Reviewed-by: NAndy Polyakov <appro@openssl.org>

They were using the wrong variables.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Originally submitted by Kurt Cancemi <kurt@x64architecture.com>

Closes RT#4533
Reviewed-by: NMatt Caswell <matt@openssl.org>

Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223

RT#4390
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.

RT#1215
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Issue was introduced in
https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166

This patch fixes an issue which causes the 'openssl ca' commands to
fail if '-config' is not specified even if it says so otherwise.
Problem is that the default config is not loaded and the conf variable
is NULL which causes an exception.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

With Unixly Makefiles as well as with nmake, make variables are
transferred to the shell running the commands as envinronment
variables.  This principle doesn't apply with MMS, so we must
explicitely define VERBOSE as commands when it's needed.
Reviewed-by: NRich Salz <rsalz@openssl.org>

PR#4462
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The tests was incorrectly repeated multiple times when using the
async_jobs options
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

When setting a new SRTP connection profile using
SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should
free any existing profile first to avoid a memory leak.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

If environment variables are not explanded early enough, expanded
strings are passed with single backslash to C compiler, e.g.
C:\Program Files, which effectively results in OpenSSL looking for
engines and certificates in C:Program Files.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

No code change
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

- Missing checks for allocation failure.
- releasing memory in few missing error paths
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

PR#4449
Reviewed-by: NRich Salz <rsalz@openssl.org>

PR#4478
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NStephen Henson <steve@openssl.org>

PR#4466
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

We don't need it, but external users might find it handy.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.

PR#4504
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.

This will correctly result in errors if an attempt is made to use
an unsupported cipher type.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This demystifies two for-loops that do nothing. They were used to write
the ladder in a unified way. Now that the ladder is otherwise commented,
remove the dead loops.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Based on an orignal commit by GitHub user BertramScharpf. Rebased and
updated to take account of all the updates since this was first raised.

GH PR#62
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>