make update

PR: 2094,2095

CHANGES

@@ -2,7 +2,16 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8k and 1.0  [xx XXX xxxx]
+ Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx]
+
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz@vcpc.univie.ac.at>]
+  
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
 
   *) Add load_crls() function to apps tidying load_certs() too. Add option
      to verify utility to allow additional CRLs to be included.
@@ -21,10 +30,7 @@
      didn't handle all updated verify codes correctly.
      [Steve Henson]
 
-  *) Delete MD2 from algorithm tables. This follows the recommendation in 
-     several standards that it is not used in new applications due to
-     several cryptographic weaknesses. The algorithm is also disabled in
-     the default configuration.
+  *) Disable MD2 in the default configuration.
      [Steve Henson]
 
   *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
@@ -37,9 +43,9 @@
      or they could free up already freed BIOs.
      [Steve Henson]
 
-  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
-     OPENSSL_asc2uni the original names were too generic and cause name
-     clashes on Netware.
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
      [Guenter <lists@gknw.net>]
 
   *) Add ECDHE and PSK support to DTLS.
@@ -829,23 +835,68 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]
+ Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
-  *) Implement
-     https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable
+  *) Handle TLS versions 2.0 and later properly and correctly use the
+     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+     off ancient servers have a habit of sticking around for a while...
+     [Steve Henson]
+
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_free_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect (but not renegotiate) with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
+  *) If client attempts to renegotiate and doesn't support RI respond with
+     a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
+     Some renegotiating TLS clients will continue a connection gracefully
+     when they receive the alert. Unfortunately OpenSSL mishandled
+     this alert and would hang waiting for a server hello which it will never
+     receive. Now we treat a received no_renegotiation alert as a fatal 
+     error. This is because applications requesting a renegotiation might well
+     expect it to succeed and would have no code in place to handle the server
+     denying it so the only safe thing to do is to terminate the connection.
+     [Steve Henson]
+
+  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+     peer supports secure renegotiation and 0 otherwise. Print out peer
+     renegotiation support in s_client/s_server.
+     [Steve Henson]
+
+  *) Replace the highly broken and deprecated SPKAC certification method with
+     the updated NID creation version. This should correctly handle UTF8.
+     [Steve Henson]
+
+  *) Implement draft-ietf-tls-renegotiation-03. Re-enable
      renegotiation but require the extension as needed. Unfortunately,
      SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
      bad idea. It has been replaced by
      SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
      SSL_CTX_set_options(). This is really not recommended unless you
      know what you are doing.
-     [Eric Rescorla <ekr@networkresonance.com> and Ben Laurie]
+     [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]
 
   *) Fixes to stateless session resumption handling. Use initial_ctx when
      issuing and attempting to decrypt tickets in case it has changed during
      servername handling. Use a non-zero length session ID when attempting
      stateless session resumption: this makes it possible to determine if
-     a resumption has occurred immediately after receiving server hello 
+     a resumption has occurred immediately after receiving server hello
      (several places in OpenSSL subtly assume this) instead of later in
      the handshake.
      [Steve Henson]
@@ -861,7 +912,7 @@
      [Steve Henson]
 
   *) Add support for --libdir option and LIBDIR variable in makefiles. This
-     makes it possible to install openssl libraries in locations which 
+     makes it possible to install openssl libraries in locations which
      have names other than "lib", for example "/usr/lib64" which some
      systems need.
      [Steve Henson, based on patch from Jeremy Utley]
@@ -870,10 +921,21 @@
      X690 8.9.12 and can produce some misleading textual output of OIDs.
      [Steve Henson, reported by Dan Kaminsky]
 
+  *) Delete MD2 from algorithm tables. This follows the recommendation in
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. For binary compatibility reasons
+     the MD2 API is still compiled in by default.
+     [Steve Henson]
+
   *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
      and restored.
      [Steve Henson]
 
+  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+     clash.
+     [Guenter <lists@gknw.net>]
+
   *) Fix the server certificate chain building code to use X509_verify_cert(),
      it used to have an ad-hoc builder which was unable to cope with anything
      other than a simple chain.
@@ -892,7 +954,7 @@
      left. Additionally every future messege was buffered, even if the
      sequence number made no sense and would be part of another handshake.
      So only messages with sequence numbers less than 10 in advance will be
-     buffered.
+     buffered.  (CVE-2009-1378)
      [Robin Seggelmann, discovered by Daniel Mentz] 	
 
