RT#1817

Reviewed-by: Rich Salz <rsalz@openssl.org>

the fact that it's community-supported target.

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #102

Reviewed-by: Richard Levitte <levitte@openssl.org>

Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...

Reviewed-by: Rich Salz <rsalz@openssl.org>

In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>

Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and
PEM_do_header().

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

adds missing check for defined(__GNUC__)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1094)

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1017

Reviewed-by: Rich Salz <rsalz@openssl.org>

STORE doesn't exist for now

HMAC doesn't have any error codes

Reviewed-by: Rich Salz <rsalz@openssl.org>

- Adjust mkerr.pl to produce the line length we used for source
  reformating.

- Have mkerr.pl keep track of preprocessor directive indentation

  Among others, do not spuriously throw away a #endif at the end of
  header files.

- Make sure mkerr.pl specifies any header inclusion correctly

Reviewed-by: Rich Salz <rsalz@openssl.org>

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/526)

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>

Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>

Tidy up and simplify OBJ_dup() and OBJ_create().

Sanity check added OIDs: don't allow duplicates.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

A number of the METHOD functions weren't properly handling malloc failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>

There were some unchecked calls to OPENSSL_strdup().

Reviewed-by: Richard Levitte <levitte@openssl.org>

In the CAPI engine there were some unchecked calls to OPENSSL_strdup().

GH Issue #830

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Discard useless static engine_id
Add a const qualifier
Fix some spelling

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>