Prepare for 0.9.8zf release

Reviewed-by: Richard Levitte <levitte@openssl.org>

CHANGES

@@ -2,9 +2,82 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx]
+ Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
 
-  *)
+  *) Segmentation fault in ASN1_TYPE_cmp fix
+
+     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+     certificate signature algorithm consistency this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+     (CVE-2015-0286)
+     [Stephen Henson]
+
+  *) ASN.1 structure reuse memory corruption fix
+
+     Reusing a structure in ASN.1 parsing may allow an attacker to cause
+     memory corruption via an invalid write. Such reuse is and has been
+     strongly discouraged and is believed to be rare.
+
+     Applications that parse structures containing CHOICE or ANY DEFINED BY
+     components may be affected. Certificate parsing (d2i_X509 and related
+     functions) are however not affected. OpenSSL clients and servers are
+     not affected.
+     (CVE-2015-0287)
+     [Stephen Henson]
+
+  *) PKCS7 NULL pointer dereferences fix
+
+     The PKCS#7 parsing code does not handle missing outer ContentInfo
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+     missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+     otherwise parse PKCS#7 structures from untrusted sources are
+     affected. OpenSSL clients and servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-0289)
+     [Emilia K<>sper]
+
+  *) DoS via reachable assert in SSLv2 servers fix
+
+     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+     servers that both support SSLv2 and enable export cipher suites by sending
+     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+     This issue was discovered by Sean Burford (Google) and Emilia K<>sper
+     (OpenSSL development team).
+     (CVE-2015-0293)
+     [Emilia K<>sper]
+
+  *) Use After Free following d2i_ECPrivatekey error fix
+
+     A malformed EC private key file consumed via the d2i_ECPrivateKey function
+     could cause a use after free condition. This, in turn, could cause a double
+     free in several private key parsing functions (such as d2i_PrivateKey
+     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+     for applications that receive EC private keys from untrusted
+     sources. This scenario is considered rare.
+
+     This issue was discovered by the BoringSSL project and fixed in their
+     commit 517073cd4b.
+     (CVE-2015-0209)
+     [Matt Caswell]
+
+  *) X509_to_X509_REQ NULL pointer deref fix
+
+     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+     the certificate key is invalid. This function is rarely used in practice.
+
+     This issue was discovered by Brian Carpenter.
+     (CVE-2015-0288)
+     [Stephen Henson]
+
+  *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
 
  Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
 

NEWS

@@ -5,9 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [under development]
+  Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015]
 
-      o
+      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+      o Removed the export ciphers from the DEFAULT ciphers
 
   Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [15 Jan 2015]
 

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8zf-dev
+ OpenSSL 0.9.8zf 19 Mar 2015
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

crypto/asn1/a_type.c

@@ -116,6 +116,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
     case V_ASN1_OBJECT:
         result = OBJ_cmp(a->value.object, b->value.object);
         break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
     case V_ASN1_NULL:
         result = 0;             /* They do not have content. */
         break;

crypto/asn1/p8_pkey.c

@@ -68,7 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
     /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
     if (operation == ASN1_OP_FREE_PRE) {
         PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-        if (key->pkey->value.octet_string)
+        if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
+            && key->pkey->value.octet_string != NULL)
             OPENSSL_cleanse(key->pkey->value.octet_string->data,
                             key->pkey->value.octet_string->length);
     }

crypto/asn1/tasn_dec.c

@@ -302,9 +302,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
     case ASN1_ITYPE_CHOICE:
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
             goto auxerr;
-
-        /* Allocate structure */
-        if (!*pval && !ASN1_item_ex_new(pval, it)) {
+        if (*pval) {
+            /* Free up and zero CHOICE value if initialised */
+            i = asn1_get_choice_selector(pval, it);
+            if ((i >= 0) && (i < it->tcount)) {
+                tt = it->templates + i;
+                pchptr = asn1_get_field_ptr(pval, tt);
+                ASN1_template_free(pchptr, tt);
+                asn1_set_choice_selector(pval, -1, it);
+            }
+        } else if (!ASN1_item_ex_new(pval, it)) {
             ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
             goto err;
         }
@@ -384,6 +391,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
             goto auxerr;
 
+        /* Free up and zero any ADB found */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
+                const ASN1_TEMPLATE *seqtt;
+                ASN1_VALUE **pseqval;
+                seqtt = asn1_do_adb(pval, tt, 1);
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                ASN1_template_free(pseqval, seqtt);
+            }
+        }
+
         /* Get each field entry */
         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
             const ASN1_TEMPLATE *seqtt;

crypto/asn1/x_bignum.c

@@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM)
 
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        *pval = (ASN1_VALUE *)BN_new();
-        if(*pval) return 1;
-        else return 0;
+    *pval = (ASN1_VALUE *)BN_new();
+    if (*pval)
+        return 1;
+    else
+        return 0;
 }
 
