]> granicus.if.org Git - openssl/log
openssl
20 years agoTweak my debug target flags.
Geoff Thorpe [Thu, 17 Jun 2004 20:26:21 +0000 (20:26 +0000)]
Tweak my debug target flags.

20 years agoAs Nils put it;
Geoff Thorpe [Thu, 17 Jun 2004 20:13:50 +0000 (20:13 +0000)]
As Nils put it;

    Yet another question: some time ago you changed BN_set_word.
    Why didn't you change BN_get_word as well?

Quite. I'm also removing the older commented-out implementations to improve
readability. This complex stuff seems to date from a time when the types
didn't match up well.

Submitted by: Nils Larsch, Geoff Thorpe

20 years agoBN_div_word() was breaking when called from BN_bn2dec() (actually, this is
Geoff Thorpe [Thu, 17 Jun 2004 20:03:56 +0000 (20:03 +0000)]
BN_div_word() was breaking when called from BN_bn2dec() (actually, this is
the only function that uses it) because it would trip up an assertion in
bn_div_words() when first invoked. This also adds BN_div_word() testing to
bntest.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

20 years agoMaking some values explicitely unsigned was derived from ongoing work
Richard Levitte [Tue, 15 Jun 2004 12:52:26 +0000 (12:52 +0000)]
Making some values explicitely unsigned was derived from ongoing work
that isn't yet committed.  It wasn't meant to be committed already, so
I'm removing it for now.

20 years agoTypo, setting the first element of nids[] to NULL instead of setting
Richard Levitte [Tue, 15 Jun 2004 11:45:42 +0000 (11:45 +0000)]
Typo, setting the first element of nids[] to NULL instead of setting
*cnids.

20 years agoCorrect the return codes for ecdsatest.
Geoff Thorpe [Mon, 14 Jun 2004 23:37:32 +0000 (23:37 +0000)]
Correct the return codes for ecdsatest.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

20 years agoMore precise explanation of session id context requirements.
Lutz Jänicke [Mon, 14 Jun 2004 13:27:28 +0000 (13:27 +0000)]
More precise explanation of session id context requirements.

20 years agoSHA fails to compile on x86_64 if compiled with custom flags, without
Andy Polyakov [Fri, 11 Jun 2004 17:50:57 +0000 (17:50 +0000)]
SHA fails to compile on x86_64 if compiled with custom flags, without
recommended -DMD32_REG_T=int in particular.
PR: 893
Submitted by: Michal Ludvig <michal-list@logix.cz>

20 years ago"no-engine" was being ignored, so remove it from the advertised syntax.
Geoff Thorpe [Thu, 3 Jun 2004 03:34:53 +0000 (03:34 +0000)]
"no-engine" was being ignored, so remove it from the advertised syntax.
Also remove some commented-out lines of code that deny CVS its purpose.

20 years agoThis fixes the installation target for dynamic engines, which was trying to
Geoff Thorpe [Tue, 1 Jun 2004 03:18:58 +0000 (03:18 +0000)]
This fixes the installation target for dynamic engines, which was trying to
install to a different location than it had created. (BTW, VMS will need a
matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm
putting "engines/" into the libs directory rather than at the "--prefix"
level or inside "ssl/".

20 years agoMinimal work-around for ./engine shared builds. "Minimal" means that I
Andy Polyakov [Mon, 31 May 2004 22:29:26 +0000 (22:29 +0000)]
Minimal work-around for ./engine shared builds. "Minimal" means that I
think that proper Makefile clean-up is required.

20 years ago32-bit PA-RISC requires -Bsymbolic when linking libcrypto.sl. Without
Andy Polyakov [Mon, 31 May 2004 17:10:49 +0000 (17:10 +0000)]
32-bit PA-RISC requires -Bsymbolic when linking libcrypto.sl. Without
this flag RAND_poll ends up in end-less loop calling RAND_add. But
don't ask me why...

20 years agoWorking on HP-UX shared support...
Andy Polyakov [Mon, 31 May 2004 14:50:19 +0000 (14:50 +0000)]
Working on HP-UX shared support...

20 years agoMention new SHA algorithms in CHANGES. This completes the integration.
Andy Polyakov [Mon, 31 May 2004 14:03:02 +0000 (14:03 +0000)]
Mention new SHA algorithms in CHANGES. This completes the integration.

20 years agoExtend HMAC_MAX_MD_CBLOCK to accomodate SHA-512.
Andy Polyakov [Mon, 31 May 2004 13:28:23 +0000 (13:28 +0000)]
Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512.

