Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

the FIPS capable OpenSSL.

allow status of POST to be monitored and/or failures induced.

crypto.h if needed.

Modify source tree to handle change.

OpenSSL malloc dependencies.

Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller

(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)

outstanding ticket.

PR: 926

additional contexts.

small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.

PR: 874

proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

generation. This prototype matches the new API function
RSA_generate_key_ex(), though both may be subject to change during
development before 0.9.8.

  - a patch to fix a memory leak in rsa_gen.c
  - a note about compiler warnings with unions
  - a note about improving structure element names

This applies his patch and implements a solution to the notes.

key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.

Submitted by: Karsten Spang <ks@bellesystems.com>

temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.

unnecessary cast.

Submitted by:
Reviewed by:
PR: