Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.
Reviewed-by: NTim Hudson <tjh@openssl.org>

the extract-names.pl script.

RT#3718
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

the X509_V_FLAG_NO_ALT_CHAINS flag.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove outdated doc files.
Fix windows build after old_des was removed.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
Reviewed-by: NRichard Levitte <levitte@openssl.org>

A DES algorithm mode, known attacks, no EVP support.
Flushed.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Show only the #define, not the values, in BIO_f_buffer.  Data
abstraction and we can remove a "see also" entry.

Remove internal forward reference to NOTES in EVP_EncryptInit; just
say "see below" as we do in the other pages.

Add missing (3) in pem.pod so the L<> entry is consistent.
Fix entry to point to the "master" page, not the symlink'd one.
Reviewed-by: NMatt Caswell <matt@openssl.org>

MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: NMatt Caswell <matt@openssl.org>

In EVP_EncryptInit remove duplicate mention of EVP_idea_cbc()
In EVP_PKEY_CTX_ctrl.pod remove EVP_PKEY_get_default_digest_nid
since it is documented elsewhere.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Minor changes made by Matt Caswell
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Minor changes made by Matt Caswell.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Minor changes made by Matt Caswell.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Fix CONF_load_modules to CONF_modules_load.
Document that it calls exit.
Advise against using it now.
Add an error print to stderr.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The original RT request included a patch.  By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback.  But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The function returns 0 or 1, only.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The function returns 0 or 1, only.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Andy found an additional typo "can be can be".
Now I have that silly "Que sera sera" song stuck in my head.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

The doc says that port can be "*" to mean any port.
That's wrong.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

RT1665: aes documentation.

Paul Green wrote a nice aes.pod file.
But we now encourage the EVP interface.
So I took his RT item and used it as impetus to add
the AES modes to EVP_EncryptInit.pod
I also noticed that rc4.pod has spurious references to some other
cipher pages, so I removed them.

RT2300: Clean up MD history (merged into RT1665)

Put HISTORY section only in EVP_DigestInit.pod. Also add words
to discourage use of older cipher-specific API, and remove SEE ALSO
links that point to them.

Make sure digest pages have a NOTE that says use EVP_DigestInit.

Review feedback:
More cleanup in EVP_EncryptInit.pod
Fixed SEE ALSO links in ripemd160.pod, sha.pod, mdc2.pod, blowfish.pod,
rc4.d, and des.pod.  Re-order sections in des.pod for consistency
Reviewed-by: NMatt Caswell <matt@openssl.org>

When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

I also removed some trailing whitespace and cleaned
up the "see also" list.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>