spurious output when checking for error conditions.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6899)

Don't discard partial reads from /dev/*random and retry instead.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6990)

Fixes #6978

Don't discard partial reads from syscall_random() and retry instead.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6990)

Change return value type to ssize_t and ensure that a negative value
is returned only if a corresponding errno is set.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6990)

The option has no meaning on Darwin, but it can bail out in combination
with -fembed-bitcode or -no-integrated-as...
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7001)

gcc 4.6 (arguably erroneously) warns about our use of 'free' as
the name of a function parameter, when --strict-warnings is enabled:

crypto/x509/x509_meth.c: In function 'X509_LOOKUP_meth_set_free':
crypto/x509/x509_meth.c:61:12: error: declaration of 'free' shadows a global declaration [-Werror=shadow]
cc1: all warnings being treated as errors
make[1]: *** [crypto/x509/x509_meth.o] Error 1

(gcc 4.8 is fine with this code, as are newer compilers.)
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6991)

CRYPTO_atomic_read was added with intention to read statistics counters,
but readings are effectively indistinguishable from regular load (even
in non-lock-free case). This is because you can get out-dated value in
both cases. CRYPTO_atomic_write was added for symmetry and was never used.
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6883)

Fixes #6980
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6981)

Relax memory_order on counter decrement itself, because mutable
members of the reference-counted structure should be visible on all
processors independently on counter. [Even re-format and minimize
dependency on other headers.]
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6900)

The TLSv1.4 tolerance test wasn't testing what we thought it was.
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)

Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)

Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6963)

If application explicitly calls CONF_modules_load_file() the SSL
conf module will be initialized twice and the module data would leak.
We need to free it before initializing it again.

Fixes #6835
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6948)

The logs are usually not looked at, and when they are it's almost
always after they've completed and returned a status.  That being
the case, "progress" output is useless if it's always seen after
the fact.
Signed-off-by: NPhilip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6928)

To avoid crash (same as #5138 fixed in 44f23cd2)

CLA: trivial
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6937)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6949)

Originally fopen(3) was called from bio/bss_file.c, which performed the
aliasing. Then fopen(3) was moved to o_fopen.c, while "magic" definition
was left behind. It's still useful on 32-bit platforms, so pull it to
o_fopen.c.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6596)

This allows the original path to be displayed when it's shown
to be invalid, so the user can relate without question.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6925)

Extra slashes in paths are permissible in Unix-like platforms...
however, when compared with the result from 'which', which returns
canonical paths, the comparison might fail even though the compared
paths may be equivalent.  We make the NDK path canonical internally to
ensure the equivalence compares as equal, at least for the most
trivial cases.

Fixes #6917
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6924)

Since 0.9.7, all i2d_ functions were documented to allocate an output
buffer if the user didn't provide one, under these conditions (from
the 1.0.2 documentation):

    For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
    allocated for a buffer and the encoded data written to it. In this
    case B<*out> is not incremented and it points to the start of the
    data just written.

i2d_ASN1_OBJECT was found not to do this, and would crash if a NULL
output buffer was provided.

Fixes #6914
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6918)

to the now released RFC 8410.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6910)

Commit 88393244 removed some NULL checks from the stack code. This caused
a no-comp build to fail in the client and server fuzzers.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6893)

This reverts commit 88393244.

Removing these checks changes the behaviour of the API which is not
appropriate for a minor release. This also fixes a failure in the
fuzz tests when building with no-comp.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6895)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6894)

A client that has fallen back could detect an inappropriate fallback if
the TLSv1.3 downgrade protection sentinels are present.

Fixes #6756
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6894)

Test that a server can handle an unecrypted alert when normally the next
message is encrypted.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)

At certain points in the handshake we could receive either a plaintext or
an encrypted alert from the client. We should tolerate both where
appropriate.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)

If we sent early_data and then received back an HRR, the enc_write_ctx
was stale resulting in errors if an alert needed to be sent.

Thanks to Quarkslab for reporting this.

In any case it makes little sense to encrypt alerts using the
client_early_traffic_secret, so we add special handling for alerts sent
after early_data. All such alerts are sent in plaintext.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)

Under certain error conditions a call to SSLfatal could accidently be
missed.
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6872)

In 38eca7fe a new check for the pem_str member of the entries of the
ASN1 method table was introduced. Because the test condition was split
into two TEST_true(...) conditions, the test outputs error diagnostics
for all entries which have pem_str != NULL. This commit joins the two
test conditions into a single condition.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6888)

Also add build-time errors to keep them in sync.
Thanks to GitHub user YuDudysheva for reporting this.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6874)

Thanks to GitHub user zsergey105 for reporting this.
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6875)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6885)

Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6870)

Rationale is that it wasn't providing accurate statistics anyway.
For statistics to be accurate CRYPTO_get_alloc_counts should acquire
a lock and lock-free additions should not be an option.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6786)

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6786)

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6786)

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6786)