20 years agomake update
Richard Levitte [Mon, 31 May 2004 13:16:08 +0000 (13:16 +0000)]
make update

20 years agoEVP bindings to new SHA algorithms.
Andy Polyakov [Mon, 31 May 2004 13:14:08 +0000 (13:14 +0000)]
EVP bindings to new SHA algorithms.

20 years agoobjects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear
Andy Polyakov [Mon, 31 May 2004 13:07:19 +0000 (13:07 +0000)]
objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear
"draft," but we have to start somewhere...

Submitted by: Nils Larsch <nlarsch@compuserve.de>

20 years agoMake sha-256/-512 naming in speed.c consistent with their names as they
Andy Polyakov [Mon, 31 May 2004 12:40:22 +0000 (12:40 +0000)]
Make sha-256/-512 naming in speed.c consistent with their names as they
will appear at EVP leyer.

20 years agoTypo in commentary section.
Andy Polyakov [Mon, 31 May 2004 12:30:41 +0000 (12:30 +0000)]
Typo in commentary section.

20 years agoFinal SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX
Andy Polyakov [Mon, 31 May 2004 12:26:18 +0000 (12:26 +0000)]
Final SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX
reserves for truncated hash function output mode and makes SHA224
thread-safe. Next stop is integration with EVP and we're done...

20 years agoKill unused macro and reimplement it for that single context it can
Andy Polyakov [Mon, 31 May 2004 12:06:27 +0000 (12:06 +0000)]
Kill unused macro and reimplement it for that single context it can
actually be used, namely x86* platforms [because they don't bomb on
unaligned access]. This resulted in 30-40% [depending on message
length] improvement for SHA-256 compiled with gcc and running on P4.
In the lack of assembler implementation I give the compiler all the
help it can possibly get:-)

20 years agoSHA224_Update() and SHA224_Final() aren't implemented, and since
Richard Levitte [Sun, 30 May 2004 16:58:33 +0000 (16:58 +0000)]
SHA224_Update() and SHA224_Final() aren't implemented, and since
SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just
create aliases in form of macros.

make update

20 years agoTypo in linux-ppc64 target.
Andy Polyakov [Sat, 29 May 2004 20:32:54 +0000 (20:32 +0000)]
Typo in linux-ppc64 target.

20 years agogcc -Wcast-qual clean-up.
Andy Polyakov [Sat, 29 May 2004 19:11:29 +0000 (19:11 +0000)]
gcc -Wcast-qual clean-up.

20 years agohpux-shared rules to cover even for GNU ld.
Andy Polyakov [Fri, 28 May 2004 22:38:05 +0000 (22:38 +0000)]
hpux-shared rules to cover even for GNU ld.

20 years agoUnified hpux-shared rule. Verified with both 32- and 64-bit builds and
Andy Polyakov [Fri, 28 May 2004 22:18:48 +0000 (22:18 +0000)]
Unified hpux-shared rule. Verified with both 32- and 64-bit builds and
both vendor and GNU compilers. ./engine shared build are still busted.
I mean always were...

20 years agoMake sure we return 0 if test passed.
Andy Polyakov [Fri, 28 May 2004 21:42:40 +0000 (21:42 +0000)]
Make sure we return 0 if test passed.

20 years agoEliminate compiler warnings and throw in performance table.
Andy Polyakov [Fri, 28 May 2004 10:15:58 +0000 (10:15 +0000)]
Eliminate compiler warnings and throw in performance table.

20 years agoAttempt to unify hpux-shared rules. More adjustments might be required
Andy Polyakov [Thu, 27 May 2004 22:23:40 +0000 (22:23 +0000)]
Attempt to unify hpux-shared rules. More adjustments might be required
after more tests...

20 years agoSHA-224 test vectors added.
Andy Polyakov [Thu, 27 May 2004 19:46:07 +0000 (19:46 +0000)]
SHA-224 test vectors added.

20 years agoSince num is now a size_t, it's not necssary to check for less than 0,
Richard Levitte [Thu, 27 May 2004 09:20:42 +0000 (09:20 +0000)]
Since num is now a size_t, it's not necssary to check for less than 0,
AND it avoids warnings on certain systems.

20 years agoSynchronise VMS with the Unixly Malefiles.
Richard Levitte [Wed, 26 May 2004 17:05:51 +0000 (17:05 +0000)]
Synchronise VMS with the Unixly Malefiles.

