Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This change required some special treatment, as HMAC is intertwined
with EVP_MD.  For now, all local HMAC_CTX variables MUST be
initialised with HMAC_CTX_EMPTY, or whatever happens to be on the
stack will be mistaken for actual pointers to EVP_MD_CTX.  This will
change as soon as HMAC_CTX becomes opaque.

Also, since HMAC_CTX_init() can fail now, its return type changes from
void to int, and it will return 0 on failure, 1 on success.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

MR: #364

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it.  On
the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but
only when SSL_{CTX_}set_ecdh_auto() was called to turn it on.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The new state machine code missed an allowed transition when resuming a
session via EAP FAST. This commits adds the missing check for the
transition.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.

Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.

Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Don't hard code EVP_sha* etc for signature algorithms: use table
indices instead. Add SHA224 and SHA512 to tables.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Change handshake hash array into a single digest context simplifying the
handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in
TLS 1.1 and earlier.

Simplify PRF code to also use a single digest and treat EVP_md5_sha1()
as a special case.

Modify algorithm2 field of ciphers to use a single index value for handshake
hash and PRF instead of a bitmap.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Various updates following feedback from the recent commit of the new
GOST2012 code.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.

Patch also provided by Willy Tarreau <wtarreau@haproxy.com>
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

And a scalar !x --> x==0 test
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Though the callers check the function return value and ignore the
size_t output argument on failure, it is still often not ideal to
store (-1) in size_t on error.  That might signal an unduly large
buffer.  Instead set the size_t to 0, to indicate no space.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Make it clear that this function is ssl specific.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Tidy up the libssl async calls and make sure all IO functions are covered.
Reviewed-by: NRich Salz <rsalz@openssl.org>

0 is a valid file descriptor so SSL_get_async_wait_fd should instead return
-1 on error.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The ASYNC_in_job() function is redundant. The same effect can be achieved by
using ASYNC_get_current_job().
Reviewed-by: NRich Salz <rsalz@openssl.org>

Initial API implemented for notifying applications that an ASYNC_JOB
has completed. Currently only s_server is using this. The Dummy Async
engine "cheats" in that it notifies that it has completed *before* it
pauses the job. A normal async engine would not do that.

Only the posix version of this has been implemented so far, so it will
probably fail to compile on Windows at the moment.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Removed the function ASYNC_job_is_waiting() as it was redundant. The only
time user code has a handle on a job is when one is waiting, so all they
need to do is check whether the job is NULL. Also did some cleanups to
make sure the job really is NULL after it has been freed!
Reviewed-by: NRich Salz <rsalz@openssl.org>

The following entry points have been made async aware:
SSL_accept
SSL_read
SSL_write

Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with
the async mode enabled will initiate a new async job. If an async pause is
encountered whilst executing the job (such as for example if using SHA1/RSA
with the Dummy Async engine), then the above functions return with
SSL_WANT_ASYNC. Calling the functions again (with exactly the same args
as per non-blocking IO), will resume the job where it left off.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The al variable could be uninitialised in an error path.
Reviewed-by: NRich Salz <rsalz@openssl.org>