To avoid possible race conditions don't switch password format using
global state in crypto/pkcs12
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

The NULL cipher case can't actually happen because we have no
EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
PKCS12_PBE_keyivgen. But make the code more obviously correct.
Reviewed-by: NMatt Caswell <matt@openssl.org>

There are header files in crypto/ that are used by a number of crypto/
submodules.  Move those to crypto/include/internal and adapt the
affected source code and Makefiles.

The header files that got moved are:

crypto/cryptolib.h
crypto/md32_common.h
Reviewed-by: NRich Salz <rsalz@openssl.org>

Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence
instead of performing the same operation manually.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch

(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)

functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

I've covered all the memset()s I felt safe modifying, but may have missed some.

to digests to retain compatibility.

Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.

sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.

the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default
iteration count if it is passed as zero.

structure and decides what key to generate (if any). Not currently added to
the PBE algorithm list because it is largely untested.

EVP_CipherInit() this because the IV wont be easily available when doing
PKCS#5 v2.0

list for Win32.

Submitted by:
Reviewed by:
PR:

integration.

them to the build environment.

it is just a place holder for functionality to be added later. Its been added
now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change
after the release.

by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.

without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe

to support CRL extensions.

GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be
used but OpenSSL doesn't currently support it. This patch adds several files
and a bunch of functions.

Of interest is the ASN1_TIME structure and its related functions. At several
points certificates, CRLs et al specify that a time can be expressed as a
choice of UTCTime and GeneralizedTime. Currently OpenSSL interprets this
(wrongly) as UTCTime because GeneralizedTime isn't supported. The ASN1_TIME
stuff provides this functionality.

Still todo is to trace which cert and CRL points need an ASN1_TIME and modify
the utilities appropriately and of course fix all the bugs.

Note new OpenSSL copyright in the new file a_time.c. I didn't put it in
a_gentm.c because it is a minimally modified form a_utctm.c .

Since this adds new files and error codes you will need to do a 'make errors'
at the top level to add the new codes.