20 years agoDocumentation note for Win32 glue between BIO layer and compiler run-time.
Andy Polyakov [Tue, 25 May 2004 20:32:17 +0000 (20:32 +0000)]
Documentation note for Win32 glue between BIO layer and compiler run-time.

20 years agoFramework for glueing BIO layer and Win32 compiler run-time. Goal is to
Andy Polyakov [Tue, 25 May 2004 20:31:03 +0000 (20:31 +0000)]
Framework for glueing BIO layer and Win32 compiler run-time. Goal is to
make it possible to produce for a unified binary build, which can be
used with a variety of Win32 compilers.

20 years agomake update
Richard Levitte [Tue, 25 May 2004 09:41:00 +0000 (09:41 +0000)]
make update

20 years agoMove some COMP functions to be inside the #ifndef OPENSSL_NO_COMP
Richard Levitte [Thu, 20 May 2004 23:47:57 +0000 (23:47 +0000)]
Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP
wrapping preprocessor directive.  This also removes a duplicate
declaration.

20 years agoSHA-256/-512 test and benchmark.
Andy Polyakov [Thu, 20 May 2004 21:49:38 +0000 (21:49 +0000)]
SHA-256/-512 test and benchmark.

20 years agoWhile size_t-fying let's not forget to update documentation:-)
Andy Polyakov [Thu, 20 May 2004 21:39:50 +0000 (21:39 +0000)]
While size_t-fying let's not forget to update documentation:-)

20 years agoSHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2
Andy Polyakov [Thu, 20 May 2004 21:24:41 +0000 (21:24 +0000)]
SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2
code, Makefile update.

20 years agoStress collector/padding function.
Andy Polyakov [Thu, 20 May 2004 21:20:19 +0000 (21:20 +0000)]
Stress collector/padding function.

20 years agoFinal API adaptation. Final, "all openssl" performance numbers [not mixture
Andy Polyakov [Thu, 20 May 2004 21:18:09 +0000 (21:18 +0000)]
Final API adaptation. Final, "all openssl" performance numbers [not mixture
of different implementations]. Real-life performance improvement is rated
at 2-3x, not 6x as preliminary announced.

20 years agoDelete unused function from libeay.num, replace with one
Dr. Stephen Henson [Wed, 19 May 2004 17:08:05 +0000 (17:08 +0000)]
Delete unused function from libeay.num, replace with one
that does exist.

20 years agoDelete obsolete and unimplemented function.
Dr. Stephen Henson [Wed, 19 May 2004 17:05:02 +0000 (17:05 +0000)]
Delete obsolete and unimplemented function.

20 years agoAdd SHA256 and SHA512 algorithms to mkdef.pl.
Dr. Stephen Henson [Wed, 19 May 2004 17:03:59 +0000 (17:03 +0000)]
Add SHA256 and SHA512 algorithms to mkdef.pl.

Fix mkdef.pl script to avoid infinite loop when
parsing sha.h.

20 years agoX509_policy_lib_init is declared but not defined, so it raises havoc
Richard Levitte [Wed, 19 May 2004 14:19:51 +0000 (14:19 +0000)]
X509_policy_lib_init is declared but not defined, so it raises havoc
when trying to build a shared library on VMS or Windows...

20 years agoAfter the latest round of header-hacking, regenerate the dependencies in
Geoff Thorpe [Mon, 17 May 2004 19:26:06 +0000 (19:26 +0000)]
After the latest round of header-hacking, regenerate the dependencies in
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.

20 years agoDeprecate the recursive includes of bn.h from various API headers (asn1.h,
Geoff Thorpe [Mon, 17 May 2004 19:14:22 +0000 (19:14 +0000)]
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.

20 years agoRemove some unnecessary recursive includes from the internal apps.h header,
Geoff Thorpe [Mon, 17 May 2004 19:05:32 +0000 (19:05 +0000)]
Remove some unnecessary recursive includes from the internal apps.h header,
and include bn.h in those C files that need bignum functionality.

20 years agoBecause of recent reductions in header interdependencies, these files need
Geoff Thorpe [Mon, 17 May 2004 19:01:15 +0000 (19:01 +0000)]
Because of recent reductions in header interdependencies, these files need
to include crypto.h directly.

20 years agoI can't verify this directly, but recent changes will probably require that
Geoff Thorpe [Mon, 17 May 2004 18:58:47 +0000 (18:58 +0000)]
I can't verify this directly, but recent changes will probably require that
the cryptodev implementation include bn.h directly (when building with
OPENSSL_NO_DEPRECATED that is).

