Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}

This prepares some corrections and improves readability (coding style).
Among others, it adds the static function c

Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}

This prepares some corrections and improves readability (coding style).
Among others, it adds the static function check_sig_alg_match() and
the internal functions x509_likely_issued() and x509_signing_allowed().

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)

show more ...

Improve documentation, layout, and code comments regarding self-issued certs etc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1

Improve documentation, layout, and code comments regarding self-issued certs etc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)

show more ...

Fix a typo on the SSL_dup page

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12245)

(cherry picked from commit 0c3d0247a

Fix a typo on the SSL_dup page

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12245)

(cherry picked from commit 0c3d0247a7b16cf10d6d869f34b40aa833b79fd5)

show more ...

Fix CID-1464802

Improper use of negative value (It just needs to pass zero instead of -1).

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Ma

Fix CID-1464802

Improper use of negative value (It just needs to pass zero instead of -1).

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12237)

show more ...

Force ssl/tls protocol flags to use stream sockets

Prior to this patch doing something like
openssl s_client -dtls1 -tls1 ...
could cause s_client to speak TLS on a UDP socket

Force ssl/tls protocol flags to use stream sockets

Prior to this patch doing something like
openssl s_client -dtls1 -tls1 ...
could cause s_client to speak TLS on a UDP socket
which does not normally make much sense.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12266)

show more ...

rand: include the CPU source in a build.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12267)

rand: fix CPU and timer sources.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12267)

Add --fips-key configuration parameter to fipsinstall application.

Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in

Add --fips-key configuration parameter to fipsinstall application.

Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)

show more ...

INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12232)

show more ...

Move test-related info from INSTALL.md to new test/README.md, updating references

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged

Move test-related info from INSTALL.md to new test/README.md, updating references

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12232)

show more ...

apps/openssl: clean-up of unused fallback code

Remove code in help_main() that duplicates the case when 'openssl' is
called with no arguments, which is now handled in main().

Re

apps/openssl: clean-up of unused fallback code

Remove code in help_main() that duplicates the case when 'openssl' is
called with no arguments, which is now handled in main().

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12295)

show more ...

Configurations: drop toolchain from configuration targets

Some configuration targets pretend to be for a specific compiler, but
are more widely usable, and should reflect that.

Configurations: drop toolchain from configuration targets

Some configuration targets pretend to be for a specific compiler, but
are more widely usable, and should reflect that.

[work in progress]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

DOC: Mention Configure consistently

'config' is now a mere wrapper for backward compatibility.
All documentation is changed accordingly.

Reviewed-by: Tim Hudson <tjh@openssl.org

DOC: Mention Configure consistently

'config' is now a mere wrapper for backward compatibility.
All documentation is changed accordingly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

Configure: pick up options from older 'config'

These options were coded in util/perl/OpenSSL/config.pm, but that got
removed when the OpenSSL::config::main() function was removed. We're

Configure: pick up options from older 'config'

These options were coded in util/perl/OpenSSL/config.pm, but that got
removed when the OpenSSL::config::main() function was removed. We're
not putting them back, but in 'Configure'.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm: refactor guess_system()

There's no reason to have two different tables, when we can simply
detect if the tuple elements are code or scalar. Furthermore, ord

util/perl/OpenSSL/config.pm: refactor guess_system()

There's no reason to have two different tables, when we can simply
detect if the tuple elements are code or scalar. Furthermore, order
is important in some cases, and that order is harder not to say
impossible when maintaining two tables.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm: remove expand() and use eval

The strings we expand contain other variable references than just
${MACHINE}. Instead of having to remember what to expand, we

util/perl/OpenSSL/config.pm: remove expand() and use eval

The strings we expand contain other variable references than just
${MACHINE}. Instead of having to remember what to expand, we simply
evaluate the string as a, well, string.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

config: Turn into a simple wrapper

Now that Configure called config.pm's functions directly, the 'config'
script doesn't have much else to do than to pass arguments.

Reviewed-by

config: Turn into a simple wrapper

Now that Configure called config.pm's functions directly, the 'config'
script doesn't have much else to do than to pass arguments.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm: refactor map_guess()

map_guess() is now table driven, just like get_system().
Additionally, it now takes a config hash table and returns one of its
own.

util/perl/OpenSSL/config.pm: refactor map_guess()

map_guess() is now table driven, just like get_system().
Additionally, it now takes a config hash table and returns one of its
own. This way, 'Configure' can pass whatever it has already found to
OpenSSL::config::get_platform(), and easily merge the returned hash
table into its %config.

This also gets rid of variables that we no longer need. That includes
$PERL and all the $__CNF_ environment variables.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm, Configure: move check of target with compiler

Previously, ./config would check if "$target-$CC", then "$target"
exists and choose the one that does. This is

util/perl/OpenSSL/config.pm, Configure: move check of target with compiler

Previously, ./config would check if "$target-$CC", then "$target"
exists and choose the one that does. This is now moved to Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm: Rework determining compiler information

determine_compiler_settings() has been refactored to:

- find a compiler if none has been given by the user
-

util/perl/OpenSSL/config.pm: Rework determining compiler information

determine_compiler_settings() has been refactored to:

- find a compiler if none has been given by the user
- allow platform specific overrides, but only when the user didn't
already specify a desired compiler
- figure out the compiler vendor and version, making sure that the
version number is deterministic
- gather platform specific compiler information

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

Remove OpenSSL::config::main(), it's not necessary

This also remove all option parsing. We leave that to Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https

Remove OpenSSL::config::main(), it's not necessary

This also remove all option parsing. We leave that to Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command

POSIX::uname() has the advantage to work on non-POSIX systems as well,
such as the Windows command prompt and V

util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command

POSIX::uname() has the advantage to work on non-POSIX systems as well,
such as the Windows command prompt and VMS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

util/perl/OpenSSL/config.pm: Don't detect removed directories in

This is much better handled in Configure.

[There's another PR moving this to Configure, so this commit should
ev

util/perl/OpenSSL/config.pm: Don't detect removed directories in

This is much better handled in Configure.

[There's another PR moving this to Configure, so this commit should
eventually disappear because rebase]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

Initial rewrite of config as a Perl module

- Use $^X; to find perl.
- Big re-ordering: Put all variables at the top, move most inline code into
functions. The heart of the script n

Initial rewrite of config as a Perl module

- Use $^X; to find perl.
- Big re-ordering: Put all variables at the top, move most inline code into
functions. The heart of the script now basically just calls
functions to do its work.
- Unify warning text, add -w option
- Don't use needless (subshells)
- Ensure Windows gets a VC-xxx option
- Make config a perl module
- Top-level "config" command-line is a dummy that just calls the module.
Added module stuff so that it can be called from Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)

show more ...

Add a test to make sure ASYNC aware code gets the right default libctx

Even if a fibre changes the default libctx - or the main application code
changes it, the "current" default libctx

Add a test to make sure ASYNC aware code gets the right default libctx

Even if a fibre changes the default libctx - or the main application code
changes it, the "current" default libctx should remain consistent.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)

show more ...