generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,627 Commits 16 Branches 258 Tags 86 MiB
454dbbc593
Commit Graph

1341 Commits

Author SHA1 Message Date
Bodo Möller
36ca4ba63d Implement the Supported Point Formats Extension for ECC ciphersuites 
Submitted by: Douglas Stebila
 2006-03-11 23:46:37 +00:00
Bodo Möller
ed4a1d12b9 clarification 2006-03-11 22:10:34 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites 
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
 2006-03-10 23:06:27 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
31676a3540 Update from stable branch. 2006-01-15 13:50:10 +00:00
Bodo Möller
241520e66d More TLS extension related changes. 
Submitted by: Peter Sylvester
 2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603 Further TLS extension updates 
Submitted by: Peter Sylvester
 2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f Fixes for TLS server_name extension 
Submitted by: Peter Sylvester
 2006-01-06 09:08:59 +00:00
Bodo Möller
e8e5b46e2b Add names for people who provided the TLS extension patch. 2006-01-04 17:35:51 +00:00
Bodo Möller
f1fd4544a3 Various changes in the new TLS extension code, including the following: 
- fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values
 2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902 C style fix-up 2006-01-02 23:29:12 +00:00
Andy Polyakov
ed26604a71 Engage Whirlpool assembler and mention Whirlpool in CHANGES. 2005-12-16 12:55:33 +00:00
Andy Polyakov
0cb9d93d0c Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES. 2005-12-16 11:12:42 +00:00
Bodo Möller
d56349a2aa update TLS-ECC code 
Submitted by: Douglas Stebila
 2005-12-13 07:33:35 +00:00
Dr. Stephen Henson
ad2695b1b7 Update from 0.9.8-stable. 2005-12-05 13:46:46 +00:00
Dr. Stephen Henson
b40228a61d New functions to support opaque EVP_CIPHER_CTX handling. 2005-12-02 13:46:39 +00:00
Dr. Stephen Henson
452ae49db5 Extensive OID code enhancement and fixes. 2005-11-20 13:07:47 +00:00
Bodo Möller
d804f86b88 disable some invalid ciphersuites 2005-11-15 23:32:11 +00:00
Bodo Möller
8dee9f844f deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-15 21:08:38 +00:00
Dr. Stephen Henson
fbf002bb88 Update from stable branch. 2005-11-06 17:58:26 +00:00
Richard Levitte
998ac55e19 Document it 2005-11-01 07:53:37 +00:00
Bodo Möller
a1006c373d harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES 2005-10-26 19:28:04 +00:00
Andy Polyakov
4d524040bc Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. 2005-10-22 17:57:18 +00:00
Mark J. Cox
04fac37311 one time CAN->CVE update 2005-10-19 11:00:39 +00:00
Richard Levitte
89ec4332ec Add in CHANGES for 0.9.7i. 2005-10-15 04:26:57 +00:00
Mark J. Cox
d357be38b9 Make sure head CHANGES is up to date, we refer to this in announce.txt 2005-10-11 11:10:19 +00:00
Dr. Stephen Henson
566dda07ba New option SSL_OP_NO_COMP to disable compression. New ctrls to set 
maximum send fragment size. Allocate I/O buffers accordingly.
 2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
f022c177db Two new verify flags functions. 2005-09-02 22:49:54 +00:00
Dr. Stephen Henson
1ef7acfe92 Initial support for ASN1 print code. 
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
 2005-09-01 13:59:16 +00:00
Dr. Stephen Henson
a0156a926f Integrated support for PVK files. 2005-08-31 16:37:54 +00:00
Nils Larsch
6e119bb02e Keep cipher lists sorted in the source instead of sorting them at 
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
 2005-08-25 07:29:54 +00:00
Bodo Möller
770bc596e1 recent DH change does not avoid *all* possible small-subgroup attacks; 
let's be clear about that
 2005-08-23 06:54:33 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
eea374fd19 Command line support for RSAPublicKey format. 2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585 Remove ASN1_METHOD code replace with new ASN1 alternative. 2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Andy Polyakov
0491e05833 Final(?) WinCE update. 2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
f3b656b246 Initialize SSL_METHOD structures at compile time. This removes the need 
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
 2005-08-05 23:56:11 +00:00
Dr. Stephen Henson
8f2e4fdf86 Allow PKCS7_decrypt() to work if no cert supplied. 2005-08-04 22:15:22 +00:00
Dr. Stephen Henson
0537f9689c Add support for setting IDP too. 2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0745d0892d Allow setting of all fields in CRLDP. Few cosmetic changes to output. 2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
9aa9d70ddb Print out previously unsupported fields in CRLDP by i2r instead of i2v. 
Cosmetic changes to IDP printout.
 2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c Initial print only support for IDP CRL extension. 2005-07-23 23:33:06 +00:00
Richard Levitte
2bd2cd9b78 Changes from the 0.9.8 branch. 2005-07-05 19:16:24 +00:00
Richard Levitte
c83101248a Changes from the 0.9.8 branch. 2005-07-05 18:36:42 +00:00
Andy Polyakov
8d3509b937 CHANGES and TABLE sync with 0.9.8. 2005-07-05 11:48:38 +00:00
Dr. Stephen Henson
cbdac46d58 Update from stable branch. 2005-07-04 23:12:04 +00:00
Dr. Stephen Henson
5d6c4985d1 Typo. 2005-06-02 20:29:32 +00:00
Dr. Stephen Henson
b615ad90c8 Update CHANGES. 2005-06-02 20:11:16 +00:00
Geoff Thorpe
a2c32e2d7f Change the source and output paths for 'chil' and '4758cca' engines so that 
dynamic loading is consistent with respect to engine ids.
 2005-05-29 19:14:21 +00:00
Bodo Möller
0ebfcc8f92 make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:52 +00:00
Richard Levitte
28e4fe34e4 Version changes where needed. 2005-05-18 04:04:12 +00:00
Bodo Möller
91b17fbad4 Change wording for BN_mod_exp_mont_consttime() entry 2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for 
attribute in EVP_PKEY structure.
 2005-05-15 00:54:45 +00:00
Bodo Möller
c6c2e3135d Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:25:49 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name: 
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
 2005-05-10 11:37:47 +00:00
Bodo Möller
0f4499360e give EC_GROUP_*_nid functions a more meaningful name 
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
    EC_GROUP_set_nid -> EC_GROUP_set_curve_name
 2005-05-09 00:05:17 +00:00
Dr. Stephen Henson
05338b58ce Support for smime-type MIME parameter. 2005-05-01 12:46:57 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch. 
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
 2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary: 
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
 2005-04-26 22:31:48 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Bodo Möller
aa16a28631 first step to melt down ChangeLog.0_9_7-stable_not-in-head :-) 2005-04-25 21:06:05 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign 
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
 2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
bc3cae7e7d Include error library value in C error source files instead of fixing up 
at runtime.
 2005-04-12 13:31:14 +00:00
Dr. Stephen Henson
0858b71b41 Make kerberos ciphersuite code work with newer header files 2005-04-09 23:55:55 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose 
a security threat on unexpecting applications.  Document and test.
 2005-04-09 16:07:12 +00:00
Nils Larsch
dc0ed30cfe add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() 
and SSL_use_PrivateKey_file()

PR: 1035
Submitted by: Walter Goulet
Reviewed by:  Nils Larsch
 2005-04-08 22:52:42 +00:00
Nils Larsch
6049399baf get rid of very buggy and very imcomplete DH cert support 
Reviewed by: Bodo Moeller
 2005-04-07 23:19:17 +00:00
Nils Larsch
12bdb64375 use SHA-1 as the default digest for the apps/openssl commands 2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Bodo Möller
b0ef321cc8 Harmonize with CHANGES as distributed in OpenSSL 0.9.7f. 2005-03-24 01:37:07 +00:00
Ulf Möller
7a8c728860 undo Cygwin change 2005-03-24 00:14:59 +00:00
Dr. Stephen Henson
59b6836ab2 Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and 
client random values.
 2005-03-22 14:11:06 +00:00
Ulf Möller
130db968b8 Use Windows randomness code on Cygwin 2005-03-19 11:39:17 +00:00
Bodo Möller
ecc5ef8793 In addition to RC5, also exclude MDC2 from compilation unless 
the algorithm is explicitly requested.
 2005-03-02 20:11:31 +00:00
Bodo Möller
c9a112f540 Change ./Configure so that certain algorithms can be disabled by default. 
This is now the case for RC5.

As a side effect, the OPTIONS in the Makefile will usually look a
little different now, but they are essentially only for information
anyway.
 2005-02-22 10:29:51 +00:00
Lutz Jänicke
f69a8aebab Fix hang in EGD/PRNGD query when communication socket is closed 
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
 2005-02-19 10:19:07 +00:00
Dr. Stephen Henson
e90faddaf8 Prompt for passphrases for PKCS12 input format 2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
5b40d7dd97 Add -passin argument to dgst command. 2004-12-03 12:26:56 +00:00
Dr. Stephen Henson
1862dae862 Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:30 +00:00
Richard Levitte
5022e4ecdf Document the change. 2004-11-29 11:57:00 +00:00
Andy Polyakov
ea681ba872 Summarize recent RC4 tune-ups. 2004-11-26 15:26:09 +00:00
Dr. Stephen Henson
401ee37a3e Allow alternative manual sections to be embedded in .pod file comments. 2004-11-25 17:47:31 +00:00
Dr. Stephen Henson
826a42a088 PR: 910 
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.
 2004-11-16 17:30:59 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality. 
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
 2004-09-06 18:43:01 +00:00
Geoff Thorpe
30fe028f07 Make a note of the new engine. 2004-08-04 22:42:29 +00:00
Dr. Stephen Henson
637ff35ef6 Delta CRL support in extension code. 2004-07-06 17:16:40 +00:00
Geoff Thorpe
df11e1e921 Deprecate unused cruft, and "make update". 2004-06-17 23:50:25 +00:00
Andy Polyakov
ad5003409d Mention new SHA algorithms in CHANGES. This completes the integration. 2004-05-31 14:03:02 +00:00
Dr. Stephen Henson
4843acc868 Fixes so alerts are sent properly in s3_pkt.c 
PR: 851
 2004-05-15 17:55:07 +00:00
Andy Polyakov
e14f4aab0a CHANGES to mention improved PowerPC platform support. 2004-05-13 13:58:44 +00:00
Bodo Möller
d5f686d808 - update from current 0.9.6-stable CHANGES file 
- update from current 0.9.7-stable CHANGES file:

  Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
  that all patches mentioned for 0.9.7d and 0.9.7e actually are
  in the CVS HEAD, i.e. what is to become 0.9.8.

  I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
  so that it explains the earlier change that is now listed (0.9.7e).

  The ENGINE_set_default typo bug entry has been moved from 0.9.8
  to 0.9.7b, which is where it belongs.
 2004-05-04 01:15:48 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte 
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
 2004-04-26 15:31:35 +00:00
Geoff Thorpe
955d465c2c As far as I can tell, the bugfix this comment refers to was committed to 
0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine
variant).
 2004-04-21 15:12:20 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random 
initial serial numbers.

PR: 842
 2004-04-20 12:05:26 +00:00