RT3684: rand_egd needs stddef.h

And remove backup definition of offsetof.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Missing OPENSSL_free on error path.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Engage ecp_nistz256-armv4 module.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Add ec/asm/ecp_nistz256-armv4.pl module.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Add Camellia CTR mode.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Add more Camellia OIDs.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Add SSL_SESSION_get0_ticket API function.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Correct reading back of tlsext_tick_lifetime_hint from ASN1.

When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.

Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.

The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Provide the API functions SSL_SESSION_has_ticket and
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Make tlsext_tick_lifetime_hint an unsigned long (from signed long).

From RFC4507:
"The ticket_lifetime_hint field contains a hint from the server about how
long the ticket should be stored.  The value indicates the lifetime in
seconds as a 32-bit unsigned integer in network byte order."

Reviewed-by: Tim Hudson <tjh@openssl.org>

ec/ecp_nistz256.c: fix compiler warnings.

Reviewed-by: Matt Caswell <matt@openssl.org>

Configure: disable warning C4090 in Windows builds.

Reviewed-by: Matt Caswell <matt@openssl.org>

ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).

Reviewed-by: Matt Caswell <matt@openssl.org>

New evp_test updates.

Print usage message.

Print expected and got values if mismatch.
Reviewed-by: Andy Polyakov <appro@openssl.org>

Add new test file.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Initial version of new evp_test program.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Fix hostname validation in the command-line tool to honour negative return values.

Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove some functions that are no longer used and break the build with:
./config --strict-warnings enable-deprecated

Reviewed-by: Tim Hudson <tjh@openssl.org>

HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source.
Mark them as such with OPENSSL_USE_DEPRECATED

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags.

In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in
--strict-warnings as well this means you cannot combine enable-deprecated
with --strict-warnings.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Engage ecp_nistz256-x86 module.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Add ec/asm/ecp_nistz256-x86.pl module.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Support for alternative KDFs.

Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table.
Reviewed-by: Andy Polyakov <appro@openssl.org>

Bring objects.pl output even closer to new format.

Reviewed-by: Matt Caswell <matt@openssl.org>

bn/bn_add.c: fix dead code elimination that went bad.

Reviewed-by: Matt Caswell <matt@openssl.org>

Fix memory leak reporting.

Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove obsolete IMPLEMENT_ASN1_SET_OF

Reviewed-by: Andy Polyakov <appro@openssl.org>

evp/e_aes.c: fix pair of SPARC T4-specific problems:

- SIGSEGV/ILL in CCM (RT#3688);
- SIGBUS in OCB;

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove stray "=back". This was causing newer versions of pod2man to choke.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Harmonize objects.pl output with new format.

Reviewed-by: Tim Hudson <tjh@openssl.org>

des/asm/des_enc.m4: fix brown-bag typo in last commit.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Final (for me, for now) dead code cleanup

This is a final pass looking for '#if 0'/'#if 1' controls and
removing the appropriate pieces.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Apache Traffic Server has a need to set the rbio without touching the wbio.
There is no mechanism to do that at the moment - SSL_set_bio makes changes
to the wbio even if you pass in SSL_get_wbio().

This commit introduces two new API functions SSL_set_rbio() and
SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable
you to manage the rbio and wbio individually.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ui_compat cleanup; makefiles and vms

Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.

Reviewed-by: Matt Caswell <matt@openssl.org>

Remove ui_compat

This is the last of the old DES API.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove X509_PAIR

Unused type; a pair X509 certificates. Intended for LDAP support.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Live code cleanup: remove #if 1 stuff

For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>

dead code cleanup: #if 0 in ssl

I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.

Reviewed-by: Andy Polyakov <appro@openssl.org>

util/mkstack.pl now generates entire safestack.h

The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Have mkdef.pl ignore APPLINK settings.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove OPENSSL_NO_HMAC

Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.

This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix error handling in ssltest

Reviewed-by: Richard Levitte <levitte@openssl.org>

Use memset in bn_mont

Use memset() not inline code.  Compilers are smarter now.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Live code cleanup; #if 1 removal

A few minor cleanups to remove pre-processor "#if 1" stuff.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fixed bad formatting in crypto/des/spr.h

Reviewed-by: Andy Polyakov <appro@openssl.org>

Fix various build breaks

TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
        - Various old code has been removed
        - Varous old #ifdef tests were removed

Reviewed-by: Richard Levitte <levitte@openssl.org>

fix windows build

Reviewed-by: Richard Levitte <levitte@openssl.org>

Updates to reformat script.

Don't change files if they're unmodified.

Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz@openssl.org>

More unused FIPS module code.

