Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN.

Reviewed-by: Richard Levitte <levitte@openssl.org>

There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>

Can't hurt and seems to prevent problems from some over-aggressive
(LTO?) compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

top_dir() are used to create directory names, top_file() should be
used for files.  In a Unixly environment, that doesn't matter, but...

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

PR#4280

Reviewed-by: Tim Hudson <tjh@openssl.org>

Not all architectures have a time_t defined the same way.  To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that intmax_t is defined somehow.

To make really sure we don't pass a variable with the wrong size down
to opt_imax(), we use a temporary intmax_t.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Also remove $Makefile variable :)

Reviewed-by: Andy Polyakov <appro@openssl.org>

As a side-effect of opaque x509, ex_flags were looked up too early,
before additional policy cache updates.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

This is a time_t and can be zero or negative.  So use 'M' (maximal
signed int) not 'p' (positive int).

Reviewed-by: Rich Salz <rsalz@openssl.org>

Some last lflags to convert to ex_libs or a combo of lflags and ex_libs

Reviewed-by: Rich Salz <rsalz@openssl.org>

The lflags configuration had a weird syntax with a % as separator.  If
it was present, whatever came before ended up as PEX_LIBS in Makefile
(usually, this is LDFLAGS), while whatever came after ended up as
EX_LIBS.

This change splits that item into lflags and ex_libs, making their use
more explicit.

Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>

A few more sub-joins could be replaced with calls to add() and add_before()

Reviewed-by: Rich Salz <rsalz@openssl.org>

This reverts commit a450326e

.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Remove depend hacks from demos/engines.
Remove clean-depend; just call makedepend (or $CC -M) and use that.

Reviewed-by: Richard Levitte <levitte@openssl.org>

By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object.  (See the -addtrust
and -trustout options of x509(1)).

This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.

With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

This is a followin from !1738, we no longer need those variables.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add tests for have_precompute_mult for the optimised curves (nistp224,
nistp256 and nistp521) if present

Reviewed-by: Richard Levitte <levitte@openssl.org>

During precomputation if the group given is well known then we memcpy a
well known precomputation. However we go the wrong label in the code and
don't store the data properly. Consequently if we call have_precompute_mult
the data isn't there and we return 0.

RT#3600

Reviewed-by: Richard Levitte <levitte@openssl.org>

The function DH_check_pub_key() was missing some return value checks in
some calls to BN functions.

RT#4278

Reviewed-by: Andy Polyakov <appro@openssl.org>

A new return value for DH_check_pub_key was recently added:
DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other
return values it should have been set to the value 4 not 3.

RT#4278

Reviewed-by: Andy Polyakov <appro@openssl.org>

This extends the existing async functionality to SSL_shutdown(), i.e.
SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned
from SSL_get_error() if async mode has been enabled.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

PR#4277

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

These tests are not built, and only usable as hand-tests so not
worth moving into our test framework.
This closes https://github.com/openssl/openssl/pull/561

 and RT 4252

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add enable-crypto-mdebug enable-rc5 enable-md2 to any target that was
--strict-warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>