   *) Records are buffered if they arrive with a future epoch to be
@@ -901,10 +963,11 @@
      a DOS attack with sending records with future epochs until there is no
      memory left. This patch adds the pqueue_size() function to detemine
      the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
      [Robin Seggelmann, discovered by Daniel Mentz] 	
 
   *) Keep a copy of frag->msg_header.frag_len so it can be used after the
-     parent structure is freed.
+     parent structure is freed.  (CVE-2009-1379)
      [Daniel Mentz] 	
 
   *) Handle non-blocking I/O properly in SSL_shutdown() call.
@@ -913,6 +976,16 @@
   *) Add 2.5.4.* OIDs
      [Ilya O. <vrghost@gmail.com>]
 
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
 
   *) Don't set val to NULL when freeing up structures, it is freed up by
@@ -951,12 +1024,12 @@
 
   *) Support NumericString type for name components.
      [Steve Henson]
-  
+
   *) Allow CC in the environment to override the automatically chosen
      compiler. Note that nothing is done to ensure flags work with the
      chosen compiler.
      [Ben Laurie]
-  
+
  Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
 
   *) Properly check EVP_VerifyFinal() and similar return values
@@ -997,6 +1070,10 @@
 
  Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
 
+  *) Fix NULL pointer dereference if a DTLS server received
+     ChangeCipherSpec as first record (CVE-2009-1386).
+     [PR #1679]
+
   *) Fix a state transitition in s3_srvr.c and d1_srvr.c
      (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
      [Nagendra Modadugu]
@@ -2400,19 +2477,6 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
-
-  *) In the SSL/TLS server implementation, be strict about session ID
-     context matching (which matters if an application uses a single
-     external cache for different purposes).  Previously,
-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
-     set.  This did ensure strict client verification, but meant that,
-     with applications using a single external cache for quite
-     different requirements, clients could circumvent ciphersuite
-     restrictions for a given session ID context by starting a session
-     in a different context.
-     [Bodo Moeller]
-
  Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
 
   *) Cleanse PEM buffers before freeing them since they may contain 

Configure

@@ -133,7 +133,7 @@ my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-
 my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
 my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void";
 my $mips3_asm=":bn-mips3.o::::::::::::void";
-my $s390x_asm="s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
 my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::void";
 my $ppc32_asm="ppccpuid.o:bn-ppc.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::";
 my $ppc64_asm="ppccpuid.o:bn-ppc.o ppc-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::";
@@ -163,10 +163,10 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug",	"gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
 "debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
@@ -503,7 +503,7 @@ my %table=(
 "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
 
 # MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall:::MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
 # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
 # compiled with one compiler with application compiled with another
 # compiler. It's possible to engage Applink support in mingw64 build,
@@ -1041,8 +1041,6 @@ $exe_ext=".pm"  if ($target =~ /vos/);
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
 
-$libdir="lib" if $libdir eq "";
-
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
   or $perl="perl";
@@ -1095,6 +1093,8 @@ my $ar = $ENV{'AR'} || "ar";
 my $arflags = $fields[$idx_arflags];
 my $multilib = $fields[$idx_multilib];
 
+$libdir="lib$multilib" if $libdir eq "";
+
 $cflags = "$cflags$exp_cflags";
 
 # '%' in $lflags is used to split flags to "pre-" and post-flags
@@ -1673,10 +1673,7 @@ while (<IN>)
 		}
 	elsif	(/^#define\s+ENGINESDIR/)
 		{
-		# $foo is to become "$prefix/lib$multilib/engines";
-		# as Makefile.org and engines/Makefile are adapted for
-		# $multilib suffix.
-		my $foo = "$prefix/lib/engines";
+		my $foo = "$prefix/$libdir/engines";
 		$foo =~ s/\\/\\\\/g;
 		print OUT "#define ENGINESDIR \"$foo\"\n";
 		}

Makefile.org

@@ -551,7 +551,7 @@ install_sw:
 			fi; \
 		done; \
 		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
 			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
 			echo 'OpenSSL shared libraries have been installed in:'; \

NEWS

@@ -5,9 +5,9 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.8k and OpenSSL 1.0:
-
+  Major changes between OpenSSL 0.9.8l and OpenSSL 1.0:
 
+      o Support for draft-ietf-tls-renegotiation-03.txt
       o RFC3280 path validation: sufficient to process PKITS tests.
       o Integrated support for PVK files and keyblobs.
       o Change default private key format to PKCS#8.