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        if(!*pval) return;
-        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
-        else BN_free((BIGNUM *)*pval);
-        *pval = NULL;
+    if (!*pval)
+        return;
+    if (it->size & BN_SENSITIVE)
+        BN_clear_free((BIGNUM *)*pval);
+    else
+        BN_free((BIGNUM *)*pval);
+    *pval = NULL;
 }
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it)
 {
-        BIGNUM *bn;
-        int pad;
-        if(!*pval) return -1;
-        bn = (BIGNUM *)*pval;
-        /* If MSB set in an octet we need a padding byte */
-        if(BN_num_bits(bn) & 0x7) pad = 0;
-        else pad = 1;
-        if(cont) {
-                if(pad) *cont++ = 0;
-                BN_bn2bin(bn, cont);
-        }
-        return pad + BN_num_bytes(bn);
+    BIGNUM *bn;
+    int pad;
+    if (!*pval)
+        return -1;
+    bn = (BIGNUM *)*pval;
+    /* If MSB set in an octet we need a padding byte */
+    if (BN_num_bits(bn) & 0x7)
+        pad = 0;
+    else
+        pad = 1;
+    if (cont) {
+        if (pad)
+            *cont++ = 0;
+        BN_bn2bin(bn, cont);
+    }
+    return pad + BN_num_bytes(bn);
 }
 
 static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                   int utype, char *free_cont, const ASN1_ITEM *it)
 {
-        BIGNUM *bn;
-        if(!*pval) bn_new(pval, it);
-        bn  = (BIGNUM *)*pval;
-        if(!BN_bin2bn(cont, len, bn)) {
-                bn_free(pval, it);
-                return 0;
-        }
-        return 1;
+    BIGNUM *bn;
+    if (!*pval)
+        bn_new(pval, it);
+    bn = (BIGNUM *)*pval;
+    if (!BN_bin2bn(cont, len, bn)) {
+        bn_free(pval, it);
+        return 0;
+    }
+    return 1;
 }
-
-

crypto/asn1/x_long.c

@@ -94,81 +94,94 @@ ASN1_ITEM_end(ZLONG)
 
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        *(long *)pval = it->size;
-        return 1;
+    *(long *)pval = it->size;
+    return 1;
 }
 
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        *(long *)pval = it->size;
+    *(long *)pval = it->size;
 }
 
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
 {
-        long ltmp;
-        unsigned long utmp;
-        int clen, pad, i;
-        /* this exists to bypass broken gcc optimization */
-        char *cp = (char *)pval;
+    long ltmp;
+    unsigned long utmp;
+    int clen, pad, i;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)pval;
 
-        /* use memcpy, because we may not be long aligned */
-        memcpy(&ltmp, cp, sizeof(long));
+    /* use memcpy, because we may not be long aligned */
+    memcpy(&ltmp, cp, sizeof(long));
 
-        if(ltmp == it->size) return -1;
-        /* Convert the long to positive: we subtract one if negative so
-         * we can cleanly handle the padding if only the MSB of the leading
-         * octet is set.
-         */
-        if(ltmp < 0) utmp = -ltmp - 1;
-        else utmp = ltmp;
-        clen = BN_num_bits_word(utmp);
-        /* If MSB of leading octet set we need to pad */
-        if(!(clen & 0x7)) pad = 1;
-        else pad = 0;
+    if (ltmp == it->size)
+        return -1;
+    /*
+     * Convert the long to positive: we subtract one if negative so we can
+     * cleanly handle the padding if only the MSB of the leading octet is
+     * set.
+     */
+    if (ltmp < 0)
+        utmp = -ltmp - 1;
+    else
+        utmp = ltmp;
+    clen = BN_num_bits_word(utmp);
+    /* If MSB of leading octet set we need to pad */
+    if (!(clen & 0x7))
+        pad = 1;
+    else
+        pad = 0;
 
-        /* Convert number of bits to number of octets */
-        clen = (clen + 7) >> 3;
+    /* Convert number of bits to number of octets */
+    clen = (clen + 7) >> 3;
 
-        if(cont) {
-                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
-                for(i = clen - 1; i >= 0; i--) {
-                        cont[i] = (unsigned char)(utmp & 0xff);
-                        if(ltmp < 0) cont[i] ^= 0xff;
-                        utmp >>= 8;
-                }
+    if (cont) {
+        if (pad)
+            *cont++ = (ltmp < 0) ? 0xff : 0;
+        for (i = clen - 1; i >= 0; i--) {
+            cont[i] = (unsigned char)(utmp & 0xff);
+            if (ltmp < 0)
+                cont[i] ^= 0xff;
+            utmp >>= 8;
         }
-        return clen + pad;
+    }
+    return clen + pad;
 }
 
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                     int utype, char *free_cont, const ASN1_ITEM *it)
 {
-        int neg, i;
-        long ltmp;
-        unsigned long utmp = 0;
-        char *cp = (char *)pval;
-        if(len > (int)sizeof(long)) {
-                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-                return 0;
-        }
-        /* Is it negative? */
-        if(len && (cont[0] & 0x80)) neg = 1;
-        else neg = 0;
-        utmp = 0;
-        for(i = 0; i < len; i++) {
-                utmp <<= 8;
-                if(neg) utmp |= cont[i] ^ 0xff;
-                else utmp |= cont[i];
-        }
-        ltmp = (long)utmp;
-        if(neg) {
-                ltmp++;
-                ltmp = -ltmp;
-        }
-        if(ltmp == it->size) {
-                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-                return 0;
-        }
-        memcpy(cp, &ltmp, sizeof(long));
-        return 1;
+    int neg, i;
+    long ltmp;
+    unsigned long utmp = 0;
+    char *cp = (char *)pval;
+    if (len > (int)sizeof(long)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    /* Is it negative? */
+    if (len && (cont[0] & 0x80))
+        neg = 1;
+    else
+        neg = 0;
+    utmp = 0;
+    for (i = 0; i < len; i++) {
+        utmp <<= 8;
+        if (neg)
+            utmp |= cont[i] ^ 0xff;
+        else
+            utmp |= cont[i];
+    }
+    ltmp = (long)utmp;
+    if (neg) {
+        ltmp++;
+        ltmp = -ltmp;
+    }
+    if (ltmp == it->size) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    memcpy(cp, &ltmp, sizeof(long));
+    return 1;
 }

