- 23 7月, 2001 3 次提交
-
-
由 Lutz Jänicke 提交于
-
由 Lutz Jänicke 提交于
-
由 Geoff Thorpe 提交于
-
- 21 7月, 2001 6 次提交
-
-
由 Richard Levitte 提交于
-
由 Lutz Jänicke 提交于
-
由 Ben Laurie 提交于
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available).
-
由 Richard Levitte 提交于
His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.
-
由 Lutz Jänicke 提交于
-
由 Lutz Jänicke 提交于
-
- 20 7月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
does not contain more bytes than the RSA modulus 'n' - it does not check that the input is strictly *less* than 'n'. Whether this should be the case or not is open to debate - however, due to security problems with returning miscalculated CRT results, the 'rsa_mod_exp' implementation in rsa_eay.c now performs a public-key exponentiation to verify the CRT result and in the event of an error will instead recalculate and return a non-CRT (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent to the mod_exp of 'I mod n', and the verify result is automatically between 0 and n-1 inclusive, the verify only matches the input if 'I' was less than 'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie. they differ by a multiple of 'n'). Rather than rejecting correct calculations and doing redundant and slower ones instead, this changes the equality check in the verification code to a congruence check.
-
- 17 7月, 2001 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 16 7月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
-
- 13 7月, 2001 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Allow OCSP server to handle multiple requests. Document new OCSP options.
-
由 Dr. Stephen Henson 提交于
Initial OCSP server support, using index.txt format. This can process internal requests or behave like a mini responder. Todo: documentation, update usage info.
-
由 Richard Levitte 提交于
Submitted by Jeffrey Altman <jaltman@columbia.edu>
-
- 12 7月, 2001 14 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
decompression. It can be set up to link at link time or to load the zlib library at run-time.
-
由 Lutz Jänicke 提交于
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
certificate so need to match its subject with the certificate IDs in the response.
-
由 Richard Levitte 提交于
Note that since some private kssl functions were exported, the simplest way to rebuild the number table was to toss everything that was new since OpenSSL 0.9.6b. This is safe, since those functions have not yet been exported in an OpenSSL release. Beware, people who trust intermediary snapshots!
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
them to one that won't get exported.
-
由 Richard Levitte 提交于
His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.
-
由 Geoff Thorpe 提交于
things), especially as the RSA keys are fixed. However, DSA only fixes the DSA parameters and then generates the public and private components on the fly each time - this commit hard-codes some sampled key values so that this is no longer the case.
-
由 Richard Levitte 提交于
Jeffrey Altman <jaltman@columbia.edu> (Really, the time that's being parsed is a GeneralizedTime, so if ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used instead)
-
- 11 7月, 2001 10 次提交
-
-
由 Lutz Jänicke 提交于
-
由 Richard Levitte 提交于
His comments are: . Fixed all of the Windows dynamic loading functions, prototypes, etc. . Corrected all of the unsigned/signed comparison warnings . Replaced the references to krb5_cksumarray[] for two reasons. First, it was an internal variable that should not have been referenced outside the library; nor could it have been with a shared library with restricted exports. Second, the variable is no longer used in current Kerberos implementations. I replaced the code with equivalent functionality using functions that are exported from the library.
-
由 Lutz Jänicke 提交于
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
exported header files.
-
由 Richard Levitte 提交于
-
由 Lutz Jänicke 提交于
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
-