16 years agoReduce chances of issuer and serial number duplication by use of random
Dr. Stephen Henson [Tue, 20 Apr 2004 12:05:26 +0000 (12:05 +0000)]
Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.

PR: 842

16 years agoWhooaaaaa, the BN_CTX_DEBUG macro really produces output these
Richard Levitte [Tue, 20 Apr 2004 11:53:33 +0000 (11:53 +0000)]
Whooaaaaa, the BN_CTX_DEBUG macro really produces output these
days...  A little too much for my tests, currently...

16 years agoPrint the debug thingies on stderr instead of stdout. If for nothing
Richard Levitte [Tue, 20 Apr 2004 10:57:07 +0000 (10:57 +0000)]
Print the debug thingies on stderr instead of stdout.  If for nothing
else then at least so bc doesn't have problems parsing the output from
bntest :-).

16 years agomake update
Geoff Thorpe [Mon, 19 Apr 2004 18:33:41 +0000 (18:33 +0000)]
make update

16 years ago"make update" noticed a new function.
Geoff Thorpe [Mon, 19 Apr 2004 18:32:19 +0000 (18:32 +0000)]
"make update" noticed a new function.

16 years agoMore updates for the header cleanups (and apologies, again, for not having
Geoff Thorpe [Mon, 19 Apr 2004 18:30:41 +0000 (18:30 +0000)]
More updates for the header cleanups (and apologies, again, for not having
consolidated these prior to committing).

16 years agoWhen generating dependencies in the makefiles, generate the reduced
Geoff Thorpe [Mon, 19 Apr 2004 18:19:24 +0000 (18:19 +0000)]
When generating dependencies in the makefiles, generate the reduced
dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies
being reproduced for "deprecated" header behaviour when a developer doesn't
define the symbol (with the subsequent CVS wars that can ensue).

16 years agoheader cleanup in apps/
Geoff Thorpe [Mon, 19 Apr 2004 18:13:07 +0000 (18:13 +0000)]
header cleanup in apps/

16 years ago(oops) Apologies all, that last header-cleanup commit was from the wrong
Geoff Thorpe [Mon, 19 Apr 2004 18:09:28 +0000 (18:09 +0000)]
(oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.

16 years agoReduce header interdependencies, initially in engine.h (the rest of the
Geoff Thorpe [Mon, 19 Apr 2004 17:46:04 +0000 (17:46 +0000)]
Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.

16 years agoClear error if unique_subject lookup fails.
Dr. Stephen Henson [Thu, 15 Apr 2004 00:32:19 +0000 (00:32 +0000)]
Clear error if unique_subject lookup fails.

16 years agoAdd some root CAs.
Dr. Stephen Henson [Tue, 13 Apr 2004 17:47:37 +0000 (17:47 +0000)]
Add some root CAs.

16 years agoAvoid undefined results when the parameter is out of range.
Geoff Thorpe [Fri, 2 Apr 2004 06:25:11 +0000 (06:25 +0000)]
Avoid undefined results when the parameter is out of range.

16 years agoDon't use C++ reserved word.
Dr. Stephen Henson [Thu, 1 Apr 2004 22:23:46 +0000 (22:23 +0000)]
Don't use C++ reserved word.

16 years agoOops forgot CHANGES entry.
Dr. Stephen Henson [Wed, 31 Mar 2004 12:55:33 +0000 (12:55 +0000)]
Oops forgot CHANGES entry.

16 years agoNew function X509_POLICY_NODE_print()
Dr. Stephen Henson [Wed, 31 Mar 2004 12:17:24 +0000 (12:17 +0000)]
New function X509_POLICY_NODE_print()

16 years agoAdd symbol hacks for some long names.
Richard Levitte [Mon, 29 Mar 2004 08:13:49 +0000 (08:13 +0000)]
Add symbol hacks for some long names.
make update

16 years agoThis is essentially Intel 32-bit compiler tune-up. To start with all
Andy Polyakov [Sun, 28 Mar 2004 21:27:47 +0000 (21:27 +0000)]
This is essentially Intel 32-bit compiler tune-up. To start with all
available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if is linked with
-Bsymbolic (which it is).

