Skip to content
  1. Jul 30, 2001
  2. Jul 27, 2001
  3. Jul 26, 2001
  4. Jul 25, 2001
  5. Jul 24, 2001
  6. Jul 23, 2001
    • Geoff Thorpe's avatar
      - New INSTALL document describing different ways to build "tunala" and · 3866752e
      Geoff Thorpe authored
        possible problems.
      - New file breakage.c handles (so far) missing functions.
      - Get rid of some signed/unsigned/const warnings thanks to solaris-cc
      - Add autoconf/automake input files, and helper scripts to populate missing
        (but auto-generated) files.
      
      This change adds a configure.in and Makefile.am to build everything using
      autoconf, automake, and libtool - and adds "gunk" scripts to generate the
      various files those things need (and clean then up again after). This means
      that "autogunk.sh" needs to be run first on a system with the autotools,
      but the resulting directory should be "configure"able and compilable on
      systems without those tools.
      3866752e
    • Lutz Jänicke's avatar
      Additional inline reference. · 3e3dac9f
      Lutz Jänicke authored
      3e3dac9f
    • Lutz Jänicke's avatar
      Add missing reference. · 397ba0f0
      Lutz Jänicke authored
      397ba0f0
  7. Jul 22, 2001
  8. Jul 21, 2001
  9. Jul 20, 2001
    • Lutz Jänicke's avatar
      Updated explanation. · 6d3dec92
      Lutz Jänicke authored
      6d3dec92
    • Lutz Jänicke's avatar
      Some more documentation bits. · 2d3b6a5b
      Lutz Jänicke authored
      2d3b6a5b
    • Geoff Thorpe's avatar
      Currently, RSA code, when using no padding scheme, simply checks that input · 81d1998e
      Geoff Thorpe authored
      does not contain more bytes than the RSA modulus 'n' - it does not check
      that the input is strictly *less* than 'n'. Whether this should be the
      case or not is open to debate - however, due to security problems with
      returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
      rsa_eay.c now performs a public-key exponentiation to verify the CRT result
      and in the event of an error will instead recalculate and return a non-CRT
      (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
      to the mod_exp of 'I mod n', and the verify result is automatically between
      0 and n-1 inclusive, the verify only matches the input if 'I' was less than
      'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
      they differ by a multiple of 'n'). Rather than rejecting correct
      calculations and doing redundant and slower ones instead, this changes the
      equality check in the verification code to a congruence check.
      81d1998e
  10. Jul 17, 2001
  11. Jul 16, 2001
  12. Jul 15, 2001
  13. Jul 13, 2001
    • Dr. Stephen Henson's avatar
      · 534a1ed0
      Dr. Stephen Henson authored
      Allow OCSP server to handle multiple requests.
      
      Document new OCSP options.
      534a1ed0
  14. Jul 12, 2001
    • Dr. Stephen Henson's avatar
      · ee306a13
      Dr. Stephen Henson authored
      Initial OCSP server support, using index.txt format.
      
      This can process internal requests or behave like a
      mini responder.
      
      Todo: documentation, update usage info.
      ee306a13