Commits · 465b9f6b26e0ea9181cff7a55dcc69b3fc1291fe · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Apr 26, 2005

some updates for the blinding code; summary: · 800e400d

Nils Larsch authored Apr 26, 2005

- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c

800e400d

Add DTLS support. · 36d16f8e
Ben Laurie authored Apr 26, 2005

36d16f8e

Apr 25, 2005
- first step to melt down ChangeLog.0_9_7-stable_not-in-head :-) · aa16a286
  Bodo Möller authored Apr 25, 2005
  
  aa16a286
Apr 22, 2005

- use BN_set_negative and BN_is_negative instead of BN_set_sign · ff22e913

Nils Larsch authored Apr 22, 2005

  and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"

ff22e913

Apr 12, 2005
- Include error library value in C error source files instead of fixing up · bc3cae7e
  Dr. Stephen Henson authored Apr 12, 2005
```
at runtime.
```
  bc3cae7e
Apr 09, 2005
- Make kerberos ciphersuite code work with newer header files · 0858b71b
  Dr. Stephen Henson authored Apr 09, 2005
  
  0858b71b
- Added restrictions on the use of proxy certificates, as they may pose · d9bfe4f9
  Richard Levitte authored Apr 09, 2005
```
a security threat on unexpecting applications.  Document and test.
```
  d9bfe4f9
Apr 08, 2005
- add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() · dc0ed30c
  Nils Larsch authored Apr 08, 2005
```
and SSL_use_PrivateKey_file()

PR: 1035
Submitted by: Walter Goulet
Reviewed by:  Nils Larsch
```
  dc0ed30c
Apr 07, 2005
- get rid of very buggy and very imcomplete DH cert support · 6049399b
  Nils Larsch authored Apr 07, 2005
```
Reviewed by: Bodo Moeller
```
  6049399b
Apr 02, 2005
- use SHA-1 as the default digest for the apps/openssl commands · 12bdb643
  Nils Larsch authored Apr 02, 2005
  
  12bdb643
Mar 31, 2005
- Give everything prototypes (well, everything that's actually used). · 41a15c4f
  Ben Laurie authored Mar 31, 2005
  
  41a15c4f
Mar 24, 2005
- Harmonize with CHANGES as distributed in OpenSSL 0.9.7f. · b0ef321c
  Bodo Möller authored Mar 24, 2005
  
  b0ef321c
- undo Cygwin change · 7a8c7288
  Ulf Möller authored Mar 24, 2005
  
  7a8c7288
Mar 22, 2005
- Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and · 59b6836a
  Dr. Stephen Henson authored Mar 22, 2005
```
client random values.
```
  59b6836a
Mar 19, 2005
- Use Windows randomness code on Cygwin · 130db968
  Ulf Möller authored Mar 19, 2005
  
  130db968
Mar 02, 2005
- In addition to RC5, also exclude MDC2 from compilation unless · ecc5ef87
  Bodo Möller authored Mar 02, 2005
```
the algorithm is explicitly requested.
```
  ecc5ef87
Feb 22, 2005

Change ./Configure so that certain algorithms can be disabled by default. · c9a112f5

Bodo Möller authored Feb 22, 2005

This is now the case for RC5.

As a side effect, the OPTIONS in the Makefile will usually look a
little different now, but they are essentially only for information
anyway.

c9a112f5

Feb 19, 2005
- Fix hang in EGD/PRNGD query when communication socket is closed · f69a8aeb
  Lutz Jänicke authored Feb 19, 2005
```
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
```
  f69a8aeb
Dec 29, 2004
- Prompt for passphrases for PKCS12 input format · e90fadda
  Dr. Stephen Henson authored Dec 29, 2004
  
  e90fadda
Dec 28, 2004
- Add functionality needed to process proxy certificates. · 6951c23a
  Richard Levitte authored Dec 28, 2004
  
