Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and
PEM_do_header().
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

adds missing check for defined(__GNUC__)
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1094)

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>

GH: #1017

Reviewed-by: NRich Salz <rsalz@openssl.org>

STORE doesn't exist for now

HMAC doesn't have any error codes
Reviewed-by: NRich Salz <rsalz@openssl.org>

- Adjust mkerr.pl to produce the line length we used for source
  reformating.

- Have mkerr.pl keep track of preprocessor directive indentation

  Among others, do not spuriously throw away a #endif at the end of
  header files.

- Make sure mkerr.pl specifies any header inclusion correctly
Reviewed-by: NRich Salz <rsalz@openssl.org>

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/526)

RT#1466
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT#1466
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also adds 'esc_2254' to the possible command line name options

RT#1466
Reviewed-by: NRich Salz <rsalz@openssl.org>

Tidy up and simplify OBJ_dup() and OBJ_create().

Sanity check added OIDs: don't allow duplicates.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

A number of the METHOD functions weren't properly handling malloc failures.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

There were some unchecked calls to OPENSSL_strdup().
Reviewed-by: NRichard Levitte <levitte@openssl.org>

In the CAPI engine there were some unchecked calls to OPENSSL_strdup().

GH Issue #830
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Discard useless static engine_id
Add a const qualifier
Fix some spelling
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

In the SSLV2ClientHello processing code in ssl3_get_record, the value of
|num_recs| will always be 0. This isn't obvious from the code so a comment
is added to explain it.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

When RSA went opaque a bug was introduced into the dasync engine where
the wrong function was being set for the rsa_priv_dec operation.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

The function ssl3_get_record() can obtain multiple records in one go
as long as we are set up for pipelining and all the records are app
data records. The logic in the while loop which reads in each record is
supposed to only continue looping if the last record we read was app data
and we have an app data record waiting in the buffer to be processed. It
was actually checking that the first record had app data and we have an
app data record waiting. This actually amounts to the same thing so wasn't
wrong - but it looks a bit odd because it uses the |rr| array without an
offset.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Pipelining introduced the concept of multiple records being read in one
go. Therefore we work with an array of SSL3_RECORD objects. The pipelining
change erroneously made a change in ssl3_get_record() to apply the current
record offset to the SSL3_BUFFER we are using for reading. This is wrong -
there is only ever one read buffer. This reverts that change. In practice
this should make little difference because the code block in question is
only ever used when we are processing a single record.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>