Geoff Thorpe
a8aa764d3c
Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,
...
redefine bn_clear_top2max() to be a NOP in the non-debugging case, and
remove some unnecessary usages in bn_nist.c.
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:53:40 +00:00
Geoff Thorpe
e7716b7a19
More changes coming out of the bignum auditing. BN_CTX_get() should ideally
...
return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
2004-03-09 03:47:35 +00:00
Dr. Stephen Henson
a4e3150f00
Fix policy constraints syntax.
2004-03-08 18:15:32 +00:00
Dr. Stephen Henson
edec614efd
Support for inhibitAnyPolicy extension.
2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
00b9c1be7d
Incorporate crlNumber functionality from 0.9.8 except it is commented out
...
in openssl.cnf .
2004-03-08 13:07:07 +00:00
Richard Levitte
051bb5c457
Incorporate the following changes from 0.9.8-dev:
...
2003-04-04 17:10 levitte
* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
Convert save_serial() to work like save_index(), and add a
rotate_serial() that works like rotate_index().
2003-04-03 20:07 levitte
* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
strings.
2003-04-03 18:33 levitte
* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
CHANGES (1.1139): Make it possible to have multiple active
certificates with the same subject.
2004-03-08 02:53:46 +00:00
Ulf Möller
2457c19df1
typo
2004-03-06 08:43:36 +00:00
Dr. Stephen Henson
5fa5eb71a4
Cleanup ASN1 OID module when it exits.
2004-03-05 23:47:56 +00:00
Dr. Stephen Henson
931a031916
Cleanup ASN1 OID module when it exits.
2004-03-05 23:47:39 +00:00
Dr. Stephen Henson
3f39976da3
Call autoconfig code in pkcs7 utility.
2004-03-05 23:46:29 +00:00
Dr. Stephen Henson
be21fe59aa
Call autoconfig code in pkcs7 utility.
2004-03-05 23:45:08 +00:00
Dr. Stephen Henson
216ad9ef58
Memory leak fix.
2004-03-05 23:39:42 +00:00
Dr. Stephen Henson
ef3565aed2
Memory leak fix.
2004-03-05 23:39:12 +00:00
Dr. Stephen Henson
bc50157010
Various X509 fixes. Disable broken certificate workarounds
...
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:35 +00:00
Dr. Stephen Henson
01fc051e8a
Various X509 fixes. Disable broken certificate workarounds
...
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:06 +00:00
Dr. Stephen Henson
ae43f344af
-passin argument to rsautl
2004-03-04 21:58:13 +00:00
Dr. Stephen Henson
91180d45f9
Typos.
...
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:44:39 +00:00
Dr. Stephen Henson
0902c559fb
Typos.
...
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
2004-03-04 21:41:59 +00:00
Richard Levitte
58b6a165a5
Make our page with pointers to binary distributions visible in the FAQ
2004-03-04 07:48:00 +00:00
Richard Levitte
d9f40bbe55
Make our page with pointers to binary distributions visible in the FAQ
2004-03-04 07:47:40 +00:00
Dr. Stephen Henson
ec7c9ee8b8
Indent some of the code examples.
2004-03-02 13:39:23 +00:00
Dr. Stephen Henson
f82bb9cb9c
Config docs.
2004-03-02 13:31:32 +00:00
Dr. Stephen Henson
641c55342b
More configuration docs.
2004-03-02 12:46:30 +00:00
Dr. Stephen Henson
5a8922aed5
Documentation of the KISS autoconfig functions.
2004-03-02 01:01:11 +00:00
Dr. Stephen Henson
e390f5d684
Documentation of the KISS autoconfig functions.
2004-03-02 01:00:24 +00:00
Dr. Stephen Henson
078a97791d
More autoconfig docs.
2004-03-01 19:15:54 +00:00
Dr. Stephen Henson
f2c1812560
More autoconfig docs.
2004-03-01 19:15:24 +00:00
Richard Levitte
4d6b383680
Avoid a memory leak in OCSP_parse_url().
...
Notified by Paul Siegel <psiegel@corestreet.com>
2004-03-01 14:58:25 +00:00
Richard Levitte
4cfa4ae820
Avoid a memory leak in OCSP_parse_url().
...
Notified by Paul Siegel <psiegel@corestreet.com>
2004-03-01 14:58:22 +00:00
Dr. Stephen Henson
489885cf84
Fix from head.
2004-03-01 13:23:41 +00:00
Dr. Stephen Henson
850be8f18d
Initial docs for the OpenSSL library configuration via openssl.cnf
2004-03-01 01:04:58 +00:00
Dr. Stephen Henson
a30af36c77
Initial docs for the OpenSSL library configuration via openssl.cnf
2004-03-01 01:04:40 +00:00
Geoff Thorpe
5075521e75
Add ECDSA documentation.
...
Submitted by: Nils Larsch
2004-02-27 23:03:23 +00:00
Richard Levitte
a22d40dde2
AES is spelled AES, not ASE. Oops...
2004-02-27 02:24:54 +00:00
Richard Levitte
ee3a47a994
AES is spelled AES, not ASE. Oops...
2004-02-27 02:24:49 +00:00
Richard Levitte
ee121033dc
Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
...
PR: 833
2004-02-26 22:07:47 +00:00
Richard Levitte
f727266ae8
Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
...
PR: 833
2004-02-26 22:07:45 +00:00
Richard Levitte
4090b56b4d
Document the AES options for 'openssl smime'.
...
PR: 834
2004-02-26 21:44:43 +00:00
Richard Levitte
8bb0c8522a
Document the AES options for 'openssl smime'.
...
PR: 834
2004-02-26 21:44:41 +00:00
Geoff Thorpe
c6700d2746
A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:32:53 +00:00
Geoff Thorpe
1b06804491
When adding positive elements, we can use BN_uadd() instead of BN_add().
...
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-02-22 19:30:41 +00:00
Dr. Stephen Henson
33ad6eca7a
Use an OCTET STRING for the encoding of an OCSP nonce value.
...
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
2004-02-19 18:17:35 +00:00
Dr. Stephen Henson
dc90f64d56
Use an OCTET STRING for the encoding of an OCSP nonce value.
...
The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
2004-02-19 18:16:38 +00:00
Geoff Thorpe
6c43032121
minor signed/unsigned warning fixes
2004-02-10 18:46:10 +00:00
Dr. Stephen Henson
dd10343e75
Fix handling of -offset and -length in asn1parse tool.
...
If -offset exceeds -length of data available exit with an error.
Don't read past end of total data available when -offset supplied.
If -length exceeds total available truncate it.
2004-02-08 13:30:33 +00:00
Dr. Stephen Henson
37ead9be0b
Fix handling of -offset and -length in asn1parse tool.
...
If -offset exceeds -length of data available exit with an error.
Don't read past end of total data available when -offset supplied.
If -length exceeds total available truncate it.
2004-02-08 13:30:04 +00:00
Andy Polyakov
1751034669
Typo in crypto/bn/asm/x86_64.c, bn_div_words().
...
PR: 821
2004-02-07 09:51:28 +00:00
Andy Polyakov
ad55502092
Typo in crypto/bn/asm/x86_64.c, bn_div_words().
...
PR: 821
2004-02-07 09:46:47 +00:00
Dr. Stephen Henson
d4575825f1
Add flag to avoid continuous
...
memory allocate when calling EVP_MD_CTX_copy_ex().
Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:39:51 +00:00
Dr. Stephen Henson
31edde3edc
Add flag to avoid continuous
...
memory allocate when calling EVP_MD_CTX_copy_ex().
Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:37:56 +00:00