- Dec 29, 2004
-
-
Dr. Stephen Henson authored
-
- Dec 28, 2004
-
-
Richard Levitte authored
-
- Dec 05, 2004
-
-
Dr. Stephen Henson authored
failure and freeing up memory if a failure occurs. PR:620
-
- Dec 03, 2004
-
-
Dr. Stephen Henson authored
-
- Dec 01, 2004
-
-
Dr. Stephen Henson authored
-
- Nov 29, 2004
-
-
Richard Levitte authored
-
- Nov 26, 2004
-
-
Andy Polyakov authored
-
- Nov 25, 2004
-
-
Dr. Stephen Henson authored
-
- Nov 16, 2004
-
-
Dr. Stephen Henson authored
Add command line options -certform, -keyform and -pass to s_client and s_server. This supports the use of alternative passphrase sources, key formats and keys handled by an ENGINE. Update docs.
-
- Oct 04, 2004
-
-
Dr. Stephen Henson authored
-
- Sep 06, 2004
-
-
Dr. Stephen Henson authored
This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.
-
- Aug 04, 2004
-
-
Geoff Thorpe authored
-
- Jul 06, 2004
-
-
Dr. Stephen Henson authored
-
- Jun 17, 2004
-
-
Geoff Thorpe authored
-
- May 31, 2004
-
-
Andy Polyakov authored
-
- May 15, 2004
-
-
Dr. Stephen Henson authored
PR: 851
-
- May 13, 2004
-
-
Andy Polyakov authored
-
- May 04, 2004
-
-
Bodo Möller authored
- update from current 0.9.7-stable CHANGES file: Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope that all patches mentioned for 0.9.7d and 0.9.7e actually are in the CVS HEAD, i.e. what is to become 0.9.8. I have rewritten the 'openssl ca -create_serial' entry (0.9.8) so that it explains the earlier change that is now listed (0.9.7e). The ENGINE_set_default typo bug entry has been moved from 0.9.8 to 0.9.7b, which is where it belongs.
-
- Apr 26, 2004
-
-
Geoff Thorpe authored
proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe
-
- Apr 21, 2004
-
-
Geoff Thorpe authored
0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine variant).
-
- Apr 20, 2004
-
-
Dr. Stephen Henson authored
initial serial numbers. PR: 842
-
- Apr 19, 2004
-
-
Geoff Thorpe authored
changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.
-
- Mar 31, 2004
-
-
Dr. Stephen Henson authored
-
- Mar 28, 2004
-
-
Dr. Stephen Henson authored
appropriate form, for example correct DES parity. Update S/MIME code and EVP_SealInit to use new functions. PR: 700
-
- Mar 27, 2004
-
-
Dr. Stephen Henson authored
verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.
-
Dr. Stephen Henson authored
-
- Mar 25, 2004
-
-
Geoff Thorpe authored
little TODO list in there as well as the debugging code (only enabled if BN_CTX_DEBUG is defined). I'd appreciate as much review and testing as can be spared for this. I'll commit some changes to other parts of the bignum code shortly to make better use of this implementation (no more fixed size limitations). Note also that under identical optimisations, I'm seeing a noticable speed increase over openssl-0.9.7 - so any feedback to confirm/deny this on other systems would also be most welcome.
-
Geoff Thorpe authored
operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway. This also changes the default RSA implementation code to use the BN_CTX in favour of initialising some of its variables locally in each function.
-
- Mar 23, 2004
-
-
Dr. Stephen Henson authored
This is currently *very* experimental and needs to be more fully integrated with the main verification code.
-
- Mar 17, 2004
-
-
Geoff Thorpe authored
porting efforts. Also, add Richard's name to the prior change.
-
- Mar 15, 2004
-
-
Richard Levitte authored
functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
-
- Mar 13, 2004
-
-
Geoff Thorpe authored
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(), BN_init(), [etc] already initialise to zero. Correct error checking in bn_sqr.c, and be less wishy-wash about how/why the result's 'top' value is set (note also, 'max' is always > 0 at this point).
-
Geoff Thorpe authored
change to work properly; BN_zero() should set 'neg' to zero as well as 'top' to match the behaviour of BN_new().
-
- Mar 08, 2004
-
-
Dr. Stephen Henson authored
-
- Mar 05, 2004
-
-
Dr. Stephen Henson authored
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.
-
- Feb 19, 2004
-
-
Dr. Stephen Henson authored
The old raw format can't be handled by some implementations and updates to RFC2560 will make this mandatory.
-
- Feb 01, 2004
-
-
Dr. Stephen Henson authored
memory allocate when calling EVP_MD_CTX_copy_ex(). Without this HMAC is several times slower than < 0.9.7.
-
- Nov 10, 2003
-
-
Dr. Stephen Henson authored
-
- Nov 04, 2003
-
-
Geoff Thorpe authored
is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible.
-
- Oct 29, 2003
-
-
Geoff Thorpe authored
except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself. NDEBUG should probably only be "forced" in the top-level configuration, but until it is I will avoid removing it from bn_ctx.c which might surprise people with massive slow-downs in their keygens. So I've left it in bn_ctx.c but tidied up the preprocessor logic a touch and made it more tolerant of debugging efforts.
-