Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This way, we can use them as conditions instead of relying to more or
less obscure aliases in %config or variables directly in Configure.
Reviewed-by: NRich Salz <rsalz@openssl.org>

If dlfcn is used, the name was set to lib$(LIBNAME).so when it should
have been just $(LIBNAME).so.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

When building a DSO, there's no reason to include all symbols from
static libraries it happens to link with, whichever they may be.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Preserved for now for those who have scripts with the option
"no-ssl2".  We warn that it's deprecated, and ignore it otherwise.

In response to RT#4330
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Building shared libraries or not is not the same as building position
independent code or not.  It's true that if you don't build PIC, you
can't build shared libraries.  However, you may very well want to
build only static libraries but still want PIC code.

Therefore, we introduce a new configuration option "pic", which is
enabled by default or explicitely with "enable-pic", or disabled with
"no-pic" or "disable-pic".  Of course, if "pic" is disabled, "shared"
and "dynamic-engine" are automatically disabled as well.
Reviewed-by: NRich Salz <rsalz@openssl.org>

We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure.  Let's avoid confusion,
choose one of them and stick to it.
Reviewed-by: NRich Salz <rsalz@openssl.org>

An error was introduced with the setting of SHLIB in DO_GNU_SO.
A common DO_GNU_SO_COMMON that both DO_GNU_SO and DO_GNU_SO_NOCALC use
makes things clearer.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Because we're requiring Perl 5.10.0 and the 'parent' didn't appear
before Perl 5.10.1, we need to resort to the older parent module
declaration style, modifying @ISA.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

On slower file systems, this makes a huge difference
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

GNU make will re-exec if (it thinks that) the Makefile has changed.
Just having the target Makefile seems to make it think it has, so we
end up in a look where GNU make re-execs for ever.

The fix is easy, just remove the Makefile target and have the depend
target run the recipe on its own instead of depending on Makefile.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

is a .s).
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Don't check for no_shared
Reviewed-by: NRich Salz <rsalz@openssl.org>

They depend on this feature because they use the engine ossltest,
which is only available as a dynamic engine.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.

We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl.  This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.

Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Depending on Makefile meant that a new attempt to rebuild the Makefile
with "new" dependency data was done all the time, uncontrolled.  Better
to depend on configdata.pm, which truly only changes with reconfiguration.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NBen Laurie <ben@openssl.org>

Also gives an error message when you gave it a parameter it didn't expect.
Reviewed-by: NRich Salz <rsalz@openssl.org>

MR: #2009

One spot was forgotten.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Object LiBrary
Reviewed-by: NRich Salz <rsalz@openssl.org>

It failed to remove lingering Makefile.new
Reviewed-by: NRich Salz <rsalz@openssl.org>

It was turning off output again in two place where it should have
turned it on.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Remove DSA private key code which tolerates broken implementations which
use negative integers.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Remove old code that handled various invalid DSA formats in ancient
software.

This also fixes a double free bug when parsing malformed DSA private keys.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

CVE-2016-0705
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Adapted from BoringSSL. Added a test.

The extension parsing code is already attempting to already handle this for
some individual extensions, but it is doing so inconsistently. Duplicate
efforts in individual extension parsing will be cleaned up in a follow-up.
Reviewed-by: NStephen Henson <steve@openssl.org>

This silences the memory sanitizer. All fields were already correctly
initialized but the struct padding wasn't, causing an uninitialized read
warning.
Reviewed-by: NTim Hudson <tjh@openssl.org>