Two locations had the same loop for writing out a value. Pull it out into
a function.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This is an internal API. Some of the tests were for programmer erorr and
"should not happen" situations, so a soft assert is reasonable.
Reviewed-by: NRich Salz <rsalz@openssl.org>

A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointers can change if the buffer grows. Also dropped support for the
WPACKET_set_packet_len() function. I thought that was going to be needed
but so far it hasn't been. It doesn't really work any more due to the
offsets change.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The PACKET documentation is already in packet_locl.h so it makes sense to
have the WPACKET documentation there as well.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The tests will only work in no-shared builds because WPACKET is an
internal only API that does not get exported by the shared library.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Otherwise a mem leak can occur.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also added the WPACKET_cleanup() function to cleanup a WPACKET if we hit
an error.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

No need to declare an explicit sub-packet. Just start one.
Reviewed-by: NRich Salz <rsalz@openssl.org>

To avoid confusion with the read PACKET structure.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The DSO API was picky about casing of symbol names on VMS.

There's really no reason to be that picky, it's mostly just annoying.
Therefore, we take away the possibility to flag for a choice, and will
instead first try to find a symbol with exact case, and failing that,
we try to find it in upper case.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

even when the public key is not present in an EC_KEY
Reviewed-by: NStephen Henson <steve@openssl.org>

With extensive help and feedback from Richard and Andy.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NAndy Polyakov <appro@openssl.org>

This is generalised by having the following macros for stuff that won't
be installed:

    NO_INST_LIB_CFLAGS, used instead of LIB_CFLAGS
    NO_INST_DSO_CFLAGS, used instead of DSO_CFLAGS
    NO_INST_BIN_CFLAGS, used instead of BIN_CFLAGS

They take values from corresponding target config fields if those are
defined, otherwise they take the respective values from LIB_CFLAGS,
DSO_CFLAGS and BIN_CFLAGS.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Send a bit information to the build file template functions.  For
src2obj(), the additional option 'product' holds the name of the final
file that the object file will go into.  Additionally, the diverse
functions will get the option 'installed', with a value that evaluates
true if the final product is to be installed, otherwise false.
Reviewed-by: NRich Salz <rsalz@openssl.org>

VMS sets that errno when the device part of a file spec is malformed
or a logical name that doesn't exist.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Certain functions are automatically called during auto-deinit in order
to deallocate resources. However, if we have never entered a function which
marks lib crypto as inited then they never get called. This can happen if
the user only ever makes use of a small sub-set of functions that don't hit
the auto-init code.

This commit ensures all such resources deallocated by these functions also
init libcrypto when they are initially allocated.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NBen Laurie <ben@openssl.org>

Using the -trace option to s_server or s_client was incorrectly printing
UNKNOWN for the X25519 curve.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Improve interchangeability of aix*-gcc targets by linking shared
libraries with -static-libgcc, and address linking problems with
vendor compiler.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT#4667
Reviewed-by: NRich Salz <rsalz@openssl.org>

Found by turning -Wswitch-enum on.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The background story is that util/shlib_wrap.sh was setting LD_PRELOAD
or similar platform dependent variables, just in case the shared
libraries were built with -rpath.  Unfortunately, this doesn't work
too well with asan, msan or ubsan.

So, the solution is to forbid the combination of shared libraries,
-rpath and any of the sanity analyzers we can configure.

This changes util/shlib_wrap.sh so it only contains the code that sets
LD_PRELOAD when -rpath has been used when configuring.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.

Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.

GH: 1532
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
(cherry picked from commit 92ed7fa575a80955f3bb6efefca9bf576a953586)

The way we figured out what options are crypto algorithms and what are
something other was somewhat sketchy.  This change bases the
distinction on available sdirs instead.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
        Ensure |BN_div| never gives negative zero in the no_branch code.

        Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
        don't have negative zeros lying around.

        Thanks to Brian Smith for noticing.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

In the case of using an independent makedepend, we had split that into
two separate recipes, one depending on the other.  However, there are
cases where the makedepend recipe was always trying, but doesn't
update the time stamp of the .d file because there are no actual
changes, and thereby causing constant updates of the object files.

This change makes one recipe that takes care of both makedepend och
cc, thereby avoiding these extra updates.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

MIPS[32|64]R6 is binary and source incompatible with previous MIPS ISA
specifications. Fortunately it's still possible to resolve differences
in source code with standard pre-processor and switching to trap-free
version of addition and subtraction instructions.
Reviewed-by: NRichard Levitte <levitte@openssl.org>