Reviewed-by: NRich Salz <rsalz@openssl.org>

Slightly modified from the original PR.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove asn1-kludge option from the req utility. It was a decade old
workaround for CAs and software which required an invalid encoding
of PKCS#10 certificate requests: omitting the attributes field even
though it is not OPTIONAL.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.

Follow-up to b11980d79a52ec08844f08bea0e66c04b691840b
Reviewed-by: NRich Salz <rsalz@openssl.org>

Apparently, emacs sees changes to auto-fill-mode as insecure
Reviewed-by: NRich Salz <rsalz@openssl.org>

This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This hopefully conforms closely enough to the current code style.
Reviewed-by: NRich Salz <rsalz@openssl.org>

BN_bntest_rand generates a single-word zero BIGNUM with quite a large probability.

A zero BIGNUM in turn will end up having a NULL |d|-buffer, which we shouldn't dereference without checking.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Fix from David Baggett via tweet.
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Make all mention of digest algorithm use "any supported algorithm"

RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
    X509_LOOKUP_hash_dir.pod
    X509_check_ca.pod
    X509_check_issued.pod

RT 1600:
    Remove references to non-existant objects(3)
    Add RETURN VALUES to BIO_do_accept page.

RT1818:
    RSA_sign Can return values other than 0 on failure.

RT3634:
    Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)

RT3678:
    Some clarifications to BIO_new_pair
    (Devchandra L Meetei <dlmeetei@gmail.com>)

RT3787:
    Fix some EVP_ function return values
    (Laetitia Baudoin <lbaudoin@google.com>)
Reviewed-by: NTim Hudson <tjh@openssl.org>

add -help description of sigalgs, client_sigalgs, curves
and named_curve
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Use sizeof instead of an explicit size, and use the functions for the
purpose.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Rewrite ssl3_get_client_hello to use the new methods.
Reviewed-by: NMatt Caswell <matt@openssl.org>

If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The PACKET should hold a 'const unsigned char*' underneath as well
but the legacy code passes the record buffer around as 'unsigned char*'
(to callbacks, too) so that's a bigger refactor.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Also known as RT 4106
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Undocumented, unused, unnecessary (replaced by secure arena).
Reviewed-by: NRichard Levitte <levitte@openssl.org>

If a binary sequence is all zero's, call BN_zero.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.
Reviewed-by: NTim Hudson <tjh@openssl.org>

A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Came up on the mailing list, from Ken Goldman.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add DSA tests.

Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>

L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>