crypto/asn1/x_x509.c

@@ -179,8 +179,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
     const unsigned char *q;
     X509 *ret;
+    int freeret = 0;
+
     /* Save start position */
     q = *pp;
+
+    if(!a || *a == NULL) {
+        freeret = 1;
+    }
     ret = d2i_X509(a, pp, length);
     /* If certificate unreadable then forget it */
     if (!ret)
@@ -193,7 +199,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
         goto err;
     return ret;
  err:
-    X509_free(ret);
+    if(freeret) {
+        X509_free(ret);
+        if (a)
+            *a = NULL;
+    }
     return NULL;
 }
 

crypto/bn/bntest.c

@@ -722,7 +722,15 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
     if (BN_cmp(c, d)) {
         fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
                 "different results!\n");
+#ifdef OPENSSL_FIPS
+        /*
+         * This test fails if we are linked to the FIPS module. Unfortunately
+         * that can't be fixed so we print out the error but continue anyway.
+         */
+        fprintf(stderr, "    FIPS build: ignoring.\n");
+#else
         goto err;
+#endif
     }
 
     /* Regression test for a BN_sqr overflow bug. */

crypto/des/spr.h

@@ -58,180 +58,155 @@
 
 OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
     {
-/* nibble 0 */
-     0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
-     0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
-     0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
-     0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
-     0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
-     0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
-     0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
-     0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
-     0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
-     0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
-     0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
-     0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
-     0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
-     0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
-     0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
-     0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
-     }, {
-/* nibble 1 */
-         0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
-         0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
-         0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
-         0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
-         0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
-         0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
-         0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
-         0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
-         0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
-         0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
-         0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
-         0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
-         0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
-         0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
-         0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
-         0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
-         }, {
-/* nibble 2 */
-             0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
-             0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
-             0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
-             0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
-             0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
-             0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
-             0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
-             0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
-             0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
-             0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
-             0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
-             0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
-             0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
-             0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
-             0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
-             0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
-             }, {
-/* nibble 3 */
-                 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
-                 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
-                 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
-                 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
-                 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
-                 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
-                 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
-                 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
-                 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
-                 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
-                 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
-                 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
-                 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
-                 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
-                 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
-                 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
-                 }, {
-/* nibble 4 */
-                     0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
-                     0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
-                     0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
-                     0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
-                     0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
-                     0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
-                     0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
-                     0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
-                     0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
-                     0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
-                     0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
-                     0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
-                     0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
-                     0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
-                     0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
-                     0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
-                     }, {
-/* nibble 5 */
-                         0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
-                         0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
-                         0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
-                         0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
-                         0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
-                         0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
-                         0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
-                         0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
-                         0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
-                         0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
-                         0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
-                         0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
-                         0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
-                         0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
-                         0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
-                         0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
-                         }, {
-/* nibble 6 */
-                             0x00004000L, 0x00000200L, 0x01000200L,
-                             0x01000004L,
-                             0x01004204L, 0x00004004L, 0x00004200L,
-                             0x00000000L,
-                             0x01000000L, 0x01000204L, 0x00000204L,
-                             0x01004000L,
-                             0x00000004L, 0x01004200L, 0x01004000L,
-                             0x00000204L,
-                             0x01000204L, 0x00004000L, 0x00004004L,
-                             0x01004204L,
-                             0x00000000L, 0x01000200L, 0x01000004L,
-                             0x00004200L,
-                             0x01004004L, 0x00004204L, 0x01004200L,
-                             0x00000004L,
-                             0x00004204L, 0x01004004L, 0x00000200L,
-                             0x01000000L,
-                             0x00004204L, 0x01004000L, 0x01004004L,
-                             0x00000204L,
-                             0x00004000L, 0x00000200L, 0x01000000L,
-                             0x01004004L,
-                             0x01000204L, 0x00004204L, 0x00004200L,
-                             0x00000000L,
-                             0x00000200L, 0x01000004L, 0x00000004L,
-                             0x01000200L,
-                             0x00000000L, 0x01000204L, 0x01000200L,
-                             0x00004200L,
-                             0x00000204L, 0x00004000L, 0x01004204L,
-                             0x01000000L,
-                             0x01004200L, 0x00000004L, 0x00004004L,
-                             0x01004204L,
-                             0x01000004L, 0x01004200L, 0x01004000L,
-                             0x00004004L,
-                             }, {
-/* nibble 7 */
-                                 0x20800080L, 0x20820000L, 0x00020080L,
-                                 0x00000000L,
-                                 0x20020000L, 0x00800080L, 0x20800000L,
-                                 0x20820080L,
-                                 0x00000080L, 0x20000000L, 0x00820000L,
-                                 0x00020080L,
-                                 0x00820080L, 0x20020080L, 0x20000080L,
-                                 0x20800000L,
-                                 0x00020000L, 0x00820080L, 0x00800080L,
-                                 0x20020000L,
-                                 0x20820080L, 0x20000080L, 0x00000000L,
-                                 0x00820000L,
-                                 0x20000000L, 0x00800000L, 0x20020080L,
-                                 0x20800080L,
-                                 0x00800000L, 0x00020000L, 0x20820000L,
-                                 0x00000080L,
-                                 0x00800000L, 0x00020000L, 0x20000080L,
-                                 0x20820080L,
-                                 0x00020080L, 0x20000000L, 0x00000000L,
-                                 0x00820000L,
-                                 0x20800080L, 0x20020080L, 0x20020000L,
-                                 0x00800080L,
-                                 0x20820000L, 0x00000080L, 0x00800080L,
-                                 0x20020000L,
-                                 0x20820080L, 0x00800000L, 0x20800000L,
-                                 0x20000080L,
-                                 0x00820000L, 0x00020080L, 0x20020080L,
-                                 0x20800000L,
-                                 0x00000080L, 0x20820000L, 0x00820080L,
-                                 0x00000000L,
-                                 0x20000000L, 0x20800080L, 0x00020000L,
-                                 0x00820080L,
-                                 }
+        /* nibble 0 */
+        0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+        0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+        0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+        0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+        0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+        0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+        0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+        0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+        0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+        0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+        0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+        0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+        0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+        0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+        0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+        0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+    },
+    {
+        /* nibble 1 */
+        0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+        0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+        0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+        0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+        0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+        0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+        0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+        0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+        0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+        0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+        0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+        0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+        0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+        0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+        0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+        0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+    },
+    {
+        /* nibble 2 */
+        0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+        0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+        0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+        0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+        0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+        0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+        0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+        0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+        0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+        0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+        0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+        0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+        0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+        0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+    },
+    {
+        /* nibble 3 */
+        0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+        0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+        0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+        0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+        0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+        0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+        0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+        0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+        0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+        0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+        0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+        0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+        0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+        0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+        0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+        0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+    },
+    {
+        /* nibble 4 */
+        0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+        0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+        0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+        0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+        0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+        0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+        0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+        0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+        0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+        0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+        0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+        0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+        0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+        0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+    },
+    {
+        /* nibble 5 */
+        0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+        0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+        0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+        0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+        0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+        0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+        0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+        0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+        0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+        0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+        0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+        0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+        0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+        0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+        0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+        0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+    },
+    {
+        /* nibble 6 */
+        0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+        0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+        0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+        0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+        0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+        0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+        0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+        0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+        0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+        0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+        0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+        0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+        0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+        0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+        0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+        0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+    },
+    {
+        /* nibble 7 */
+        0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+        0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+        0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+        0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+        0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+        0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+        0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+        0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+        0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+        0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+        0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+        0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+        0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+        0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+    }
 };

crypto/ec/ec_asn1.c

@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (a)
-            *a = ret;
     } else
         ret = *a;
 
@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
         }
     }
 
+    if (a)
+        *a = ret;
     ok = 1;
  err:
     if (!ok) {
-        if (ret)
+        if (ret && (a == NULL || *a != ret))
             EC_KEY_free(ret);
         ret = NULL;
     }
@@ -1196,16 +1196,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
             ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
             return NULL;
         }
-        if (a)
-            *a = ret;
     } else
         ret = *a;
 
     if (!d2i_ECPKParameters(&ret->group, in, len)) {
         ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+        if (a == NULL || *a != ret)
+             EC_KEY_free(ret);
         return NULL;
     }
 
+    if (a)
+        *a = ret;
+
     return ret;
 }
 

crypto/engine/eng_padlock.c

@@ -511,42 +511,104 @@ static void * __fastcall                \
         REP_XCRYPT(code)                \
 }
 
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, 0xc8)
-    PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, 0xd0)
-    PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, 0xe0)
-    PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, 0xe8)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
 
 static int __fastcall padlock_xstore(void *outp, unsigned int code)
 {
-_asm mov edi, ecx
-        _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0}
-    static void __fastcall padlock_reload_key(void)
+    _asm    mov edi,ecx
+    _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+}
+
+static void __fastcall padlock_reload_key(void)
 {
-_asm pushfd _asm popfd}
-    static void __fastcall padlock_verify_context(void *cdata)
+    _asm pushfd
+    _asm popfd
+}
+
+static void __fastcall padlock_verify_context(void *cdata)
 {
-    _asm {
-pushfd bt DWORD PTR[esp], 30 jnc skip cmp ecx,
-            padlock_saved_context je skip popfd sub esp,
-            4 skip:add esp, 4 mov padlock_saved_context,
-            ecx}} static int padlock_available(void)
+    _asm    {
+        pushfd
+        bt  DWORD PTR[esp],30
+        jnc skip
+        cmp ecx,padlock_saved_context
+        je  skip
+        popfd
+        sub esp,4
+    skip:   add esp,4
+        mov padlock_saved_context,ecx
+    }
+}
+
+static int
+padlock_available(void)
 {
-    _asm {
-pushfd pop eax mov ecx, eax xor eax,
-            1 << 21 push eax popfd pushfd pop eax xor eax, ecx bt eax,
-            21 jnc noluck mov eax, 0 cpuid xor eax, eax cmp ebx,
-            'tneC' jne noluck cmp edx, 'Hrua' jne noluck cmp ecx,
-            'slua' jne noluck mov eax, 0xC0000000 cpuid mov edx,
-            eax xor eax, eax cmp edx, 0xC0000001 jb noluck mov eax,
-            0xC0000001 cpuid xor eax, eax bt edx, 6 jnc skip_a bt edx,
-            7 jnc skip_a mov padlock_use_ace, 1 inc eax skip_a:bt edx,
-            2 jnc skip_r bt edx, 3 jnc skip_r mov padlock_use_rng,
-            1 inc eax skip_r:noluck:}} static void __fastcall
-padlock_bswapl(void *key)
+    _asm    {
+        pushfd
+        pop eax
+        mov ecx,eax
+        xor eax,1<<21
+        push    eax
+        popfd
+        pushfd
+        pop eax
+        xor eax,ecx
+        bt  eax,21
+        jnc noluck
+        mov eax,0
+        cpuid
+        xor eax,eax
+        cmp ebx,'tneC'
+        jne noluck
+        cmp edx,'Hrua'
+        jne noluck
+        cmp ecx,'slua'
+        jne noluck
+        mov eax,0xC0000000
+        cpuid
+        mov edx,eax
+        xor eax,eax
+        cmp edx,0xC0000001
+        jb  noluck
+        mov eax,0xC0000001
+        cpuid
+        xor eax,eax
+        bt  edx,6
+        jnc skip_a
+        bt  edx,7
+        jnc skip_a
+        mov padlock_use_ace,1
+        inc eax
+    skip_a: bt  edx,2
+        jnc skip_r
+        bt  edx,3
+        jnc skip_r
+        mov padlock_use_rng,1
+        inc eax
+    skip_r:
+    noluck:
+    }
+}
+
+static void __fastcall padlock_bswapl(void *key)
 {
-    _asm {
-pushfd cld mov esi, ecx mov edi, ecx mov ecx, 60 up:lodsd
-            bswap eax stosd loop up popfd}}
+    _asm    {
+        pushfd
+        cld
+        mov esi,ecx
+        mov edi,ecx
+        mov ecx,60
+    up: lodsd
+        bswap   eax
+        stosd
+        loop    up
+        popfd
+    }
+}
+
 /*
  * MS actually specifies status of Direction Flag and compiler even manages
  * to compile following as 'rep movsd' all by itself...

