Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

layer
Reviewed-by: NRichard Levitte <levitte@openssl.org>

up some access to them. Now that various functions have been moved into the
record layer they no longer need to use the accessor macros.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

the earlier record layer commits
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

RECORD_LAYER_write_pending.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

being used for what purpose.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

the new files s3_msg.c and s1_msg.c respectively.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

The recent updates to libssl to enforce stricter return code checking, left
a small number of instances behind where return codes were being swallowed
(typically because the function they were being called from was declared as
void). This commit fixes those instances to handle the return codes more
appropriately.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: NMatt Caswell <matt@openssl.org>

Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.

Update docs.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to
zero.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

In ssl3_send_new_session_ticket the message to be sent is constructed. We
skip adding the length of the session ticket initially, then call
ssl_set_handshake_header, and finally go back and add in the length of the
ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side
effect of buffering the message for subsequent retransmission if required.
By adding the ticket length after the call to ssl_set_handshake_header the
message that is buffered is incomplete, causing an invalid message to be
sent on retransmission.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence is then reset
back to 00000000. In the event of retransmits of records from the previous
epoch, the last_write_sequence is restored. This commit fixes a bug in
DTLS1.2 where the write_sequence was being reset before last_write_sequence
was saved, and therefore retransmits are sent with incorrect sequence
numbers.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

It was saying that it was an illegal parameter / unsupported cipher
Reviewed-by: NMatt Caswell <matt@openssl.org>

The certificate already contains the DH parameters in that case.
ssl3_send_server_key_exchange() would fail in that case anyway.
Reviewed-by: NMatt Caswell <matt@openssl.org>