With this change, the following is provided and present at all times
(meaning CRYPTO_MDEBUG is no longer required to get this functionality):
- hooks to provide your own allocation and deallocation routines.
They have to have the same interface as malloc(), realloc() and
free(). They are registered by calling CRYPTO_set_mem_functions()
with the function pointers.
- hooks to provide your own memory debugging routines. The have to
have the same interface as as the CRYPTO_dbg_*() routines. They
are registered by calling CRYPTO_set_mem_debug_functions() with
the function pointers.
I moved everything that was already built into OpenSSL and did memory
debugging to a separate file (mem_dbg.c), to make it clear what is
what.
With this, the relevance of the CRYPTO_MDEBUG has changed. The only
thing in crypto/crypto.h that it affects is the definition of the
MemCheck_start and MemCheck_stop macros.
Never use des_set_key (it depends on the global variable des_check_key),
but usually des_set_key_unchecked.
Only destest.c bothered to look at the return values of des_set_key,
but it did not set des_check_key -- if it had done so,
most checks would have failed because of wrong parity and
because of weak keys.
new purpose getting function.
Update the ca-cert.pem and pca-cert.pem "CA" certificates so they
really are CA certificate: that is they have the appropriate extensions.
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
in a table. Doesn't do too much yet.
Make the -<digestname> options in 'x509' affect all relevant
options.
Change the name of the 'notrust' options to 'reject' as this
causes less confusion and is a better description of the
effect.
A few constification changes.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