  6951c23a
Dec 05, 2004
- Add lots of checks for memory allocation failure, error codes to indicate · a0e7c8ee
  Dr. Stephen Henson authored Dec 05, 2004
```
failure and freeing up memory if a failure occurs.

PR:620
```
  a0e7c8ee
Dec 03, 2004
- Add -passin argument to dgst command. · 5b40d7dd
  Dr. Stephen Henson authored Dec 03, 2004
  
  5b40d7dd
Dec 01, 2004
- Perform partial comparison of different character types in X509_NAME_cmp(). · 1862dae8
  Dr. Stephen Henson authored Dec 01, 2004
  
  1862dae8
Nov 29, 2004
- Document the change. · 5022e4ec
  Richard Levitte authored Nov 29, 2004
  
  5022e4ec
Nov 26, 2004
- Summarize recent RC4 tune-ups. · ea681ba8
  Andy Polyakov authored Nov 26, 2004
  
  ea681ba8
Nov 25, 2004
- Allow alternative manual sections to be embedded in .pod file comments. · 401ee37a
  Dr. Stephen Henson authored Nov 25, 2004
  
  401ee37a
Nov 16, 2004

PR: 910 · 826a42a0

Dr. Stephen Henson authored Nov 16, 2004

Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.

826a42a0

Oct 04, 2004
- Fix race condition when CRL checking is enabled. · 2f605e8d
  Dr. Stephen Henson authored Oct 04, 2004
  
  2f605e8d
Sep 06, 2004

New X509_VERIFY_PARAM structure and associated functionality. · 5d7c222d

Dr. Stephen Henson authored Sep 06, 2004

This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.

5d7c222d

Aug 04, 2004
- Make a note of the new engine. · 30fe028f
  Geoff Thorpe authored Aug 04, 2004
  
  30fe028f
Jul 06, 2004
- Delta CRL support in extension code. · 637ff35e
  Dr. Stephen Henson authored Jul 06, 2004
  
  637ff35e
Jun 17, 2004
- Deprecate unused cruft, and "make update". · df11e1e9
  Geoff Thorpe authored Jun 17, 2004
  
  df11e1e9
May 31, 2004
- Mention new SHA algorithms in CHANGES. This completes the integration. · ad500340
  Andy Polyakov authored May 31, 2004
  
  ad500340
May 15, 2004
- Fixes so alerts are sent properly in s3_pkt.c · 4843acc8
  Dr. Stephen Henson authored May 15, 2004
```
PR: 851
```
  4843acc8
May 13, 2004
- CHANGES to mention improved PowerPC platform support. · e14f4aab
  Andy Polyakov authored May 13, 2004
  
  e14f4aab
May 04, 2004

- update from current 0.9.6-stable CHANGES file · d5f686d8

Bodo Möller authored May 04, 2004

- update from current 0.9.7-stable CHANGES file:

  Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
  that all patches mentioned for 0.9.7d and 0.9.7e actually are
  in the CVS HEAD, i.e. what is to become 0.9.8.

  I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
  so that it explains the earlier change that is now listed (0.9.7e).

  The ENGINE_set_default typo bug entry has been moved from 0.9.8
  to 0.9.7b, which is where it belongs.

d5f686d8

Apr 26, 2004

Allow RSA key-generation to specify an arbitrary public exponent. Jelte · bcfea9fb

Geoff Thorpe authored Apr 26, 2004

proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe

bcfea9fb

Apr 21, 2004
- As far as I can tell, the bugfix this comment refers to was committed to · 955d465c
  Geoff Thorpe authored Apr 21, 2004
```
0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine
variant).
```
  955d465c
Apr 20, 2004
- Reduce chances of issuer and serial number duplication by use of random · 64674bcc
  Dr. Stephen Henson authored Apr 20, 2004
```
initial serial numbers.

PR: 842
```
  64674bcc
Apr 19, 2004

Reduce header interdependencies, initially in engine.h (the rest of the · 3a87a9b9

Geoff Thorpe authored Apr 19, 2004

changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.

3a87a9b9