Hide all public symbols in libssl

With the guentherizer 9000

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

Bye bye S3I.

S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.

ok inoguchi@ tb@

Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@

Remove references to obsolete alerts.

The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.

ok tb@

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

Bye bye S3I.

S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.

ok inoguchi@ tb@

Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@

Remove references to obsolete alerts.

The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.

ok tb@

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

Bye bye S3I.

S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.

ok inoguchi@ tb@

Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@

Remove references to obsolete alerts.

The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.

ok tb@

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Bye bye S3I.

S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.

ok inoguchi@ tb@

Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@

Remove references to obsolete alerts.

The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.

ok tb@

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@

Remove references to obsolete alerts.

The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.

ok tb@

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision