- Jul 27, 2001
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
More linker bloat reorganisation: Split private key PEM and normal PEM handling. Private key handling needs to link in stuff like PKCS#8. Relocate the ASN1 *_dup() functions, to the relevant ASN1 modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously these were all in crypto/x509/x_all.c along with every ASN1 BIO/fp function which linked in *every* ASN1 function if a single dup was used. Move the authority key id ASN1 structure to a separate file. This is used in the X509 routines and its previous location linked in all the v3 extension code. Also move ASN1_tag2bit to avoid linking in a_bytes.c which is now largely obsolete. So far under Linux stripped binary with single PEM_read_X509 is now 238K compared to 380K before these changes.
-
- Jul 26, 2001
-
-
Dr. Stephen Henson authored
First of several reorganisations to reduce linker bloat. For example the single line: PEM_read_X509() results in a binary of around 400K in Linux! This first step separates some of the PEM functions and avoids linking in some PKCS#7 and PKCS#12 code.
-
Lutz Jänicke authored
-
- Jul 25, 2001
-
-
Bodo Möller authored
or bogus DH parameters can be used for launching DOS attacks
-
Bodo Möller authored
-
Bodo Möller authored
-
Bodo Möller authored
-
Andy Polyakov authored
explicitely noted that 64-bit SPARCv9 ABI is not officially supported by GCC 3.0 (support is scheduled for 3.1 release), but it appears to work, at the very least 'make test' passes...
-
Lutz Jänicke authored
-
Bodo Möller authored
-
- Jul 24, 2001
-
-
Bodo Möller authored
-
Bodo Möller authored
Submitted by: Travis Vitek <vitek@roguewave.com>
-
- Jul 23, 2001
-
-
Geoff Thorpe authored
possible problems. - New file breakage.c handles (so far) missing functions. - Get rid of some signed/unsigned/const warnings thanks to solaris-cc - Add autoconf/automake input files, and helper scripts to populate missing (but auto-generated) files. This change adds a configure.in and Makefile.am to build everything using autoconf, automake, and libtool - and adds "gunk" scripts to generate the various files those things need (and clean then up again after). This means that "autogunk.sh" needs to be run first on a system with the autotools, but the resulting directory should be "configure"able and compilable on systems without those tools.
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
- Jul 22, 2001
-
-
Geoff Thorpe authored
-
- Jul 21, 2001
-
-
Richard Levitte authored
-
Lutz Jänicke authored
-
Ben Laurie authored
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available).
-
Richard Levitte authored
His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.
-
- Jul 20, 2001
-
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
Geoff Thorpe authored
does not contain more bytes than the RSA modulus 'n' - it does not check that the input is strictly *less* than 'n'. Whether this should be the case or not is open to debate - however, due to security problems with returning miscalculated CRT results, the 'rsa_mod_exp' implementation in rsa_eay.c now performs a public-key exponentiation to verify the CRT result and in the event of an error will instead recalculate and return a non-CRT (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent to the mod_exp of 'I mod n', and the verify result is automatically between 0 and n-1 inclusive, the verify only matches the input if 'I' was less than 'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie. they differ by a multiple of 'n'). Rather than rejecting correct calculations and doing redundant and slower ones instead, this changes the equality check in the verification code to a congruence check.
-
- Jul 17, 2001
-
-
Andy Polyakov authored
-
- Jul 16, 2001
-
-
Richard Levitte authored
-
- Jul 15, 2001
-
-
Richard Levitte authored
-
- Jul 13, 2001
-
-
Dr. Stephen Henson authored
Allow OCSP server to handle multiple requests. Document new OCSP options.
-
- Jul 12, 2001
-
-
Dr. Stephen Henson authored
Initial OCSP server support, using index.txt format. This can process internal requests or behave like a mini responder. Todo: documentation, update usage info.
-
Richard Levitte authored
Submitted by Jeffrey Altman <jaltman@columbia.edu>
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
decompression. It can be set up to link at link time or to load the zlib library at run-time.
-
Lutz Jänicke authored
-
Richard Levitte authored
-
Richard Levitte authored
-
- Jul 11, 2001
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
certificate so need to match its subject with the certificate IDs in the response.
-
Richard Levitte authored
Note that since some private kssl functions were exported, the simplest way to rebuild the number table was to toss everything that was new since OpenSSL 0.9.6b. This is safe, since those functions have not yet been exported in an OpenSSL release. Beware, people who trust intermediary snapshots!
-
Richard Levitte authored
-