If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT: #4192, MR: #1533

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRich Salz <rsalz@openssl.org>

MR: #1523

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRich Salz <rsalz@openssl.org>

MR: #1522

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT: #4195, MR: #1521

Suggested by David Benjamin
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>

MR: #1520

When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed.  So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour.  Instead do already what int_thread_release() would do,
and make the call do nothing instead.
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT: #4155, MR: #1519

When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

DTLS cookie generation and verification were exact copies of each
other save the last few lines.  This refactors them to avoid code
copying.
Reviewed-by: NMatt Caswell <matt@openssl.org>

After the recent change to use ossl_inline, builds were failing on some
platforms due to a missing usage of "inline".
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
MR: #1518

Found by clang scan-build.
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT: #4184, MR: #1496

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

(and unify table address calculation in ARMv8 code path).
Reviewed-by: NTim Hudson <tjh@openssl.org>

Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Remove all fixed DH ciphersuites and associated logic.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>