crypto/md32_common.h

@@ -231,8 +231,7 @@
 #  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         l)
+                         *((c)++)=(unsigned char)(((l)    )&0xff)   )
 # endif
 
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
@@ -252,8 +251,8 @@
 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
 #  ifndef B_ENDIAN
    /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
-#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
+#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
+#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
 #  endif
 # endif
 
@@ -267,8 +266,7 @@
 #  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         l)
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff)   )
 # endif
 
 #endif

crypto/objects/objects.pl

@@ -118,9 +118,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
 print OUT <<'EOF';
 /* crypto/objects/obj_mac.h */
 
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
+/*
+ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
+ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
  */
 
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
@@ -129,21 +129,21 @@ print OUT <<'EOF';
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -158,10 +158,10 @@ print OUT <<'EOF';
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -173,28 +173,36 @@ print OUT <<'EOF';
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-#define SN_undef			"UNDEF"
-#define LN_undef			"undefined"
-#define NID_undef			0
-#define OBJ_undef			0L
-
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
 EOF
 
+sub expand
+	{
+	my $string = shift;
+
+	1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e;
+
+	return $string;
+	}
+
 foreach (sort { $a <=> $b } keys %ordern)
 	{
 	$Cname=$ordern{$_};
-	print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
-	print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
-	print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
-	print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
 	print OUT "\n";
+	print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
+	print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
+	print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
+	print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
 	}
 
 close OUT;

crypto/opensslv.h

@@ -26,11 +26,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x009081f0L
+# define OPENSSL_VERSION_NUMBER  0x009081ffL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zf-fips-dev xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zf-fips 19 Mar 2015"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zf-dev xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zf 19 Mar 2015"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 

crypto/pem/pem.h

@@ -620,7 +620,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str);
 DECLARE_PEM_rw(X509, X509)
 DECLARE_PEM_rw(X509_AUX, X509)
 DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
-DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
 DECLARE_PEM_rw(X509_CRL, X509_CRL)
 DECLARE_PEM_rw(PKCS7, PKCS7)
 DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
@@ -628,20 +629,24 @@ DECLARE_PEM_rw(PKCS8, X509_SIG)
 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 #  ifndef OPENSSL_NO_RSA
 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 #  endif
 #  ifndef OPENSSL_NO_DSA
 DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
 #  endif
 #  ifndef OPENSSL_NO_EC
 DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 #  endif
 #  ifndef OPENSSL_NO_DH
 DECLARE_PEM_rw_const(DHparams, DH)
 #  endif
-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
 
 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
                                       char *kstr, int klen,

crypto/pkcs7/pk7_doit.c

@@ -147,6 +147,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
     EVP_PKEY *pkey;
     ASN1_OCTET_STRING *os = NULL;
 
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    /*
+     * The content field in the PKCS7 ContentInfo is optional, but that really
+     * only applies to inner content (precisely, detached signatures).
+     *
+     * When reading content, missing outer content is therefore treated as an
+     * error.
+     *
+     * When creating content, PKCS7_content_new() must be called before
+     * calling this method, so a NULL p7->d is always an error.
+     */
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
     i = OBJ_obj2nid(p7->type);
     p7->state = PKCS7_S_HEADER;
 
@@ -325,6 +344,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
     STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
     PKCS7_RECIP_INFO *ri = NULL;
 
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
     i = OBJ_obj2nid(p7->type);
     p7->state = PKCS7_S_HEADER;
 
@@ -607,6 +636,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
     STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
     ASN1_OCTET_STRING *os = NULL;
 
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
     EVP_MD_CTX_init(&ctx_tmp);
     i = OBJ_obj2nid(p7->type);
     p7->state = PKCS7_S_HEADER;
@@ -635,6 +674,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
             M_ASN1_OCTET_STRING_free(os);
+            os = NULL;
             p7->d.sign->contents->d.data = NULL;
         }
         break;
@@ -644,6 +684,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
             M_ASN1_OCTET_STRING_free(os);
+            os = NULL;
             p7->d.digest->contents->d.data = NULL;
         }
         break;
@@ -767,6 +808,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
     }
 
     if (!PKCS7_is_detached(p7)) {
+        /*
+         * NOTE(emilia): I think we only reach os == NULL here because detached
+         * digested data support is broken.
+         */
+        if (os == NULL)
+            goto err;
         btmp = BIO_find_type(bio, BIO_TYPE_MEM);
         if (btmp == NULL) {
             PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
@@ -803,6 +850,16 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
     STACK_OF(X509) *cert;
     X509 *x509;
 
