Reviewed-by: NRich Salz <rsalz@openssl.org>

The issue is demonstrated as follows:

  On Linux:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | sed -e 's/ \/\(\\.\|[^ ]\)*//g'
    : foo.h bar.h

  On MacOS X:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | sed -e 's/ \/\(\\.\|[^ ]\)*//g'
    : foo.husr/include/stddef.h bar.h

Perl is more consistent:

  On Linux:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | perl -pe 's/ \/(\\.|[^ ])*//g;'
    : foo.h bar.h

  On MacOS X:

    $ echo ': foo.h /usr/include/stddef.h bar.h' | perl -pe 's/ \/(\\.|[^ ])*//g;'
    : foo.h bar.h
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

They are not numbers in the machine byte order.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

If pre-processor failed, an empty .s file could be left behind,
which could get successfully compiled if one simply re-ran make
and cause linking failures. Not anymore. Remove even intermediate .S
in case of pre-processor failure.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Running test_ssl with HARNESS_VERBOSE results in lots of spurious warnings
about an inability to load the CT config file. This fixes it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Issue identified on Solaris by Erik Forsberg <erik@efca.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>

During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.
Reviewed-by: NRich Salz <rsalz@openssl.org>

no-ripemd was unified a while ago but the change was not done in mk1mf.pl. This commit changes the no-ripemd string to no-rmd160 which fixes the no-rmd160 classic build.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Experience has shown that dynamic engines with their own copy of
libcrypto is problematic, so we disable that possibility.
Reviewed-by: NMatt Caswell <matt@openssl.org>

One of them didn't clean away .d.tmp files properly.
The other would overwrite the .d files unconditionally, thereby
causing a possibly unnecessary dependency rebuild, which touches the
date of Makefile, which causes a possibly unnecessary rebuild of
buildinf.h and everything that depends on that.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

A few things were out of date and a few things were missing. Also some
formatting updates.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Some of these scripts would recognise an output parameter if it looks
like a file path.  That works both in both the classic and new build
schemes.  Some fo these scripts would only recognise it if it's a
basename (i.e. no directory component).  Those need to be corrected,
as the output parameter in the new build scheme is more likely to
contain a directory component than not.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

A few were missed in the previous commit.

Closes RT#4412
Reviewed-by: NRich Salz <rsalz@openssl.org>

Use SSL_get_SSL_CTX instead of passing SSL_CTX to s_client.c:print_stuff
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG

SCT_print now looks up the correct CT log for you.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Closes RT#4406
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

The AFALG engine created a global EVP_CIPHER instance but was not freeing
it up when the engine was destroyed.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The help text for -d in 'config' was aged, and the option processing
in 'config.com' was just different.  This harmonizes 'config.com' with
the instructions in INSTALL and both current reality.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

UEFI needs this too. Don't keep it only in the Windows/DOS ifdef block.

This is a fixed version of what was originally commit 963bb621 and
subsequently reverted in commit 37b1f8bd. Somewhere along the way, the
Windows/DOS ifdef actually got removed, leaving it just broken. It should
have been turned into an #elif, not removed.

This one correctly changes the logic from

    # if WINDOWS|DOS
    #  if OPENSSL_NO_SOCK
        ... no-sock ...
    #  elif !DJGPP
        ... native windows ...

to

    # if OPENSSL_NO_SOCK
       ... no-sock ...
    # elif WINDOWS|DOS
    #  if !DJGPP
        ... native windows ...
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

A line from cryptlib.h was missed during the old Thread API removal. This
breaks no-deprecated builds.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The function SRP_VBASE_get_by_user() is declared as deprecated but the
implementation was not.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The afalgtest was unnecessarily initing an EVP_CIPHER_CTX. It is not
needed and is deprecated.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The source file generators sometimes use $(CC) to post-process
generated source, and getting the inclusion directories may be
necessary at times, so we pass them down.

RT#4406
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>