20 years agoThe inclusion of bn.h from the engine.h API header has been deprecated, so
Geoff Thorpe [Mon, 17 May 2004 18:56:15 +0000 (18:56 +0000)]
The inclusion of bn.h from the engine.h API header has been deprecated, so
the engine implementations need to include bn.h to manipulate bignums.

20 years agoDeprecate quite a few recursive includes from the ssl.h API header and
Geoff Thorpe [Mon, 17 May 2004 18:53:47 +0000 (18:53 +0000)]
Deprecate quite a few recursive includes from the ssl.h API header and
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.

20 years agoDeprecate some recursive includes from the store.h API header, and put back
Geoff Thorpe [Mon, 17 May 2004 18:49:06 +0000 (18:49 +0000)]
Deprecate some recursive includes from the store.h API header, and put back
required includes back via the internal header and str_lib.c.

20 years agoReduce dependencies on crypto.h by moving the opaque definition of
Geoff Thorpe [Mon, 17 May 2004 18:39:00 +0000 (18:39 +0000)]
Reduce dependencies on crypto.h by moving the opaque definition of
CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.

20 years agoMoving opaque definitions to ossl_typ.h lets us reduce header dependencies.
Geoff Thorpe [Mon, 17 May 2004 18:01:28 +0000 (18:01 +0000)]
Moving opaque definitions to ossl_typ.h lets us reduce header dependencies.
Deprecate inclusion of crypto.h from ui.h.

20 years agoMake reservations for FIPS code in HEAD branch, so that the moment FIPS
Andy Polyakov [Mon, 17 May 2004 15:49:13 +0000 (15:49 +0000)]
Make reservations for FIPS code in HEAD branch, so that the moment FIPS
comes in we have required macros in place.

20 years agoMake some more API types opaquely available from ossl_typ.h, meaning the
Geoff Thorpe [Sat, 15 May 2004 18:32:08 +0000 (18:32 +0000)]
Make some more API types opaquely available from ossl_typ.h, meaning the
corresponding headers are only required for API functions or structure
details. This now includes the bignum types and BUF_MEM. Subsequent commits
will remove various dependencies on bn.h and buffer.h and update the
makefile dependencies.

20 years agoThis file implements various functions that have since been redefined as
Geoff Thorpe [Sat, 15 May 2004 18:26:15 +0000 (18:26 +0000)]
This file implements various functions that have since been redefined as
macros. I'm removing this from the NO_DEPRECATED build.

20 years agoFixes so alerts are sent properly in s3_pkt.c
Dr. Stephen Henson [Sat, 15 May 2004 17:55:07 +0000 (17:55 +0000)]
Fixes so alerts are sent properly in s3_pkt.c

PR: 851

20 years agosize_t-fication of message digest APIs. We should size_t-fy more APIs...
Andy Polyakov [Sat, 15 May 2004 11:29:55 +0000 (11:29 +0000)]
size_t-fication of message digest APIs. We should size_t-fy more APIs...

20 years agoReimplement old functions, so older software that link to libcrypto
Richard Levitte [Fri, 14 May 2004 17:56:30 +0000 (17:56 +0000)]
Reimplement old functions, so older software that link to libcrypto
don't crash and burn.

20 years agoSynchronise o_str.c between 0.9.8-dev and 0.9.7-stable.
Richard Levitte [Thu, 13 May 2004 22:39:56 +0000 (22:39 +0000)]
Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.

20 years agomake update
Richard Levitte [Thu, 13 May 2004 21:38:47 +0000 (21:38 +0000)]
make update

20 years agoLet's make life easier and have the VMS version of the configuration be
Richard Levitte [Thu, 13 May 2004 21:38:26 +0000 (21:38 +0000)]
Let's make life easier and have the VMS version of the configuration be
generated from the Unixly configuration file.

20 years agoCHANGES to mention improved PowerPC platform support.
Andy Polyakov [Thu, 13 May 2004 13:58:44 +0000 (13:58 +0000)]
CHANGES to mention improved PowerPC platform support.

20 years agoSHA-224/-256/-384/-512 implementation. This is just sheer code commit.
Andy Polyakov [Thu, 13 May 2004 13:48:33 +0000 (13:48 +0000)]
SHA-224/-256/-384/-512 implementation. This is just sheer code commit.
Makefile modifications, make test, etc. will appear later...

