| Age | Commit message (Collapse) | Author |
|---|
|
|
|
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
defined as follows (according to X.509_4thEditionDraftV6.pdf):
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present -- }
The only thing I'm not sure about is if it's implicit or explicit tags
that I should count on. For now, I'm thinking explicit, but will
gladly stand corrected.
Also implement the PEM functions to read and write certificate pairs,
and defined the PEM tag as "CERTIFICATE PAIR".
This needed to be defined, mostly for the sake of the LDAP attribute
crossCertificatePair, but may prove useful elsewhere as well.
|
|
|
|
|
|
Identified by Goetz Babin-Ebell <babinebell@trustcenter.de>
|
|
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
|
|
Submitted by: anonymous
PR: 254
|
|
Submitted by: Nils Larsch
|
|
|
|
Submitted by: Nils Larsch
|
|
|
|
This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.
Submitted by: Nils Larsch <nlarsch@compuserve.de>
|
|
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
|
|
PR 71
|
|
handled properly.
Part of PR 75
|
|
on error.
PR: 77
|
|
we just *might* stand a certain chance of actually getting it written
to file...
|
|
any other errors that may be left in the error queue
Submitted by: Jeffrey Altman
|
|
This is especially important for AES that has a 16 bytes IV.
|
|
Submitted by: Nils Larsch <nla@trustcenter.de>
|
|
|
|
libeay.num got tweaked so the old des symbols would retain their
positions.
|
|
|
|
perl util/mkerr.pl -recurse -write -rebuild
|
|
|
|
to digests to retain compatibility.
|
|
with existing code.
Modify library to use digest *_ex() functions.
|
|
|
|
|
|
|
|
|
|
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.
Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.
Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.
Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.
So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
|
|
reduce linker bloat. For example the
single line:
PEM_read_X509()
results in a binary of around 400K in Linux!
This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
|
|
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
|
|
Note that all *_it variables are suddenly non-existant according to
libeay.num. This is a bug that will be corrected. Please be patient.
|
|
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
|
|
|
|
horrible macros.
Fix two evil ASN1 bugs. Attempt to use 'ctx' when
NULL if input is indefinite length constructed
in asn1_check_tlen() and invalid pointer to ASN1_TYPE
when reusing existing structure (this took *ages* to
find because the new PKCS#12 code triggered it).
|
|
|
|
make update done.
|
|
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
|
|
|
|
centralise those hacks in crypto/symhacks.h and use it everywhere it's
needed.
|
|
test utility, I added the bits to get a EVP interface, the command line utility and the speed test
|
|
could be done automagically, much like the numbering in libeay.num and
ssleay.num. The solution works as follows:
- New object identifiers are inserted in objects.txt, following the
syntax given in objects.README.
- objects.pl is used to process obj_mac.num and create a new
obj_mac.h.
- obj_dat.pl is used to create a new obj_dat.h, using the data in
obj_mac.h.
This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended. The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!). Additions are OK, as well as consistent name changes.
|
|
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
|
