- Jul 30, 2001
-
-
Lutz Jänicke authored
-
- Jul 27, 2001
-
-
Bodo Möller authored
-
Bodo Möller authored
-
Lutz Jänicke authored
circumstances.
-
- Jul 26, 2001
-
-
Lutz Jänicke authored
-
- Jul 25, 2001
-
-
Bodo Möller authored
or bogus DH parameters can be used for launching DOS attacks
-
Bodo Möller authored
-
Bodo Möller authored
-
Bodo Möller authored
-
Lutz Jänicke authored
-
- Jul 24, 2001
-
-
Bodo Möller authored
Submitted by: Travis Vitek <vitek@roguewave.com>
-
- Jul 23, 2001
-
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
- Jul 21, 2001
-
-
Lutz Jänicke authored
-
cvs2svn authored
'OpenSSL_0_9_6-stable'.
-
Lutz Jänicke authored
-
Ben Laurie authored
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available).
-
Richard Levitte authored
His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.
-
- Jul 20, 2001
-
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
cvs2svn authored
'OpenSSL_0_9_6-stable'.
-
Lutz Jänicke authored
-
Geoff Thorpe authored
does not contain more bytes than the RSA modulus 'n' - it does not check that the input is strictly *less* than 'n'. Whether this should be the case or not is open to debate - however, due to security problems with returning miscalculated CRT results, the 'rsa_mod_exp' implementation in rsa_eay.c now performs a public-key exponentiation to verify the CRT result and in the event of an error will instead recalculate and return a non-CRT (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent to the mod_exp of 'I mod n', and the verify result is automatically between 0 and n-1 inclusive, the verify only matches the input if 'I' was less than 'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie. they differ by a multiple of 'n'). Rather than rejecting correct calculations and doing redundant and slower ones instead, this changes the equality check in the verification code to a congruence check.
-
- Jul 17, 2001
-
-
Andy Polyakov authored
-
- Jul 16, 2001
-
-
Richard Levitte authored
-
Richard Levitte authored
-
- Jul 15, 2001
-
-
Richard Levitte authored
-
Richard Levitte authored
-
- Jul 13, 2001
-
-
Dr. Stephen Henson authored
Allow OCSP server to handle multiple requests. Document new OCSP options.
-
- Jul 12, 2001
-
-
Dr. Stephen Henson authored
Initial OCSP server support, using index.txt format. This can process internal requests or behave like a mini responder. Todo: documentation, update usage info.
-
Richard Levitte authored
Submitted by Jeffrey Altman <jaltman@columbia.edu>
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
decompression. It can be set up to link at link time or to load the zlib library at run-time.
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
Richard Levitte authored
-
Richard Levitte authored
-
- Jul 11, 2001
-
-
Dr. Stephen Henson authored
-