Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Within OpenSSL::Test, all commands end up existing in two variants,
one that has redirections that are needed internally to work well
together with the test harness, and one without those redirections.

Depending on what the result is going to be used for, the caller may
want one for or the other, so we give them the possibility.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This minimizes inter-block overhead. Performance gain naturally
varies from case to case, up to 10% was spotted so far. There is
one thing to recognize, given same circumstances gain would be
higher faster computational part is. Or in other words biggest
improvement coefficient would have been observed with assembly.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

On the other hand, have run() display the display variant.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Because some operating systems have executable extensions, typically
".exe", we need to append it when looking for files in test() and
app() (or rather, their subroutines).
Reviewed-by: NRich Salz <rsalz@openssl.org>

It displays the command's exit code as well.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

If the command file that app(), test(), perlapp(9 and perltest() are
looking for doesn't exist in the build tree, look for it in the source
tree as well.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Since OpenSSL::Test only redirects stderr to /dev/null when being run
through non-verbose test harness, this change allows the stderr output
to be displayed when verbosity is requested.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The intention with that option is to allow extra flags to the perl
interpreter itself.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

MR: #2452

According to documentation, perl's Math::BigInt does floored division,
i.e. the bdiv function does 1 / -4 = -1.  OpenSSL's BN_div, as well as
bc, do truncated division, i.e. 1 / -4 = 0.

We need to compensate for that difference in test/recipes/bc.pl to
make sure to verify the bntest results under its own conditions, by
dividing the absolute values of the given numbers and fixup the
result's negativity afterwards.

Closes RT#4485
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Misc fixes for no-sock
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Fix the evp tests when no-scrypt is used.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This fixes the no-cms compile time option.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Misc fixes for no-dsa.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Numerous fixes for no-des.
Reviewed-by: NRich Salz <rsalz@openssl.org>

There were a couple of CMAC references without OPENSSL_NO_CMAC guards.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

$? in perl gets the status value from wait(2), which is a word with
the exit code in the upper half and the number of a raised signal in
the lower half.  OpenSSL::Test::run() ignored the signal half up until
now.

With this change, we recalculate an exit code the same way the Unix
shells do, using this formula:

    ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8);
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The CMS test uses some RC2 keys which should be skipped if the RC2 is
disabled.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

In most builds, we can assume that engines live in the build tree
subdirectory "engines".  This was hard coded into the tests that use
the engine ossltest.

However, that hard coding is tedious, it would need to be done in
every test recipe, and it's an incorrect assumption in some cases.

This change has us play it safe and let the build files tell the
testing framework where the engines are.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reduces #ifdef complexity.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Some platforms claim to be POSIX but their getcontext() implementation
does not work. Therefore we update the ASYNC_is_capable() function to test
for this.

RT#4366
Reviewed-by: NRichard Levitte <levitte@openssl.org>

TLSProxy starts s_server and specifies the number of client connects
it should expect. After that s_server is supposed to close down
automatically. However, if another test is then run then TLSProxy
will start a new instance of s_server. If the previous instance
hasn't closed down yet then the new instance can fail to bind to
the socket.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org #4287]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.

CAVE: This will break code, which currently uses the "-policy"
option.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Also make it possible to disable afalg separately.

we still need to update config again
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

While insignificant on Unix like systems, this is significant on
systems like VMS.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

That doesn't change even to make a dummy to hide its unavailability.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Running test_ssl with HARNESS_VERBOSE results in lots of spurious warnings
about an inability to load the CT config file. This fixes it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Issue identified on Solaris by Erik Forsberg <erik@efca.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>