1151 commits

Author	SHA1	Message	Date
Bodo Möller	c098e8b6ca	Disable invalid ciphersuites	2006-06-14 17:51:36 +00:00
Bodo Möller	019a63f9c9	Thread-safety fixes	2006-06-14 08:50:11 +00:00
Dr. Stephen Henson	a6fb8a8203	Update for next dev version.	2006-05-04 13:08:01 +00:00
Dr. Stephen Henson	d26d236162	Prepare for release	2006-05-04 12:52:59 +00:00
Dr. Stephen Henson	309d74c8f0	Update CHANGES.	2006-05-04 11:16:20 +00:00
Dr. Stephen Henson	a5319427a2	Update CHANGES/NEWS.	2006-02-03 18:42:24 +00:00
Mark J. Cox	7606bb65ea	One time CAN->CVE- renumbering	2005-10-19 10:49:39 +00:00
Richard Levitte	2f4d5c6542	After release.	2005-10-14 22:43:18 +00:00
Richard Levitte	deab8d9392	Time for release of 0.9.7i. ... The tag will be OpenSSL_0_9_7i	2005-10-14 22:15:53 +00:00
Mark J. Cox	49a305e7ef	Bump after tagging for 0.9.7h release	2005-10-11 10:14:27 +00:00
Mark J. Cox	a40916cbba	Add fixes for CAN-2005-2969 ... Bump release ready for OpenSSL_0_9_7h tag	2005-10-11 10:10:05 +00:00
Dr. Stephen Henson	e96fad9d2d	Typo.	2005-06-02 20:30:03 +00:00
Dr. Stephen Henson	0c7b06714e	Add CHANGES entry for PSS and X9.31 padding.	2005-06-02 20:08:30 +00:00
Bodo Möller	44a287747f	make sure DSA signing exponentiations really are constant-time	2005-05-26 04:40:42 +00:00
Bodo Möller	fd86c390eb	Change wording for BN_mod_exp_mont_consttime() entry	2005-05-16 19:14:38 +00:00
Bodo Möller	ecb1445ce2	Implement fixed-window exponentiation to mitigate hyper-threading ... timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller	2005-05-16 01:26:08 +00:00
Bodo Möller	00c1c6cb28	PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled ... with the SSL_OP_NO_SSLv2 option.	2005-05-11 18:26:08 +00:00
Dr. Stephen Henson	73f3c281ff	Update from HEAD.	2005-05-01 12:47:33 +00:00
Dr. Stephen Henson	4ed56cba63	New function BN_MONT_CTX_set_locked, to set montgomery parameters in a ... threadsafe manner. Modify or add calls to use it in rsa, dsa and dh algorithms.	2005-04-22 13:17:49 +00:00
Dr. Stephen Henson	96534114a3	Include error library value in C error source files instead of fixing up ... at runtime.	2005-04-12 13:30:45 +00:00
Richard Levitte	d060fc9ff2	Now that things have been tagged properly, make preparations for the ... next version in the 0.9.7 branch.	2005-04-11 15:15:09 +00:00
Richard Levitte	22e5a7935f	Prepare to release 0.9.7g. ... The tag till be OpenSSL_0_9_7g.	2005-04-11 15:10:07 +00:00
Richard Levitte	93aeac64ce	Merge RFC3820 source into mainstream 0.9.7-stable.	2005-04-11 15:03:37 +00:00
Dr. Stephen Henson	c710c7b3a3	Make kerberos ciphersuites work with newer headers.	2005-04-09 23:32:37 +00:00
Ulf Möller	4cf8f9369c	undo Cygwin change	2005-03-23 22:01:57 +00:00
Dr. Stephen Henson	da26bcb5de	Update CHANGES, opensslv.h	2005-03-22 21:27:36 +00:00
Dr. Stephen Henson	9c29e781a8	Oops, use right date!	2005-03-22 19:14:42 +00:00
Dr. Stephen Henson	5c1fd5e316	Update files ready for release.	2005-03-22 18:17:23 +00:00
Dr. Stephen Henson	d5c2bc4bff	Oops...	2005-03-22 14:31:58 +00:00
Dr. Stephen Henson	61823b6a74	Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and ... client random values.	2005-03-22 14:10:32 +00:00
Ulf Möller	6d2a7098d6	Cygwin randomness	2005-03-19 11:40:41 +00:00
