Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.

These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.

We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.

Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.

These were necessary long ago to work around a bug in VC6.

I am calling the crypto library "crypt_ops", since I want
higher-level crypto things to be separated from lower-level ones.
This library will hold only the low-level ones, once we have it
refactored.

Nothing in Tor has actually called assert() for some while.

Included crypto_dh.h in some files in order to solve DH module dependency
issues.

Follows #24658.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>

This is needed for libressl-2.6.4 compatibility, which we broke when
we merged a15b2c57 to fix bug 19981.  Fixes bug 26005; bug
not in any released Tor.

(The originally submitted version of a15b2c57 broke
with OpenSSL 1.1.0.)

Patch from Andrew John Hughes; partial fix for 19981.

 * ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658

Included crypto_digest.h in some files in order to solve xof+digest module
dependency issues. Removed crypto.h where it isn't needed anymore.

Follows #24658.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>

Without this patch, not only will TLS1.3 not work with Tor, but
OpenSSL 1.1.1 with TLS1.3 enabled won't build any connections at
all: It requires that either TLS1.3 be disabled, or some TLS1.3
ciphersuites be listed.

Closes ticket 24978.

Patch suggestion from catalyst.

Related to 24423

Apparently, my compiler now generates coverage markers for
label-only lines, so we need to exclude those too if they are meant
to be unreachable.

The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.

Fixes bug 19418.  Reported by Guido Vranken.

Closes bug 22964.  Based on Teor's replacement there, but tries
to put the comment in a more logical place, and explain why we're
actually disabling compression in the first place.

Make it clear that we're returning a newly allocated copy.

Previously we'd send the _current_ link certificate, which would
cause a handshaking failure when the TLS context rotated.

A fair number of our mock_impl declarations were messed up so that
even our special AM_ETAGSFLAGS couldn't find them.

This should be a whitespace-only patch.

This lets test_link_handshake stop including openssl headers.

This change makes it so those those APIs will not require prior
inclusion of openssl headers.  I've left some APIs alone-- those
will change to be extra-private.

Since 0.2.4.11-alpha (in 01966479) we've tried to randomize
the start time to up to some time in the past.  But unfortunately we
allowed the start time to be in the future as well, which isn't
really legit.

The new behavior lets the start time be be up to
MAX(cert_lifetime-2days, 0) in the past, but never in the future.

Fixes bug 21420; bugfix on 0.2.4.11-alpha.