Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Instead of SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_srv_ext
use SSL_CTX_add_client_custom_ext and SSL_CTX_add_server_custom_ext.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Support separate parse and add callback arguments.
Add new callback so an application can free extension data.
Change return value for send functions so < 0 is an error 0
omits extension and > 0 includes it. This is more consistent
with the behaviour of other functions in OpenSSL.

Modify parse_cb handling so <= 0 is an error.

Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument
order consistent.

NOTE: these changes WILL break existing code.

Remove (now inaccurate) in line documentation.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Use "parse" and "add" for function and callback names instead of
"first" and "second".

Change arguments to callback so the extension type is unsigned int
and the buffer length is size_t. Note: this *will* break existing code.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Since sanity checks are performed for all custom extensions the
serverinfo checks are no longer needed.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reject attempts to use extensions handled internally.

Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Use the same structure for client and server custom extensions.

Add utility functions in new file t1_ext.c.
Use new utility functions to handle custom server and client extensions
and remove a lot of code duplication.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

Pull constant-time methods out to a separate header, add tests.
Reviewed-by: NBodo Moeller <bodo@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Gah, I hate when I forget to pull before merging.

Reviewed-by: rsalz

Add the wrapper to all public header files (Configure
generates one).  Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: NTim Hudson <tjh@openssl.org>

The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

I also removed some trailing whitespace and cleaned
up the "see also" list.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Stupid git tricks :(

Reviewed-by: rsalz

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors.  Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

This patch was submitted by user "Kox" via the wiki
Reviewed-by: NTim Hudson <tjh@openssl.org>

Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records.

For ease of backporting the patch to release branches.
Reviewed-by: NBodo Moeller <bodo@openssl.org>

Add an extra NULL dereference check
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Clarify the intended use of EVP_PKEY_sign. Make the code example compile.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Remove extra initialization calls in the sample program.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

In Visual Studio, inline is available in C++ only, however __inline is available for C, see
http://msdn.microsoft.com/en-us/library/z8y1yy88.aspxReviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

RT: 2835
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Don't check err variable until after it's been set.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Don't need to check auth for NULL since we did when we
assigned to it.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

Also rewrite section on compiler bugs; Matt pointed out that
it has some grammatical issues.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>