Skip to content
  1. Apr 03, 2018
    • Matt Caswell's avatar
      Fix a text canonicalisation bug in CMS · bcc63714
      Matt Caswell authored
      
      
      Where a CMS detached signature is used with text content the text goes
      through a canonicalisation process first prior to signing or verifying a
      signature. This process strips trailing space at the end of lines, converts
      line terminators to CRLF and removes additional trailing line terminators
      at the end of a file. A bug in the canonicalisation process meant that
      some characters, such as form-feed, were incorrectly treated as whitespace
      and removed. This is contrary to the specification (RFC5485). This fix
      could mean that detached text data signed with an earlier version of
      OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
      signed with a fixed OpenSSL may fail to verify with an earlier version of
      OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
      and use the "-binary" flag (for the "cms" command line application) or set
      the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5790)
      bcc63714
    • Matt Caswell's avatar
      Fix CHANGES · ba505435
      Matt Caswell authored
      
      
      Fix the last release version number in CHANGES
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5852)
      ba505435
  2. Mar 29, 2018
  3. Mar 27, 2018
  4. Mar 26, 2018
  5. Mar 19, 2018
  6. Mar 14, 2018
  7. Mar 07, 2018
    • Viktor Dukhovni's avatar
      Implement multi-process OCSP responder. · 3e3c7c36
      Viktor Dukhovni authored
      
      
      With "-multi" the OCSP responder forks multiple child processes,
      and respawns them as needed.  This can be used as a long-running
      service, not just a demo program.  Therefore the index file is
      automatically re-read when changed.  The responder also now optionally
      times out client requests.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      3e3c7c36
  8. Mar 05, 2018
  9. Mar 04, 2018
  10. Mar 02, 2018
  11. Feb 23, 2018
  12. Feb 13, 2018
  13. Feb 12, 2018
  14. Feb 07, 2018
  15. Jan 29, 2018
  16. Jan 28, 2018
  17. Jan 23, 2018
  18. Jan 07, 2018
  19. Jan 02, 2018
  20. Dec 12, 2017
  21. Dec 07, 2017
  22. Dec 06, 2017
  23. Nov 21, 2017
    • Paul Yang's avatar
      Support multi-prime RSA (RFC 8017) · 665d899f
      Paul Yang authored
      
      
      * Introduce RSA_generate_multi_prime_key to generate multi-prime
        RSA private key. As well as the following functions:
          RSA_get_multi_prime_extra_count
          RSA_get0_multi_prime_factors
          RSA_get0_multi_prime_crt_params
          RSA_set0_multi_prime_params
          RSA_get_version
      * Support EVP operations for multi-prime RSA
      * Support ASN.1 operations for multi-prime RSA
      * Support multi-prime check in RSA_check_key_ex
      * Support multi-prime RSA in apps/genrsa and apps/speed
      * Support multi-prime RSA manipulation functions
      * Test cases and documentation are added
      * CHANGES is updated
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
      (Merged from https://github.com/openssl/openssl/pull/4241)
      665d899f
  24. Nov 12, 2017
  25. Nov 05, 2017
  26. Nov 02, 2017
  27. Oct 31, 2017
  28. Oct 25, 2017
  29. Oct 07, 2017
  30. Aug 30, 2017
  31. Aug 27, 2017
  32. Aug 15, 2017
  33. Aug 07, 2017
  34. Jul 25, 2017
  35. Jul 03, 2017