Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Fix possible leak in danetest.c
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Inspired from PR #873.
Nearly same as 2bbf0baa.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

LHASH_NODE was used internally, which doesn't work when configured
'no-deprecated'
Reviewed-by: NRich Salz <rsalz@openssl.org>

Found by tis-interpreter
Reviewed-by: NRich Salz <rsalz@openssl.org>

GH: #1106

Found by tis-interpreter
Reviewed-by: NRich Salz <rsalz@openssl.org>

GH: #1106

RT#4471
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The function InitOnceExceuteOnce is the best way to support the
implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately
WinXP doesn't have it. To get around that we had two different
implementations: one for WinXP and one for later versions. Which one was
used was based on the value of _WIN32_WINNT.

This approach was starting to cause problems though because other parts of
OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were
occurring dependant on include file ordering. In addition a conditional
based on _WIN32_WINNT had made its way into a public header file through
commit 5c4328f0. This is problematic because the value of this macro can
vary between OpenSSL build time and application build time.

The simplest solution to this mess is just to always use the WinXP version
of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably
not noticably.

GitHub Issue #1086
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Giving setbuf() a 64-bit pointer isn't faulty, as the argument is
passed by a 64-bit register anyway, so you only get a warning
(MAYLOSEDATA2) pointing out that only the least significant 32 bits
will be used.

However, we know that a FILE* returned by fopen() and such really is a
32-bit pointer (a study of the system header files make that clear),
so we temporarly turn off that warning when calling setbuf().
Reviewed-by: NAndy Polyakov <appro@openssl.org>

GH: #102
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and
PEM_do_header().
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>

GH: #1017

STORE doesn't exist for now

HMAC doesn't have any error codes
Reviewed-by: NRich Salz <rsalz@openssl.org>

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT#1466
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also adds 'esc_2254' to the possible command line name options

RT#1466
Reviewed-by: NRich Salz <rsalz@openssl.org>

Tidy up and simplify OBJ_dup() and OBJ_create().

Sanity check added OIDs: don't allow duplicates.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

A number of the METHOD functions weren't properly handling malloc failures.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

There were some unchecked calls to OPENSSL_strdup().
Reviewed-by: NRichard Levitte <levitte@openssl.org>

chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>