functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

Windows).

This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

Obtained from: Stephen Henson <steve@openssl.org>

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

PR: 621

and changes to mkdef.pl so it recognises them.

Use these in policyMappings extension.

Add table order test to end of a_strnid.c

the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)

behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.

This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).

Submitted by: Nils Larsch

in AlgorithmIdentifier

Submitted by: Nils Larsch

where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.

PR: 429

Submitted by: <appro>
Reviewed by:
PR:

(length of the order of the group, not length of the actual key, which
will be shorter in some cases).

Submitted by: Nils Larsch

Make ASN1_TYPE_get() work for V_ASN1_NULL type.

return the requested number of bytes when reading
content.

I've covered all the memset()s I felt safe modifying, but may have missed some.

defined as follows (according to X.509_4thEditionDraftV6.pdf):

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on.  For now, I'm thinking explicit, but will
gladly stand corrected.

Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".

This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.

Submitted by: Nils Larsch