Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7377)

(cherry picked from commit 628ee796389b555ddb5fc28355e16e9417ab1724)

Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`.  Commit
db4c08f0 applied a badly needed rewrite
to the parse_name() helper function that parses these strings, but
in the process dropped a check that would skip attributes with no
associated value.  As a result, such strings are now treated as
hard errors and the operation fails.

Restore the check to skip empty attribute values and restore
the historical behavior.

Document the behavior for empty subject attribute values in the
corresponding applications' manual pages.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7349)

(cherry picked from commit 3d362f190306b62a17aa2fd475b2bc8b3faa8142)

Free memory allocated in the parent process that is not needed in the
child. We also free it in the parent. Technically this isn't really
required since we end up calling exit() soon afterwards - but to
prevent false positives we free it anyway.

Fixes a Coverity issue.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)

(cherry picked from commit c20a76f695922f409c316399f7290530f7728f19)

It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.

But previously a .rnd file was created on exit, and that does no longer
happen.

Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.

If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.

Remove RANDFILE from openssl.cnf
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)

(cherry picked from commit 0f58220973a02248ca5c69db59e615378467b9c8)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7277)

(cherry picked from commit 46d085096c6ead624c61e4b8b301421301511e64)

-early_data is not compatible with -www, -WWW, -HTTP or -rev.

Fixes #7200
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7206)

(cherry picked from commit 6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8)

If sizeof(int) != sizeof(size_t) this may not work correctly.

Fixes a Coverity issue.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7168)

This addresses issue #6922.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7073)

-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com'
was a valid subject in openssl 1.0. Error received in 1.1 is:

problems making Certificate Request

Not very informative, I only figured this out because I compiled the
code and added logging.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7098)

With the introduction of -pkeyopt, the number of bits may change
without |newkey| being updated.  Unfortunately, there is no API to
retrieve the information from a EVP_PKEY_CTX either, so chances are
that we report incorrect information.  For the moment, it's better not
to try to report the number of bits at all.

Fixes #7086
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7096)

Thanks to @fangang190 for reporting this

Fixes #7061
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7065)

Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7007)

This follows on from the previous commit, and makes the same change to
ignore the digest if we are using EdDSA.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6901)

Previously you had to supply "null" as the digest to use EdDSA. This changes
things so that any digest is ignored.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6901)

Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)

Fixes #6646
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6815)

into an existing source file: the function is static, and the code
doesn't include dsa.h.  Match the generated C source style of dsaparam.

Adjust apps/dhparam.c to match, and rename the BIGNUMs to their more
usual single-letter names.  Add an error return in the generated C source.

both: simplify the callback function
Signed-off-by: NBeat Bolli <dev@drbeat.li>
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6797)

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The result is that we don't have to produce different names on
different platforms, and we won't have confusion on Windows depending
on if the script was built with mingw or with MSVC.

Partial fix for #3254
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6764)

Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6758)

Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5246)

Also fixed a memory leak found by the test.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6681)

Address even Coverity nit.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6671)

In 1.1.0 s_server if the PSK identity doesn't match what we have then
a warning is printed and we continue the connection anyway. In 1.1.1,
if TLSv1.3 is used and the identity doesn't match then we abort the
connection. We should really be consistent with the old behaviour.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6659)

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6655)

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6636)

This also adds the ability to control this through s_server
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6469)

s_client was dumping session data at the end of the handshake. In TLSv1.3
we don't have session data until receipt of a NewSessionTicket message
which happens post-handshake. Therefore we delay dumping the session data
until that message has arrived if TLSv1.3 has been negotiated.

Fixes #6482
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6590)

Function RAND_bytes() may return 0 or -1 on error, simply
goto end label when it fails.

Fixes #6567
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6582)

Use `strrchr` to get a pointer to the last occurrence of `.` in the
path string, instead of the first one with `strchr`.  This prevent the
path to be wrongly split if it contains several `.`, and not only the
one for the extension.

Fixes https://github.com/openssl/openssl/issues/6489.

CLA: trivial
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6566)

Small simplification by skipping effectively redundant step and
not resuming search from point past deletion.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6195)

Fixes #6544
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6546)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6217)

Broken by 0336df2f.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6427)

Issue a warning when generating DSA or RSA keys of size greater than
OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6380)

This is probably a "should not happen" scenario, but better check anyway.
Found by Coverity.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)

Found by Coverity
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)

Fix a memory leak in storeutl.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)

Issue found by Coverity.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)