Issue was introduced in
https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166

This patch fixes an issue which causes the 'openssl ca' commands to
fail if '-config' is not specified even if it says so otherwise.
Problem is that the default config is not loaded and the conf variable
is NULL which causes an exception.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The tests was incorrectly repeated multiple times when using the
async_jobs options
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

No code change
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are
not used to disable SSL/TLS respectively.
Building with these macros wrongly show as SSL/TLS disabled, hence
removing this code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1025)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

The init_client() function in the apps sets up the client connection. It
may try multiple addresses until it finds one that works. We should clear
the error queue if we eventually get a successful connection because
otherwise we get stale errors hanging around. This can cause problems in
subsequent calls to SSL_get_error(), i.e. non-fatal NBIO events appear as
fatal.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This replaces the old SKIP primes with the most current Diffie-Hellman
MODP groups defined by RFC 7296 and RFC 3526.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from GitHub https://github.com/openssl/openssl/pull/775)

The srp application created an uninitialised DB_ATTR object and then
passed it to the load_index function which attempted to read it. A
DB_ATTR object only contains a single field called "unique_subject".
AFAICT this attribute is unused in the SRP case, and therefore it would be
better to pass a NULL DB_ATTR to load_index (which handles that case
gracefully).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Building with -DCHARSET_EBCDIC and using --strict-warnings resulted in
lots of miscellaneous errors. This fixes it.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Some digest algorithms can't be disabled, don't pretend they can.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Passing the -stdin arg to the passwd command line app *and* supply a
password on the command line causes a seg fault.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

It was added as part of 2df84dd3
but has never actually been used for anything; presumably it was
a typo for one of SCTP or CT.

This removes the last '??' entry from INSTALL.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Commit d064e6ab removed all the
OPENSSL_NO_SHA guards, but commit
a50ad1da regenerated some due to the
sha entries in the %md_disabler table in apps/progs.pl.

Update %md_disabler to reflect that sha is not disableable, and
remove OPENSSL_NO_SHA for good.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Thanks to Brian Carpenter for finding and reporting this.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

The ocsp.h file did not have appropriate guards causing link failures on
Windows.

GH Issue 900
Reviewed-by: NRichard Levitte <levitte@openssl.org>

openssl.c and ts.c assign the value of opt_num_rest() to argc, but then
only use the value once.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Also correct the return value from the the "prime" application
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Various instances of variables being written to, but then never read.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Link errors were occurring on Windows because the header files were not
correctly guarding some functions with OPENSSL_NO_SOCK
Reviewed-by: NRich Salz <rsalz@openssl.org>

Windows "select" only works for sockets so don't use it to wait for async.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Give the API new names, document it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

no-stdio does not work with the apps. Since the tests also need the apps
it doesn't support that either. Therefore we disable building of both.

no-autoalginit is not compatible with the apps because it requires explicit
loading of the algorithms, and the apps don't do that. Therefore we disable
building the apps for this option. Similarly the tests depend on the apps
so we also disable the tests. Finally the whole point about no-autoalginit
is to avoid excessive executable sizes when doing static linking. Therefore
we disable "shared" if this option is selected.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

no-hmac is no longer an option so remove OPENSSL_NO_HMAC guards.
Reviewed-by: NRichard Levitte <levitte@openssl.org>