Commits · e45c32fabf35e50ea451e8a0180c575104e700ac · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Mar 12, 2010
- missing goto meant signature was never printed out · e45c32fa
  Dr. Stephen Henson authored Mar 12, 2010
  
  e45c32fa
- This entry was in 0.9.8m changelog but missing from here, since it's · fb75f349
  Mark J. Cox authored Mar 12, 2010
```
security relevent we'd better list it.
```
  fb75f349
Mar 11, 2010
- Submitted by: Martin Kaiser · a9071652
  Dr. Stephen Henson authored Mar 11, 2010
```
Reject PSS signatures with unsupported trailer value.
```
  a9071652
- alg2 can be NULL · e62774c3
  Dr. Stephen Henson authored Mar 11, 2010
  
  e62774c3
- Add GHASH x86_64 assembler. · f093794e
  Andy Polyakov authored Mar 11, 2010
  
  f093794e
- typo · f26cf995
  Dr. Stephen Henson authored Mar 11, 2010
  
  f26cf995
- RSA PSS ASN1 signing method · 17c63d1c
  Dr. Stephen Henson authored Mar 11, 2010
  
  17c63d1c
- typo · 877669d6
  Dr. Stephen Henson authored Mar 11, 2010
  
  877669d6
- ctrl operations to retrieve RSA algorithm settings · 1c8d9299
  Dr. Stephen Henson authored Mar 11, 2010
  
  1c8d9299
- Add support for new PSS functions in RSA EVP_PKEY_METHOD · bf8883b3
  Dr. Stephen Henson authored Mar 11, 2010
  
  bf8883b3
- Extend PSS padding code to support different digests for MGF1 and message. · e8254d40
  Dr. Stephen Henson authored Mar 11, 2010
  
  e8254d40
- Algorithm specific ASN1 signing functions. · 85522a07
  Dr. Stephen Henson authored Mar 11, 2010
  
  85522a07
- update cms code to use X509_ALGOR_set_md instead of internal function · 31d66c2a
  Dr. Stephen Henson authored Mar 11, 2010
  
  31d66c2a
- New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) · ce25c720
  Dr. Stephen Henson authored Mar 11, 2010
```
from a digest algorithm.
```
  ce25c720
Mar 10, 2010
- don't leave bogus errors in the queue · 77163b62
  Dr. Stephen Henson authored Mar 10, 2010
  
  77163b62
Mar 09, 2010
- Add GHASH x86 assembler. · e3a510f8
  Andy Polyakov authored Mar 09, 2010
  
  e3a510f8
- PR: 2188 · b17bdc77
  Dr. Stephen Henson authored Mar 09, 2010
```
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.
```
  b17bdc77
- PR: 2186 · a0e4a8e1
  Dr. Stephen Henson authored Mar 09, 2010
```
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc
```
  a0e4a8e1
Mar 08, 2010
- reserve a few more bits for future cipher modes · d6eebf6d
  Dr. Stephen Henson authored Mar 08, 2010
  
  d6eebf6d
- gcm128.c: add option for streamed GHASH, simple benchmark, minor naming · 2262beef
  Andy Polyakov authored Mar 08, 2010
```
change.
```
  2262beef
- RSA PSS verification support including certificates and certificate · 31904ecd
  Dr. Stephen Henson authored Mar 08, 2010
```
requests. Add new ASN1 signature initialisation function to handle this
case.
```
  31904ecd
- correct error code · a4d9c12f
  Dr. Stephen Henson authored Mar 08, 2010
  
  a4d9c12f
Mar 07, 2010
- print outermost signature algorithm parameters too · 809cd0a2
  Dr. Stephen Henson authored Mar 07, 2010
  
  809cd0a2
- oops · bea29921
  Dr. Stephen Henson authored Mar 07, 2010
  
  bea29921
- The OID sanity check was incorrect. It should only disallow *leading* 0x80 · 7ed485bc
  Dr. Stephen Henson authored Mar 07, 2010
```
values.
```
  7ed485bc
- although AES is a variable length cipher, AES EVP methods have a fixed key length · 069d4cfe
  Dr. Stephen Henson authored Mar 07, 2010
  
  069d4cfe
- oops, make EVP ctr mode work again · 49436b59
  Dr. Stephen Henson authored Mar 07, 2010
  
  49436b59
- typo · 9ef6fe8c
  Dr. Stephen Henson authored Mar 07, 2010
  
  9ef6fe8c
- add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS · 63b825c9
  Dr. Stephen Henson authored Mar 07, 2010
  
  63b825c9
- add MGF1 digest ctrl · 77f4b6ba
  Dr. Stephen Henson authored Mar 07, 2010
  
  77f4b6ba
- update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify · a5667732
  Dr. Stephen Henson authored Mar 07, 2010
  
  a5667732
Mar 06, 2010
- don't add digest alias if signature algorithm is undefined · 17084562
  Dr. Stephen Henson authored Mar 06, 2010
  
  17084562
- Add PSS algorithm printing. This is an initial step towards full PSS support. · ff04bbe3
  Dr. Stephen Henson authored Mar 06, 2010
```
Uses ASN1 module in Martin Kaiser's PSS patch.
```
  ff04bbe3
- fix indent, newline · 148924c1
  Dr. Stephen Henson authored Mar 06, 2010
  
  148924c1
- Add algorithm specific signature printing. An individual ASN1 method can · fa1ba589
  Dr. Stephen Henson authored Mar 06, 2010
```
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
```
  fa1ba589
Mar 05, 2010
- Fix memory leak: free up ENGINE functional reference if digest is not · 8c4ce7ba
  Dr. Stephen Henson authored Mar 05, 2010
```
found in an ENGINE.
```
  8c4ce7ba
- Add -engine_impl option to dgst which will use an implementation of · bb845ee0
  Dr. Stephen Henson authored Mar 05, 2010
```
an algorithm from the supplied engine instead of just the default one.
```
  bb845ee0
Mar 03, 2010

option to replace extensions with new ones: mainly for creating cross-certificates · b5cfc2f5
Dr. Stephen Henson authored Mar 03, 2010

b5cfc2f5

PR: 2183 · ebaa2cf5

Dr. Stephen Henson authored Mar 03, 2010

PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0

ebaa2cf5

Submitted by: Tomas Hoger <thoger@redhat.com> · cca1cd9a

Dr. Stephen Henson authored Mar 03, 2010

Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).

cca1cd9a