Hide all public symbols in libssl

With the guentherizer 9000

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

Error check for sk_push in libssl

CID 24838

comment and ok tb@

add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

Error check for sk_push in libssl

CID 24838

comment and ok tb@

add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

Error check for sk_push in libssl

CID 24838

comment and ok tb@

add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Error check for sk_push in libssl

CID 24838

comment and ok tb@

add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Move DTLS structs/definitions/prototypes to dtls_locl.h.

Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.

ok inoguchi@ tb@

Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*

Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Make profile_name const in srtp_find_profile_by_name()

There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.

ok guenther jsing

Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Consistently spell 'unsigned' as 'unsigned int', as style(9) seems
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.

ok inoguchi jsing

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Avoid leak: free existing SRTP connection profiles before
setting it.

From Ben L <bobsayshilol () live ! co ! uk>.

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision

Rewrite SRTP extension using CBB/CBS and the new extension framework.

input + ok beck@, jsing@

Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly
line wraps that resulted

Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

sk_free() checks for NULL so do not bother doing it from the callers.

Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@

Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.

ok beck@

Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.

ok jsing@ bcook@ deraadt@

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

ok miod@ jsing@

test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@

Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

Remove trailing whitespace.

Avoid a double-free in an error path.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@

Sort and group includes.

Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().
From BoringSSL.

More KNF.

Fix 2 memory leaks.

(Thanks to Brent Cook)

OK from tedu@

tags as requested by miod and tedu

remove some #if 0 code. we don't need any more reminders that we're using
a not quite appropriate data structure. ok jsing

More KNF and style consistency tweaks

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

branches: 1.1.1;
Initial revision