Move certificate request and CRL routines to x509 dir. Reviewed-by: Rich Salz <rsalz@openssl.org>
Embed various signature algorithms. Reviewed-by: Rich Salz <rsalz@openssl.org>
Embed X509_CINF Reviewed-by: Rich Salz <rsalz@openssl.org>
Change X509_VAL in X509 structure to embedded. Reviewed-by: Rich Salz <rsalz@openssl.org>
d2i: don't update input pointer on failure Reviewed-by: Dr. Stephen Henson <steve@openssl.org> MR #1005
Revert "OPENSSL_NO_xxx cleanup: RFC3779" This reverts the non-cleanup parts of commit c73ad69017. We do actually have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI build, since we don't have a strspn() function in our runtime environment and we don't want the RFC3779 functionality anyway. In addition, it changes the default behaviour of the Configure script so that RFC3779 support isn't disabled by default. It was always disabled from when it was first added in 2006, right up until the point where OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the Configure script was left *trying* to disable it, but not actually working. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
Code style: space after 'if' Reviewed-by: Matt Caswell <matt@openssl.org>
Fix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>
OPENSSL_NO_xxx cleanup: RFC3779 Remove OPENSSL_NO_RFCF3779. Also, makevms.com was ignored by some of the other cleanups, so I caught it up. Sorry I ignored you, poor little VMS... Reviewed-by: Richard Levitte <levitte@openssl.org>
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
Add i2d_re_X509_tbs i2d_re_X509_tbs re-encodes the TBS portion of the certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org>
New functions to retrieve certificate signatures and signature OID NID.
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
Initial support for name constraints certificate extension. TODO: robustness checking on name forms.
Fix change to OPENSSL_NO_RFC3779
Add RFC 3779 support.
Cache some CRL related extensions.
Extend callback function to support print customization.