Dr. Stephen Henson
297e6f1917
Avoid use of function pointer casts in pem library. Modify safestack to
...
always use inline functions.
2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
b948e2c59e
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
Bodo Möller
19f6c524bf
Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
2007-05-22 09:47:43 +00:00
Ben Laurie
69ab085290
More IGE speedup.
2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2
AES IGE mode speedup.
2007-05-13 12:57:59 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c
Update smime utility to support streaming for -encrypt and -sign -nodetach
...
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e
New -mac and -macopt options to dgst utility. Reimplement -hmac option in
...
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
47b71e6ee9
Update CHANGES.
2007-04-11 12:33:28 +00:00
Dr. Stephen Henson
d952c79a7b
New -sigopt option for dgst utility.
2007-04-08 12:47:18 +00:00
Bodo Möller
b002265ee3
make BN_FLG_CONSTTIME semantics more fool-proof
2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145
Change to mitigate branch prediction attacks
...
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Bodo Möller
0f32c841a6
stricter session ID context matching
2007-03-21 14:33:16 +00:00
Bodo Möller
dd2b6750db
include complete 0.9.7 history
...
include release date of 0.9.8e
2007-02-26 10:49:59 +00:00
Lutz Jänicke
8d72476e2b
Extend SMTP and IMAP protocol handling to perform the required
...
EHLO or CAPABILITY handshake before sending STARTTLS
Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
a2e623c011
Update from 0.9.7-stable.
2007-02-21 13:49:35 +00:00
Bodo Möller
fd5bc65cc8
Improve ciphersuite order stability when disabling ciphersuites.
...
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
2007-02-20 16:36:58 +00:00
Bodo Möller
0a05123a6c
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
...
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
2007-02-19 18:41:41 +00:00
Bodo Möller
52b8dad8ec
Reorganize the data used for SSL ciphersuite pattern matching.
...
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
2007-02-17 06:45:38 +00:00
Nils Larsch
357d5de5b9
add support for DSA with SHA2
2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
11d8cdc6ad
Experimental streaming PKCS#7 support.
...
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.
Nothing uses it at present which is just as well.
Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
fec38ca4ed
fix typos
...
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
06e2dd037e
add support for ecdsa-with-sha256 etc.
2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4
Fix the BIT STRING encoding of EC points or parameter seeds
...
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Bodo Möller
1e24b3a09e
fix support for receiving fragmented handshake messages
2006-11-29 14:45:50 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417
Initial, incomplete support for typesafe macros without using function
...
casts.
2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
...
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c
All 0.9.8d patches have been applied to HEAD now, so we no longer need
...
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86
include 0.9.8d and 0.9.7l information
2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60
Fix ASN.1 parsing of certain invalid structures that can result
...
in a denial of service. (CVE-2006-2937) [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680
Fix buffer overflow in SSL_get_shared_ciphers() function.
...
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331
Tidy up CRL handling by checking for critical extensions when it is
...
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35
Overhaul of by_dir code to handle dynamic loading of CRLs.
2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
...
handling to support this.
2006-09-14 17:25:02 +00:00
Bodo Möller
b6699c3f07
Update
2006-09-12 14:42:19 +00:00
Bodo Möller
ed65f7dc34
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
...
ciphersuite as well
2006-09-11 09:49:03 +00:00
Bodo Möller
6a2c471077
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
2006-09-06 06:34:52 +00:00
Mark J. Cox
b79aa05e3b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:58:03 +00:00
Ben Laurie
aa6d1a0c19
Forward port of IGE mode.
2006-08-31 14:04:04 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
450ea83495
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
...
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
c1c6c0bf45
New non-blocking OCSP functionality.
2006-07-17 12:18:28 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5
New functions to add and free up application defined signature OIDs.
2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5
New functions to enumerate digests and ciphers.
2006-07-09 00:53:45 +00:00
Bodo Möller
e34aa5a3b3
always read in RAND_poll() if we can't use select because of a too
...
large FD: it's non-blocking mode anyway
2006-06-28 14:50:12 +00:00
Richard Levitte
27a3d9f9aa
Use poll() when possible to gather Unix randomness entropy
2006-06-27 06:31:34 +00:00
Bodo Möller
48fc582f66
New functions CRYPTO_set_idptr_callback(),
...
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
81de1028bc
Change in 0.9.8 branch:
...
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
2006-06-22 12:37:28 +00:00
Bodo Möller
850815cb6e
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
2006-06-20 08:50:42 +00:00
Bodo Möller
c4e7870ac1
Change array representation of binary polynomials to make GF2m part of
...
the BN library more generally useful.
Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Bodo Möller
5b57fe0a1e
Disable invalid ciphersuites
2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50
Ciphersuite string bugfixes, and ECC-related (re-)definitions.
2006-06-14 17:40:31 +00:00
Bodo Möller
675f605d44
Thread-safety fixes
2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
fb7b393278
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
...
coding it to "sha1".
2006-06-06 13:27:36 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
de9fcfe348
Initial public key ASN1 method engine support. Not integrated yet.
2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
c9777d2659
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
...
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
58aa573ac2
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.
2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
91c9e62123
New functions for enchanced digest sign/verify.
2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
5531192151
Add -resign and -md options to smime command to support resigning an
...
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140
Multiple signer support in smime application.
2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
121dd39f9f
New option to pkcs12 utility to set alternative MAC digest algorithm.
2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
6d3a1eac3b
Add PRF preference ctrl to ciphers.
2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.
2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f
Extend PBE code to support non default PKCS#5 v2.0 PRFs.
2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
34b3c72e4e
Typo.
2006-05-14 16:50:22 +00:00
Dr. Stephen Henson
959e8dfe06
Update 'req' command to use new keygen API.
2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
5cda6c4582
Fix from stable branch.
2006-05-07 12:30:37 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
d202709808
Add OID cross reference table.
...
Fix some typos in GOST OIDs.
Update dependencies.
2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71
Provisional support for EC pkey method, supporting ECDH and ECDSA.
2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
ba1ba5f0fb
If cipher list contains a match for an explicit ciphersuite only match that
...
one suite.
2006-04-15 00:22:05 +00:00
Dr. Stephen Henson
ffb1ac674c
Complete key derivation support.
2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3ba0885a3e
Extend DH ASN1 method, add DH EVP_PKEY_METHOD.
2006-04-12 23:51:24 +00:00
Ulf Möller
4700aea951
Add BeOS support.
...
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
f733a5ef0e
Initial functions for main EVP_PKEY_METHOD operations.
...
No method implementations yet.
2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
0b6f3c66cd
Initial definitions and a few functions for EVP_PKEY_METHOD: an extension
...
of the EVP routines to public key algorithms.
2006-04-06 13:02:06 +00:00
Dr. Stephen Henson
0b33dac310
New function to retrieve ASN1 info on public key algorithms. New command
...
line option to print out info.
2006-04-04 18:16:03 +00:00
Bodo Möller
332737217a
Implement Supported Elliptic Curves Extension.
...
Submitted by: Douglas Stebila
2006-03-30 02:44:56 +00:00
Dr. Stephen Henson
246e09319c
Fix bug where freed OIDs could be accessed in EVP_cleanup() by
...
defering freeing in OBJ_cleanup().
2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
3e4585c8fd
New utility pkeyparam. Enhance and bugfix algorithm specific parameter
...
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
3e84b6e15f
New general public key utility 'pkey'.
2006-03-28 12:34:45 +00:00
Dr. Stephen Henson
35208f368c
Gather printing routines into EVP_PKEY_ASN1_METHOD.
2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Bodo Möller
36ca4ba63d
Implement the Supported Point Formats Extension for ECC ciphersuites
...
Submitted by: Douglas Stebila
2006-03-11 23:46:37 +00:00
Bodo Möller
ed4a1d12b9
clarification
2006-03-11 22:10:34 +00:00
Nils Larsch
ddac197404
add initial support for RFC 4279 PSK SSL ciphersuites
...
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Ulf Möller
c7235be6e3
RFC 3161 compliant time stamp request creation, response generation
...
and response verification.
Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
31676a3540
Update from stable branch.
2006-01-15 13:50:10 +00:00
Bodo Möller
241520e66d
More TLS extension related changes.
...
Submitted by: Peter Sylvester
2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603
Further TLS extension updates
...
Submitted by: Peter Sylvester
2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f
Fixes for TLS server_name extension
...
Submitted by: Peter Sylvester
2006-01-06 09:08:59 +00:00
Bodo Möller
e8e5b46e2b
Add names for people who provided the TLS extension patch.
2006-01-04 17:35:51 +00:00
Bodo Möller
f1fd4544a3
Various changes in the new TLS extension code, including the following:
...
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902
C style fix-up
2006-01-02 23:29:12 +00:00
Andy Polyakov
ed26604a71
Engage Whirlpool assembler and mention Whirlpool in CHANGES.