README

@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.0-beta4 10 Nov 2009
+ OpenSSL 1.0.0-beta5 20 Jan 2010
 
  Copyright (c) 1998-2009 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,13 +1,18 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2009/11/10 13:15:08 $
+  ______________                           $Date: 2010/01/20 15:00:48 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 1.0.0-beta4: Released on Novemner 10th, 2009
+    o  OpenSSL 1.0.0-beta5: Released on January 20th, 2010
+    o  OpenSSL 1.0.0-beta4: Released on November 10th, 2009
     o  OpenSSL 1.0.0-beta3: Released on July 15th, 2009
     o  OpenSSL 1.0.0-beta2: Released on April 21st, 2009
     o  OpenSSL 1.0.0-beta1: Released on April 1st, 2009
+    o  OpenSSL 0.9.8l: Released on November   5th, 2009
+    o  OpenSSL 0.9.8k: Released on March     25th, 2009
+    o  OpenSSL 0.9.8j: Released on January    7th, 2009
+    o  OpenSSL 0.9.8i: Released on September 15th, 2008
     o  OpenSSL 0.9.8h: Released on May       28th, 2008
     o  OpenSSL 0.9.8g: Released on October   19th, 2007
     o  OpenSSL 0.9.8f: Released on October   11th, 2007

TABLE

@@ -1428,7 +1428,7 @@ $multilib     =
 
 *** debug-ben
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1458,8 +1458,8 @@ $arflags      =
 $multilib     = 
 
 *** debug-ben-debug
-$cc           = gcc
-$cflags       = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe
+$cc           = gcc44
+$cflags       = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -3728,7 +3728,7 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
-$cpuid_obj    = s390xcpuid.o
+$cpuid_obj    = s390xcap.o s390xcpuid.o
 $bn_obj       = bn-s390x.o s390x-mont.o
 $des_obj      = 
 $aes_obj      = aes-s390x.o
@@ -3877,11 +3877,11 @@ $multilib     = 64
 
 *** mingw
 $cc           = gcc
-$cflags       = -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall
+$cflags       = -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MINGW32
-$lflags       = -lws2_32 -lgdi32
+$lflags       = -lws2_32 -lgdi32 -lcrypt32
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN
 $cpuid_obj    = x86cpuid.o
 $bn_obj       = bn-586.o co-586.o x86-mont.o

apps/ca.c

@@ -215,7 +215,6 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -2334,25 +2333,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 			continue;
 			}
 
-		/*
-		if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
-			continue;
-		*/
-		
-		j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-		if (fix_data(nid, &j) == 0)
-			{
-			BIO_printf(bio_err,
-				"invalid characters in string %s\n",buf);
+		if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+				(unsigned char *)buf, -1, -1, 0))
 			goto err;
-			}
-
-		if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
-			(unsigned char *)buf,
-			strlen(buf))) == NULL)
-			goto err;
-
-		if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
 		}
 	if (spki == NULL)
 		{
@@ -2395,21 +2378,6 @@ err:
 	return(ok);
 	}
 
-static int fix_data(int nid, int *type)
-	{
-	if (nid == NID_pkcs9_emailAddress)
-		*type=V_ASN1_IA5STRING;
-	if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-	if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-	if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
-		return(0);
-	if (nid == NID_pkcs9_unstructuredName)
-		*type=V_ASN1_IA5STRING;
-	return(1);
-	}
-
 static int check_time_format(const char *str)
 	{
 	return ASN1_TIME_set_string(NULL, str);

apps/install.com

@@ -57,7 +57,7 @@ $ LOOP_EXE_END:
 $
 $	SET NOON
 $	COPY CA.COM WRK_SSLEXE:CA.COM/LOG
-$	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
+$	SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
 $	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
 $	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
 $	SET ON

apps/s_cb.c

@@ -669,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 		extname = "server ticket";
 		break;
 
