Reviewed-by: NRich Salz <rsalz@openssl.org>

Simplify BIO init using OPENSSL_zalloc().
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1261)

This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.

Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

We only add setters for X509_STORE function pointers except for the
verify callback function.  The thought is that the function pointers
in X509_STORE_CTX are a cache for the X509_STORE functions.
Therefore, it's preferable if the user makes the changes in X509_STORE
before X509_STORE_CTX_init is called, and otherwise use the verify
callback to override any results from OpenSSL's internal
calculations.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1343)

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>

As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)

Also changed the code to use "appname" not "filename"
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

GH1098: Add X509_get_pathlen() (and a test)
GH1097:  Add SSL_is_dtls() function.

Documented.
Reviewed-by: NMatt Caswell <matt@openssl.org>

checkpoint before release.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Some X509_STORE macros do not work since the type was made opaque.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:

int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
Signed-off-by: NChristian Heimes <cheimes@redhat.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Recycling an unused slot.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.

X509_STORE has ex_data and the documentation also mentions them but they
are not actually implemented.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

And recycle some disused slots.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The no-dsa option was failing on Windows because some symbols were not
correctly flagged in libcrypto.num. Problem found due to the new symbol
consistency test.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

no-cmac was failing on Windows/VMS due to libcrypto.num not marking the
CMAC functions properly. Found due to the new symbol consistency test.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The ocsp.h file did not have appropriate guards causing link failures on
Windows.

GH Issue 900
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Ensure public functions have appropriate guards in header files.

GH Issue 899
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_SOCK
Reviewed-by: NRich Salz <rsalz@openssl.org>

Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_DGRAM
Reviewed-by: NRich Salz <rsalz@openssl.org>