16 years agoEnhance EVP code to generate random symmetric keys of the
Dr. Stephen Henson [Sun, 28 Mar 2004 17:38:00 +0000 (17:38 +0000)]
Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700

16 years agoMake {i2v,v2i}_ASN1_BIT_STRING global.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:40:11 +0000 (12:40 +0000)]
Make {i2v,v2i}_ASN1_BIT_STRING global.

make update

16 years agoRemove obsolete files.
Dr. Stephen Henson [Sun, 28 Mar 2004 12:29:05 +0000 (12:29 +0000)]
Remove obsolete files.

16 years agoAllow CRLs to be passed into X509_STORE_CTX. This is useful when the
Dr. Stephen Henson [Sat, 27 Mar 2004 22:49:28 +0000 (22:49 +0000)]
Allow CRLs to be passed into X509_STORE_CTX. This is useful when the
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.

16 years agoExtend OID config module format.
Dr. Stephen Henson [Sat, 27 Mar 2004 13:30:14 +0000 (13:30 +0000)]
Extend OID config module format.

16 years agoFree up BIO properly when using streaming S/MIME sign.
Dr. Stephen Henson [Fri, 26 Mar 2004 00:24:38 +0000 (00:24 +0000)]
Free up BIO properly when using streaming S/MIME sign.

16 years agoRemove BN_CTX debug from debug-steve
Dr. Stephen Henson [Thu, 25 Mar 2004 23:32:06 +0000 (23:32 +0000)]
Remove BN_CTX debug from debug-steve

16 years agoSSL_COMP_get_compression_method is a typo (a missing 's' at the end of
Richard Levitte [Thu, 25 Mar 2004 21:32:30 +0000 (21:32 +0000)]
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).

16 years agoMove the definition of Win32_rename(), since the macro rename gets undefined
Richard Levitte [Thu, 25 Mar 2004 20:09:00 +0000 (20:09 +0000)]
Move the definition of Win32_rename(), since the macro rename gets undefined
in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

16 years agoWrap code starting with a definition.
Richard Levitte [Thu, 25 Mar 2004 20:01:01 +0000 (20:01 +0000)]
Wrap code starting with a definition.
PR: 854

16 years agoChange spaces to symbols in names.
Richard Levitte [Thu, 25 Mar 2004 19:52:34 +0000 (19:52 +0000)]
Change spaces to symbols in names.
PR: 856

16 years agoMake prototypes for some callback pointers.
Richard Levitte [Thu, 25 Mar 2004 16:21:42 +0000 (16:21 +0000)]
Make prototypes for some callback pointers.

16 years agoA couple more cases where RAND_add() gets an integer instead of a
Richard Levitte [Thu, 25 Mar 2004 16:04:02 +0000 (16:04 +0000)]
A couple more cases where RAND_add() gets an integer instead of a
doule as last argument.

16 years agoRAND_add() wants a double as it's last argument.
Richard Levitte [Thu, 25 Mar 2004 15:52:43 +0000 (15:52 +0000)]
RAND_add() wants a double as it's last argument.

16 years agoFix loads of warnings in policy code.
Dr. Stephen Henson [Thu, 25 Mar 2004 13:45:58 +0000 (13:45 +0000)]
Fix loads of warnings in policy code.

I'll remember to try to compile this with warnings enabled next time :-)

16 years agoFix ASN1 warnings.
Dr. Stephen Henson [Thu, 25 Mar 2004 13:37:02 +0000 (13:37 +0000)]
Fix ASN1 warnings.

16 years agoAdjust various bignum functions to use BN_CTX for variables instead of
Geoff Thorpe [Thu, 25 Mar 2004 04:32:24 +0000 (04:32 +0000)]
Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near

16 years agoReplace the BN_CTX implementation with my current work. I'm leaving the
Geoff Thorpe [Thu, 25 Mar 2004 04:16:14 +0000 (04:16 +0000)]
Replace the BN_CTX implementation with my current work. I'm leaving the
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.

