New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

When the target is {something}-icc, we're doing some extra checks of
the icc compiler.  However, all such targets were cleaned away in
March 2015, so this Configure section is dead code.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Can't hurt and seems to prevent problems from some over-aggressive
(LTO?) compilers.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

top_dir() are used to create directory names, top_file() should be
used for files.  In a Unixly environment, that doesn't matter, but...
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

PR#4280
Reviewed-by: NTim Hudson <tjh@openssl.org>

Not all architectures have a time_t defined the same way.  To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that intmax_t is defined somehow.

To make really sure we don't pass a variable with the wrong size down
to opt_imax(), we use a temporary intmax_t.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Also remove $Makefile variable :)
Reviewed-by: NAndy Polyakov <appro@openssl.org>

As a side-effect of opaque x509, ex_flags were looked up too early,
before additional policy cache updates.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

This is a time_t and can be zero or negative.  So use 'M' (maximal
signed int) not 'p' (positive int).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Some last lflags to convert to ex_libs or a combo of lflags and ex_libs
Reviewed-by: NRich Salz <rsalz@openssl.org>

The lflags configuration had a weird syntax with a % as separator.  If
it was present, whatever came before ended up as PEX_LIBS in Makefile
(usually, this is LDFLAGS), while whatever came after ended up as
EX_LIBS.

This change splits that item into lflags and ex_libs, making their use
more explicit.

Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS.
Reviewed-by: NRich Salz <rsalz@openssl.org>

A few more sub-joins could be replaced with calls to add() and add_before()
Reviewed-by: NRich Salz <rsalz@openssl.org>

This reverts commit a450326e.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Remove depend hacks from demos/engines.
Remove clean-depend; just call makedepend (or $CC -M) and use that.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object.  (See the -addtrust
and -trustout options of x509(1)).

This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.

With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

This is a followin from !1738, we no longer need those variables.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add tests for have_precompute_mult for the optimised curves (nistp224,
nistp256 and nistp521) if present
Reviewed-by: NRichard Levitte <levitte@openssl.org>

During precomputation if the group given is well known then we memcpy a
well known precomputation. However we go the wrong label in the code and
don't store the data properly. Consequently if we call have_precompute_mult
the data isn't there and we return 0.

RT#3600
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The function DH_check_pub_key() was missing some return value checks in
some calls to BN functions.

RT#4278
Reviewed-by: NAndy Polyakov <appro@openssl.org>

A new return value for DH_check_pub_key was recently added:
DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other
return values it should have been set to the value 4 not 3.

RT#4278
Reviewed-by: NAndy Polyakov <appro@openssl.org>