Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Problem was exposed in mingw64 build, or in other words on P64 platform.
Reviewed-by: NRich Salz <rsalz@openssl.org>

On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense
this modification simply harmonizes it with "VAR_AS_VAR".
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

RFC 5077 section 3.3 says:
If the server determines that it does not want to include a
ticket after it has included the SessionTicket extension in the
ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Some builds break, as documented in:
  https://github.com/openssl/openssl/pull/408#issuecomment-142971427
This fixes it.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The ossltest engine wraps the built-in implementation of aes128-cbc.
Normally in an engine the cipher_data structure is automatically allocated
by the EVP layer. However this relies on the engine specifying up front
the size of that cipher_data structure. In the case of ossltest this value
isn't available at compile time. This change makes the ossltest engine
allocate its own cipher_data structure instead of leaving it to the EVP
layer.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Otherwise the ./config script fails with errors like:

> Operating system: x86_64-whatever-linux2
> This system (linux-x86_64) is not supported. See file INSTALL for details.

The failure was introduced by a93d3e06.

RT#4062
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

The windows test uses the pseudo file "nul" to indicate no file for the
-CApath option. This does not work on all versions of Windows. Instead use
the new -no-CApath option.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Add documentation to all the appropriate apps for the new -no-CApath and
-no-CAfile options.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

As some of ARM processors, more specifically Cortex-Mx series, are
Thumb2-only, we need to support Thumb2-only builds even in assembly.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Add a sanity check that the cookie_len returned by app_gen_cookie_cb is
valid.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Clarify that user code is required to allocate sufficient space for the
addressing scheme in use in the call to DTLSv1_listen.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Use sockaddr_storage not sockaddr for the client IP address to allow for
IPv6.
Also fixed a section of code which was conditional on OPENSSL_NO_DTLS1
which should not have been.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Adds a new man page to cover the DTLSv1_listen() function.
Reviewed-by: NAndy Polyakov <appro@openssl.org>