- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
This is now the case for RC5.
As a side effect, the OPTIONS in the Makefile will usually look a
little different now, but they are essentially only for information
anyway.
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.
Update docs.
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
- update from current 0.9.7-stable CHANGES file:
Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
that all patches mentioned for 0.9.7d and 0.9.7e actually are
in the CVS HEAD, i.e. what is to become 0.9.8.
I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
so that it explains the earlier change that is now listed (0.9.7e).
The ENGINE_set_default typo bug entry has been moved from 0.9.8
to 0.9.7b, which is where it belongs.
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).
I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.
This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