16 years agoAdds warnings about two curves and fixes the "seed" value for two other
Geoff Thorpe [Thu, 25 Mar 2004 03:03:52 +0000 (03:03 +0000)]
Adds warnings about two curves and fixes the "seed" value for two other

Submitted by: Nils Larsch

16 years ago... and this should likewise fix up those RSA implementations that weren't
Geoff Thorpe [Thu, 25 Mar 2004 02:55:17 +0000 (02:55 +0000)]
... and this should likewise fix up those RSA implementations that weren't
already built and tested.

16 years agoBy adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
Geoff Thorpe [Thu, 25 Mar 2004 02:52:04 +0000 (02:52 +0000)]
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.

16 years agoDamn, I was a bit hasty with my fix and hadn't spotted the linker
Geoff Thorpe [Thu, 25 Mar 2004 02:41:35 +0000 (02:41 +0000)]
Damn, I was a bit hasty with my fix and hadn't spotted the linker
dependency from asn1.

16 years agoRemove some warnings.
Geoff Thorpe [Thu, 25 Mar 2004 02:24:38 +0000 (02:24 +0000)]
Remove some warnings.

16 years agoProtect against gcc's "warning: cast does not match function type".
Geoff Thorpe [Thu, 25 Mar 2004 02:19:42 +0000 (02:19 +0000)]
Protect against gcc's "warning: cast does not match function type".

16 years agoDon't define fd for platforms that do not use it, as some may not declare fileno...
Richard Levitte [Wed, 24 Mar 2004 10:55:48 +0000 (10:55 +0000)]
Don't define fd for platforms that do not use it, as some may not declare fileno() properly

16 years agoCorrect constness problems.
Richard Levitte [Wed, 24 Mar 2004 10:50:42 +0000 (10:50 +0000)]
Correct constness problems.

16 years agoMake it easier to buld test applications...
Richard Levitte [Wed, 24 Mar 2004 10:50:25 +0000 (10:50 +0000)]
Make it easier to buld test applications...

16 years agoOnly build the PKCS#7 test applications if "pkcs7" is present in
Richard Levitte [Wed, 24 Mar 2004 10:48:50 +0000 (10:48 +0000)]
Only build the PKCS#7 test applications if "pkcs7" is present in

16 years agoAdd store.h among the exported headers on VMS.
Richard Levitte [Wed, 24 Mar 2004 09:52:16 +0000 (09:52 +0000)]
Add store.h among the exported headers on VMS.

16 years agoo_str.h isn't a public header file, so make sure it will still be
Richard Levitte [Wed, 24 Mar 2004 09:43:03 +0000 (09:43 +0000)]
o_str.h isn't a public header file, so make sure it will still be

16 years agoo_str.h isn't a public header file.
Richard Levitte [Wed, 24 Mar 2004 09:41:33 +0000 (09:41 +0000)]
o_str.h isn't a public header file.

16 years agoTypo...
Richard Levitte [Wed, 24 Mar 2004 09:40:59 +0000 (09:40 +0000)]

16 years agoMake sure toupper() is properly declared.
Richard Levitte [Wed, 24 Mar 2004 09:40:23 +0000 (09:40 +0000)]
Make sure toupper() is properly declared.

16 years agoMake it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
Richard Levitte [Tue, 23 Mar 2004 21:01:34 +0000 (21:01 +0000)]
Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)

16 years agomake update
Richard Levitte [Tue, 23 Mar 2004 15:06:33 +0000 (15:06 +0000)]
make update

16 years agoSync the VMS build with Unix.
Richard Levitte [Tue, 23 Mar 2004 14:50:16 +0000 (14:50 +0000)]
Sync the VMS build with Unix.

16 years agoInitial support for certificate policy checking and evaluation.
Dr. Stephen Henson [Tue, 23 Mar 2004 14:14:35 +0000 (14:14 +0000)]
Initial support for certificate policy checking and evaluation.

