Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461)

The generated asm code from x86cpuid.pl contains CMOVE instructions
which are only available on i686 and later CPUs.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1459)

These functions are no longer relevant to 1.1.0 (we always have auto ecdh
on) - but no reason to break old code that tries to call it. The macros will
only return a dummy "success" result if the app was trying to enable ecdh.
Disabling can't be done in quite this way any more.

Fixes Github Issue #1437
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

The read pipelining code broke constant time unpadding. See GitHub
issue #1438
Reviewed-by: NRich Salz <rsalz@openssl.org>

If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Now we support (u)int64_t this can be very much simpler.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Modify VMS config.com to match
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Check for error return in BN_div_word().
Reviewed-by: NTim Hudson <tjh@openssl.org>

If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182
Reviewed-by: NTim Hudson <tjh@openssl.org>

The 64 bit pointer must not be cast to 32bit unsigned long on
x32 platform.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Add extra cast to unsigned long to avoid sign extension when
converting pointer to 64 bit data.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Test that we handle a TLS ClientHello in an SSLv2 record correctly.
Reviewed-by: NTim Hudson <tjh@openssl.org>

If we receive a non-initial record but the version number isn't right then
we should send an alert.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.

This is an alternative approach that directly tracks in the record layer
whether this is the first record.

GitHub Issue #1298
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

Reviewed-by: NRich Salz <rsalz@openssl.org>

Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.
Reviewed-by: NRich Salz <rsalz@openssl.org>