Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The macros BSWAP4 and BSWAP8 have statetemnt expressions
implementations that use local variable names that shadow variables
outside the macro call, generating warnings like this

e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable
      [-Wshadow]
    seqnum = BSWAP8(blocks[0].q[0]);
             ^
../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8'
                            ^
e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here
    size_t ret = 0;
           ^

Have clang be quiet by modifying the macro variable names slightly
(suffixing them with an underscore).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...
Reviewed-by: NRich Salz <rsalz@openssl.org>

Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap
with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at
that time:

- crypto_128_unwrap_raw()'s return value ('ret') is checked incorrectly,
  and the function immediately returns 'ret' in (almost) all cases.
  This makes the IV checking code later in the function unreachable, but
  callers think the IV check succeeded since CRYPTO_128_unwrap()'s
  return value is non-zero.

  FIX: Return 0 (error) if crypto_128_unwrap_raw() returned 0 (error).

- crypto_128_unwrap_raw() writes the IV to the 'got_iv' buffer, not to
  the first 8 bytes of the output buffer ('out') as the IV checking code
  expects.  This makes the IV check fail.

  FIX: Compare 'iv' to 'got_iv', not 'out'.

- The data written to the output buffer ('out') is "cleansed" if the IV
  check fails, but the code passes OPENSSL_cleanse() the input buffer
  length ('inlen') instead of the number of bytes that
  crypto_128_unwrap_raw() wrote to the output buffer ('ret').  This
  means that OPENSSL_cleanse() could potentially write past the end of
  'out'.

  FIX: Change 'inlen' to 'ret' in the OPENSSL_cleanse() call.

- CRYPTO_128_unwrap() is returning the length of the input buffer
  ('inlen') instead of the number of bytes written to the output buffer
  ('ret').  This could cause the caller to read past the end of 'out'.

  FIX: Return 'ret' instead of 'inlen' at the end of the function.

PR#3749
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
Value). The least significant 4 bytes of this is placed into the local
variable |ptext_len|. This is done as follows:

    ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];

aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
int - therefore we could end up shifting into the sign bit and end up with
a negative value. |ptext_len| is a size_t (typically 64-bits). If the
result of the shifts is negative then the upper bits of |ptext_len| will
all be 1.

This commit fixes the issue by explicitly casting to an unsigned int.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

According to RFC 5649 section 4.1 step 1) we should not add padding
if plaintext length is multiply of 8 ockets.

This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F
on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2.

PR#3675
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.
Reviewed-by: NRich Salz <rsalz@openssl.org>

on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.
Reviewed-by: NRich Salz <rsalz@openssl.org>

declaration
Reviewed-by: NRich Salz <rsalz@openssl.org>

Fix typos in ios64-cross config line.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

indent will not alter them when reformatting comments
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

RT: 3333,3165
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Add the wrapper to all public header files (Configure
generates one).  Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: NTim Hudson <tjh@openssl.org>

[and split ppccap.c to ppccap.c and ppc_arch.h]
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Add support for RFC5649 key wrapping with padding.

Add RFC5649 tests to evptests.txt

Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.

EVP support and minor changes added by Stephen Henson.

Doxygen comment block updates by Tim Hudson.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>