Skip to content
  1. Jul 27, 2001
    • Dr. Stephen Henson's avatar
      · 1241126a
      Dr. Stephen Henson authored
      More linker bloat reorganisation:
      
      Split private key PEM and normal PEM handling. Private key
      handling needs to link in stuff like PKCS#8.
      
      Relocate the ASN1 *_dup() functions, to the relevant ASN1
      modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
      these were all in crypto/x509/x_all.c along with every ASN1
      BIO/fp function which linked in *every* ASN1 function if
      a single dup was used.
      
      Move the authority key id ASN1 structure to a separate file.
      This is used in the X509 routines and its previous location
      linked in all the v3 extension code.
      
      Also move ASN1_tag2bit to avoid linking in a_bytes.c which
      is now largely obsolete.
      
      So far under Linux stripped binary with single PEM_read_X509
      is now 238K compared to 380K before these changes.
      1241126a
  2. Jul 26, 2001
  3. Jul 25, 2001
  4. Jul 24, 2001
  5. Jul 23, 2001
    • Geoff Thorpe's avatar
      - New INSTALL document describing different ways to build "tunala" and · 3866752e
      Geoff Thorpe authored
        possible problems.
      - New file breakage.c handles (so far) missing functions.
      - Get rid of some signed/unsigned/const warnings thanks to solaris-cc
      - Add autoconf/automake input files, and helper scripts to populate missing
        (but auto-generated) files.
      
      This change adds a configure.in and Makefile.am to build everything using
      autoconf, automake, and libtool - and adds "gunk" scripts to generate the
      various files those things need (and clean then up again after). This means
      that "autogunk.sh" needs to be run first on a system with the autotools,
      but the resulting directory should be "configure"able and compilable on
      systems without those tools.
      3866752e
    • Lutz Jänicke's avatar
      Additional inline reference. · 3e3dac9f
      Lutz Jänicke authored
      3e3dac9f
    • Lutz Jänicke's avatar
      Add missing reference. · 397ba0f0
      Lutz Jänicke authored
      397ba0f0
  6. Jul 22, 2001
  7. Jul 21, 2001
  8. Jul 20, 2001
    • Lutz Jänicke's avatar
      Updated explanation. · 6d3dec92
      Lutz Jänicke authored
      6d3dec92
    • Lutz Jänicke's avatar
      Some more documentation bits. · 2d3b6a5b
      Lutz Jänicke authored
      2d3b6a5b
    • Geoff Thorpe's avatar
      Currently, RSA code, when using no padding scheme, simply checks that input · 81d1998e
      Geoff Thorpe authored
      does not contain more bytes than the RSA modulus 'n' - it does not check
      that the input is strictly *less* than 'n'. Whether this should be the
      case or not is open to debate - however, due to security problems with
      returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
      rsa_eay.c now performs a public-key exponentiation to verify the CRT result
      and in the event of an error will instead recalculate and return a non-CRT
      (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
      to the mod_exp of 'I mod n', and the verify result is automatically between
      0 and n-1 inclusive, the verify only matches the input if 'I' was less than
      'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
      they differ by a multiple of 'n'). Rather than rejecting correct
      calculations and doing redundant and slower ones instead, this changes the
      equality check in the verification code to a congruence check.
      81d1998e
  9. Jul 17, 2001
  10. Jul 16, 2001
  11. Jul 15, 2001
  12. Jul 13, 2001
    • Dr. Stephen Henson's avatar
      · 534a1ed0
      Dr. Stephen Henson authored
      Allow OCSP server to handle multiple requests.
      
      Document new OCSP options.
      534a1ed0
  13. Jul 12, 2001
  14. Jul 11, 2001