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
     if (PKCS7_type_is_signed(p7)) {
         cert = p7->d.sign->cert;
     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {

crypto/pkcs7/pk7_lib.c

@@ -69,6 +69,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
     nid = OBJ_obj2nid(p7->type);
 
     switch (cmd) {
+    /* NOTE(emilia): does not support detached digested data. */
     case PKCS7_OP_SET_DETACHED_SIGNATURE:
         if (nid == NID_pkcs7_signed) {
             ret = p7->detached = (int)larg;
@@ -464,6 +465,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
 
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
 {
+    if (p7 == NULL || p7->d.ptr == NULL)
+        return NULL;
     if (PKCS7_type_is_signed(p7)) {
         return (p7->d.sign->signer_info);
     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {

crypto/stack/safestack.h

@@ -1988,6 +1988,5 @@ STACK_OF(type) \
 
 # define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
         SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-/* End of util/mkstack.pl block, you may now edit :-) */
 
 #endif                          /* !defined HEADER_SAFESTACK_H */

crypto/symhacks.h

@@ -197,6 +197,13 @@
 #  undef ssl_parse_serverhello_renegotiate_ext
 #  define ssl_parse_serverhello_renegotiate_ext   ssl_parse_serverhello_reneg_ext
 
+#  undef ssl3_cbc_record_digest_supported
+#  define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#  undef ssl_check_clienthello_tlsext_late
+#  define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#  undef ssl_check_clienthello_tlsext_early
+#  define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
+
 /* Hack some long ENGINE names */
 #  undef ENGINE_get_default_BN_mod_exp_crt
 #  define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt

crypto/x509/x509_req.c

@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
         goto err;
 
     pktmp = X509_get_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
     i = X509_REQ_set_pubkey(ret, pktmp);
     EVP_PKEY_free(pktmp);
     if (!i)

doc/apps/ciphers.pod

@@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 
 the default cipher list. This is determined at compile time and is normally
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>

ssl/s2_lib.c

@@ -417,7 +417,7 @@ int ssl2_generate_key_material(SSL *s)
 
         OPENSSL_assert(s->session->master_key_length >= 0
                        && s->session->master_key_length
-                       < (int)sizeof(s->session->master_key));
+                       <= (int)sizeof(s->session->master_key));
         EVP_DigestUpdate(&ctx, s->session->master_key,
                          s->session->master_key_length);
         EVP_DigestUpdate(&ctx, &c, 1);

ssl/s2_srvr.c

@@ -369,7 +369,8 @@ int ssl2_accept(SSL *s)
 
 static int get_client_master_key(SSL *s)
 {
-    int is_export, i, n, keya, ek;
+    int is_export, i, n, keya;
+    unsigned int ek;
     unsigned long len;
     unsigned char *p;
     SSL_CIPHER *cp;
@@ -452,11 +453,6 @@ static int get_client_master_key(SSL *s)
         SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
         return (-1);
     }
-    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-                                &(p[s->s2->tmp.clear]),
-                                &(p[s->s2->tmp.clear]),
-                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-                                RSA_PKCS1_PADDING);
 
     is_export = SSL_C_IS_EXPORT(s->session->cipher);
 
@@ -473,23 +469,61 @@ static int get_client_master_key(SSL *s)
     } else
         ek = 5;
 
+    /*
+     * The format of the CLIENT-MASTER-KEY message is
+     * 1 byte message type
+     * 3 bytes cipher
+     * 2-byte clear key length (stored in s->s2->tmp.clear)
+     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
+     * 2-byte key args length (IV etc)
+     * clear key
+     * encrypted key
+     * key args
+     *
+     * If the cipher is an export cipher, then the encrypted key bytes
+     * are a fixed portion of the total key (5 or 8 bytes). The size of
+     * this portion is in |ek|. If the cipher is not an export cipher,
+     * then the entire key material is encrypted (i.e., clear key length
+     * must be zero).
+     */
+    if ((!is_export && s->s2->tmp.clear != 0) ||
+        (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
+        return -1;
+    }
+    /*
+     * The encrypted blob must decrypt to the encrypted portion of the key.
+     * Decryption can't be expanding, so if we don't have enough encrypted
+     * bytes to fit the key in the buffer, stop now.
+     */
+    if ((is_export && s->s2->tmp.enc < ek) ||
+        (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) {
+        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
+        return -1;
+    }
+
+    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+                                &(p[s->s2->tmp.clear]),
+                                &(p[s->s2->tmp.clear]),
+                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
+                                RSA_PKCS1_PADDING);
+
     /* bad decrypt */
 # if 1
     /*
      * If a bad decrypt, continue with protocol but with a random master
      * secret (Bleichenbacher attack)
      */
-    if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
-                    || (is_export && ((i != ek)
-                                      || (s->s2->tmp.clear +
-                                          (unsigned int)i != (unsigned int)
-                                          EVP_CIPHER_key_length(c)))))) {
+    if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
+                    || (is_export && i != (int)ek))) {
         ERR_clear_error();
         if (is_export)
             i = ek;
         else
             i = EVP_CIPHER_key_length(c);
-        if (RAND_pseudo_bytes(p, i) <= 0)
+        if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
             return 0;
     }
 # else
@@ -511,7 +545,7 @@ static int get_client_master_key(SSL *s)
 # endif
 
     if (is_export)
-        i += s->s2->tmp.clear;
+        i = EVP_CIPHER_key_length(c);
 
     if (i > SSL_MAX_MASTER_KEY_LENGTH) {
         ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