This is currently *very* experimental and needs to be more fully integrated
with the main verification code.

16 years agoCorrect minor spelling error.
Richard Levitte [Sun, 21 Mar 2004 23:03:52 +0000 (23:03 +0000)]
Correct minor spelling error.
PR: 845

16 years agoChange \t to real tab in echo argument.
Richard Levitte [Sun, 21 Mar 2004 22:50:20 +0000 (22:50 +0000)]
Change \t to real tab in echo argument.
PR: 847

16 years agoRemove a warning for conversion double->long. This has impacts on Windows.
Richard Levitte [Sun, 21 Mar 2004 22:39:52 +0000 (22:39 +0000)]
Remove a warning for conversion double->long.  This has impacts on Windows.
PR: 849

16 years agoMake sure fd is defined where it should.
Richard Levitte [Sun, 21 Mar 2004 22:36:27 +0000 (22:36 +0000)]
Make sure fd is defined where it should.
PR: 849

16 years agoNote my bignum hijinx in case app maintainers are using CHANGES for their
Geoff Thorpe [Wed, 17 Mar 2004 18:30:47 +0000 (18:30 +0000)]
Note my bignum hijinx in case app maintainers are using CHANGES for their
porting efforts. Also, add Richard's name to the prior change.

16 years agoVariety of belt-tightenings in the bignum code. (Please help test this!)
Geoff Thorpe [Wed, 17 Mar 2004 17:36:54 +0000 (17:36 +0000)]
Variety of belt-tightenings in the bignum code. (Please help test this!)

- Remove some unnecessary "+1"-like fudges. Sizes should be handled
  exactly, as enlarging size parameters causes needless bloat and may just
  make bugs less likely rather than fixing them: bn_expand() macro,
  bn_expand_internal(), and BN_sqr().
- Deprecate bn_dup_expand() - it's new since 0.9.7, unused, and not that
- Remove unnecessary zeroing of unused bytes in bn_expand2().
- Rewrite BN_set_word() - it should be much simpler, the previous
  complexities probably date from old mismatched type issues.
- Add missing bn_check_top() macros in bn_word.c
- Improve some degenerate case handling in BN_[add|sub]_word(), add
  comments, and avoid a bignum expansion if an overflow isn't possible.

16 years agoAvoid warnings.
Dr. Stephen Henson [Tue, 16 Mar 2004 13:51:11 +0000 (13:51 +0000)]
Avoid warnings.

16 years agoConstify d2i, s2i, c2i and r2i functions and other associated
Richard Levitte [Mon, 15 Mar 2004 23:15:26 +0000 (23:15 +0000)]
Constify d2i, s2i, c2i and r2i functions and other associated
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

16 years agoIt was just pointed out to me that it's better to cast to double...
Richard Levitte [Mon, 15 Mar 2004 23:02:55 +0000 (23:02 +0000)]
It was just pointed out to me that it's better to cast to double...

16 years agoMake sure that the last argument to RAND_add() is a float, or some
Richard Levitte [Mon, 15 Mar 2004 22:37:08 +0000 (22:37 +0000)]
Make sure that the last argument to RAND_add() is a float, or some
compilers may complain.

16 years agoMake sure we use unsigned constants, or come compilers may complain.
Richard Levitte [Mon, 15 Mar 2004 22:33:19 +0000 (22:33 +0000)]
Make sure we use unsigned constants, or come compilers may complain.

16 years agoConvert openssl code not to assume the deprecated form of BN_zero().
Geoff Thorpe [Sat, 13 Mar 2004 23:57:20 +0000 (23:57 +0000)]
Convert openssl code not to assume the deprecated form of BN_zero().

Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this

16 years agoThe efforts to eliminate the dual-representation of zero and to ensure
Geoff Thorpe [Sat, 13 Mar 2004 23:04:15 +0000 (23:04 +0000)]
The efforts to eliminate the dual-representation of zero and to ensure
bignums are passed in and out of functions and APIs in a consistent form
has highlighted that zero-valued bignums don't need any allocated word
data. The use of BN_set_word() to initialise a bignum to zero causes
needless allocation and gives it a return value that must be checked. This
change converts BN_zero() to a self-contained macro that has no
return/expression value and does not cause any expansion of bignum data.