Lutz Jänicke	e22e6bf0be	Fix hang in EGD/PRNGD query when communication socket is closed ... prematurely by EGD/PRNGD. PR: 1014 Submitted by: Darren Tucker <dtucker@zip.com.au>	2005-02-19 10:17:26 +00:00
Dr. Stephen Henson	370d418a7b	Prompt for passphrases with PKCS12 input format.	2004-12-29 01:05:35 +00:00
Andy Polyakov	fe707c3260	Summarize recent backports in CHANGES.	2004-12-20 13:21:25 +00:00
Dr. Stephen Henson	da8534693c	Add lots of checks for memory allocation failure, error codes to indicate ... failure and freeing up memory if a failure occurs. PR:620	2004-12-05 01:04:44 +00:00
Dr. Stephen Henson	3384bdd6fe	Add -passin argument to dgst command.	2004-12-03 12:29:17 +00:00
Dr. Stephen Henson	41191d14ce	Perform partial comparison of different character types in X509_NAME_cmp().	2004-12-01 01:45:57 +00:00
Richard Levitte	d133618ce2	Document the change.	2004-11-29 11:56:57 +00:00
Dr. Stephen Henson	2f547d2c1c	Change version numbers to 0.9.7f-dev	2004-10-25 11:31:28 +00:00
Dr. Stephen Henson	bfb7bac83b	Updates for 0.9.7e release.	2004-10-25 11:24:39 +00:00
Dr. Stephen Henson	8de8bcbe2c	Fix race condition when CRL checking is enabled.	2004-10-04 16:27:36 +00:00
Dr. Stephen Henson	a7f14cb4c6	Delta CRL support in extension code.	2004-07-06 17:26:33 +00:00
Dr. Stephen Henson	bdb4a7e092	Fixes so alerts are sent properly in s3_pkt.c ... PR: 851	2004-05-15 17:46:50 +00:00
Bodo Möller	535aef9def	update from current 0.9.6-stable CHANGES file	2004-05-04 01:08:33 +00:00
Dr. Stephen Henson	5a9d2d9081	Port the random serial number generation to 0.9.7-stable. ... Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different technique is used to ensure that 'ca' uses the next serial number. It now initializes the serial number using 'openssl x509 -next_serial'.	2004-04-22 12:19:48 +00:00
Mark J. Cox	494593845c	After tagging	2004-03-17 12:03:38 +00:00
Mark J. Cox	82d63d3028	Fix null-pointer assignment in do_change_cipher_spec() revealed ... by using the Codenomicon TLS Test Tool (CAN-2004-0079) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CAN-2004-0112) Ready for 0.9.7d build Submitted by: Steven Henson Reviewed by: Joe Orton Approved by: Mark Cox	2004-03-17 12:01:19 +00:00
Richard Levitte	051bb5c457	Incorporate the following changes from 0.9.8-dev: ... 2003-04-04 17:10 levitte * apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82): Convert save_serial() to work like save_index(), and add a rotate_serial() that works like rotate_index(). 2003-04-03 20:07 levitte * apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug strings. 2003-04-03 18:33 levitte * apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129), apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80), CHANGES (1.1139): Make it possible to have multiple active certificates with the same subject.	2004-03-08 02:53:46 +00:00
Dr. Stephen Henson	01fc051e8a	Various X509 fixes. Disable broken certificate workarounds ... when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.	2004-03-05 17:16:06 +00:00
Dr. Stephen Henson	33ad6eca7a	Use an OCTET STRING for the encoding of an OCSP nonce value. ... The old raw format can't be handled by some implementations and updates to RFC2560 will make the OCTET STRING mandatory.	2004-02-19 18:17:35 +00:00