ssl/s3_enc.c

@@ -712,6 +712,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
         ret += n;
     }
     EVP_MD_CTX_cleanup(&ctx);
+    OPENSSL_cleanse(buf, sizeof buf);
     return (ret);
 }
 

ssl/ssl-lib.com

@@ -171,11 +171,11 @@ $ ENDIF
 $!
 $! Define The Different SSL "library" Files.
 $!
-$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
-	    "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
-	    "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
-	    "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
-	    "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
+$ LIB_SSL = "s2_meth,  s2_srvr, s2_clnt, s2_lib, s2_enc, s2_pkt,"+ -
+	    "s3_meth,  s3_srvr, s3_clnt, s3_lib, s3_enc, s3_pkt,s3_both,s3_cbc,"+ -
+	    "s23_meth,s23_srvr,s23_clnt,s23_lib,        s23_pkt,"+ -
+	    "t1_meth,  t1_srvr, t1_clnt, t1_lib, t1_enc,"+ -
+	    "d1_meth,  d1_srvr, d1_clnt, d1_lib,         d1_pkt,"+ -
 	    "d1_both,d1_enc,"+ -
 	    "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
 	    "ssl_ciph,ssl_stat,ssl_rsa,"+ -
@@ -196,7 +196,7 @@ $ NEXT_FILE:
 $!
 $! O.K, Extract The File Name From The File List.
 $!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
+$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"COLLAPSE")
 $!
 $! Check To See If We Are At The End Of The File List.
 $!

ssl/ssl.h

@@ -323,8 +323,7 @@ extern "C" {
  * The following cipher list is used by default. It also is substituted when
  * an application-defined cipher list string starts with 'DEFAULT'.
  */
-/* low priority for RC4 */
-# define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH"
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 # define SSL_SENT_SHUTDOWN       1

ssl/ssl_ciph.c

@@ -174,12 +174,11 @@ static const SSL_CIPHER cipher_aliases[] = {
     {0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE,
      SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL},
     /*
-     * TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC
-     * cipher suites handled properly.
+     * TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly.
      */
     /* COMPLEMENT OF ALL */
     {0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
-    {0, SSL_TXT_CMPDEF, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+    {0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0},
     /* VRS Kerberos5 */
     {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
     {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
@@ -636,6 +635,15 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         curr2 = curr->next;
 
         cp = curr->cipher;
+        /* Special case: only satisfied by COMPLEMENTOFDEFAULT */
+        if (algo_strength == SSL_EXP_MASK) {
+            if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2
+                || cp->algorithms & SSL_aNULL)
+                && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH)))
+                goto ok;
+            else
+                continue;
+        }
 
         /*
          * If explicit cipher suite, match only that one for its own protocol
@@ -675,6 +683,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         } else if (strength_bits != cp->strength_bits)
             continue;           /* does not apply */
 
+        ok:
+
 #ifdef CIPHER_DEBUG
         printf("Action = %d\n", rule);
 #endif

ssl/ssl_lib.c

@@ -1562,6 +1562,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 
     ssl_create_cipher_list(ret->method,
                            &ret->cipher_list, &ret->cipher_list_by_id,
+                           meth->version == SSL2_VERSION ? "SSLv2" :
                            SSL_DEFAULT_CIPHER_LIST);
     if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);

ssl/ssltest.c

@@ -1346,7 +1346,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
         if (!do_client && !do_server) {
             fprintf(stdout, "ERROR IN STARTUP\n");
             ERR_print_errors(bio_err);
-            break;
+            goto err;
         }
         if (do_client && !(done & C_DONE)) {
             if (c_write) {

ssl/t1_enc.c

@@ -707,6 +707,8 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
              out, buf2, sizeof buf2);
     EVP_MD_CTX_cleanup(&ctx);
 
+    OPENSSL_cleanse(buf, (int)(q - buf));
+    OPENSSL_cleanse(buf2, sizeof(buf2));
     return sizeof buf2;
 }
 
@@ -850,6 +852,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
     tls1_PRF(s->ctx->md5, s->ctx->sha1,
              buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p,
              len, s->session->master_key, buff, sizeof buff);
+    OPENSSL_cleanse(buf, sizeof buf);
+    OPENSSL_cleanse(buff, sizeof buff);
 #ifdef KSSL_DEBUG
     printf("tls1_generate_master_secret() complete\n");
 #endif                          /* KSSL_DEBUG */

util/mkerr.pl

@@ -376,7 +376,8 @@ foreach $lib (keys %csrc)
 	print OUT @out;
 	undef @out;
 	print OUT <<"EOF";
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
 EOF
@@ -390,7 +391,7 @@ EOF
 ${staticloader}void ERR_load_${lib}_strings(void);
 ${staticloader}void ERR_unload_${lib}_strings(void);
 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
-#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
 
 EOF
 	}
@@ -401,7 +402,7 @@ EOF
 EOF
 
 	foreach $i (@function) {
-		$z=6-int(length($i)/8);
+		$z=48 - length($i);
 		if($fcodes{$i} eq "X") {
 			$fassigned{$lib} =~ m/^:([^:]*):/;
 			$findcode = $1;
@@ -415,13 +416,13 @@ EOF
 			$fassigned{$lib} .= "$findcode:";
 			print STDERR "New Function code $i\n" if $debug;
 		}
-		printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
+		printf OUT "# define $i%s $fcodes{$i}\n"," " x $z;
 	}
 
 	print OUT "\n/* Reason codes. */\n";
 
 	foreach $i (@reasons) {
-		$z=6-int(length($i)/8);
+		$z=48 - length($i);
 		if($rcodes{$i} eq "X") {
 			$rassigned{$lib} =~ m/^:([^:]*):/;
 			$findcode = $1;
@@ -435,7 +436,7 @@ EOF
 			$rassigned{$lib} .= "$findcode:";
 			print STDERR "New Reason code   $i\n" if $debug;
 		}
-		printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
+		printf OUT "# define $i%s $rcodes{$i}\n"," " x $z;
 	}
 	print OUT <<"EOF";
 
