Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3745)

For DES and 3DES based ciphers are also enabled by this option.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)

"Configuring..." was displayed with './Configure LIST'.  This reorders
the display of that line to happen after the "targets" LIST, TABLE and
HASH have been checked.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3702)

Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the gcc
and clang variables will be duplicated in the cflags used for clang builds.
Remove the extra copy from the clang-specific flags in favor of the
gcc_devteam_warnings that are used for all strict-warnings builds.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)

clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
parameters to conform to a uniform vtable-like interface.
Also exclude -Wmissing-field-initializers; it's okay to rely on
the standard-mandated behavior of filling out with 0/NULL.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)

The trick is to use the .a extension explicitely in the build.info files.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)

This is handy for internal iOS tests, when you have to make it work
in sandbox.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
naturally expected "Perl v5.10.0 required--this is only v5.x.y".
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Fix some comments too
[skip ci]
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)

Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.

For the moment, the added checkers test that Perl gives the expected
path format.  This should help MingW users to see if they run an
appropriate Perl implementation, for example.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851)

- util/incore
- util/fipslink.pl
- the unused "baseaddr" configure switch
Reviewed-by: NStephen Henson <steve@openssl.org>

This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: NStephen Henson <steve@openssl.org>

Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)

There has never been any gcc option of that kind.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2705)

This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)

For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)

The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)

Also fix a block comment formatting glitch.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2327)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

Reviewed-by: NRich Salz <rsalz@openssl.org>

GH: #2025

This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.
Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
GH: #2023

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present.  However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.

The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1514)

Done too soon, this is for future OpenSSL 1.2.0

This reverts commit 6c62f9e1.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)

Very simply, support having the .a extension to denote depending on
static libraries.  Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)

Don't build ossl_shim by default. Switch it on through
enable-external-tests.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)

Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This reverts commit ca1574ce.
Not suitabled for a minor release as it breaks the ABI.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The number is taken from the OPENSSL_VERSION_NUMBER which is already
in the hex form.

CLA: trivial
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1706)

Make Configure recognise -rpath and -R to support user added rpaths
for OSF1 and Solaris.  For convenience, add a variable LIBRPATH in the
Unix Makefile, which the users can use as follows:

    ./config [options] -Wl,-rpath,\$(LIBRPATH)
Reviewed-by: NRich Salz <rsalz@openssl.org>

A note: this will form object file names by changing '.cc' to
'_cc.o'.  This will permit other configuration code to recognise these
object files were built for C++ rather than C.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Change code so when switching on an enumeration, have case's for all
enumeration values.
Reviewed-by: NAndy Polyakov <appro@openssl.org>