Windows builds show the following warning:
(..\apps\ca.c(2643): warning C4267: 'function': conversion
from 'size_t' to 'int', possible loss of data)
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14453)

If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include
the implicitly tagged [0] certs and [1] crls sets as they are marked
optional and would be empty.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14781)

CLA: trivial
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14783)

Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14756)

Fixes #13949
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14756)

CLA: trivial
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14791)

X509_VERIFY_PARAM_inherit() now copies hostflags independently of hosts.

Previously hostflags were only copied when at least one host was set.
Typically applications don't configure hosts on SSL_CTX. The change
enables applications to configure hostflags on SSL_CTX and have OpenSSL
copy the flags from SSL_CTX to SSL.

Fixes: https://github.com/openssl/openssl/issues/14579Signed-off-by: NChristian Heimes <christian@python.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14743)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)

This is needed to correct d2i_PrivateKey() after it was changed by commit 576892d7.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14786)

Reviewed-by: NTomas Mraz <tomas@openssl.org>

Reviewed-by: NTomas Mraz <tomas@openssl.org>

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)

Fixes #14371
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)

The documentation on algorithm fetching has moved. There were a lot of
references to the old location so we update all of those locations.
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)

The previous commits moved some content out of provider.pod into other
pages, so that content is now removed. provider.pod is now exclusively
focussed on provider authors.
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)

Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)

Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1487)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Add a config variable "use_int128" to indicate if 128-bit integers are
supported or not at the configure time.  This makes it easier to
automatically select 64-bit versus 32-bit implementation for curve448.
Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

This reverts commit 7e492f33.

This brings back the 64-bit reference implementation for curve448.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Signed-off-by: NAmitay Isaacs <amitay@ozlabs.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14782)

The param build now checks the string types and locates them in secure memory
if the original string is.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14782)

This reverts commit bec92891.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14796)

Although the store being used is adequately and properly locked, the library
context is not.  Due to the mechanisms used for fetching, it is possible for
multiple stores to live within the same library context for short periods.
This fix prevents threading issues resulting from such coincidences.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)

Also add a new test that deliberately tests the default library context.

Fixes #14720
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)

A failure to obtain a lock would have resulted in much badness, now it results
in a failure return.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14778)

Fixes #13732

Fix a few places that were not using the '_ex' variants of
ASN1_item_sign/verify.

Added X509_CRL_new_ex().
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14752)