Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

PR#1767
Reviewed-by: NRichard Levitte <levitte@openssl.org>

PR#3613
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

PR#3612
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Workaround for NetWare CodeWarrior compiler which doesn't properly lookup
includes when in same directory as the C file which includes it.

PR#3569
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Minor changes made by Matt Caswell
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Minor changes made by Matt Caswell.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Minor changes made by Matt Caswell.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

PR#3608
Reviewed-by: NTim Hudson <tjh@openssl.org>

PR#3574
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

When using the -xcert option to test certificate validity print out
if we pass Suite B compliance. We print out "not tested" if we aren't
in Suite B mode.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS.

** I also increased the minimum from 256 to 512, which is now
documented in CHANGES file. **
Reviewed-by: NMatt Caswell <matt@openssl.org>

Fix CONF_load_modules to CONF_modules_load.
Document that it calls exit.
Advise against using it now.
Add an error print to stderr.
Reviewed-by: NMatt Caswell <matt@openssl.org>

the session's version (server).

See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.

(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)

Thanks to Joeri de Ruiter for reporting this issue.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The client sends a session ID with the session ticket, and uses
the returned ID to detect resumption, so we do not need to peek
at handshake messages: s->hit tells us explicitly if we're resuming.

An equivalent change was independently made in BoringSSL, see commit
407886f589cf2dbaed82db0a44173036c3bc3317.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The same change was independently made in BoringSSL, see commit
9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67
Reviewed-by: NMatt Caswell <matt@openssl.org>

This ensures that it's zeroed even if the SSL object is reused
(as in ssltest.c). It also ensures that it applies to DTLS, too.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: NMatt Caswell <matt@openssl.org>

(cherry picked from commit 786370b1b09b919d9306f27336e13783e4fe3fd0)

When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Don't send or parse any extensions other than RI (which is needed
to handle secure renegotation) for SSLv3.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: NMatt Caswell <matt@openssl.org>

(cherry picked from commit 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c)

Conflicts:
	ssl/ssl.h
	ssl/ssl_err.c

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Don't attempt to access msg structure if recvmsg returns an error.

PR#3483
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Change-Id: I626d751f19f24df6b967c17498d6189cc0acb96c
Signed-off-by: NMike Bland <mbland@acm.org>
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This is the only Makefile without SRC defined. This change enables a
standard Makefile include directive to cover crypto/jpake/*.d files.

This was automatically applied by AddSrcVarIfNeeded() in:
https://code.google.com/p/mike-bland/source/browse/openssl/update_makefiles.py

Change-Id: I030204a1bc873b5de5b06c8ddc0b94bb224c6650
Signed-off-by: NMike Bland <mbland@acm.org>
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

These correspond to targets of the same name in test/Makefile that clash when
using the single-makefile build method using GitConfigure and GitMake.

Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea
Signed-off-by: NMike Bland <mbland@acm.org>
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Before this change, variables for which a '=' appeared in the assignment would
be parsed as the entire string up until the final '='. For example:

  BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \

would result in the variable name "BUILD_CMD=shlib_target". This doesn't
appear to harm the current generation of MINFO, but creates problems for other
Makefile-related work I'm attempting.

Change-Id: I1f3a606d67fd5464bb459e8f36c23b3e967b77e1
Signed-off-by: NMike Bland <mbland@acm.org>
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

These are based on debug-ben-debug-64-clang and is intended to produce
consistent settings for folks involved in the unit testing effort detailed at:

http://wiki.openssl.org/index.php/Unit_Testing

-fsanitize has been removed from the set of clang flags for now. Apparently
clang 3.1, which ships with FreeBSD 9.1, completely ignores -fsanitize. Clang
3.3, which ships with FreeBSD 9.2, compiles with it, but fails to link due to
the absence of libasan:

http://lists.freebsd.org/pipermail/freebsd-hackers/2013-December/043995.html
https://www.mail-archive.com/cfe-commits@cs.uiuc.edu/msg92260.html
http://reviews.llvm.org/D2644

We need -Wno-error=unused-const-variable because of this error:
.../crypto/ec/ec_lib.c:74:19: error: unused variable 'EC_version' [-Werror,-Wunused-const-variable]
static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;

Change-Id: I2cba53537137186114c083049ea1233550a741f9
Signed-off-by: NMike Bland <mbland@acm.org>
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>