+		case TLSEXT_TYPE_renegotiate:
+		extname = "renegotiate";
+		break;
+
 #ifdef TLSEXT_TYPE_opaque_prf_input
 		case TLSEXT_TYPE_opaque_prf_input:
 		extname = "opaque PRF input";
@@ -692,15 +696,13 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
 	{
 	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
 	unsigned int length, resultlength;
-#if OPENSSL_USE_IPV6
 	union {
-		struct sockaddr_storage ss;
-		struct sockaddr_in6 s6;
+		struct sockaddr sa;
 		struct sockaddr_in s4;
-	} peer;
-#else
-	struct sockaddr_in peer;
+#if OPENSSL_USE_IPV6
+		struct sockaddr_in6 s6;
 #endif
+	} peer;
 
 	/* Initialize a random secret */
 	if (!cookie_initialized)
@@ -717,26 +719,23 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
 	(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
 
 	/* Create buffer with peer's address and port */
-#if OPENSSL_USE_IPV6
 	length = 0;
-	switch (peer.ss.ss_family)
+	switch (peer.sa.sa_family)
 		{
 	case AF_INET:
 		length += sizeof(struct in_addr);
 		length += sizeof(peer.s4.sin_port);
 		break;
+#if OPENSSL_USE_IPV6
 	case AF_INET6:
 		length += sizeof(struct in6_addr);
 		length += sizeof(peer.s6.sin6_port);
 		break;
+#endif
 	default:
 		OPENSSL_assert(0);
 		break;
 		}
-#else
-	length = sizeof(peer.sin_addr);
-	length += sizeof(peer.sin_port);
-#endif
 	buffer = OPENSSL_malloc(length);
 
 	if (buffer == NULL)
@@ -745,8 +744,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
 		return 0;
 		}
 
-#if OPENSSL_USE_IPV6
-	switch (peer.ss.ss_family)
+	switch (peer.sa.sa_family)
 		{
 	case AF_INET:
 		memcpy(buffer,
@@ -756,6 +754,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
 		       &peer.s4.sin_addr,
 		       sizeof(struct in_addr));
 		break;
+#if OPENSSL_USE_IPV6
 	case AF_INET6:
 		memcpy(buffer,
 		       &peer.s6.sin6_port,
@@ -764,14 +763,11 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
 		       &peer.s6.sin6_addr,
 		       sizeof(struct in6_addr));
 		break;
+#endif
 	default:
 		OPENSSL_assert(0);
 		break;
 		}
-#else
-	memcpy(buffer, &peer.sin_port, sizeof(peer.sin_port));
-	memcpy(buffer + sizeof(peer.sin_port), &peer.sin_addr, sizeof(peer.sin_addr));
-#endif
 
 	/* Calculate HMAC of buffer using the secret */
 	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
@@ -788,15 +784,13 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
 	{
 	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
 	unsigned int length, resultlength;
-#if OPENSSL_USE_IPV6
 	union {
-		struct sockaddr_storage ss;
-		struct sockaddr_in6 s6;
+		struct sockaddr sa;
 		struct sockaddr_in s4;
-	} peer;
-#else
-	struct sockaddr_in peer;
+#if OPENSSL_USE_IPV6
+		struct sockaddr_in6 s6;
 #endif
+	} peer;
 
 	/* If secret isn't initialized yet, the cookie can't be valid */
 	if (!cookie_initialized)
@@ -806,26 +800,23 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
 	(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
 
 	/* Create buffer with peer's address and port */
-#if OPENSSL_USE_IPV6
 	length = 0;
-	switch (peer.ss.ss_family)
+	switch (peer.sa.sa_family)
 		{
 	case AF_INET:
 		length += sizeof(struct in_addr);
 		length += sizeof(peer.s4.sin_port);
 		break;
+#if OPENSSL_USE_IPV6
 	case AF_INET6:
 		length += sizeof(struct in6_addr);
 		length += sizeof(peer.s6.sin6_port);
 		break;
+#endif
 	default:
 		OPENSSL_assert(0);
 		break;
 		}
-#else
-	length = sizeof(peer.sin_addr);
-	length += sizeof(peer.sin_port);
-#endif
 	buffer = OPENSSL_malloc(length);
 	
 	if (buffer == NULL)
@@ -834,8 +825,7 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
 		return 0;
 		}
 