@@ -494,7 +495,7 @@ EOF
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -540,7 +541,8 @@ EOF
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -552,11 +554,10 @@ EOF
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
-#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
+# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
+# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
 
-static ERR_STRING_DATA ${lib}_str_functs[]=
-	{
+static ERR_STRING_DATA ${lib}_str_functs[] = {
 EOF
 	# Add each function code: if a function name is found then use it.
 	foreach $i (@function) {
@@ -567,20 +568,22 @@ EOF
 			$fn = $ftrans{$fn};
 		}
 #		print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
-		print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
+		if(length($i) + length($fn) > 58) {
+			print OUT "    {ERR_FUNC($i),\n     \"$fn\"},\n";
+		} else {
+			print OUT "    {ERR_FUNC($i), \"$fn\"},\n";
+		}
 	}
 	print OUT <<"EOF";
-{0,NULL}
-	};
+    {0, NULL}
+};
 
-static ERR_STRING_DATA ${lib}_str_reasons[]=
-	{
+static ERR_STRING_DATA ${lib}_str_reasons[] = {
 EOF
 	# Add each reason code.
 	foreach $i (@reasons) {
 		my $rn;
 		my $rstr = "ERR_REASON($i)";
-		my $nspc = 0;
 		if (exists $err_reason_strings{$i}) {
 			$rn = $err_reason_strings{$i};
 		} else {
@@ -588,90 +591,87 @@ EOF
 			$rn = $1;
 			$rn =~ tr/_[A-Z]/ [a-z]/;
 		}
-		$nspc = 40 - length($rstr) unless length($rstr) > 40;
-		$nspc = " " x $nspc;
-		print OUT "{${rstr}${nspc},\"$rn\"},\n";
+		if(length($i) + length($rn) > 56) {
+			print OUT "    {${rstr},\n     \"$rn\"},\n";
+		} else {
+			print OUT "    {${rstr}, \"$rn\"},\n";
+		}
 	}
 if($static) {
 	print OUT <<"EOF";
-{0,NULL}
-	};
+    {0, NULL}
+};
 
 #endif
 
 ${staticloader}void ERR_load_${lib}_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings($load_errcode,${lib}_str_functs);
-		ERR_load_strings($load_errcode,${lib}_str_reasons);
-		}
+    if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) {
+        ERR_load_strings($load_errcode, ${lib}_str_functs);
+        ERR_load_strings($load_errcode, ${lib}_str_reasons);
+    }
 #endif
-	}
+}
 EOF
 } else {
 	print OUT <<"EOF";
-{0,NULL}
-	};
+    {0, NULL}
+};
 
 #endif
 
 #ifdef ${lib}_LIB_NAME
-static ERR_STRING_DATA ${lib}_lib_name[]=
-        {
-{0	,${lib}_LIB_NAME},
-{0,NULL}
-	};
+static ERR_STRING_DATA ${lib}_lib_name[] = {
+    {0, ${lib}_LIB_NAME},
+    {0, NULL}
+};
 #endif
 
-
-static int ${lib}_lib_error_code=0;
-static int ${lib}_error_init=1;
+static int ${lib}_lib_error_code = 0;
+static int ${lib}_error_init = 1;
 
 ${staticloader}void ERR_load_${lib}_strings(void)
-	{
-	if (${lib}_lib_error_code == 0)
-		${lib}_lib_error_code=ERR_get_next_error_library();
+{
+    if (${lib}_lib_error_code == 0)
+        ${lib}_lib_error_code = ERR_get_next_error_library();
 
-	if (${lib}_error_init)
-		{
-		${lib}_error_init=0;
+    if (${lib}_error_init) {
+        ${lib}_error_init = 0;
 #ifndef OPENSSL_NO_ERR
-		ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
-		ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
+        ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs);
+        ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons);
 #endif
 
 #ifdef ${lib}_LIB_NAME
-		${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
-		ERR_load_strings(0,${lib}_lib_name);
+        ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0);
+        ERR_load_strings(0, ${lib}_lib_name);
 #endif
-		}
-	}
+    }
+}
 
 ${staticloader}void ERR_unload_${lib}_strings(void)
-	{
-	if (${lib}_error_init == 0)
-		{
+{
+    if (${lib}_error_init == 0) {
 #ifndef OPENSSL_NO_ERR
-		ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
-		ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
+        ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs);
+        ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons);
 #endif
 
 #ifdef ${lib}_LIB_NAME
-		ERR_unload_strings(0,${lib}_lib_name);
+        ERR_unload_strings(0, ${lib}_lib_name);
 #endif
-		${lib}_error_init=1;
-		}
-	}
+        ${lib}_error_init = 1;
+    }
+}
 
 ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
-	{
-	if (${lib}_lib_error_code == 0)
-		${lib}_lib_error_code=ERR_get_next_error_library();
-	ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
-	}
+{
+    if (${lib}_lib_error_code == 0)
+        ${lib}_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line);
+}
 EOF
 
 }

util/openssl-format-source

@@ -119,7 +119,7 @@ do
 	      -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
 	      -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)\(.*\)[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
 	      -e 's/^(ASN1_ADB_TEMPLATE\(.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
-	      -e 's/^((ASN1|ADB)_.*_END\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
+	      -e 's/^((ASN1|ADB)_.*_(end|END)\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
 	      -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \
 	      -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \
 	      | \