The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

On Unixly platforms, this doesn't matter.  On VMS, it does.
Reviewed-by: NRich Salz <rsalz@openssl.org>

We required that a target be named 'debug-something' or to have at
least one of the configuration items debug_cflags and debug_lflags for
--debug to be accepted.

However, there are targets with no such markings but that will still
have debugging capabilities.  This is particularly true for mk1mf
builds, where the extra flags for debugging are figured out later on
by util/mk1mf.pl.
Reviewed-by: NRich Salz <rsalz@openssl.org>

It turns out that -pause calls the undocumented function SSL_set_debug.
That just sets flag inside the SSL structure.  That flag, despite
the command is never used.  So remove the flag, the field, and the
function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Tell open() O_BINARY on VMS doesn't make sense, as it's possible to
use more precise file attributes.  However, if we're still going to
fdopen() it in binary mode, we must set the fd in binary context.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

On some platforms, the shell will determine what attributes a file
will have, so while the program might think it's safely outputting
binary data, it's not always true.

For the sake of the tests, it's therefore safer to use -out than to
use redirection.
Reviewed-by: NRich Salz <rsalz@openssl.org>

'openssl rehash' isn't implemented on all platforms, and since 'make
test' depends on a rehash of certs/demo being performed, it becomes an
effective block from running tests on any platform but Unix, for the
moment.

It's better to fall back to c_rehash and let the tests perform
everywhere.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

On VMS, the command MCR will assume SYS$SYSTEM: when the first
argument lacks a directory spec.  So for programs in the current
directory, we add [] to tell MCR it is in the current directory.
It's the same as having ./ at the start of a program on Unix so the
shell doesn't start looking along $PATH.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Regenerated expired test certificates, good for the next 100 years.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Note, this now compiles, but fails tests, so further remediation
is required.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

This used to work but somewhere along the line it broke and was failing to
detect duplicate ordinals - which was the whole point of the test!
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

util/mk1mf.pl was relying on the platform having the 'debug-' prefix
for doing a debug build.  Since the setup of targets has changed, this
is no longer true.  However, it can look for '--debug' in the command
line options.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov.
Had to add various exdata calls to init/copy/free the exdata.
Had to remove const from some EC functions because exdata isn't
const-correct. :(
Also remove EC_EXTRA_DATA and use a union to hold the possible
pre-computed values and an enum to tell which value is in the
union. (Rich Salz)
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

This test relies on a private function, which isn't exported.
This test would work better as a unit test in crypto/bn/bn_prime.c.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

For some strange reason opensslconf.h was only defining DES_LONG
when included via des.h, but that's exceedingly fragile (as a
result of include guards the include via des.h might not actually
process the content again).

Ripped out the nesting constraint, now always define OSSL_DES_LONG
if not already defined.  Note, this could just be DES_LONG, but
trying to avoid exposing DES_LONG in places where it has never been
seen before, so it is up to des.h to actually define DES_LONG as
OSSL_DES_LONG.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

It seems like the convention for VMS exit codes is to combine the VMS
C facility code (0x35a000) with a recoded exit code as follows:

    0     => 1
    1-255 => 8*code + 2

We also add 0x10000000, which is the control bit that has DCL not
report the error on the terminal.  That's just as well, since it would
be quite nonsensical, for example:

    %C-W-NOMSG, Message number 0035A018

We could do all this by using the normal exit() function after having
defined the macro _POSIX_EXIT.  Unfortunately, this feature only
exists in VMS C V7.1 and up.
Reviewed-by: NRich Salz <rsalz@openssl.org>

We missed this one because rc5 is disabled by default.

Notified by The Doctor <doctor@doctor.nl2k.ab.ca>
Reviewed-by: NRich Salz <rsalz@openssl.org>

VMS being a record oriented operating system, it's uncertain how the
'pipe' passes binary data from one process to another.  Experience
shows that we get in trouble, and it's probably due to the pipe in
itself being opened in text mode (variable length records).

It's safer to pass data via an intermediary file instead.
Reviewed-by: NRich Salz <rsalz@openssl.org>

VMS uses a variant of openssl.cnf named openssl-vms.cnf.

There's a Perl on VMS mystery where a open pipe will not SIGPIPE when
the child process exits, which means that a loop sending "y\n" to it
will never stop.  Adding a counter helps fix this (set to 10, we know
that none of the CA.pl commands will require more).
Reviewed-by: NRich Salz <rsalz@openssl.org>