-#if OPENSSL_USE_IPV6
-	switch (peer.ss.ss_family)
+	switch (peer.sa.sa_family)
 		{
 	case AF_INET:
 		memcpy(buffer,
@@ -845,6 +835,7 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
 		       &peer.s4.sin_addr,
 		       sizeof(struct in_addr));
 		break;
+#if OPENSSL_USE_IPV6
 	case AF_INET6:
 		memcpy(buffer,
 		       &peer.s6.sin6_port,
@@ -853,14 +844,11 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
 		       &peer.s6.sin6_addr,
 		       sizeof(struct in6_addr));
 		break;
+#endif
 	default:
 		OPENSSL_assert(0);
 		break;
 		}
-#else
-	memcpy(buffer, &peer.sin_port, sizeof(peer.sin_port));
-	memcpy(buffer + sizeof(peer.sin_port), &peer.sin_addr, sizeof(peer.sin_addr));
-#endif
 
 	/* Calculate HMAC of buffer using the secret */
 	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,

apps/s_client.c

@@ -343,6 +343,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -status           - request certificate status from server\n");
 	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
+	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 	}
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -381,7 +382,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	int off=0;
+	unsigned int off=0, clr=0;
 	SSL *con=NULL;
 	int s,k,width,state=0;
 	char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
@@ -658,6 +659,12 @@ int MAIN(int argc, char **argv)
 #endif
 		else if (strcmp(*argv,"-serverpref") == 0)
 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+		else if	(strcmp(*argv,"-legacy_server_connect") == 0)
+			{ off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+		else if	(strcmp(*argv,"-no_legacy_server_connect") == 0)
+			{ clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -868,6 +875,9 @@ bad:
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
 		SSL_CTX_set_options(ctx,off);
+
+	if (clr)
+		SSL_CTX_clear_options(ctx, clr);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
 	 */
@@ -1722,6 +1732,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 							 EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
+	BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+			SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
 #ifndef OPENSSL_NO_COMP
 	comp=SSL_get_current_compression(s);
 	expansion=SSL_get_current_expansion(s);

apps/s_server.c

@@ -491,6 +491,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
 	BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
 	BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
+	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #endif
 	}
 
@@ -1014,6 +1015,8 @@ int MAIN(int argc, char *argv[])
 			verify_return_error = 1;
 		else if	(strcmp(*argv,"-serverpref") == 0)
 			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -2206,6 +2209,8 @@ static int init_ssl_connection(SSL *con)
 			con->kssl_ctx->client_princ);
 		}
 #endif /* OPENSSL_NO_KRB5 */
+	BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+		      SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
 	return(1);
 	}
 

apps/x509.c

@@ -99,7 +99,13 @@ static const char *x509_usage[]={
 " -passin arg     - private key password source\n",
 " -serial         - print serial number value\n",
 " -subject_hash   - print subject hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -subject_hash_old   - print old-style (MD5) subject hash value\n",
+#endif
 " -issuer_hash    - print issuer hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -issuer_hash_old    - print old-style (MD5) issuer hash value\n",
+#endif
 " -hash           - synonym for -subject_hash\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
@@ -179,6 +185,9 @@ int MAIN(int argc, char **argv)
 	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
 	int next_serial=0;
 	int subject_hash=0,issuer_hash=0,ocspid=0;
+#ifndef OPENSSL_NO_MD5
+	int subject_hash_old=0,issuer_hash_old=0;
+#endif
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int ocsp_uri=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
@@ -397,8 +406,16 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-hash") == 0
 			|| strcmp(*argv,"-subject_hash") == 0)
 			subject_hash= ++num;
+#ifndef OPENSSL_NO_MD5
+		else if (strcmp(*argv,"-subject_hash_old") == 0)
+			subject_hash_old= ++num;
+#endif
 		else if (strcmp(*argv,"-issuer_hash") == 0)
 			issuer_hash= ++num;
+#ifndef OPENSSL_NO_MD5
+		else if (strcmp(*argv,"-issuer_hash_old") == 0)
+			issuer_hash_old= ++num;
+#endif
 		else if (strcmp(*argv,"-subject") == 0)
 			subject= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -759,10 +776,22 @@ bad:
 				{
 				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
+#ifndef OPENSSL_NO_MD5
+			else if (subject_hash_old == i)
+				{
+				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
+				}
+#endif
 			else if (issuer_hash == i)
 				{
 				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
 				}
+#ifndef OPENSSL_NO_MD5
+			else if (issuer_hash_old == i)
+				{
+				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
+				}
+#endif
 			else if (pprint == i)
 				{
 				X509_PURPOSE *ptmp;