20 years agoMake self signing option of 'x509' use random serial numbers too.
Dr. Stephen Henson [Wed, 12 May 2004 18:20:37 +0000 (18:20 +0000)]
Make self signing option of 'x509' use random serial numbers too.

20 years agoSSE2 SHA512_Transform implementation. No, it's not used anywhere yet and
Andy Polyakov [Thu, 6 May 2004 10:41:07 +0000 (10:41 +0000)]
SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and
is subject to change as C implementation is added...

20 years agoSSE2 accelerated bn_mul_add_words. Code is currently disabled till proper
Andy Polyakov [Thu, 6 May 2004 10:36:49 +0000 (10:36 +0000)]
SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper
config and run-time support is added.
PR: 788
Submitted by: <dean@arctic.org>
Reviewed by: <appro>

Obtained from: http://arctic.org/~dean/crypto/rsa.html

20 years agoSupport for IA-32 SSE2 instruction set.
Andy Polyakov [Thu, 6 May 2004 10:31:09 +0000 (10:31 +0000)]
Support for IA-32 SSE2 instruction set.

20 years agoRemove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't
Richard Levitte [Thu, 6 May 2004 09:46:41 +0000 (09:46 +0000)]
Remove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't
use it.

Notified by Frédéric L. W. Meunier <0@pervalidus.tk> in PR 713

20 years agoWhen the pointer 'from' changes, it's stored length needs to change as
Richard Levitte [Thu, 6 May 2004 09:33:22 +0000 (09:33 +0000)]
When the pointer 'from' changes, it's stored length needs to change as
well.

Notified by Frank Kardel <kardel@acm.org> in PR 879.

20 years agoFix realloc usage in ec_curve.c
Geoff Thorpe [Tue, 4 May 2004 20:08:55 +0000 (20:08 +0000)]
Fix realloc usage in ec_curve.c

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

20 years ago- update from current 0.9.6-stable CHANGES file
Bodo Möller [Tue, 4 May 2004 01:15:48 +0000 (01:15 +0000)]
- update from current 0.9.6-stable CHANGES file
- update from current 0.9.7-stable CHANGES file:

  Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
  that all patches mentioned for 0.9.7d and 0.9.7e actually are
  in the CVS HEAD, i.e. what is to become 0.9.8.

  I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
  so that it explains the earlier change that is now listed (0.9.7e).

  The ENGINE_set_default typo bug entry has been moved from 0.9.8
  to 0.9.7b, which is where it belongs.

20 years agoThe new BN_CTX code makes this sort of abuse unnecessary.
Geoff Thorpe [Wed, 28 Apr 2004 18:34:39 +0000 (18:34 +0000)]
The new BN_CTX code makes this sort of abuse unnecessary.

20 years agoOops! Typo in ./config...
Andy Polyakov [Tue, 27 Apr 2004 22:17:25 +0000 (22:17 +0000)]
Oops! Typo in ./config...

20 years agoImproved PowerPC support. Proper ./config support for ppc targets,
Andy Polyakov [Tue, 27 Apr 2004 22:05:50 +0000 (22:05 +0000)]
Improved PowerPC support. Proper ./config support for ppc targets,
especially for AIX. But most important BIGNUM assembler implementation
submitted by IBM.

Submitted by: Peter Waltenberg <pwalten@au1.ibm.com>
Reviewed by: appro

20 years agoMake ASN1 code work again...
Dr. Stephen Henson [Tue, 27 Apr 2004 18:33:40 +0000 (18:33 +0000)]
Make ASN1 code work again...

20 years agoWith the new dynamic BN_CTX implementation, there should be no need for
Geoff Thorpe [Tue, 27 Apr 2004 13:24:51 +0000 (13:24 +0000)]
With the new dynamic BN_CTX implementation, there should be no need for
additional contexts.

20 years agoThe problem of rsa key-generation getting stuck in a loop for (pointlessly)
Geoff Thorpe [Mon, 26 Apr 2004 15:38:44 +0000 (15:38 +0000)]
The problem of rsa key-generation getting stuck in a loop for (pointlessly)
small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.

PR: 874

20 years agoAllow RSA key-generation to specify an arbitrary public exponent. Jelte
Geoff Thorpe [Mon, 26 Apr 2004 15:31:35 +0000 (15:31 +0000)]
Allow RSA key-generation to specify an arbitrary public exponent. Jelte
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe

20 years agoMore ASN1 reformat/tidy.
Dr. Stephen Henson [Sun, 25 Apr 2004 12:46:39 +0000 (12:46 +0000)]
More ASN1 reformat/tidy.

