Configure: android-arm facelift.

Reviewed-by: Rich Salz <rsalz@openssl.org>

make update

Reviewed-by: Matt Caswell <matt@openssl.org>

Remove SSL_TASK, the DECnet Based SSL Engine - addendum

A bit of cleanup was forgotten.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove SSL_TASK, the DECnet Based SSL Engine

This engine is for VMS only, and isn't really part of the core OpenSSL
but rather a side project of its own that just happens to have tagged
along for a long time.  The reasons why it has remained within the
OpenSSL source are long lost in history, and there not being any real
reason for it to remain here, it's time for it to move out.

This side project will appear as a project in its own right, the
location of which will be announced later on.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove old ASN.1 code from evp_asn1.c

Rewrite ASN1_TYPE_set_int_octetstring and ASN1_TYPE_get_int_octetstring
to use the new ASN.1 code instead of the old macros.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Now that we've removed the need for symlinks, we can safely remove util/mklinks.pl

Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove remaining variables for symlinked/copied headers and tests

GitConfigure:   no more 'no-symlinks'

util/bat.sh, util/mk1mf.pl, util/pl/VC-32.pl, util/pl/unix.pl:
- Remove all uses of EXHEADER.
  That includes removing the use if INC_D and INCO_D.
- Replace the check for TEST with a check for [A-Z0-9_]*TEST.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>

Stop symlinking, move files to intended directory

Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Ensure EC private keys retain leading zeros

RFC5915 requires the use of the I2OSP primitive as defined in RFC3447
for storing an EC Private Key. This converts the private key into an
OCTETSTRING and retains any leading zeros. This commit ensures that those
leading zeros are present if required.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Clean up record layer

Fix up various things that were missed during the record layer work. All
instances where we are breaking the encapsulation rules.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix record layer "make clean"

The "clean" target in libssl has been updated to handle the new record
layer sub-directory.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix some faults in util/mk1mf.pl

When building on Unix, there are times when the 'EX_LIB' MINFO variable
contains valuable information.  Make sure to take care of it.

fixrules in util/pl/unix.pl was previously changed with a simpler fix of
rules, with a comment claiming that's compatible with -j.  Unfortunately,
this breaks multiline rules and doesn't change anything for single line
rules.  While at it, do not prefix pure echo lines with a 'cd $(TEST_D) &&',
as that's rather silly.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Remove duplicate code.

Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence
instead of performing the same operation manually.

Reviewed-by: Rich Salz <rsalz@openssl.org>

New ASN1_TYPE SEQUENCE functions.

Add new functions ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence:
these encode and decode ASN.1 SEQUENCE using an ASN1_TYPE structure.

Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Rewrite X509_PKEY_new to avoid old ASN1. macros.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove unnecessary asn1_mac.h includes.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Initialised 'ok' and redo the logic.

The logic with how 'ok' was calculated didn't quite convey what's "ok",
so the logic is slightly redone to make it less confusing.

Reviewed-by: Andy Polyakov <appro@openssl.org>

sha/asm/sha512-armv4.pl: adapt for use in Linux kernel context.

Follow-up to sha256-armv4.pl in cooperation with Ard Biesheuvel
(Linaro) and Sami Tolvanen (Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>

sha/asm/sha256-armv4.pl: fix compile issue in kernel
and eliminate little-endian dependency.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Have a shared library version thats reasonable with our version scheme

The FAQ says this:

    After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
    releases (e.g. 1.0.1a) can only contain bug and security fixes and no
    new features. Minor releases change the last number (e.g. 1.0.2) and
    can contain new features that retain binary compatibility. Changes to
    the middle number are considered major releases and neither source nor
    binary compatibility is guaranteed.

With such a scheme (and with the thinking that it's nice if the shared
library version stays on track with the OpenSSL version), it's rather
futile to keep the minor release number in the shared library version.
The deed already done with OpenSSL 1.0.x can't be changed, but with
1.x.y, x=1 and on, 1.x as shared library version is sufficient.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Add private/public key conversion tests

Reviewed-by: Matt Caswell <matt@openssl.org>

Remove d2i_X509_PKEY and i2d_X509_PKEY

Remove partially implemented d2i_X509_PKEY and i2d_X509_PKEY: nothing
uses them and they don't work properly. Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.

Reviewed-by: Richard Levitte <levitte@openssl.org>

free NULL cleanup

EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Engage vpaes-armv8 module.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add vpaes-amrv8.pl module.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Configure: remove unused variables.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make asn1_ex_i2c, asn1_ex_c2i static.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Remove combine option from ASN.1 code.

Remove the combine option. This was used for compatibility with some
non standard behaviour in ancient versions of OpenSSL: specifically
the X509_ATTRIBUTE and DSAPublicKey handling. Since these have now
been revised it is no longer needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Simplify DSA public key handling.

DSA public keys could exist in two forms: a single Integer type or a
SEQUENCE containing the parameters and public key with a field called
"write_params" deciding which form to use. These forms are non standard
and were only used by functions containing "DSAPublicKey" in the name.

Simplify code to only use the parameter form and encode the public key
component directly in the DSA public key method.

