Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org #4287]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.

CAVE: This will break code, which currently uses the "-policy"
option.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Use SSL_get_SSL_CTX instead of passing SSL_CTX to s_client.c:print_stuff
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

MR: #1824

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

MR: #1595

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Use "!x" instead of "x <= 0", as these functions never return a negative
value.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also improves some documentation of those functions.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

It also makes the call to select blocking to reduce CPU usage
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Bug reported by Michel Sales.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Ensure that a value of 0 is correctly handled for the split_send_frag
argument.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Document the new split_send_frag, max_pipelines and read_buf options.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Previously s_client and s_server relied on using SSL_pending() which does
not take into account read_ahead. For read pipelining to work, read_ahead
gets set automatically. Therefore s_client and s_server have been
converted to use SSL_has_pending() instead.
Reviewed-by: NTim Hudson <tjh@openssl.org>

This capability is required for read pipelining. We will only read in as
many records as will fit in the read buffer (and the network can provide
in one go). The bigger the buffer the more records we can process in
parallel.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Add the options min_send_frag and max_pipelines to s_server and s_client
in order to control pipelining capabilities. This will only have an effect
if a pipeline capable cipher is used (such as the one provided by the
dasync engine).
Reviewed-by: NTim Hudson <tjh@openssl.org>

This replaces SHUTDOWN/SHUTDOWN2 with BIO_closesocket.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add the ASYNC_is_capable() function and use it in speed.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist
for this structure. Two new ones were added to handle attributes.

The old handling of broken formats has been removed and the corresponding
structures simplified.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Move RSA struct in the job local struct.
The change is applied also to other crypto operations (e.g. DSA) to
make things consistent.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Summary of the changes:

* Move the calls to the crypto operations inside wrapper functions.
  This is required because ASYNC_start_job takes a function as an argument.

* Add new function run_benchmark() that manages the jobs for all the operations.
  In the POSIX case it uses a select() to receive the events from the engine
  and resume the jobs that are paused, while in the WIN case it uses PeekNamedPipe()

* Add new option argument async_jobs to enable and specify the number of async jobs

Example:
  openssl speed -engine dasync -elapsed -async_jobs 32 rsa2048
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Thanks to Colin Percival for reporting this issue.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>