Enhance util/mkdef.pl to provide a VMS linker option file for shlibs

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove crypto/pem/pem_seal.c

It's functionality appears unused.  If we're wrong, we will revert.

Reviewed-by: Rich Salz <rsalz@openssl.org>

DANE support for X509_verify_cert()

Reviewed-by: Richard Levitte <levitte@openssl.org>

use more descriptive name DEFINE_STACK_OF_CONST

Reviewed-by: Richard Levitte <levitte@openssl.org>

Only declare stacks in headers

Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Rename DECLARE*STACK_OF to DEFINE*STACK_OF

Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove unused PREDECLARE

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix declarations and constification for inline stack.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Change STACK_OF to use inline functions.

Change DECLARE_STACK_OF into inline functions. This avoids the need for
auto generated mkstack.pl macros and now handles const properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

DANE make update

Reviewed-by: Rich Salz <rsalz@openssl.org>

DANE documentation typos

Reported-by: Claus Assmann
Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove more (rest?) of FIPS build stuff.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Remove some unused perl scripts

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

DANE support structures, constructructors and accessors

Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup.  Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix X509_STORE_CTX_cleanup()

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Drop incorrect id == -1 case from X509_check_trust

Reviewed-by: Richard Levitte <levitte@openssl.org>

X509_verify_cert() cleanup

Reviewed-by: Richard Levitte <levitte@openssl.org>

Cleanup of verify(1) failure output

Reviewed-by: Richard Levitte <levitte@openssl.org>

Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing

Reviewed-by: Stephen Henson <steve@openssl.org>

Fix a possible memleak

If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.

Reviewed-by: Stephen Henson <steve@openssl.org>

Protocol version selection and negotiation rewrite

The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Refine and re-wrap Min/Max protocol docs

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Add support for minimum and maximum protocol version

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Fix no-dh.

Reviewed-by: Stephen Henson <steve@openssl.org>

remove invalid free

Reviewed-by: Tim Hudson <tjh@openssl.org>

Use X509_get0_pubkey where appropriate

Reviewed-by: Rich Salz <rsalz@openssl.org>

Update to SHA256 for TSA signing digest.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix faulty check in the VMS version of opt_progname

Reviewed-by: Stephen Henson <steve@openssl.org>

Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stack

It served a purpose, but not any more.

Reviewed-by: Stephen Henson <steve@openssl.org>

Correct missing prototype

Reviewed-by: Tim Hudson <tjh@openssl.org>

SIZE_MAX doesn't exist everywhere, supply an alternative

SIZE_MAX is a great macro, and does unfortunately not exist everywhere.
Since we check against half of it, using bitwise shift to calculate the
value of half SIZE_MAX should be safe enough.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix some missing or faulty header file inclusions

Reviewed-by: Tim Hudson <tjh@openssl.org>

Check for missing DSA parameters.

If DSA parameters are absent return -1 (for unknown) in DSA_security_bits.

If parameters are absent when a certificate is set in an SSL/SSL_CTX
structure this will reject the certificate by default. This will cause DSA
certificates which omit parameters to be rejected but that is never (?)
done in practice.

Thanks to Brian 'geeknik' Carpenter for reporting this issue.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Convert RSA encrypt to use EVP_PKEY

Reviewed-by: Rich Salz <rsalz@openssl.org>

Prefer ReuseAddr over Reuse, with IO::Socket::INET

Reuse is deprecated and ReuseAddr is prefered, according to documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Fix no-engine.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

RT4202: Update rt URL's.

Reviewed-by: Matt Caswell <matt@openssl.org>

make a "missed make update" update

Reviewed-by: Tim Hudson <tjh@openssl.org>

Increase the max size limit for a CertificateRequest message

Previous versions of OpenSSL had the max size limit for a CertificateRequest
message as |s->max_cert_list|. Previously master had it to be
SSL3_RT_MAX_PLAIN_LENGTH. However these messages can get quite long if a
server is configured with a long list of acceptable CA names. Therefore
the size limit has been increased to be consistent with previous versions.

RT#4198

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Simplify calling of the OCSP callback

Move all calls of the OCSP callback into one place, rather than repeating it
in two different places.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Add some documentation for the OCSP callback functions

Describe the usage of the OCSP callback functions on both the client and
the server side.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Ensure we don't call the OCSP callback if resuming a session

It makes no sense to call the OCSP status callback if we are resuming a
session because no certificates will be sent.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Fix error when server does not send CertificateStatus message

If a server sends the status_request extension then it may choose
to send the CertificateStatus message. However this is optional.
We were treating it as mandatory and the connection was failing.

