Reviewed-by: Rich Salz <rsalz@openssl.org>

And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>

Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>

OPENSSL_NO_SSL_INTERN into internal header files.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz

Don't debug.

Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Mostly, but not completely, debugging print statements.
Some old logic kept for internal documentation reasons, perhaps.

Reviewed-by: Richard Levitte <levitte@openssl.org>

in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>

on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Add missing crypto modules and files to copy to crypto/install-crypto.com

Reviewed-by: Andy Polyakov <appro@openssl.org>

test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS

Reviewed-by: Andy Polyakov <appro@openssl.org>

crypto/crypto-lib.com:
 Remove all APPS building, as they are gone.
 Depend on the variable SDIRS that's defined by makevms.com.
 Remake the whole partial module list mechanism to check for variables with a counter.
 Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.

makevms.com:
 Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
 Allow for experimental modules.
 Update the allowed things to disable.
 Update the things disabled by default to match Configure.
 Update headers to be copied.

Reviewed-by: Andy Polyakov <appro@openssl.org>

catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>

Add new symbols that are longer than 31 chars to symhacks.
VMS doesn't have <sys/un.h>, reflect that in e_os.h.
MS_CALLBACK has been removed, ssl_task.c needs adjustment.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>