Dr. Stephen Henson
de12116417
Initial, incomplete support for typesafe macros without using function
...
casts.
2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
...
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c
All 0.9.8d patches have been applied to HEAD now, so we no longer need
...
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86
include 0.9.8d and 0.9.7l information
2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60
Fix ASN.1 parsing of certain invalid structures that can result
...
in a denial of service. (CVE-2006-2937) [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680
Fix buffer overflow in SSL_get_shared_ciphers() function.
...
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331
Tidy up CRL handling by checking for critical extensions when it is
...
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35
Overhaul of by_dir code to handle dynamic loading of CRLs.
2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
...
handling to support this.
2006-09-14 17:25:02 +00:00
Bodo Möller
b6699c3f07
Update
2006-09-12 14:42:19 +00:00
Bodo Möller
ed65f7dc34
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
...
ciphersuite as well
2006-09-11 09:49:03 +00:00
Bodo Möller
6a2c471077
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
2006-09-06 06:34:52 +00:00
Mark J. Cox
b79aa05e3b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:58:03 +00:00
Ben Laurie
aa6d1a0c19
Forward port of IGE mode.
2006-08-31 14:04:04 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
450ea83495
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
...
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
c1c6c0bf45
New non-blocking OCSP functionality.
2006-07-17 12:18:28 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5
New functions to add and free up application defined signature OIDs.
2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5
New functions to enumerate digests and ciphers.
2006-07-09 00:53:45 +00:00
Bodo Möller
e34aa5a3b3
always read in RAND_poll() if we can't use select because of a too
...
large FD: it's non-blocking mode anyway
2006-06-28 14:50:12 +00:00
Richard Levitte
27a3d9f9aa
Use poll() when possible to gather Unix randomness entropy
2006-06-27 06:31:34 +00:00
Bodo Möller
48fc582f66
New functions CRYPTO_set_idptr_callback(),
...
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
81de1028bc
Change in 0.9.8 branch:
...
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
2006-06-22 12:37:28 +00:00
Bodo Möller
850815cb6e
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
2006-06-20 08:50:42 +00:00
Bodo Möller
c4e7870ac1
Change array representation of binary polynomials to make GF2m part of
...
the BN library more generally useful.
Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Bodo Möller
5b57fe0a1e
Disable invalid ciphersuites
2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50
Ciphersuite string bugfixes, and ECC-related (re-)definitions.
2006-06-14 17:40:31 +00:00
Bodo Möller
675f605d44
Thread-safety fixes
2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
fb7b393278
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
...
coding it to "sha1".
2006-06-06 13:27:36 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
de9fcfe348
Initial public key ASN1 method engine support. Not integrated yet.
2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
c9777d2659
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
...
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
58aa573ac2
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.
2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
91c9e62123
New functions for enchanced digest sign/verify.
2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
5531192151
Add -resign and -md options to smime command to support resigning an
...
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140
Multiple signer support in smime application.
2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
121dd39f9f
New option to pkcs12 utility to set alternative MAC digest algorithm.
2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
6d3a1eac3b
Add PRF preference ctrl to ciphers.
2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.
2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f
Extend PBE code to support non default PKCS#5 v2.0 PRFs.
2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
34b3c72e4e
Typo.
2006-05-14 16:50:22 +00:00
Dr. Stephen Henson
959e8dfe06
Update 'req' command to use new keygen API.
2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
5cda6c4582
Fix from stable branch.
2006-05-07 12:30:37 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00