Came up on the mailing list, from Ken Goldman.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add DSA tests.

Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>

L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Add new OIDs for latest GOST updates
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Best hope of keeping current.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Process CertificateRequest messages using the PACKET API
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Use the new PACKET code to process the CKE message
Reviewed-by: NStephen Henson <steve@openssl.org>

Process NewSessionTicket messages using the new PACKET API
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Commit 9ceb2426 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Clarify and update documention for extra chain certificates.

PR#3878.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Process the Certificate Status message using the PACKET API
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The new ClientHello PACKET code is missing a return value check.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Part of RT 3997
Per Ben, just jump to common exit code.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Use the PACKET API to process an incoming server Certificate message.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

PR#3974
PR#3975
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.
Reviewed-by: NMatt Caswell <matt@openssl.org>

When config'd with "sctp" running "make test" causes a seg fault. This is
actually due to the way ssltest works - it dives under the covers and frees
up BIOs manually and so some BIOs are NULL when the SCTP code does not
expect it. The simplest fix is just to add some sanity checks to make sure
the BIOs aren't NULL before we use them.

This problem occurs in master and 1.0.2. The fix has also been applied to
1.0.1 to keep the code in sync.
Reviewed-by: NTim Hudson <tjh@openssl.org>

There are some missing return value checks in the SCTP code. In master this
was causing a compilation failure when config'd with
"--strict-warnings sctp".
Reviewed-by: NTim Hudson <tjh@openssl.org>

Run a "make update" for the OSSLTest Engine changes
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Use a dynamic engine for ossltest engine so that we can build it without
subsequently deploying it during install. We do not want people accidentally
using this engine.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

When using an anon DH ciphersuite a client should reject a 0 value for p.
Reviewed-by: NRichard Levitte <levitte@openssl.org>