Reviewed-by: Richard Levitte <levitte@openssl.org>

ASN1_TYPE documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add Record Layer documentation

Add some design documentation on how the record layer works to aid future
maintenance.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix formatting oddities

Fix some formatting oddities in rec_layer_d1.c.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix record.h formatting

Fix some strange formatting in record.h. This was probably originally
introduced as part of the reformat work.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Define SEQ_NUM_SIZE

Replace the hard coded value 8 (the size of the sequence number) with a
constant defined in a macro.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix compilation on windows for record layer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Rename record layer source files

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove some unneccessary macros

Reviewed-by: Richard Levitte <levitte@openssl.org>

Renamed record layer header files

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reorganise header files

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove last trace of non-record layer code reading and writing sequence
numbers directly

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move last_write_sequence from s->d1 to s->rlayer.d.
Also push some usage of last_write_sequence out of dtls1_retransmit_message
and into the record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move ssl3_record_sequence_update into record layer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move buffered_app_data from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix seg fault in dtls1_new

Reviewed-by: Richard Levitte <levitte@openssl.org>

Moved processed_rcds and unprocessed_rcds from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move bitmap and next_bitmap from s->d1 to s->rlayer.d.
Create dtls_bitmap.h and dtls_bitmap.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move r_epoch and w_epoch from s->d1 to s->rlayer.d

Reviewed-by: Richard Levitte <levitte@openssl.org>

Introduce a DTLS_RECORD_LAYER type for DTLS record layer state

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move DTLS1_RECORD_DATA into rec_layer.h

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move read_sequence and write_sequence from s->s3 to s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->s3->wpend_* to s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->s3 into s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->s3->wnum to s->rlayer.wnum

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->rstate to s->rlayer.rstate

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->packet and s->packet_length into s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove unneccessary use of accessor function now code is moved into record
layer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make rrec, wrec, rbuf and wbuf fully private to the record layer. Also, clean
up some access to them. Now that various functions have been moved into the
record layer they no longer need to use the accessor macros.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Removed dependency on rrec from heartbeat processing

Reviewed-by: Richard Levitte <levitte@openssl.org>

Introduce macro RECORD_LAYER_setup_comp_buffer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix bug where rrec was being released...should have been removed by one of
the earlier record layer commits

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move ssl3_pending into the record layer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove RECORD_LAYER_set_ssl and introduce RECORD_LAYER_init

Reviewed-by: Richard Levitte <levitte@openssl.org>

Provide RECORD_LAYER_set_data function

Reviewed-by: Richard Levitte <levitte@openssl.org>

Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and
RECORD_LAYER_write_pending.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Create RECORD_LAYER_clear function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Tidy up rec_layer.h. Add some comments regarding which functions should be
being used for what purpose.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Split out non record layer functions out of s3_pkt.c and d1_pkt.c into
the new files s3_msg.c and s1_msg.c respectively.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move more SSL3_RECORD oriented functions into ssl3_record.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move SSL3_RECORD oriented functions into ssl3_record.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move SSL3_BUFFER set up and release code into ssl3_buffer.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->s3->wrec to s>rlayer>wrec

Reviewed-by: Richard Levitte <levitte@openssl.org>

Encapsulate s->s3->wrec

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->s3->rrec to s->rlayer->rrec

Reviewed-by: Richard Levitte <levitte@openssl.org>

Encapsulate s->s3->rrec

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->s3->wbuf to s->rlayer->wbuf

Reviewed-by: Richard Levitte <levitte@openssl.org>

Encapsulate access to s->s3->wbuf

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move s->s3->rrec into s->rlayer

Reviewed-by: Richard Levitte <levitte@openssl.org>

Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Create a RECORD_LAYER structure and move read_ahead into it.

Reviewed-by: Richard Levitte <levitte@openssl.org>

update ordinals

Reviewed-by: Matt Caswell <matt@openssl.org>

Move more internal only functions to asn1_locl.h

Reviewed-by: Matt Caswell <matt@openssl.org>

free NULL cleanup.

This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Resolve swallowed returns codes

The recent updates to libssl to enforce stricter return code checking, left
a small number of instances behind where return codes were being swallowed
(typically because the function they were being called from was declared as
void). This commit fixes those instances to handle the return codes more
appropriately.

Reviewed-by: Richard Levitte <levitte@openssl.org>

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>

Move internal only ASN.1 functions to asn1_locl.h

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove X509_ATTRIBUTE hack.

The X509_ATTRIBUTE structure includes a hack to tolerate malformed
attributes that encode as the type instead of SET OF type. This form
is never created by OpenSSL and shouldn't be needed any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

free NULL cleanup

This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>

Support key loading from certificate file

Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.

Update docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>

make depend

Reviewed-by: Richard Levitte <levitte@openssl.org>

make X509_NAME opaque

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix HMAC to pass invalid key len test

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add HMAC test for invalid key len

Reviewed-by: Richard Levitte <levitte@openssl.org>

Ensure that both the MD and key have been initialised before attempting to
create an HMAC

Inspired by BoringSSL commit 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add more HMAC tests

Reviewed-by: Richard Levitte <levitte@openssl.org>

SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c.
This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to
zero.

Reviewed-by: Richard Levitte <levitte@openssl.org>