Commit graph

1149 commits

Author SHA1 Message Date
Dr. Stephen Henson
a6fb8a8203 Update for next dev version. 2006-05-04 13:08:01 +00:00
Dr. Stephen Henson
d26d236162 Prepare for release 2006-05-04 12:52:59 +00:00
Dr. Stephen Henson
309d74c8f0 Update CHANGES. 2006-05-04 11:16:20 +00:00
Dr. Stephen Henson
a5319427a2 Update CHANGES/NEWS. 2006-02-03 18:42:24 +00:00
Mark J. Cox
7606bb65ea One time CAN->CVE- renumbering 2005-10-19 10:49:39 +00:00
Richard Levitte
2f4d5c6542 After release. 2005-10-14 22:43:18 +00:00
Richard Levitte
deab8d9392 Time for release of 0.9.7i.
The tag will be OpenSSL_0_9_7i
2005-10-14 22:15:53 +00:00
Mark J. Cox
49a305e7ef Bump after tagging for 0.9.7h release 2005-10-11 10:14:27 +00:00
Mark J. Cox
a40916cbba Add fixes for CAN-2005-2969
Bump release ready for OpenSSL_0_9_7h tag
2005-10-11 10:10:05 +00:00
Dr. Stephen Henson
e96fad9d2d Typo. 2005-06-02 20:30:03 +00:00
Dr. Stephen Henson
0c7b06714e Add CHANGES entry for PSS and X9.31 padding. 2005-06-02 20:08:30 +00:00
Bodo Möller
44a287747f make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:42 +00:00
Bodo Möller
fd86c390eb Change wording for BN_mod_exp_mont_consttime() entry 2005-05-16 19:14:38 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:26:08 +00:00
Bodo Möller
00c1c6cb28 PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:26:08 +00:00
Dr. Stephen Henson
73f3c281ff Update from HEAD. 2005-05-01 12:47:33 +00:00
Dr. Stephen Henson
4ed56cba63 New function BN_MONT_CTX_set_locked, to set montgomery parameters in a
threadsafe manner.

Modify or add calls to use it in rsa, dsa and dh algorithms.
2005-04-22 13:17:49 +00:00
Dr. Stephen Henson
96534114a3 Include error library value in C error source files instead of fixing up
at runtime.
2005-04-12 13:30:45 +00:00
Richard Levitte
d060fc9ff2 Now that things have been tagged properly, make preparations for the
next version in the 0.9.7 branch.
2005-04-11 15:15:09 +00:00
Richard Levitte
22e5a7935f Prepare to release 0.9.7g.
The tag till be OpenSSL_0_9_7g.
2005-04-11 15:10:07 +00:00
Richard Levitte
93aeac64ce Merge RFC3820 source into mainstream 0.9.7-stable. 2005-04-11 15:03:37 +00:00
Dr. Stephen Henson
c710c7b3a3 Make kerberos ciphersuites work with newer headers. 2005-04-09 23:32:37 +00:00
Ulf Möller
4cf8f9369c undo Cygwin change 2005-03-23 22:01:57 +00:00
Dr. Stephen Henson
da26bcb5de Update CHANGES, opensslv.h 2005-03-22 21:27:36 +00:00
Dr. Stephen Henson
9c29e781a8 Oops, use right date! 2005-03-22 19:14:42 +00:00
Dr. Stephen Henson
5c1fd5e316 Update files ready for release. 2005-03-22 18:17:23 +00:00
Dr. Stephen Henson
d5c2bc4bff Oops... 2005-03-22 14:31:58 +00:00
Dr. Stephen Henson
61823b6a74 Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
client random values.
2005-03-22 14:10:32 +00:00
Ulf Möller
6d2a7098d6 Cygwin randomness 2005-03-19 11:40:41 +00:00
Lutz Jänicke
e22e6bf0be Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:17:26 +00:00
Dr. Stephen Henson
370d418a7b Prompt for passphrases with PKCS12 input format. 2004-12-29 01:05:35 +00:00
Andy Polyakov
fe707c3260 Summarize recent backports in CHANGES. 2004-12-20 13:21:25 +00:00
Dr. Stephen Henson
da8534693c Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:04:44 +00:00
Dr. Stephen Henson
3384bdd6fe Add -passin argument to dgst command. 2004-12-03 12:29:17 +00:00
Dr. Stephen Henson
41191d14ce Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:57 +00:00
Richard Levitte
d133618ce2 Document the change. 2004-11-29 11:56:57 +00:00
Dr. Stephen Henson
2f547d2c1c Change version numbers to 0.9.7f-dev 2004-10-25 11:31:28 +00:00
Dr. Stephen Henson
bfb7bac83b Updates for 0.9.7e release. 2004-10-25 11:24:39 +00:00
Dr. Stephen Henson
8de8bcbe2c Fix race condition when CRL checking is enabled. 2004-10-04 16:27:36 +00:00
Dr. Stephen Henson
a7f14cb4c6 Delta CRL support in extension code. 2004-07-06 17:26:33 +00:00
Dr. Stephen Henson
bdb4a7e092 Fixes so alerts are sent properly in s3_pkt.c
PR: 851
2004-05-15 17:46:50 +00:00
Bodo Möller
535aef9def update from current 0.9.6-stable CHANGES file 2004-05-04 01:08:33 +00:00
Dr. Stephen Henson
5a9d2d9081 Port the random serial number generation to 0.9.7-stable.
Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different
technique is used to ensure that 'ca' uses the next serial number. It
now initializes the serial number using 'openssl x509 -next_serial'.
2004-04-22 12:19:48 +00:00
Mark J. Cox
494593845c After tagging 2004-03-17 12:03:38 +00:00
Mark J. Cox
82d63d3028 Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
Ready for 0.9.7d build

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
2004-03-17 12:01:19 +00:00
Richard Levitte
051bb5c457 Incorporate the following changes from 0.9.8-dev:
2003-04-04 17:10  levitte

	* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
	  Convert save_serial() to work like save_index(), and add a
	  rotate_serial() that works like rotate_index().

2003-04-03 20:07  levitte

	* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
	  strings.

2003-04-03 18:33  levitte

	* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
	  apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
	  CHANGES (1.1139): Make it possible to have multiple active
	  certificates with the same subject.
2004-03-08 02:53:46 +00:00
Dr. Stephen Henson
01fc051e8a Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:06 +00:00
Dr. Stephen Henson
33ad6eca7a Use an OCTET STRING for the encoding of an OCSP nonce value.
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
2004-02-19 18:17:35 +00:00
Dr. Stephen Henson
31edde3edc Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:37:56 +00:00
Dr. Stephen Henson
c22e6753ef Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:25:11 +00:00