Note, it would be tempting to rewrite the deprecated version as a
success-valued comma expression, such as;
   #define BN_zero(a) ((a)->top = (a)->neg = 0, 1)
However, this evaluates 'a' twice and would confuse initialisation loops
(eg. while(..) { BN_zero(bn++) } ). As such, the deprecated version
continues to use BN_set_word().

16 years agoDocument a change I'd already made, and at the same time, correct the
Geoff Thorpe [Sat, 13 Mar 2004 22:10:15 +0000 (22:10 +0000)]
Document a change I'd already made, and at the same time, correct the
change to work properly; BN_zero() should set 'neg' to zero as well as
'top' to match the behaviour of BN_new().

16 years agoIRIX 6.x shared build fix-up.
Andy Polyakov [Fri, 12 Mar 2004 21:52:54 +0000 (21:52 +0000)]
IRIX 6.x shared build fix-up.

For reference. Note that both cc and gcc support -Wl flag, but we can't
use -Wl,-[not]all with both drivers, because cc rearranges options
passed through -Wl. We can't use -Wl,-all,libcrypto.a,-notall with cc
either, because it refuses to start with "no input" error.

16 years agostatic
Geoff Thorpe [Wed, 10 Mar 2004 01:20:26 +0000 (01:20 +0000)]

16 years agoMinimise the amount of code dependent on BN_DEBUG_RAND. In particular,
Geoff Thorpe [Tue, 9 Mar 2004 03:53:40 +0000 (03:53 +0000)]
Minimise the amount of code dependent on BN_DEBUG_RAND. In particular,
redefine bn_clear_top2max() to be a NOP in the non-debugging case, and
remove some unnecessary usages in bn_nist.c.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller

16 years agoMore changes coming out of the bignum auditing. BN_CTX_get() should ideally
Geoff Thorpe [Tue, 9 Mar 2004 03:47:35 +0000 (03:47 +0000)]
More changes coming out of the bignum auditing. BN_CTX_get() should ideally
return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller

16 years agoFix policy constraints syntax.
Dr. Stephen Henson [Mon, 8 Mar 2004 18:15:32 +0000 (18:15 +0000)]
Fix policy constraints syntax.

16 years agoSupport for inhibitAnyPolicy extension.
Dr. Stephen Henson [Mon, 8 Mar 2004 13:56:31 +0000 (13:56 +0000)]
Support for inhibitAnyPolicy extension.

16 years agotypo
Ulf Möller [Sat, 6 Mar 2004 08:43:36 +0000 (08:43 +0000)]

16 years agoCleanup ASN1 OID module when it exits.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:47:56 +0000 (23:47 +0000)]
Cleanup ASN1 OID module when it exits.

16 years agoCall autoconfig code in pkcs7 utility.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:46:29 +0000 (23:46 +0000)]
Call autoconfig code in pkcs7 utility.

16 years agoMemory leak fix.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:39:42 +0000 (23:39 +0000)]
Memory leak fix.

16 years agoVarious X509 fixes. Disable broken certificate workarounds
Dr. Stephen Henson [Fri, 5 Mar 2004 17:16:35 +0000 (17:16 +0000)]
Various X509 fixes. Disable broken certificate workarounds
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.

16 years agoTypos.
Dr. Stephen Henson [Thu, 4 Mar 2004 21:44:39 +0000 (21:44 +0000)]

Reported by: Jose Castejon-Amenedo <>

16 years agoMake our page with pointers to binary distributions visible in the FAQ
Richard Levitte [Thu, 4 Mar 2004 07:47:40 +0000 (07:47 +0000)]
Make our page with pointers to binary distributions visible in the FAQ

16 years agoIndent some of the code examples.
Dr. Stephen Henson [Tue, 2 Mar 2004 13:39:23 +0000 (13:39 +0000)]
Indent some of the code examples.

