Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Allow OCSP server to handle multiple requests. | Dr. Stephen Henson | 2001-07-13 | 2 | -39/+187 |
| | | | | Document new OCSP options. | ||||
* | Initial OCSP server support, using index.txt format. | Dr. Stephen Henson | 2001-07-12 | 4 | -108/+540 |
| | | | | | | | This can process internal requests or behave like a mini responder. Todo: documentation, update usage info. | ||||
* | Prevent KSSL server from requesting a client certificate. | Richard Levitte | 2001-07-12 | 3 | -4/+9 |
| | | | | Submitted by Jeffrey Altman <jaltman@columbia.edu> | ||||
* | paddr may be NULL. Do not crash if it is. | Richard Levitte | 2001-07-12 | 1 | -5/+10 |
| | |||||
* | Clarify that zlib-dynamic is the default choice. | Richard Levitte | 2001-07-12 | 1 | -1/+1 |
| | |||||
* | Add the possibility to specify the use of zlib compression and | Richard Levitte | 2001-07-12 | 3 | -7/+38 |
| | | | | | decompression. It can be set up to link at link time or to load the zlib library at run-time. | ||||
* | Clarify actual state. | Lutz Jänicke | 2001-07-12 | 1 | -3/+3 |
| | |||||
* | Some of the Kerberos code had dissapeared. Reapply. | Richard Levitte | 2001-07-12 | 1 | -1/+6 |
| | |||||
* | Document the recent Kerberos SSL changes. | Richard Levitte | 2001-07-12 | 1 | -0/+13 |
| | |||||
* | Delete extra ; | Dr. Stephen Henson | 2001-07-11 | 1 | -1/+1 |
| | |||||
* | In ocsp_match_issuerid() we are passed the CA that signed the responder | Dr. Stephen Henson | 2001-07-11 | 1 | -1/+1 |
| | | | | | certificate so need to match its subject with the certificate IDs in the response. | ||||
* | make update | Richard Levitte | 2001-07-11 | 2 | -29/+22 |
| | | | | | | | | Note that since some private kssl functions were exported, the simplest way to rebuild the number table was to toss everything that was new since OpenSSL 0.9.6b. This is safe, since those functions have not yet been exported in an OpenSSL release. Beware, people who trust intermediary snapshots! | ||||
* | Include kssl_lcl.h where needed. | Richard Levitte | 2001-07-11 | 4 | -2/+4 |
| | |||||
* | Private functions do not belong in an exported header file, so move | Richard Levitte | 2001-07-11 | 2 | -14/+87 |
| | | | | them to one that won't get exported. | ||||
* | Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu> | Richard Levitte | 2001-07-11 | 4 | -6/+213 |
| | | | | | | | | | | | His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session. | ||||
* | openssl speed is quite useful for testing hardware support (among other | Geoff Thorpe | 2001-07-11 | 3 | -4/+76 |
| | | | | | | | things), especially as the RSA keys are fixed. However, DSA only fixes the DSA parameters and then generates the public and private components on the fly each time - this commit hard-codes some sampled key values so that this is no longer the case. | ||||
* | Code to avoid the use of non-standard strptime(). By | Richard Levitte | 2001-07-11 | 1 | -7/+38 |
| | | | | | | | | Jeffrey Altman <jaltman@columbia.edu> (Really, the time that's being parsed is a GeneralizedTime, so if ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used instead) | ||||
* | Typo... | Lutz Jänicke | 2001-07-11 | 1 | -1/+1 |
| | |||||
* | Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu> | Richard Levitte | 2001-07-11 | 1 | -54/+123 |
| | | | | | | | | | | | | | | | | His comments are: . Fixed all of the Windows dynamic loading functions, prototypes, etc. . Corrected all of the unsigned/signed comparison warnings . Replaced the references to krb5_cksumarray[] for two reasons. First, it was an internal variable that should not have been referenced outside the library; nor could it have been with a shared library with restricted exports. Second, the variable is no longer used in current Kerberos implementations. I replaced the code with equivalent functionality using functions that are exported from the library. | ||||
