Commit graph

7247 commits

Author SHA1 Message Date
Geoff Thorpe
a8aa764d3c Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,
redefine bn_clear_top2max() to be a NOP in the non-debugging case, and
remove some unnecessary usages in bn_nist.c.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:53:40 +00:00
Geoff Thorpe
e7716b7a19 More changes coming out of the bignum auditing. BN_CTX_get() should ideally
return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:47:35 +00:00
Dr. Stephen Henson
a4e3150f00 Fix policy constraints syntax. 2004-03-08 18:15:32 +00:00
Dr. Stephen Henson
edec614efd Support for inhibitAnyPolicy extension. 2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
00b9c1be7d Incorporate crlNumber functionality from 0.9.8 except it is commented out
in openssl.cnf .
2004-03-08 13:07:07 +00:00
Richard Levitte
051bb5c457 Incorporate the following changes from 0.9.8-dev:
2003-04-04 17:10  levitte

	* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
	  Convert save_serial() to work like save_index(), and add a
	  rotate_serial() that works like rotate_index().

2003-04-03 20:07  levitte

	* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
	  strings.

2003-04-03 18:33  levitte

	* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
	  apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
	  CHANGES (1.1139): Make it possible to have multiple active
	  certificates with the same subject.
2004-03-08 02:53:46 +00:00
Ulf Möller
2457c19df1 typo 2004-03-06 08:43:36 +00:00
Dr. Stephen Henson
5fa5eb71a4 Cleanup ASN1 OID module when it exits. 2004-03-05 23:47:56 +00:00
Dr. Stephen Henson
931a031916 Cleanup ASN1 OID module when it exits. 2004-03-05 23:47:39 +00:00
Dr. Stephen Henson
3f39976da3 Call autoconfig code in pkcs7 utility. 2004-03-05 23:46:29 +00:00
Dr. Stephen Henson
be21fe59aa Call autoconfig code in pkcs7 utility. 2004-03-05 23:45:08 +00:00
Dr. Stephen Henson
216ad9ef58 Memory leak fix. 2004-03-05 23:39:42 +00:00
Dr. Stephen Henson
ef3565aed2 Memory leak fix. 2004-03-05 23:39:12 +00:00
Dr. Stephen Henson
bc50157010 Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:35 +00:00
Dr. Stephen Henson
01fc051e8a Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:06 +00:00
Dr. Stephen Henson
ae43f344af -passin argument to rsautl 2004-03-04 21:58:13 +00:00
Dr. Stephen Henson
91180d45f9 Typos.
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:44:39 +00:00
Dr. Stephen Henson
0902c559fb Typos.
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:41:59 +00:00
Richard Levitte
58b6a165a5 Make our page with pointers to binary distributions visible in the FAQ 2004-03-04 07:48:00 +00:00
Richard Levitte
d9f40bbe55 Make our page with pointers to binary distributions visible in the FAQ 2004-03-04 07:47:40 +00:00
Dr. Stephen Henson
ec7c9ee8b8 Indent some of the code examples. 2004-03-02 13:39:23 +00:00
Dr. Stephen Henson
f82bb9cb9c Config docs. 2004-03-02 13:31:32 +00:00
Dr. Stephen Henson
641c55342b More configuration docs. 2004-03-02 12:46:30 +00:00
Dr. Stephen Henson
5a8922aed5 Documentation of the KISS autoconfig functions. 2004-03-02 01:01:11 +00:00
Dr. Stephen Henson
e390f5d684 Documentation of the KISS autoconfig functions. 2004-03-02 01:00:24 +00:00
Dr. Stephen Henson
078a97791d More autoconfig docs. 2004-03-01 19:15:54 +00:00
Dr. Stephen Henson
f2c1812560 More autoconfig docs. 2004-03-01 19:15:24 +00:00
Richard Levitte
4d6b383680 Avoid a memory leak in OCSP_parse_url().
Notified by Paul Siegel <psiegel@corestreet.com>
2004-03-01 14:58:25 +00:00
Richard Levitte
4cfa4ae820 Avoid a memory leak in OCSP_parse_url().
Notified by Paul Siegel <psiegel@corestreet.com>
2004-03-01 14:58:22 +00:00
Dr. Stephen Henson
489885cf84 Fix from head. 2004-03-01 13:23:41 +00:00
Dr. Stephen Henson
850be8f18d Initial docs for the OpenSSL library configuration via openssl.cnf 2004-03-01 01:04:58 +00:00
Dr. Stephen Henson
a30af36c77 Initial docs for the OpenSSL library configuration via openssl.cnf 2004-03-01 01:04:40 +00:00
Geoff Thorpe
5075521e75 Add ECDSA documentation.
Submitted by: Nils Larsch
2004-02-27 23:03:23 +00:00
Richard Levitte
a22d40dde2 AES is spelled AES, not ASE. Oops... 2004-02-27 02:24:54 +00:00
Richard Levitte
ee3a47a994 AES is spelled AES, not ASE. Oops... 2004-02-27 02:24:49 +00:00
Richard Levitte
ee121033dc Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
PR: 833
2004-02-26 22:07:47 +00:00
Richard Levitte
f727266ae8 Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
PR: 833
2004-02-26 22:07:45 +00:00
Richard Levitte
4090b56b4d Document the AES options for 'openssl smime'.
PR: 834
2004-02-26 21:44:43 +00:00
Richard Levitte
8bb0c8522a Document the AES options for 'openssl smime'.
PR: 834
2004-02-26 21:44:41 +00:00
Geoff Thorpe
c6700d2746 A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:32:53 +00:00
Geoff Thorpe
1b06804491 When adding positive elements, we can use BN_uadd() instead of BN_add().
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:30:41 +00:00
Dr. Stephen Henson
33ad6eca7a Use an OCTET STRING for the encoding of an OCSP nonce value.
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
2004-02-19 18:17:35 +00:00
Dr. Stephen Henson
dc90f64d56 Use an OCTET STRING for the encoding of an OCSP nonce value.
The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
2004-02-19 18:16:38 +00:00
Geoff Thorpe
6c43032121 minor signed/unsigned warning fixes 2004-02-10 18:46:10 +00:00
Dr. Stephen Henson
dd10343e75 Fix handling of -offset and -length in asn1parse tool.
If -offset exceeds -length of data available exit with an error.

Don't read past end of total data available when -offset supplied.

If -length exceeds total available truncate it.
2004-02-08 13:30:33 +00:00
Dr. Stephen Henson
37ead9be0b Fix handling of -offset and -length in asn1parse tool.
If -offset exceeds -length of data available exit with an error.

Don't read past end of total data available when -offset supplied.

If -length exceeds total available truncate it.
2004-02-08 13:30:04 +00:00
Andy Polyakov
1751034669 Typo in crypto/bn/asm/x86_64.c, bn_div_words().
PR: 821
2004-02-07 09:51:28 +00:00
Andy Polyakov
ad55502092 Typo in crypto/bn/asm/x86_64.c, bn_div_words().
PR: 821
2004-02-07 09:46:47 +00:00
Dr. Stephen Henson
d4575825f1 Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:39:51 +00:00
Dr. Stephen Henson
31edde3edc Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:37:56 +00:00