16 years agoConfig docs.
Dr. Stephen Henson [Tue, 2 Mar 2004 13:31:32 +0000 (13:31 +0000)]
Config docs.

16 years agoDocumentation of the KISS autoconfig functions.
Dr. Stephen Henson [Tue, 2 Mar 2004 01:01:11 +0000 (01:01 +0000)]
Documentation of the KISS autoconfig functions.

16 years agoMore autoconfig docs.
Dr. Stephen Henson [Mon, 1 Mar 2004 19:15:24 +0000 (19:15 +0000)]
More autoconfig docs.

16 years agoAvoid a memory leak in OCSP_parse_url().
Richard Levitte [Mon, 1 Mar 2004 14:58:22 +0000 (14:58 +0000)]
Avoid a memory leak in OCSP_parse_url().
Notified by Paul Siegel <>

16 years agoInitial docs for the OpenSSL library configuration via openssl.cnf
Dr. Stephen Henson [Mon, 1 Mar 2004 01:04:40 +0000 (01:04 +0000)]
Initial docs for the OpenSSL library configuration via openssl.cnf

16 years agoAdd ECDSA documentation.
Geoff Thorpe [Fri, 27 Feb 2004 23:03:23 +0000 (23:03 +0000)]
Add ECDSA documentation.

Submitted by: Nils Larsch

16 years agoAES is spelled AES, not ASE. Oops...
Richard Levitte [Fri, 27 Feb 2004 02:24:49 +0000 (02:24 +0000)]
AES is spelled AES, not ASE.  Oops...

16 years agoMake sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
Richard Levitte [Thu, 26 Feb 2004 22:07:45 +0000 (22:07 +0000)]
Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also.
PR: 833

16 years agoDocument the AES options for 'openssl smime'.
Richard Levitte [Thu, 26 Feb 2004 21:44:41 +0000 (21:44 +0000)]
Document the AES options for 'openssl smime'.
PR: 834

16 years agoA cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
Geoff Thorpe [Sun, 22 Feb 2004 19:32:53 +0000 (19:32 +0000)]
A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

16 years agoWhen adding positive elements, we can use BN_uadd() instead of BN_add().
Geoff Thorpe [Sun, 22 Feb 2004 19:30:41 +0000 (19:30 +0000)]
When adding positive elements, we can use BN_uadd() instead of BN_add().

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

16 years agoUse an OCTET STRING for the encoding of an OCSP nonce value.
Dr. Stephen Henson [Thu, 19 Feb 2004 18:16:38 +0000 (18:16 +0000)]
Use an OCTET STRING for the encoding of an OCSP nonce value.

The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.

16 years agominor signed/unsigned warning fixes
Geoff Thorpe [Tue, 10 Feb 2004 18:46:10 +0000 (18:46 +0000)]
minor signed/unsigned warning fixes

16 years agoFix handling of -offset and -length in asn1parse tool.
Dr. Stephen Henson [Sun, 8 Feb 2004 13:30:04 +0000 (13:30 +0000)]
Fix handling of -offset and -length in asn1parse tool.

If -offset exceeds -length of data available exit with an error.

Don't read past end of total data available when -offset supplied.

If -length exceeds total available truncate it.

16 years agoTypo in crypto/bn/asm/x86_64.c, bn_div_words().
Andy Polyakov [Sat, 7 Feb 2004 09:51:28 +0000 (09:51 +0000)]
Typo in crypto/bn/asm/x86_64.c, bn_div_words().
PR: 821

16 years agoAdd flag to avoid continuous
Dr. Stephen Henson [Sun, 1 Feb 2004 13:39:51 +0000 (13:39 +0000)]
Add flag to avoid continuous
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.

16 years agoTypo in PA-RISC 2 rules in crypto/bn/Makefile.ssl
Andy Polyakov [Fri, 30 Jan 2004 05:41:23 +0000 (05:41 +0000)]
Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl