Skip to content
  1. Nov 16, 2004
    • Dr. Stephen Henson's avatar
      PR: 910 · 826a42a0
      Dr. Stephen Henson authored
      Add command line options -certform, -keyform and -pass to s_client and
      s_server. This supports the use of alternative passphrase sources, key formats
      and keys handled by an ENGINE.
      
      Update docs.
      826a42a0
  2. Oct 04, 2004
  3. Sep 06, 2004
  4. Aug 04, 2004
  5. Jul 06, 2004
  6. Jun 17, 2004
  7. May 31, 2004
  8. May 15, 2004
  9. May 13, 2004
  10. May 04, 2004
    • Bodo Möller's avatar
      - update from current 0.9.6-stable CHANGES file · d5f686d8
      Bodo Möller authored
      - update from current 0.9.7-stable CHANGES file:
      
        Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
        that all patches mentioned for 0.9.7d and 0.9.7e actually are
        in the CVS HEAD, i.e. what is to become 0.9.8.
      
        I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
        so that it explains the earlier change that is now listed (0.9.7e).
      
        The ENGINE_set_default typo bug entry has been moved from 0.9.8
        to 0.9.7b, which is where it belongs.
      d5f686d8
  11. Apr 26, 2004
  12. Apr 21, 2004
  13. Apr 20, 2004
  14. Apr 19, 2004
    • Geoff Thorpe's avatar
      Reduce header interdependencies, initially in engine.h (the rest of the · 3a87a9b9
      Geoff Thorpe authored
      changes are the fallout). As this could break source code that doesn't
      directly include headers for interfaces it uses, changes to recursive
      includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
      define this when building and using openssl, and then adapt code where
      necessary - this is how to stay current. However the mechanism exists for
      the lethargic.
      3a87a9b9
  15. Mar 31, 2004
  16. Mar 28, 2004
  17. Mar 27, 2004
  18. Mar 25, 2004
    • Geoff Thorpe's avatar
      Replace the BN_CTX implementation with my current work. I'm leaving the · 5c98b2ca
      Geoff Thorpe authored
      little TODO list in there as well as the debugging code (only enabled if
      BN_CTX_DEBUG is defined).
      
      I'd appreciate as much review and testing as can be spared for this. I'll
      commit some changes to other parts of the bignum code shortly to make
      better use of this implementation (no more fixed size limitations). Note
      also that under identical optimisations, I'm seeing a noticable speed
      increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
      systems would also be most welcome.
      5c98b2ca
    • Geoff Thorpe's avatar
      By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key · 46ef873f
      Geoff Thorpe authored
      operations no longer require two distinct BN_CTX structures. This may put
      more "strain" on the current BN_CTX implementation (which has a fixed limit
      to the number of variables it will hold), but so far this limit is not
      triggered by any of the tests pass and I will be changing BN_CTX in the
      near future to avoid this problem anyway.
      
      This also changes the default RSA implementation code to use the BN_CTX in
      favour of initialising some of its variables locally in each function.
      46ef873f
  19. Mar 23, 2004
  20. Mar 17, 2004
  21. Mar 15, 2004
  22. Mar 13, 2004
  23. Mar 08, 2004
  24. Mar 05, 2004
  25. Feb 19, 2004
  26. Feb 01, 2004
  27. Nov 10, 2003
  28. Nov 04, 2003
  29. Oct 29, 2003
    • Geoff Thorpe's avatar
      BN_CTX is opaque and the static initialiser BN_CTX_init() is not used · 2ce90b9b
      Geoff Thorpe authored
      except internally to the allocator BN_CTX_new(), as such this deprecates
      the use of BN_CTX_init() in the API. Moreover, the structure definition of
      BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.
      
      NDEBUG should probably only be "forced" in the top-level configuration, but
      until it is I will avoid removing it from bn_ctx.c which might surprise
      people with massive slow-downs in their keygens. So I've left it in
      bn_ctx.c but tidied up the preprocessor logic a touch and made it more
      tolerant of debugging efforts.
      2ce90b9b
    • Geoff Thorpe's avatar
      Relax some over-zealous constification that gave some lhash-based code no · 8dc344cc
      Geoff Thorpe authored
      choice but to have to cast away "const" qualifiers from their prototypes.
      This does not remove constification restrictions from hash/compare
      callbacks, but allows destructor commands to be run over a tables' elements
      without bad casts.
      8dc344cc
    • Geoff Thorpe's avatar
      For whatever reason (compiler or header bugs), at least one commonly-used · 0991f070
      Geoff Thorpe authored
      linux system (namely mine) chokes on our definitions and uses of the "HZ"
      symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
      (when in fact there is no function casting involved at all). In both cases,
      it is easily worked around by not defining a cast into the macro and
      jiggling the expressions slightly.
      
      In addition - this highlights some cruft in openssl that needs sorting out.
      The tmdiff.h header is exported as part of the openssl API despite the fact
      that it is ugly as the driven sludge and not used anywhere in the library,
      applications, or utilities. More weird still, almost identical code exists
      in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
      should be updated and used by speed.c, or it should be dumped because it's
      obviously not useful enough.
      
      Rather than removing it for now, I've changed the API for tmdiff to at
      least make sense. This involves taking the object type (MS_TM) from the
      implementation and using it in the header rather than using "char *" in the
      API and casting mercilessly in the code (ugh). If someone doesn't like
      "MS_TM" and the "ms_time_***" naming, by all means change it. This should
      be a harmless improvement, because the existing API is clearly not very
      useful (eg. we reimplement it rather than using it in our own utils).
      
      However, someone still needs to take a hack at consolidating speed.c and
      tmdiff.[ch] somehow.
      0991f070
    • Geoff Thorpe's avatar
      Update any code that was using deprecated functions so that everything builds · 2aaec9cc
      Geoff Thorpe authored
      and links with OPENSSL_NO_DEPRECATED defined.
      2aaec9cc
    • Geoff Thorpe's avatar
      When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should · 9d473aa2
      Geoff Thorpe authored
      be) precompiled out in the API headers. This change is to ensure that if
      it is defined when compiling openssl, the deprecated functions aren't
      implemented either.
      9d473aa2
  30. Oct 11, 2003
  31. Oct 10, 2003
  32. Sep 30, 2003