:51 +00:00
Lutz Jänicke
f69a8aebab
Fix hang in EGD/PRNGD query when communication socket is closed
...
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:19:07 +00:00
Dr. Stephen Henson
e90faddaf8
Prompt for passphrases for PKCS12 input format
2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd
Add functionality needed to process proxy certificates.
2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
5b40d7dd97
Add -passin argument to dgst command.
2004-12-03 12:26:56 +00:00
Dr. Stephen Henson
1862dae862
Perform partial comparison of different character types in X509_NAME_cmp().
2004-12-01 01:45:30 +00:00
Richard Levitte
5022e4ecdf
Document the change.
2004-11-29 11:57:00 +00:00
Andy Polyakov
ea681ba872
Summarize recent RC4 tune-ups.
2004-11-26 15:26:09 +00:00