Hide all public symbols in libssl

With the guentherizer 9000

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Change the loop index from an unsigned int to size_t now that all
upper bounds are known to be size_t.

ok jsing

Drop an unnecessary cast

ok jsing

Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove some
SSLv2 remnants.

ok jsing

Minor style cleanup in ssl_txt.c

Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.

ok jsing

Stop using BIO_s_file_inernal() in libssl.

BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.

ok jsing

Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Change the loop index from an unsigned int to size_t now that all
upper bounds are known to be size_t.

ok jsing

Drop an unnecessary cast

ok jsing

Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove some
SSLv2 remnants.

ok jsing

Minor style cleanup in ssl_txt.c

Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.

ok jsing

Stop using BIO_s_file_inernal() in libssl.

BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.

ok jsing

Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Change the loop index from an unsigned int to size_t now that all
upper bounds are known to be size_t.

ok jsing

Drop an unnecessary cast

ok jsing

Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove some
SSLv2 remnants.

ok jsing

Minor style cleanup in ssl_txt.c

Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.

ok jsing

Stop using BIO_s_file_inernal() in libssl.

BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.

ok jsing

Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove some
SSLv2 remnants.

ok jsing

Minor style cleanup in ssl_txt.c

Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.

ok jsing

Stop using BIO_s_file_inernal() in libssl.

BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.

ok jsing

Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Stop using BIO_s_file_inernal() in libssl.

BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.

ok jsing

Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

Remove trailing whitespace.

Sort and group includes.

Provide ssl_version_string() function, which uses one of those modern C
constructs (a switch statement) and returns the appropriate string defined
by SSL_TXT_* for the given version, including support for DTLSv1 and
DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print().

ok beck@

Remove the PSK code. We don't need to drag around this
baggage.
ok miod@ jsing@

decompress libssl. ok beck jsing

tags as requested by miod and tedu

TLS would not be entirely functional without extensions, so unifdef
OPENSSL_NO_TLSEXT.

ok tedu@

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.

KNF fixes

Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.

ok tedu@

add back SRP. i was being too greedy.

disentangle SRP code from TLS

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision