A small rearrangement so the inclusion of rsaz_exp.h would be
unconditional, but what that header defines becomes conditional.

This solves the weirdness where rsaz_exp.h gets in and out of the
dependency list for bn_exp.c, depending on the present architecture.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Typo in local variable name; introduced by previous fix.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

If RSA or DSA is disabled we will never use a ciphersuite with
RSA/DSA authentication as it is already filtered out by the cipher
list logic.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

As numerous comments indicate the certificate and key array is not an
appopriate structure to store the peers certificate: so remove it and
just the s->session->peer instead.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Since [sc]_ssl->[rw]bio aren't available, do not try to fiddle with
them.  Surely, a BIO_free on the "main" BIOs should be enough
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Construct bio_err and bio_stdout from file handles instead of FILE
pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO
is defined).
Convert all output to use BIO_printf.
Change lh_foo to lh_SSL_SESSION_foo.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This reverts commit d480e182.

Commit broke TLS handshakes due to fragility of digest caching: that will be
fixed separately.
Reviewed-by: NRich Salz <rsalz@openssl.org>

We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

While closing RT3588 (Remove obsolete comment) Kurt and I saw that a
few lines to completely clear the SSL cipher state could be moved into
a common function.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

PR#3904
Reviewed-by: NRich Salz <rsalz@openssl.org>

It is valid for an extension block to be present in a ClientHello, but to
be of zero length.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.

Thanks to Timo Teras for the concept.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Updates to CHANGES and NEWS to take account of the latest security fixes.
Reviewed-by: NRich Salz <rsalz@openssl.org>

CVE-2015-1788
Reviewed-by: NMatt Caswell <matt@openssl.org>

CVE-2015-1790
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Fix error handling in ssl_session_dup, as well as incorrect setting up of
the session ticket. Follow on from CVE-2015-1791.

Thanks to LibreSSL project for reporting these issues.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Determine disabled algorithm masks when algorithms are loaded instead of
recalculating them each time.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Restore GOST mac setup which was accidentally removed during cipher
refactor.
Reviewed-by: NRich Salz <rsalz@openssl.org>