| Age | Commit message (Collapse) | Author |
|---|
|
functions on platform were that's the best way to handle exporting
global variables in shared libraries. To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).
To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:
OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
OPENSSL_IMPLEMENT_GLOBAL(double,bar);
To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
OPENSSL_DECLARE_GLOBAL(int,foo);
#define foo OPENSSL_GLOBAL_REF(foo)
OPENSSL_DECLARE_GLOBAL(double,bar);
#define bar OPENSSL_GLOBAL_REF(bar)
The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.
The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.
The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
|
|
find emailAddress at start of subject name.
|
|
wrong result if rm==num and num < 0.
|
|
properly and supports several flags.
|
|
|
|
algorithms.
|
|
key algorithms and leaking if the signature verify
fails.
|
|
or serial number.
|
|
|
|
|
|
form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'. This also avoids the growing number of
special cases it was previously handling (some of them wrongly).
|
|
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
|
|
|
|
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
|
|
|
|
Add revelant new X509V3 extensions.
Add OIDs.
Fix ASN1 memory leak code to pop info if external allocation used.
|
|
|
|
|
|
Add -nopad option to enc command.
Update docs.
|
|
|
|
|
|
Doesn't handle SSL URLs yet.
|
|
|
|
|
|
|
|
Make ca.c correctly initialize the revocation date.
Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() set the
string type: so they can initialize ASN1_TIME structures properly.
|
|
the clients choice; in SSLv2 the client uses the server's preferences.
|
|
and ASN1 code.
|
|
OCSP responses.
Documentation to follow...
Urgh.. this conflicted with the -VAfile patch I hope I haven't
broken it.
|
|
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
|
|
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
|
|
|
|
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
|
|
|
|
|
|
request to response.
|
|
Delete obsolete OCSP functions.
Largely untested at present...
|
|
|
|
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
|
|
|
|
|
|
|
|
ciphersuites.
|
|
Fix PKCS7 and PKCS12 memory leaks.
Initialise encapsulated content type properly.
|
|
|
|
|
|
|
|
|