20 years agoReformat/tidy some of the ASN1 code.
Dr. Stephen Henson [Sat, 24 Apr 2004 17:02:48 +0000 (17:02 +0000)]
Reformat/tidy some of the ASN1 code.

20 years agoFix leak.
Dr. Stephen Henson [Thu, 22 Apr 2004 12:37:16 +0000 (12:37 +0000)]
Fix leak.

PR:870

20 years agoAs far as I can tell, the bugfix this comment refers to was committed to
Geoff Thorpe [Wed, 21 Apr 2004 15:12:20 +0000 (15:12 +0000)]
As far as I can tell, the bugfix this comment refers to was committed to
0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine
variant).

20 years agoExtend the index parameter checking from sk_value to sk_set(). Also tidy up
Geoff Thorpe [Wed, 21 Apr 2004 15:08:56 +0000 (15:08 +0000)]
Extend the index parameter checking from sk_value to sk_set(). Also tidy up
some similar code elsewhere.

Thanks to Francesco Petruzzi for bringing this to my attention.

20 years agoNew option to 'x509' -next_serial. This outputs the certificate
Dr. Stephen Henson [Wed, 21 Apr 2004 12:46:20 +0000 (12:46 +0000)]
New option to 'x509' -next_serial. This outputs the certificate
serial number plus 1 to the output file. Its purpose is to allow
serial number files to be initialized when random serial numbers
are used.

20 years agoUse X509_get_serialNumber() instead of accessing internals in x509.c
Dr. Stephen Henson [Wed, 21 Apr 2004 12:43:21 +0000 (12:43 +0000)]
Use X509_get_serialNumber() instead of accessing internals in x509.c

20 years agoReduce chances of issuer and serial number duplication by use of random
Dr. Stephen Henson [Tue, 20 Apr 2004 12:05:26 +0000 (12:05 +0000)]
Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.

PR: 842

20 years agoWhooaaaaa, the BN_CTX_DEBUG macro really produces output these
Richard Levitte [Tue, 20 Apr 2004 11:53:33 +0000 (11:53 +0000)]
Whooaaaaa, the BN_CTX_DEBUG macro really produces output these
days...  A little too much for my tests, currently...

20 years agoPrint the debug thingies on stderr instead of stdout. If for nothing
Richard Levitte [Tue, 20 Apr 2004 10:57:07 +0000 (10:57 +0000)]
Print the debug thingies on stderr instead of stdout.  If for nothing
else then at least so bc doesn't have problems parsing the output from
bntest :-).

20 years agomake update
Geoff Thorpe [Mon, 19 Apr 2004 18:33:41 +0000 (18:33 +0000)]
make update

20 years ago"make update" noticed a new function.
Geoff Thorpe [Mon, 19 Apr 2004 18:32:19 +0000 (18:32 +0000)]
"make update" noticed a new function.

20 years agoMore updates for the header cleanups (and apologies, again, for not having
Geoff Thorpe [Mon, 19 Apr 2004 18:30:41 +0000 (18:30 +0000)]
More updates for the header cleanups (and apologies, again, for not having
consolidated these prior to committing).

20 years agoWhen generating dependencies in the makefiles, generate the reduced
Geoff Thorpe [Mon, 19 Apr 2004 18:19:24 +0000 (18:19 +0000)]
When generating dependencies in the makefiles, generate the reduced
dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies
being reproduced for "deprecated" header behaviour when a developer doesn't
define the symbol (with the subsequent CVS wars that can ensue).

20 years agoheader cleanup in apps/
Geoff Thorpe [Mon, 19 Apr 2004 18:13:07 +0000 (18:13 +0000)]
header cleanup in apps/

20 years ago(oops) Apologies all, that last header-cleanup commit was from the wrong
Geoff Thorpe [Mon, 19 Apr 2004 18:09:28 +0000 (18:09 +0000)]
(oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.

20 years agoReduce header interdependencies, initially in engine.h (the rest of the
Geoff Thorpe [Mon, 19 Apr 2004 17:46:04 +0000 (17:46 +0000)]
Reduce header interdependencies, initially in engine.h (the rest of the
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.

20 years agoClear error if unique_subject lookup fails.
Dr. Stephen Henson [Thu, 15 Apr 2004 00:32:19 +0000 (00:32 +0000)]
Clear error if unique_subject lookup fails.