Age | Commit message (Collapse) | Author |
|
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
|
|
are not guaranteed to be unpredictable.
|
|
|
|
|
|
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
|
|
Primes p where (p-1)/2 is prime too are called "safe", not "strong".
|
|
|
|
Suggested by Bodo.
|
|
called with max > n when extend is set.
|
|
|
|
code.
Remove references to 'TXT' in -inform and -outform switches.
|
|
|
|
|
|
|
|
|
|
Add short state string for MS SGC.
|
|
|
|
|
|
|
|
that can automatically determine the type of a DER encoded
"traditional" format private key and change some of the
d2i functions to use it instead of requiring the application
to work out the key type.
|
|
except when following the specs is bound to fail.
|
|
they can sometimes be different memory structures.
|
|
the middle of the OID table so the diff is rather large :-(
|
|
represent everything by OIDs.
|
|
|
|
more utilities.
|
|
|
|
(which was allowed by old ASCII definitions but is not compatible
with ISO 8859-1, ISO 10646 etc.).
|
|
|
|
Submitted by: Roy Woods <roy@centricsystems.ca>
Reviewed by: Andy Polyakov
|
|
- Made CRYPTO_MDEBUG even less used in crypto.h, giving
MemCheck_start() and MemCheck_stop() only one possible definition.
- Made the values of the debug function pointers in mem.c dependent
on the existence of the CRYPTO_MDEBUG macro, and made the rest of
the code understand the NULL case.
That's it. With this code, the old behvior of the debug functionality
is restored, but you can still opt to have it on, even when the
library wasn't compiled with a defined CRYPTO_MDEBUG.
|
|
- Moved the handling of compile-time defaults from crypto.h to
mem_dbg.c, since it doesn't make sense for the library users to try
to affect this without recompiling libcrypto.
- Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear
and constant definitions.
- Aesthetic correction.
|
|
With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):
- hooks to provide your own allocation and deallocation routines.
They have to have the same interface as malloc(), realloc() and
free(). They are registered by calling CRYPTO_set_mem_functions()
with the function pointers.
- hooks to provide your own memory debugging routines. The have to
have the same interface as as the CRYPTO_dbg_*() routines. They
are registered by calling CRYPTO_set_mem_debug_functions() with
the function pointers.
I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.
With this, the relevance of the CRYPTO_MDEBUG has changed. The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
|
|
|
|
Also fix a memory leak in PKCS#7 routines.
|
|
|
|
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
|
|
|
|
either and has a static and dynamic mix.
|
|
|
|
|
|
SSL_CTX and SSL, functions to set them and defaults if no values set.
|
|
trust settings of the root CA.
After a few fixes it seems to work OK.
Still need to add support to SSL and S/MIME code though.
|
|
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
|
|
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
|
|
at present. However nothing enables it yet so this doesn't
matter :-)
|
|
Fix so EVP_PKEY_rset_*() check return codes.
|
|
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
|
|
|
|
|