CLA: trivial
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1909)

New minimal fuzz corpora set
Reviewed-by: NAndy Polyakov <appro@openssl.org>

GH: #1910

llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in
type 'int64_t' (aka 'long'); cast to an unsigned type to negate this
value to itself

Found using libfuzzer
Reviewed-by: NRich Salz <rsalz@openssl.org>

GH: #1908

This provides up to 30% better performance on some of recent processors.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

In order to minimize dependency on assembler version a number of
post-SSE2 instructions are encoded manually. But in order to simplify
the procedure only register operands are considered. Non-register
operands are passed down to assembler. Module in question uses pshufb
with memory operands, and old [GNU] assembler can't handle it.
Fortunately in this case it's possible skip just the problematic
segment without skipping SSSE3 support altogether.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The links weren't properly terminated with a "
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1901)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)

When configured no-dso, there are no DSO_{whatever} macros defined.
Therefore, before checking those, you have to check if OPENSSL_NO_DSO
is defined.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1902)

- the pod path hadn't been changed with the directory layout change
- apparently, pod2html doesn't add ".html" at the end of links, making
  them useless, so we need to fix that

With thanks for the report to Michel <michel.sales@free.fr>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1896)

The test loops through all the ciphers, attempting to test each one in turn.
However version negotiation happens before cipher selection, so with TLSv1.3
switched on if we use a non-TLSv1.3 compatible cipher suite we get "no
share cipher".
Reviewed-by: NRich Salz <rsalz@openssl.org>

Now that we can link specifically with static libraries, the immediate
need to split ppccap.c (and eventually other *cap.c files) is no more.

This reverts commit e3fb4d3d.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is because TLS1.3 has renamed
the extension, and it can now include DH groups too. We still only support
curves, but this rename should pave the way for a future extension for DH
groups.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)

Very simply, support having the .a extension to denote depending on
static libraries.  Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1890)

Instead of enumerating exactly those files in test/ that include
../ssl/ssl_locl.h, assume they all do.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1891)

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

This is done by taking one vector, "corrupting" last bit of the
tag value and verifying that decrypt fails.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Don't set choice selector on parse failure: this can pass unexpected
values to the choice callback. Instead free up partial structure
directly.

CVE-2016-7053

Thanks to Tyler Nighswander of ForAllSecure for reporting this issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this
Reviewed-by: NRich Salz <rsalz@openssl.org>

Some of stone-age assembler can't cope with r0 in address. It's actually
sensible thing to do, because r0 is shunted to 0 in address arithmetic
and by refusing r0 assembler effectively makes you understand that.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Skip the test if the value after ":" is a disabled algorithm, rather
than failing it
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Added some TODOs, refactored a couple of things and added a SSL_IS_TLS13()
macro.
Reviewed-by: NRich Salz <rsalz@openssl.org>

No need to have a supported versions table and a versions table. They
should be the same.
Reviewed-by: NRich Salz <rsalz@openssl.org>

There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Renegotiation does not exist in TLS1.3, so we need to disable it at some
point.
Reviewed-by: NRich Salz <rsalz@openssl.org>