crypto/aes/asm/aes-s390x.pl

@@ -765,6 +765,11 @@ $code.=<<___ if (!$softonly);
 	srl	%r5,6
 	ar	%r5,%r0
 
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,0(%r1)
+	tmhl	%r0,0x4000	# check for message-security assist
+	jz	.Lekey_internal
+
 	lghi	%r0,0		# query capability vector
 	la	%r1,16($sp)
 	.long	0xb92f0042	# kmc %r4,%r2
@@ -1323,6 +1328,7 @@ $code.=<<___;
 4:	ex	$len,0($s1)
 	j	.Lcbc_dec_exit
 .size	AES_cbc_encrypt,.-AES_cbc_encrypt
+.comm  OPENSSL_s390xcap_P,8,8
 ___
 }
 $code.=<<___;

crypto/asn1/ameth_lib.c

@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
 		if (!ameth->info)
 			goto err;
 		}
+	else
+		ameth->info = NULL;
 
 	if (pem_str)
 		{
@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
 		if (!ameth->pem_str)
 			goto err;
 		}
+	else
+		ameth->pem_str = NULL;
 
 	ameth->pub_decode = 0;
 	ameth->pub_encode = 0;

crypto/asn1/d2i_pu.c

@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 		}
 	else	ret= *a;
 
-	ret->save_type=type;
-	ret->type=EVP_PKEY_type(type);
-	switch (ret->type)
+	if (!EVP_PKEY_set_type(ret, type))
+		{
+		ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+		goto err;
+		}
+
+	switch (EVP_PKEY_id(ret))
 		{
 #ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:

crypto/bio/b_sock.c

@@ -88,6 +88,17 @@ NETDB_DEFINE_CONTEXT
 static int wsa_init_done=0;
 #endif
 
+/*
+ * WSAAPI specifier is required to make indirect calls to run-time
+ * linked WinSock 2 functions used in this module, to be specific
+ * [get|free]addrinfo and getnameinfo. This is because WinSock uses
+ * uses non-C calling convention, __stdcall vs. __cdecl, on x86
+ * Windows. On non-WinSock platforms WSAAPI needs to be void.
+ */
+#ifndef WSAAPI
+#define WSAAPI
+#endif
+
 #if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
@@ -595,7 +606,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		struct sockaddr_in6 sa_in6;
 #endif
 	} server,client;
-	int s=INVALID_SOCKET,cs;
+	int s=INVALID_SOCKET,cs,addrlen;
 	unsigned char ip[4];
 	unsigned short port;
 	char *str=NULL,*e;
@@ -627,12 +638,12 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 #ifdef EAI_FAMILY
 	do {
 	static union {	void *p;
-			int (*f)(const char *,const char *,
+			int (WSAAPI *f)(const char *,const char *,
 				 const struct addrinfo *,
 				 struct addrinfo **);
 			} p_getaddrinfo = {NULL};
 	static union {	void *p;
-			void (*f)(struct addrinfo *);
+			void (WSAAPI *f)(struct addrinfo *);
 			} p_freeaddrinfo = {NULL};
 	struct addrinfo *res,hint;
 
@@ -666,8 +677,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 
 	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
 
-	memcpy(&server, res->ai_addr,
-		res->ai_addrlen<=sizeof(server)?res->ai_addrlen:sizeof(server));
+	addrlen = res->ai_addrlen<=sizeof(server) ?
+			res->ai_addrlen :
+			sizeof(server);
+	memcpy(&server, res->ai_addr, addrlen);
 
