test for them!

PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch

functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

I've covered all the memset()s I felt safe modifying, but may have missed some.

des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

to digests to retain compatibility.

Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.

Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.

sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.

Add a couple of FAQs.

the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default
iteration count if it is passed as zero.

structure and decides what key to generate (if any). Not currently added to
the PBE algorithm list because it is largely untested.

EVP_CipherInit() this because the IV wont be easily available when doing
PKCS#5 v2.0

list for Win32.

more work: need an application and make the private key routines automatically
handle PKCS#8.

Submitted by:
Reviewed by:
PR:

integration.

them to the build environment.

it is just a place holder for functionality to be added later. Its been added
now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change
after the release.

by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.

without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe

to support CRL extensions.

GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be
used but OpenSSL doesn't currently support it. This patch adds several files
and a bunch of functions.

Of interest is the ASN1_TIME structure and its related functions. At several
points certificates, CRLs et al specify that a time can be expressed as a
choice of UTCTime and GeneralizedTime. Currently OpenSSL interprets this
(wrongly) as UTCTime because GeneralizedTime isn't supported. The ASN1_TIME
stuff provides this functionality.

Still todo is to trace which cert and CRL points need an ASN1_TIME and modify
the utilities appropriately and of course fix all the bugs.

Note new OpenSSL copyright in the new file a_time.c. I didn't put it in
a_gentm.c because it is a minimally modified form a_utctm.c .

Since this adds new files and error codes you will need to do a 'make errors'
at the top level to add the new codes.