Add command line support for SSL_CONF: server side arguments are
prefixed by -s_ (e.g. -s_no_ssl3) and client side with -c_.
Reviewed-by: NMatt Caswell <matt@openssl.org>

If the hash or public key algorithm is "undef" the signature type
will receive special handling and shouldn't be included in the
cross reference table.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

PR#3535
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

This doesn't really fix the datarace but changes it so it can only happens
once. This isn't really a problem since we always just set it to the same
value. We now just stop writing it after the first time.

PR3584, https://bugs.debian.org/534534Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

PR: 3474
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

The trial division and probable prime with coprime tests are disabled
on WIN32 builds because they use internal functions not exported from
the WIN32 DLLs.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.
Reviewed-by: NBodo Moeller <bodo@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the
supported signature algorithms and raw cipherlist.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Facilitate switch to custom scatter-gather routines. This modification
does not change algorithms, only makes it possible to implement
alternative. This is achieved by a) moving precompute table to assembly
(perlasm parses ecp_nistz256_table.c and is free to rearrange data to
match gathering algorithm); b) adhering to explicit scatter subroutine
(which for now is simply a memcpy). First implementations that will use
this option are 32-bit assembly implementations, ARMv4 and x86, where
equivalent of current read-whole-table-select-single-value algorithm
is too time-consuming. [On side note, switching to scatter-gather on
x86_64 would allow to improve server-side ECDSA performance by ~5%].
Reviewed-by: NBodo Moeller <bodo@openssl.org>

Reviewed-by: NSteve Marquess <marquess@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc2.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>

so the Win32 compile picks it up correctly.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Conflicts:
	crypto/Makefile

The different -I compiler parameters will take care of the rest...
Reviewed-by: NTim Hudson <tjh@openssl.org>

Conflicts:
	crypto/evp/evp_enc.c
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c

Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NBodo Möller <bodo@openssl.org>

CVE-2014-3568
Reviewed-by: NEmilia Kasper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

CVE-2014-3567
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Related to CVE-2014-3513

This fix was developed by the OpenSSL Team
Reviewed-by: NTim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

RT: 3553
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

handling out of #ifndef OPENSSL_NO_DTLS1 section.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>