Thanks to BoringSSL for reporting this issue.

RT#4120

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Add test for missing CertificateStatus message

If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

fix no-ec

Reviewed-by: Matt Caswell <matt@openssl.org>

Server side EVP_PKEY DH support

Reviewed-by: Matt Caswell <matt@openssl.org>

utility function

Reviewed-by: Matt Caswell <matt@openssl.org>

EVP_PKEY DH client support.

Reviewed-by: Matt Caswell <matt@openssl.org>

Always generate DH keys for ephemeral DH cipher suites.

Reviewed-by: Matt Caswell <matt@openssl.org>

The functions take a SSL *, not a SSL_CTX *

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4192, MR: #1533

redundant redeclaration of 'OPENSSL_strlcpy'

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #1523

__STDC_VERSION__ is not defined for c89 compilers

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #1522

remove duplicates in util/libeay.num

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4195, MR: #1521

Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.

Suggested by David Benjamin

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
MR: #1520

Avoid using a dangling pointer when removing the last item

When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed.  So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour.  Instead do already what int_thread_release() would do,
and make the call do nothing instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4155, MR: #1519

Memory leak in state machine in error path

When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Refactor DTLS cookie generation and verification

DTLS cookie generation and verification were exact copies of each
other save the last few lines.  This refactors them to avoid code
copying.

Reviewed-by: Matt Caswell <matt@openssl.org>

Fix inline build failure

After the recent change to use ossl_inline, builds were failing on some
platforms due to a missing usage of "inline".

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add ossl_inline

Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

add -unref option to mkerr.pl

Reviewed-by: Rich Salz <rsalz@openssl.org>

In mkerr.pl look in directories under ssl/

Reviewed-by: Rich Salz <rsalz@openssl.org>

remove unused error code

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>

unload modules in ssltest

Reviewed-by: Richard Levitte <levitte@openssl.org>

make errors

Reviewed-by: Richard Levitte <levitte@openssl.org>

SSL configuration module docs

Reviewed-by: Richard Levitte <levitte@openssl.org>

Demo server using SSL_CTX_config

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add ssl configuration support to s_server and s_client

Reviewed-by: Richard Levitte <levitte@openssl.org>

Load module in SSL_library_init

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add ssl_mcnf.c to Makefile

Reviewed-by: Richard Levitte <levitte@openssl.org>

SSL library configuration module.

This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Cleanup CRYPTO_{push,pop}_info

Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>

Rename *_realloc_clean to *_clear_realloc

Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Also change the non-debug versions to use size_t

Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1518

Fix memory leak in DSA redo case.

Found by clang scan-build.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
RT: #4184, MR: #1496

Configure: refine 'reconf' logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>

bn/asm/bn-c64xplus.asm: update commentary.

Reviewed-by: Rich Salz <rsalz@openssl.org>

sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile.
(and unify table address calculation in ARMv8 code path).

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix URLs mangled by reformat

Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix the etags action line, as etags doesn't take -R

Reviewed-by: Matt Caswell <matt@openssl.org>

Remove fixed DH ciphersuites.

Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>

delete unused context

Reviewed-by: Matt Caswell <matt@openssl.org>

Remove some L<asdf|asdf> which crept back in.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove err and prime demo's

ERR is not really a public facility; remove the demo.
prime shows how to generate a prime.  See apps.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove the "eay" c-file-style indicators

Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Matt Caswell <matt@openssl.org>

Add SSL_CIPHER_description() for Chacha20/Poly1305

SSL_CIPHER_description() was returning "unknown" for the encryption
in the new ChaCha20/Poly1305 TLS ciphersuites.

RT#4183

Reviewed-by: Richard Levitte <levitte@openssl.org>

Modify the lower level memory allocation routines to take size_t

We've been using int for the size for a long time, it's about time...

Reviewed-by: Rich Salz <rsalz@openssl.org>

mem-cleanup, cont'd.

Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Rename sec_mem to mem_sec, like other files.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix typo.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Provide better "make depend" warning.

Reviewed-by: Matt Caswell <matt@openssl.org>

Fix no-dgram.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Rename some BUF_xxx to OPENSSL_xxx

Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>

fix for no-ec

Reviewed-by: Matt Caswell <matt@openssl.org>

make update

Reviewed-by: Richard Levitte <levitte@openssl.org>

Use EVP_PKEY for client side EC.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Use EVP_PKEY for server EC.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add ECDH/DH utility functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>

remove unnecessary key copy

Reviewed-by: Richard Levitte <levitte@openssl.org>

Constify EC_KEY in ECDH_compute_key.

Reviewed-by: Richard Levitte <levitte@openssl.org>