Make sure the information is kept for reconfiguration too.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Because of a perl operator priority mixup, the --openssldir argument
wasn't honored.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

EC DRBG support was added in 7fdcb457 in 2011 and then later removed.
However the CHANGES entry for its original addition was left behind.
This just removes the spurious CHANGES entry.
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

msan detected an uninit read.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

OpenSSL versions before 1.1.0 didn't convert non-ASCII
UTF8 PKCS#12 passwords to Unicode correctly.

To correctly decrypt older files, if MAC verification fails
with the supplied password attempt to use the broken format
which is compatible with earlier versions of OpenSSL.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

To avoid possible race conditions don't switch password format using
global state in crypto/pkcs12
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Found by Coverity.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

It should not have been removed.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Ensure it is clear to the user why there has been an error.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The new curves test did not take into account no-ec2m
Reviewed-by: NRichard Levitte <levitte@openssl.org>

If not, fall back to our own code, using the given mutex
Reviewed-by: NAndy Polyakov <appro@openssl.org>

For increments, the relaxed model is fine.  For decrements, it's
recommended to use the acquire release model.  We therefore go for the
latter.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Note: we trust any other compiler that fully implements GNU extension
to define __GNUC__

RT#4642
Reviewed-by: NAndy Polyakov <appro@openssl.org>

In apps/rsa.c, we were second guessing RSA_check_key() to leave error
codes lying around without returning -1 properly.  However, this also
catches other errors that are lying around and that we should not care
about.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Thanks to Shi Lei for reporting this issue.

CVE-2016-6303
Reviewed-by: NMatt Caswell <matt@openssl.org>

Add CVE to CHANGES
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Ownership semantics and function names have changed.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

SCT_verify_v1 has been removed and SCT_verify is no longer part of the
public API.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

These functions have been removed from the public API.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

This is covered by d2i_X509.pod.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>