 	(*p_freeaddrinfo.f)(res);
 	goto again;
@@ -679,6 +692,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	memset((char *)&server,0,sizeof(server));
 	server.sa_in.sin_family=AF_INET;
 	server.sa_in.sin_port=htons(port);
+	addrlen = sizeof(server.sa_in);
 
 	if (h == NULL || strcmp(h,"*") == 0)
 		server.sa_in.sin_addr.s_addr=INADDR_ANY;
@@ -712,7 +726,7 @@ again:
 		bind_mode=BIO_BIND_NORMAL;
 		}
 #endif
-	if (bind(s,&server.sa,sizeof(server)) == -1)
+	if (bind(s,&server.sa,addrlen) == -1)
 		{
 #ifdef SO_REUSEADDR
 		err_num=get_last_socket_error();
@@ -740,7 +754,7 @@ again:
 			if (cs != INVALID_SOCKET)
 				{
 				int ii;
-				ii=connect(cs,&client.sa,sizeof(client));
+				ii=connect(cs,&client.sa,addrlen);
 				closesocket(cs);
 				if (ii == INVALID_SOCKET)
 					{
@@ -822,7 +836,8 @@ int BIO_accept(int sock, char **addr)
 	if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
 		{
 		OPENSSL_assert(sa.len.s<=sizeof(sa.from));
-		sa.len.i = (unsigned int)sa.len.s;
+		sa.len.i = (int)sa.len.s;
+		/* use sa.len.i from this point */
 		}
 	if (ret == INVALID_SOCKET)
 		{
@@ -839,7 +854,7 @@ int BIO_accept(int sock, char **addr)
 	char   h[NI_MAXHOST],s[NI_MAXSERV];
 	size_t nl;
 	static union {	void *p;
-			int (*f)(const struct sockaddr *,size_t/*socklen_t*/,
+			int (WSAAPI *f)(const struct sockaddr *,size_t/*socklen_t*/,
 				 char *,size_t,char *,size_t,int);
 			} p_getnameinfo = {NULL};
 			/* 2nd argument to getnameinfo is specified to

crypto/bio/bss_dgram.c

@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp=
 
 typedef struct bio_dgram_data_st
 	{
+	union {
+		struct sockaddr sa;
+		struct sockaddr_in sa_in;
 #if OPENSSL_USE_IPV6
-	struct sockaddr_storage peer;
-#else
-	struct sockaddr_in peer;
+		struct sockaddr_in6 sa_in6;
 #endif
+	} peer;
 	unsigned int connected;
 	unsigned int _errno;
 	unsigned int mtu;
@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out, int outl)
 	int ret=0;
 	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
 
+	struct	{
+	/*
+	 * See commentary in b_sock.c. <appro>
+	 */
+	union	{ size_t s; int i; } len;
+	union	{
+		struct sockaddr sa;
+		struct sockaddr_in sa_in;
 #if OPENSSL_USE_IPV6
-	struct sockaddr_storage peer;
-#else
-	struct sockaddr_in peer;
+		struct sockaddr_in6 sa_in6;
 #endif
-	int peerlen = sizeof(peer);
+		} peer;
+	} sa;
+
+	sa.len.s=0;
+	sa.len.i=sizeof(sa.peer);
 
 	if (out != NULL)
 		{
 		clear_socket_error();
-		memset(&peer, 0x00, peerlen);
-		/* Last arg in recvfrom is signed on some platforms and
-		 * unsigned on others. It is of type socklen_t on some
-		 * but this is not universal. Cast to (void *) to avoid
-		 * compiler warnings.
-		 */
+		memset(&sa.peer, 0x00, sizeof(sa.peer));
 		dgram_adjust_rcv_timeout(b);
-		ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen);
+		ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
+		if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+			{
+			OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
+			sa.len.i = (int)sa.len.s;
+			}
 		dgram_reset_rcv_timeout(b);
 
 		if ( ! data->connected  && ret >= 0)
-			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
 