Remove fips_algvs.c

Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>

Make objxref.pl output in correct format

Reviewed-by: Tim Hudson <tjh@openssl.org>

Preliminary ASN1_TIME documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove unused variables.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp

And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add SSL_get_extms_support documentation.

Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Add CHANGES entry.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Ctrl to retrieve extms support.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Add extms support to master key generation.

Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Extended master secret extension support.

Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Rewrite ssl3_send_client_key_exchange to support extms.

Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Utility function to retrieve handshake hashes.

Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Add flags field to SSL_SESSION.

Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Check PKCS#8 pkey field is valid before cleansing.

PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>

old_des fix windows build, remove docs

Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove old DES API

Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Dead code: if 0 removal from crypto/evp and an unused file.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Dead code removal; #if 0 from crypto/des

Reviewed-by: Andy Polyakov <appro@openssl.org>

Dead code cleanup: crypto/ec,ecdh,ecdsa

Reviewed-by: Andy Polyakov <appro@openssl.org>

Dead code cleanup; remove #if 0 from crypto/engine

Reviewed-by: Richard Levitte <levitte@openssl.org>

Dead code cleanup: #if 0 dropped from tests

Reviewed-by: Andy Polyakov <appro@openssl.org>

Dead code cleanup: crypto/*.c, x509v3, demos

Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>

cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].

Reviewed-by: Rich Salz <rsalz@openssl.org>

Make the libssl opaque changes compile on VMS

Reviewed-by: Matt Caswell <matt@openssl.org>

Add changes entry for opaquifying of libssl structures

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make libssl opaque. Move all structures that were previously protected by
OPENSSL_NO_SSL_INTERN into internal header files.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Build correctly for me on FreeBSD 10.

Reviewed-by: Rich Salz
Don't debug.

Dead code removal: #if 0 asn1, pkcs7

Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).

Reviewed-by: Tim Hudson <tjh@openssl.org>

Dead code clean: #if 0 removal in apps

Reviewed-by: Tim Hudson <tjh@openssl.org>

Dead code removal #if 0 engines

Reviewed-by: Richard Levitte <levitte@openssl.org>

Dead code removal: #if 0 conf, dso, pqueue, threads

Mostly, but not completely, debugging print statements.
Some old logic kept for internal documentation reasons, perhaps.

Reviewed-by: Richard Levitte <levitte@openssl.org>

modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32
in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>

modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Since SHA0 was completely removed, also remove the related test

Reviewed-by: Andy Polyakov <appro@openssl.org>

Update on the use of logical names for OpenSSL configuration

Reviewed-by: Andy Polyakov <appro@openssl.org>

VMS exit codes weren't handled well enough and were unclear

Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>

VMS adjustments:

Add missing crypto modules and files to copy to crypto/install-crypto.com

Reviewed-by: Andy Polyakov <appro@openssl.org>

VMS adjustments:

test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS

Reviewed-by: Andy Polyakov <appro@openssl.org>

VMS build changes

crypto/crypto-lib.com:
 Remove all APPS building, as they are gone.
 Depend on the variable SDIRS that's defined by makevms.com.
 Remake the whole partial module list mechanism to check for variables with a counter.
 Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.

makevms.com:
 Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
 Allow for experimental modules.
 Update the allowed things to disable.
 Update the things disabled by default to match Configure.
 Update headers to be copied.

Reviewed-by: Andy Polyakov <appro@openssl.org>

VMS adjustments:

catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>

VMS adjustments:

Add new symbols that are longer than 31 chars to symhacks.
VMS doesn't have <sys/un.h>, reflect that in e_os.h.
MS_CALLBACK has been removed, ssl_task.c needs adjustment.

Reviewed-by: Andy Polyakov <appro@openssl.org>

dso_vms needs to add the .EXE extension if there is none already

Reviewed-by: Rich Salz <rsalz@openssl.org>

Dead code removal: #if 0 bio, comp, rand

The start of removing dead code.
A remaining #if 0 in bss_conn.c needs more thought.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make output consistency: remove blank line

When you use "-s" in the make flag, you see that engines outputs
a blank line because EDIRS isn't set.  This is a debug echo that
isn't needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

clang on Linux x86_64 complains about unreachable code.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Fix various windows compilation issues

Reviewed-by: Tim Hudson <tjh@openssl.org>

Fix int/unsigned compiler complaint

Reviewed-by: Matt Caswell <matt@openssl.org>

Remove support for opaque-prf

An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add missing declaration for lh_node_usage_stats

Reviewed-by: Matt Caswell <matt@openssl.org>

Rename index to idx to avoid symbol conflicts.

Picky compilers with old index() string functions.
Reviewed-by: Matt Caswell <matt@openssl.org>