use it.

Notified by Frédéric L. W. Meunier <0@pervalidus.tk> in PR 713

well.

Notified by Frank Kardel <kardel@acm.org> in PR 879.

PR:870

Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different
technique is used to ensure that 'ca' uses the next serial number. It
now initializes the serial number using 'openssl x509 -next_serial'.

some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.

'OpenSSL_0_9_7-stable'.

PR: 868

make update

available compiler versions generated bogus machine code trying to
compile new crypto/des/cfb_enc.c. Secondly, 8th version defines
__GNUC__ macro, but fails to compile *some* inline assembler correctly.
Note that all versions of icc implement MSC-like _lrot[rl] intrinsic,
which is used now instead of offensive asm. Finally, unnecessary linker
dependencies are eliminated. Most notably dependency from libirc.a
caused trouble at application start-up, if libcrypto.so is linked with
-Bsymbolic (which it is).

appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700

make update

verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.

the symbol name).

in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

in the middle of the code on Windows, and that disrupts operations in functions
later that use rename()...
PR: 853

PR: 854

PR: 854

PR: 856

PR: 856

doule as last argument.

I'll remember to try to compile this with warnings enabled next time :-)

locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.