- 31 7月, 2001 4 次提交
-
-
由 Ben Laurie 提交于
DES's keyschedules. I know these two should be separate, and I'll back out the DES changes if they are deemed to be an error. Note that there is a memory leak lurking in SSL somewhere in this version.
-
由 Ben Laurie 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
HP-UX in common in ./config). Note that for the moment of this writing none of 64-bit platforms pass bntest. I'm committing this anyway as it's too frustrating to patch snapshots over and over while 0.9.6 is known to work.
-
- 30 7月, 2001 6 次提交
-
-
由 Andy Polyakov 提交于
-
由 Ben Laurie 提交于
-
由 Andy Polyakov 提交于
-
由 Lutz Jänicke 提交于
-
由 Lutz Jänicke 提交于
-
由 Lutz Jänicke 提交于
-
- 28 7月, 2001 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
- 27 7月, 2001 5 次提交
-
-
由 Lutz Jänicke 提交于
circumstances.
-
由 Richard Levitte 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
More linker bloat reorganisation: Split private key PEM and normal PEM handling. Private key handling needs to link in stuff like PKCS#8. Relocate the ASN1 *_dup() functions, to the relevant ASN1 modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously these were all in crypto/x509/x_all.c along with every ASN1 BIO/fp function which linked in *every* ASN1 function if a single dup was used. Move the authority key id ASN1 structure to a separate file. This is used in the X509 routines and its previous location linked in all the v3 extension code. Also move ASN1_tag2bit to avoid linking in a_bytes.c which is now largely obsolete. So far under Linux stripped binary with single PEM_read_X509 is now 238K compared to 380K before these changes.
-
由 Dr. Stephen Henson 提交于
First of several reorganisations to reduce linker bloat. For example the single line: PEM_read_X509() results in a binary of around 400K in Linux! This first step separates some of the PEM functions and avoids linking in some PKCS#7 and PKCS#12 code.
-
- 26 7月, 2001 5 次提交
-
-
由 Lutz Jänicke 提交于
-
由 Bodo Möller 提交于
or bogus DH parameters can be used for launching DOS attacks
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
- 25 7月, 2001 3 次提交
-
-
由 Andy Polyakov 提交于
explicitely noted that 64-bit SPARCv9 ABI is not officially supported by GCC 3.0 (support is scheduled for 3.1 release), but it appears to work, at the very least 'make test' passes...
-
由 Lutz Jänicke 提交于
-
由 Bodo Möller 提交于
-
- 24 7月, 2001 3 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
Submitted by: Travis Vitek <vitek@roguewave.com>
-
由 Geoff Thorpe 提交于
possible problems. - New file breakage.c handles (so far) missing functions. - Get rid of some signed/unsigned/const warnings thanks to solaris-cc - Add autoconf/automake input files, and helper scripts to populate missing (but auto-generated) files. This change adds a configure.in and Makefile.am to build everything using autoconf, automake, and libtool - and adds "gunk" scripts to generate the various files those things need (and clean then up again after). This means that "autogunk.sh" needs to be run first on a system with the autotools, but the resulting directory should be "configure"able and compilable on systems without those tools.
-
- 23 7月, 2001 3 次提交
-
-
由 Lutz Jänicke 提交于
-
由 Lutz Jänicke 提交于
-
由 Geoff Thorpe 提交于
-
- 21 7月, 2001 6 次提交
-
-
由 Richard Levitte 提交于
-
由 Lutz Jänicke 提交于
-
由 Ben Laurie 提交于
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available).
-
由 Richard Levitte 提交于
His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.
-
由 Lutz Jänicke 提交于
-
由 Lutz Jänicke 提交于
-
- 20 7月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
does not contain more bytes than the RSA modulus 'n' - it does not check that the input is strictly *less* than 'n'. Whether this should be the case or not is open to debate - however, due to security problems with returning miscalculated CRT results, the 'rsa_mod_exp' implementation in rsa_eay.c now performs a public-key exponentiation to verify the CRT result and in the event of an error will instead recalculate and return a non-CRT (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent to the mod_exp of 'I mod n', and the verify result is automatically between 0 and n-1 inclusive, the verify only matches the input if 'I' was less than 'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie. they differ by a multiple of 'n'). Rather than rejecting correct calculations and doing redundant and slower ones instead, this changes the equality check in the verification code to a congruence check.
-
- 17 7月, 2001 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 16 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
-