Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Certain code paths in tls_decrypt_ticket could return early without first
freeing the HMAC_CTX or the EVP_CIPHER_CTX.
Reviewed-by: NRich Salz <rsalz@openssl.org>

As handshake_func is a function pointer, it should compare to NULL
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Thanks to Viktor for additional review.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

- Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Combination of heartbeats and unit-tests.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

PR#4303
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The recent removal of static ECDH broke the enable-ssl-trace compilation.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Remove support for static ECDH ciphersuites. They require ECDH keys
in certificates and don't support forward secrecy.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Commit 7823d792 added DEFINE_LHASH_OF
to a C source file.  DEFINE_LHASH_OF() and DEFINE_STACK_OF() must
be used only in header files to avoid clang warnings for unused
static-inline functions.
Reviewed-by: NRich Salz <rsalz@openssl.org>

To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Updated for 1.1 by Rich Salz
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Update ciphers documentation as well (based on -04 rev of ID).
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT: #4206, GH: #642

If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Man, there were a lot of renamings :)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The old building scripts get removed, they are hopelessly gone in bit
rot by now.

Also remove the old symbol hacks.  They were needed needed to shorten
some names to 31 characters, and to resolve other symbol clashes.
Because we now compile with /NAMES=(AS_IS,SHORTENED), this is no
longer required.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Remoce DYANMIC once-init stuff.
After the library is stopped, you can't restart it.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Fixes for the auto-init/deinit code based on review comments
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Various Makefile.in files have changes for auto-init/de-init. Make the
equivalent changes in build.info.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This option disables automatic loading of the crypto/ssl error strings in
order to keep statically linked executable file size down
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Building on the pervious commit to auto initialise and de-initialise libssl
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and libssl. The intention is
to remove the need (in many circumstances) to call explicit initialise and
deinitialise functions. Explicit initialisation will still be an option,
and if non-default initialisation is needed then it will be required.
Similarly for de-initialisation (although this will be a lot easier since
it will bring all de-initialisation into a single function).
Reviewed-by: NRichard Levitte <levitte@openssl.org>

As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails.  However, this only happened when verification
failed during chain construction.  Errors in verification of the
constructed chain did not have the intended effect on these functions.

This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails.  Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail.  They must of course first check
and save the real error, and restore the original error as quickly
as possible.  Hiding by default seems to be the safer interface.

Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records.  Previously reported via X509_V_ERR_CERT_UNTRUSTED.

This also changes the "-brief" output from s_client to include
verification results and TLSA match information.

Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).

Added a few more test-cases to danetest, that exercise the new
code.

Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().

Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error.  [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]
Reviewed-by: NRich Salz <rsalz@openssl.org>

Deprecate undocumented SSL_cache_hit(). Make SSL_session_reused() into a
real function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Previous commit 7bb196a7 attempted to "fix" a problem with the way
SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had
SSL_shutdown() return immediately having taken no action if called mid-
handshake with a return value of 1 (meaning everything was shutdown
successfully). In fact the shutdown has not been successful.

Commit 7bb196a7 changed that to send a close_notify anyway and then
return. This seems to be causing some problems for some applications so
perhaps a better (much simpler) approach is revert to the previous
behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown
was not successful).

This also fixes a bug where SSL_shutdown always returns 0 when shutdown
*very* early in the handshake (i.e. we are still using SSLv23_method).
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>