Fix "mixed declarations and code" warnings.
Use OpenSSL headers.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Check sign/verify blocked with X25519
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal
or inappropriate. Add an "custom_data" field which curves can populate with
a custom structure to suit their needs.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Add support for optional overrides of various private key operations
in EC_METHOD.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Extend EC_METHOD to permit additional customisation of private key and
ECDH operations.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Removing certs broke the mk1mf build.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Exiting out of a recipe more than necessary leaves an ugly message.
Reviewed-by: NRich Salz <rsalz@openssl.org>

When building with GNU C, clang or VMS C, it's more efficient to
generate dependency file and object file in one call rather than two.
Have the dependency output in a temporary file and compare it with the
previous one if available to see if replacement is waranted, thereby
avoiding unnecessary reconstruction of Makefile / descrip.mms.

Github issue #750
Reviewed-by: NRich Salz <rsalz@openssl.org>

Stack Overflow has a number of questions related to mutual authentication,
the client and its certificate. Those visiting the man pages for functions
like SSL_CTX_use_certificate and SSL_CTX_load_verify_locations don't
receive the benefit of a cross reference to SSL_CTX_set_client_CA_list.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

- srtp_profiles variable is defined when building with SRTP, keeping
the variable usage also under ifndef OPENSSL_NO_SRTP
- alpn help option was kept under ifndef OPENSSL_NO_SRTP
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

The INCLUDE statement can handle setting extra include directories for
individual object files, let's use it.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Even though AVX support was added in GAS 2.19 vpclmulqdq was apparently
added in 2.20.
Reviewed-by: NRich Salz <rsalz@openssl.org>

RT#4323
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add some missing parentheses and reformat.

Document EC_KEY_oct2key(), EC_KEY_key2buf(), EC_KEY_oct2priv(),
EC_KEY_priv2oct() and EC_KEY_priv2buf()
Reviewed-by: NRich Salz <rsalz@openssl.org>

Now that BIO_sock_nbio is available, use it in the apps.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

I read the PROBLEMS, and they're outdated; nothing I'd put in the
online FAQ, for example.  Test-builds work without using these files.
Had to remove the rehash.time stuff from Makefile.in
Reviewed-by: NRichard Levitte <levitte@openssl.org>

We don't want recipes for the same files generated more than once
Reviewed-by: NRich Salz <rsalz@openssl.org>

Linux target that does that.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

MR: #2083

Reformat EC_POINT_new.pod and add parentheses to function names.
Clarify the octet form.
Add documentation for EC_POINT_oct2buf().
Reviewed-by: NRich Salz <rsalz@openssl.org>

The ubsec engine is now considered obsolete and therefore has been
removed.
Reviewed-by: NRich Salz <rsalz@openssl.org>