The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Create app_load_config(), a routine to load config file.  Remove the
"always load config" from the main app.  Change the places that used to
load config to call the new common routine.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add support for PKCS#8 private key encryption using the scrypt algorithm
in the pkcs8 utility. Update documentation.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This adds a new function which will encrypt a private key using PKCS#8
based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it.

Update pkcs8 utlity to use PKCS8_set0_pbe.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The "out" variable is used for both key and csr.  Close it after
writing the first one so it can be re-used when writing the other.
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Thanks to Brian Carpenter <brian.carpenter@gmail.com> for finding this.
Reviewed-by: NTim Hudson <tjh@openssl.org>

The 'http proxy' commit broke s_client default host/port value.
Thanks to Matt for the simplest fix.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This fixes compilation with various OPENSSL_NO_* options that got broken
during the big apps cleanup.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Typedef STRINT_PAIR to be the same as OPT_PAIR, and use that structure and
a bunch of tables instead of switch statements to lookup various values
out of the SSL/TLS message buffers.  Shrinks a bunch of code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Following the version negotiation rewrite all of the previous code that was
dedicated to version negotiation can now be deleted - all six source files
of it!!
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.

The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.

Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.

Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Follow the same convention the other OPENSSL_NO_xxx header files
do, and use #error instead of making the header file be a no-op.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Had old patch, forgot to push/patch this to master
Reviewed-by: NMatt Caswell <matt@openssl.org>

Various bugs found by Viktor, Emilia, Matt, etc.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove Kerberos related options from the apps to prepare for the
subsequent commits which will remove libcrypto and libssl support for
Kerberos.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

This would cause memory corruption in opt_init() because it relies on the
terminating NULL.

RT#3842
Reviewed-by: NRich Salz <rsalz@openssl.org>

clang says: "s_cb.c:958:9: error: implicitly declaring library function
'memcpy'"
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"
Reviewed-by: NTim Hudson <tjh@openssl.org>

The file name given to -CAserial might not exist yet.  The
-CAcreateserial option decides if this is ok or not.

Previous to this change, -CAserial was a type '<' option, and in that
case, the existence of the file given as argument is tested quite
early, and is a failure if it doesn't.  With the type 's' option, the
argument is just a string that the application can do whatever it
wants with.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Compiling OpenSSL code with MSVC and /W4 results in a number of warnings.
One category of warnings is particularly interesting - C4701 (potentially
uninitialized local variable 'name' used). This warning pretty much means
that there's a code path which results in uninitialized variables being used
or returned. Depending on compiler, its options, OS, values in registers
and/or stack, the results can be nondeterministic. Cases like this are very
hard to debug so it's rational to fix these issues.

This patch contains a set of trivial fixes for all the C4701 warnings (just
initializing variables to 0 or NULL or appropriate error code) to make sure
that deterministic values will be returned from all the execution paths.

RT#3835
Signed-off-by: NMatt Caswell <matt@openssl.org>

Matt's note: All of these appear to be bogus warnings, i.e. there isn't
actually a code path where an unitialised variable could be used - its just
that the compiler hasn't been able to figure that out from the logic. So
this commit is just about silencing spurious warnings.
Reviewed-by: NRich Salz <rsalz@openssl.org>

A copy&paste error as a result of the big apps cleanup broke the version
specific methods in s_server.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Fix error in WIN32_rename() introduced by commit b4faea50.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

If CA.pl is reading from /dev/null, then "chop $FILE" gives a warning.
Sigh.  Have to add "if $FILE".  This just silences a build warning.
Thanks to GitHub user andrejs-igumenovs for help with this.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.

Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
check against the size of the actual cipher used.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Don't do access check on destination directory; it breaks when euid/egid
is different from real uid/gid.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Signed-off-by: NRich Salz <rsalz@akamai.com>

Reviewed-by: NTim Hudson <tjh@openssl.org>