Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

Fix a =head1 section name
Fix a typo in POD label
Remove a spurious =back
Add a missing blank line
Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword.
Always do strict checking
Do not warn about missing "RETURN VALUES" unless -s is set.
Change OpenSSL version 1.1 -> 1.1.0
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3830)

Instead, make it possible to disable the console reader that's part of
the UI module.  This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for  'no-ui-console' /
'disable-ui-console'.

Fixes #3806
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)

Only for Unix platforms
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3754)

For Windows, we care which way it is, the resulting file is just a pile
of symbols.  For VMS, we really need to care about the numeric ordering,
and getting the symbols sorted by symbol version too didn't agree with
that.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)

This allows us to guard Unix specific functions with
#ifndef / #ifdef OPENSSL_SYS_UNIX
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3804)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)

To make sure that our symbols don't clash with other libraries, we
claim the namespaces OSSL and OPENSSL.  Because C doesn't provide
namespaces, the only solution is to have them as prefixes on symbols,
thus we allow OSSL_ and OPENSSL_ as prefixes.

These namespace prefixes are optional for the foreseeable future, and
will only be used for new modules as needed on a case by case basis,
until further notice.

For extra safety, there's an added requirement that module names -
apart from the namespace prefix - be at least 2 characters long.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)

Put them into the TLSProxy::Message namespace along with the extension
type constants.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)

Adding a get1 style accessor as brought up in mailing list post
https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.htmlReviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1876)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)

Reading the prologue of this file conserved the "# Function codes"
line, and then duplicated it when rewriting this file, adding a new
"# Function codes" line everytime there's an update.

Better then to skip over all comment lines and have the prologue
defined in mkerr.pl, just the same as we do with the other affected
files.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3664)

Sometimes, one might only want to rework a subset of all the internal
error codes.  -module allows the caller to specify exactly which
library modules to rewrite.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3662)

Add "*" as indicator meaning the function/reason is removed, so put an
empty string in the function/reason string table; this preserves backward
compatibility by keeping the #define's.

In state files, trailing backslash means text is on the next line.

Add copyright to state files
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3640)

It is an API to be used from the early callback that indicates what
extensions were present in the ClientHello, and in what order.
This can be used to eliminate unneeded calls to SSL_early_get0_ext()
(which itself scales linearly in the number of extensions supported
by the library).
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2976)

Reviewed-by: NKurt Roceckx <kurt@openssl.org>

Make funcs to deal with non-null-term'd string
in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm().

Fixes issue #3444.

This one is used to enforce strict format (RFC 5280) check and to
convert GeneralizedTime to UTCTime.

apps/ca has been changed to use the new API.

Test cases and documentation are updated/added
Signed-off-by: NPaul Yang <paulyang.inf@gmail.com>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3566)

The search is approximate; look only for those that look like
functions.

[skip ci]
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3641)

Fix test for "documenting private functions"
And add -p flag to doc-nits recipe
Mark when things were deprecated, if doc'd as such
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3624)

This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3378)

Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)

Report if any non-public items are documented.
Add util/private.num that lists items that aren't in the public
(lib*.num) files that we do want to document.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3603)

This can be used by engines that need to retain the data for a longer time
than just the call where this user data is passed.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3575)

In a recent PR (#3566) it seems that TLSProxy gave up trying to connect to
the server process too quickly. This meant the test failed even though the
server *did* eventually start. Currently we try 3 times to connect with a
0.1 second pause between each attempt. That is probably too aggressive.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3587)

Require a comma between every name and a single space before the dash
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3559)

Issue #3562 describes a problem where a race condition can occur in the
Proxy such that a test "ok" line can appear in the middle of other text
causing the test harness to miss it. The issue is that we do not wait for
the client process to finish after the test is complete, so that process may
continue to write data to stdout/stderr at the same time that the test
harness does.

This commit fixes TLSProxy so that we always wait for the client process to
finish before continuing.

Fixes #3562
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3567)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3409)

Verify that we fail if we receive an HRR but no change will result in
ClientHello2.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)

Split the PEM_bytes_read_bio() implementation out into a
pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE
as needed.  Adjust the cleanup to properly use OPENSSL_secure_free()
when needed, and reimplement PEM_bytes_read() as a wrapper around
the _flags helper.

Add documentation for PEM_bytes_read_bio() and the new secmem variant.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)

The extended function includes a 'flags' argument to allow callers
to specify different requested behaviors.  In particular, callers can
request that temporary storage buffers are allocated from the secure heap,
which could be relevant when loading private key material.

Refactor PEM_read_bio to use BIO_mems instead of BUFs directly,
use some helper routines to reduce the overall function length, and make
some of the checks more reasonable.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3368)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3368)