Suggested by John Foley <foleyj@cisco.com>.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.
Signed-off-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Signed-off-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Run make errors on master
Reviewed-by: NRichard Levitte <levitte@openssl.org>

crypto/crypto-lib.com - catch up with the OCSP changes
test/maketest.com and test/tests.com - catch up with the addition of test_evp_extra
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Add RIPEMD160 and whirlpool test data.
Add Count keyword to repeatedly call EVP_DigestUpate.
Reviewed-by: NMatt Caswell <matt@openssl.org>

CVE-2015-0288
PR#3708
Reviewed-by: NMatt Caswell <matt@openssl.org>

The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Add support for skipping disabled algorithms: if an attempt to load a
public or private key results in an unknown algorithm error then any
test using that key is automatically skipped.
Reviewed-by: NTim Hudson <tjh@openssl.org>

When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

behaviour will force behaviour as per previous versions of OpenSSL
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.

When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.

RT3637
RT3621
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

XTS bug spotted and fix suggested by Adrian Kotelba.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Though this doesn't mean that masm becomes supported, the script is
still provided on don't-ask-in-case-of-doubt-use-nasm basis.
See RT#3650 for background.
Reviewed-by: NMatt Caswell <matt@openssl.org>

The typo doesn't affect supported configuration, only unsupported masm.
Reviewed-by: NMatt Caswell <matt@openssl.org>

For some reason failure surfaced on ARM platforms.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>

The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.

Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add some EVP_PKEY test data for sign and verify tests including
failure cases.
Reviewed-by: NRichard Levitte <levitte@openssl.org>