* | What is an '-engine' version? | Lutz Jänicke | 2001-07-11 | 1 | -0/+7 |
| | |||||
* | The implementation of the TKTBODY ASN.1 functions was missing. | Richard Levitte | 2001-07-11 | 1 | -0/+3 |
| | |||||
* | make update | Richard Levitte | 2001-07-11 | 1 | -0/+66 |
| | |||||
* | Make sure crypto/krb5/krb5_asn.h is copied to the directory of | Richard Levitte | 2001-07-11 | 1 | -0/+1 |
| | | | | exported header files. | ||||
* | Make sure crypto/krb5/krb5_asn.h becomes part of libeay.num. | Richard Levitte | 2001-07-11 | 1 | -0/+1 |
| | |||||
* | Clarify! (based on recent mailing-list discussions) | Lutz Jänicke | 2001-07-11 | 2 | -0/+9 |
| | |||||
* | One forgotten function. | Richard Levitte | 2001-07-11 | 1 | -0/+8 |
| | |||||
* | make update | Richard Levitte | 2001-07-10 | 8 | -757/+1049 |
| | |||||
* | EVP_Digest() takes one more parameter. | Richard Levitte | 2001-07-10 | 1 | -4/+4 |
| | |||||
* | For consistency with the terminology used in my SAC2001 paper, avoid | Bodo Möller | 2001-07-10 | 1 | -5/+5 |
| | | | | | | the term "simultaneous multiplication" (which -- acording to the paper, at least -- applies only to certain methods which we don't use here) | ||||
* | comment change | Bodo Möller | 2001-07-10 | 1 | -3/+3 |
| | |||||
* | Fix PRNG. | Bodo Möller | 2001-07-10 | 4 | -33/+68 |
| | |||||
* | In version numbers, there is just one "M" nybble. | Bodo Möller | 2001-07-10 | 1 | -1/+1 |
| | |||||
* | Precomputation will not necessarily be LIm-Lee precomputation. | Bodo Möller | 2001-07-10 | 2 | -2/+2 |
| | |||||
* | If I define _XOPEN_SOURCE before including *any* system header file, | Richard Levitte | 2001-07-09 | 1 | -1/+1 |
| | | | | things will work much more smoothly. | ||||
* | Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in | Richard Levitte | 2001-07-09 | 14 | -173/+1641 |
| | | | | | | | | | | | | | | | | SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested. | ||||
* | A better compromise between encrypt and decrypt (but why isn't it as fast | Ben Laurie | 2001-07-09 | 3 | -48/+39 |
| | | | | for encrypt?). | ||||
* | Handle the common case first (where input size is a multiple of block size). | Ben Laurie | 2001-07-08 | 1 | -2/+18 |
| | | | | | Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to regain that later. | ||||
* | Use & instead of % - worth about 4% for 8 byte blocks. | Ben Laurie | 2001-07-08 | 2 | -2/+28 |
| | |||||
* | Don't update argc, argv for decrypt flag! | Ben Laurie | 2001-07-08 | 1 | -4/+0 |
| | |||||
* | Speed test decrypt EVP operations. | Ben Laurie | 2001-07-08 | 1 | -4/+22 |
| | |||||
* | Correct const-ness. | Ben Laurie | 2001-07-08 | 3 | -12/+12 |
| | |||||
* | Remove unnecessary casts. | Ben Laurie | 2001-07-06 | 1 | -1/+1 |
| | |||||
* | Constification. | Ben Laurie | 2001-07-06 | 1 | -1/+1 |
| | |||||
* | Use one address consistently. | Richard Levitte | 2001-07-05 | 3 | -3/+3 |
| | |||||
* | Change info to correct values. | Richard Levitte | 2001-07-05 | 5 | -15/+15 |
| | |||||
* | Align with 0.9.6-stable CHANGES file, and make some corrections. | Bodo Möller | 2001-07-04 | 1 | -6/+7 |
| | |||||
* | Engine memory leaks have been fixed by now. | Bodo Möller | 2001-07-04 | 1 | -3/+1 |
| | |||||
* | Call ENGINE_cleanup() to avoid memory leak. | Bodo Möller | 2001-07-04 | 2 | -0/+4 |
| | |||||
* | Entry for Andy's mips3.s fix. | Bodo Möller | 2001-07-04 | 1 | -0/+3 |
| | |||||
* | Update nCipher header with more liberal licence. | Ben Laurie | 2001-07-04 | 1 | -68/+78 |
| |