2005-12-16 12:55:33 +00:00
Andy Polyakov
0cb9d93d0c
Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES.
2005-12-16 11:12:42 +00:00
Bodo Möller
d56349a2aa
update TLS-ECC code
...
Submitted by: Douglas Stebila
2005-12-13 07:33:35 +00:00
Dr. Stephen Henson
ad2695b1b7
Update from 0.9.8-stable.
2005-12-05 13:46:46 +00:00
Dr. Stephen Henson
b40228a61d
New functions to support opaque EVP_CIPHER_CTX handling.
2005-12-02 13:46:39 +00:00
Dr. Stephen Henson
452ae49db5
Extensive OID code enhancement and fixes.
2005-11-20 13:07:47 +00:00
Bodo Möller
d804f86b88
disable some invalid ciphersuites
2005-11-15 23:32:11 +00:00
Bodo Möller
8dee9f844f
deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
2005-11-15 21:08:38 +00:00
Dr. Stephen Henson
fbf002bb88
Update from stable branch.
2005-11-06 17:58:26 +00:00
Richard Levitte
998ac55e19
Document it
2005-11-01 07:53:37 +00:00
Bodo Möller
a1006c373d
harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES
2005-10-26 19:28:04 +00:00
Andy Polyakov
4d524040bc
Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES.
2005-10-22 17:57:18 +00:00
Mark J. Cox
04fac37311
one time CAN->CVE update
2005-10-19 11:00:39 +00:00
Richard Levitte
89ec4332ec
Add in CHANGES for 0.9.7i.
2005-10-15 04:26:57 +00:00
Mark J. Cox
d357be38b9
Make sure head CHANGES is up to date, we refer to this in announce.txt
2005-10-11 11:10:19 +00:00
Dr. Stephen Henson
566dda07ba
New option SSL_OP_NO_COMP to disable compression. New ctrls to set
...
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29
new option "openssl ciphers -V"
2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
f022c177db
Two new verify flags functions.
2005-09-02 22:49:54 +00:00
Dr. Stephen Henson
1ef7acfe92
Initial support for ASN1 print code.
...
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
2005-09-01 13:59:16 +00:00
Dr. Stephen Henson
a0156a926f
Integrated support for PVK files.
2005-08-31 16:37:54 +00:00
Nils Larsch
6e119bb02e
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:29:54 +00:00
Bodo Möller
770bc596e1
recent DH change does not avoid *all* possible small-subgroup attacks;
...
let's be clear about that
2005-08-23 06:54:33 +00:00
Ben Laurie
bf3d6c0c9b
Make D-H safer, include well-known primes.
2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
eea374fd19
Command line support for RSAPublicKey format.
2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Andy Polyakov
0491e05833
Final(?) WinCE update.
2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
f3b656b246
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Dr. Stephen Henson
8f2e4fdf86
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:15:22 +00:00
Dr. Stephen Henson
0537f9689c
Add support for setting IDP too.
2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0745d0892d
Allow setting of all fields in CRLDP. Few cosmetic changes to output.
2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
9aa9d70ddb
Print out previously unsupported fields in CRLDP by i2r instead of i2v.
...
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c
Initial print only support for IDP CRL extension.
2005-07-23 23:33:06 +00:00
Richard Levitte
2bd2cd9b78
Changes from the 0.9.8 branch.
2005-07-05 19:16:24 +00:00
Richard Levitte
c83101248a
Changes from the 0.9.8 branch.
2005-07-05 18:36:42 +00:00
Andy Polyakov
8d3509b937
CHANGES and TABLE sync with 0.9.8.
2005-07-05 11:48:38 +00:00
Dr. Stephen Henson
cbdac46d58
Update from stable branch.
2005-07-04 23:12:04 +00:00
Dr. Stephen Henson
5d6c4985d1
Typo.
2005-06-02 20:29:32 +00:00
Dr. Stephen Henson
b615ad90c8
Update CHANGES.
2005-06-02 20:11:16 +00:00
Geoff Thorpe
a2c32e2d7f
Change the source and output paths for 'chil' and '4758cca' engines so that
...
dynamic loading is consistent with respect to engine ids.
2005-05-29 19:14:21 +00:00
Bodo Möller
0ebfcc8f92
make sure DSA signing exponentiations really are constant-time
2005-05-26 04:40:52 +00:00
Richard Levitte
28e4fe34e4
Version changes where needed.
2005-05-18 04:04:12 +00:00
Bodo Möller
91b17fbad4
Change wording for BN_mod_exp_mont_consttime() entry
2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00