The recent removal of static ECDH broke the enable-ssl-trace compilation.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

apps/progs.pl counted on the caller to provide the exact command
files.  The unified build doesn't have that knowledge, and the easier
and more flexible thing to do is to feed it all the apps/*.c files and
let it figure out the command names by looking inside (looking for
/int ([a-z0-9][a-z0-9_]*)_main\(int argc,/).

Also, add it to the generate command, since it's a versioned file.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Once upon a time, there was chop, which somply chopped off the last
character of $_ or a given variable, and it was used to take off the
EOL character (\n) of strings.

... but then, you had to check for the presence of such character.

So came chomp, the better chop which checks for \n before chopping it
off.  And this worked well, as long as Perl made internally sure that
all EOLs were converted to \n.

These days, though, there seems to be a mixture of perls, so lines
from files in the "wrong" environment might have \r\n as EOL, or just
\r (Mac OS, unless I'm misinformed).

So it's time we went for the more generic variant and use s|\R$||, the
better chomp which recognises all kinds of known EOLs and chops them
off.

A few chops were left alone, as they are use as surgical tools to
remove one last slash or one last comma.

NOTE: \R came with perl 5.10.0.  It means that from now on, our
scripts will fail with any older version.

Reviewed-by: Rich ...

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Remove support for static ECDH ciphersuites. They require ECDH keys
in certificates and don't support forward secrecy.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

RT#3885

Reviewed-by: Rich Salz <rsalz@openssl.org>

Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.

RT#4289

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Commit 7823d792

 added DEFINE_LHASH_OF
to a C source file.  DEFINE_LHASH_OF() and DEFINE_STACK_OF() must
be used only in header files to avoid clang warnings for unused
static-inline functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>

Updated for 1.1 by Rich Salz

Reviewed-by: Richard Levitte <levitte@openssl.org>

Valgrind complains about using unitialized memory.  So call
OPENSSL_zalloc, not malloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>

With this, Cygwin and Mingw builds stand a much better chance to be
able to build outside of the source tree with the unified build.

Reviewed-by: Rich Salz <rsalz@openssl.org>

On Windows POSIX layers, two files are produced for a shared library,
there's {shlibname}.dll and there's the import library {libname}.dll.a

On some/most Unix platforms, a {shlibname}.{sover}.so and a symlink
{shlibname}.so are produced.

For each of them, unix-Makefile.tmpl was entirely consistent on which
to have as a target when building a shared library or which to use as
dependency.

This change clears this up and makes it consistent, we use the
simplest form possible, {lib}.dll.a on Windows POSIX layers and
{shlibname}.so on Unix platforms.  No exception.

Reviewed-by: Rich Salz <rsalz@openssl.org>

PR#4246 and PR#4266

Reviewed-by: Rich Salz <rsalz@openssl.org>

Some keys are attached to the full RSA CSP which doesn't support SHA2
algorithms: uses the AES CSP if present.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

If someone runs a mixed unixmake / unified environment (the unified
build tree would obviously be out of the source tree), the unified
build will pick up on the unixmake crypto/buildinf.h because of
assumptions made around this sort of declaration (found in
crypto/build.info):

    DEPENDS[cversion.o]=buildinf.h

The assumption was that if such a header could be found in the source
tree, that was the one to depend on, otherwise it would assume it
should be in the build tree.

This change makes sure that sort of mix-up won't happen again.

Reviewed-by: Rich Salz <rsalz@openssl.org>

It's not necessary for a pristine source, and a developer that makes
changes usually knows what to do.

Also, there was this mechanism that would do a "make depend"
automatically which hasn't been used for so many years.  Removed as
well.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

clean up and apply patches from RT-2275

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Noticed by Claus Assmann <ca+ssl-dev@esmtp.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>

Some files in crypto/bn depend on internal/bn_conf.h, and so does
test/bntest.  Therefore, we add another inclusion directory.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

As noted already, some platforms don't fill in ai_protocol as
expected.  To circumvent that, we have BIO_ADDRINFO_protocol() to
compute a sensible answer in that case.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Error codes are printed in hex, and previous OpenSSL versions expected
the error codes to be provided to errstr in hex. In 1.1.0, for some
reason, it was expecting them to be decimal.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

If asn1parse doesn't like a structure print out the content octets
for diagnostic purposes.

Reviewed-by: Richard Levitte <levitte@openssl.org>