Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1083)

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a37458c1)

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0794b6a6)

Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit bc776510)

RT#2534

Reviewed-by: Matt Caswell <matt@openssl.org>

RT#2616

Reviewed-by: Matt Caswell <matt@openssl.org>

RT#2558

Reviewed-by: Matt Caswell <matt@openssl.org>

An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING
twice. We only need to do it once.

GitHub Issue #656

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 2647e261)

Some compression related functions in libssl have dummy versions to be
used when compiled with no-comp. However those dummy functions were not
being exported on Windows so they are unusable when dynamically linked.

Reviewed-by: Richard Levitte <levitte@openssl.org>

The given sizes to not include the final NUL character.

RT#2622

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 727ee8cf)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1064)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

RT#4522

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Manual cherry-pick of f2b9c257)

RT#4363

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 2ab851b7)

Conflicts:
	crypto/ec/ec_key.c

RT#4256

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c1176ebf)

Conflicts:
	apps/CA.pl.in

When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

RT#4538

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 981b5bb8)

Originally submitted by Kurt Cancemi <kurt@x64architecture.com>

Closes RT#4533

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 59a56c4c)

Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223



RT#4390

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit f7aa3185)

Conflicts:
	ssl/ssl_locl.h

BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.

RT#1215

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3105d695)

RT#3826

Reviewed-by: Tim Hudson <tjh@openssl.org>

PR#4449

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 049f5bbc)
Conflicts:
	doc/crypto/PKCS12_newpass.pod

PR#4466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d800d0f4)

Conflicts:
	crypto/pkcs12/p12_npas.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 708cf5de)

The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.

PR#4504

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c0aa8c27)

Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.

This will correctly result in errors if an attempt is made to use
an unsupported cipher type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3fd60dc4)

Conflicts:
	crypto/cms/cms_enc.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1025)
(cherry picked from commit c73aa309)

The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e0d184a)

RT#4527

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3340e8bb)

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b1b3e14f)

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin <davidben@google.com> for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Reviewed-by: Emilia Käsper <emilia@openssl.org>

CVE-2016-2107

MR: #2572

A few functions in the recently added EVP_EncodeInit docs don't apply to
the 1.0.x branches.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>