 		BIO_clear_retry_flags(b);
 		if (ret < 0)
@@ -323,26 +335,21 @@ static int dgram_write(BIO *b, const char *in, int inl)
 	if ( data->connected )
 		ret=writesocket(b->num,in,inl);
 	else
-#if OPENSSL_USE_IPV6
-		if (data->peer.ss_family == AF_INET)
+		{
+		int peerlen = sizeof(data->peer);
+
+		if (data->peer.sa.sa_family == AF_INET)
+			peerlen = sizeof(data->peer.sa_in);
+#if OPENSSL_USE_IVP6
+		else if (data->peer.sa.sa_family == AF_INET6)
+			peerlen = sizeof(data->peer.sa_in6);
+#endif
 #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-			ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
+		ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
 #else
-			ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#endif
-		else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-			ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
-#else
-			ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
-#endif
-#else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-		ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#else
-		ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#endif
+		ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
 #endif
+		}
 
 	BIO_clear_retry_flags(b);
 	if (ret <= 0)
@@ -374,7 +381,13 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
 #ifdef OPENSSL_SYS_LINUX
 	socklen_t addr_len;
-	struct sockaddr_storage addr;
+	union	{
+		struct sockaddr	sa;
+		struct sockaddr_in s4;
+#if OPENSSL_USE_IPV6
+		struct sockaddr_in6 s6;
+#endif
+		} addr;
 #endif
 
 	data = (bio_dgram_data *)b->ptr;
@@ -428,11 +441,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		else
 			{
 #endif
+			switch (to->sa_family)
+				{
+				case AF_INET:
+					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+					break;
 #if OPENSSL_USE_IPV6
-			memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
-#else
-			memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
+				case AF_INET6:
+					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+					break;
 #endif
+				default:
+					memcpy(&data->peer,to,sizeof(data->peer.sa));
+					break;
+				}
 #if 0
 			}
 #endif
@@ -440,15 +462,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		/* (Linux)kernel sets DF bit on outgoing IP packets */
 	case BIO_CTRL_DGRAM_MTU_DISCOVER:
 #ifdef OPENSSL_SYS_LINUX
-		addr_len = (socklen_t)sizeof(struct sockaddr_storage);
-		memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
-		if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
+		addr_len = (socklen_t)sizeof(addr);
+		memset((void *)&addr, 0, sizeof(addr));
+		if (getsockname(b->num, &addr.sa, &addr_len) < 0)
 			{
 			ret = 0;
 			break;
 			}
 		sockopt_len = sizeof(sockopt_val);
-		switch (addr.ss_family)
+		switch (addr.sa.sa_family)
 			{
 		case AF_INET:
 			sockopt_val = IP_PMTUDISC_DO;
@@ -456,7 +478,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 				&sockopt_val, sizeof(sockopt_val))) < 0)
 				perror("setsockopt");
 			break;
-#if OPENSSL_USE_IPV6
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
 		case AF_INET6:
 			sockopt_val = IPV6_PMTUDISC_DO;
 			if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -474,15 +496,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
 	case BIO_CTRL_DGRAM_QUERY_MTU:
 #ifdef OPENSSL_SYS_LINUX
-		addr_len = (socklen_t)sizeof(struct sockaddr_storage);
-		memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
-		if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
+		addr_len = (socklen_t)sizeof(addr);
+		memset((void *)&addr, 0, sizeof(addr));
+		if (getsockname(b->num, &addr.sa, &addr_len) < 0)
 			{
 			ret = 0;
 			break;
 			}
 		sockopt_len = sizeof(sockopt_val);
-		switch (addr.ss_family)
+		switch (addr.sa.sa_family)
 			{
 		case AF_INET:
 			if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
@@ -499,7 +521,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 				ret = data->mtu;
 				}
 			break;
-#if OPENSSL_USE_IPV6
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
 		case AF_INET6:
 			if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
 				&sockopt_len)) < 0 || sockopt_val < 0)
@@ -537,41 +559,62 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 		if ( to != NULL)
 			{
 			data->connected = 1;
+			switch (to->sa_family)
+				{
+				case AF_INET:
+					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+					break;
 #if OPENSSL_USE_IPV6
-			memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
-#else
-			memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
+				case AF_INET6:
+					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+					break;
 #endif
+				default:
+					memcpy(&data->peer,to,sizeof(data->peer.sa));
+					break;
+				}
 			}
 		else
 			{
 			data->connected = 0;
-#if OPENSSL_USE_IPV6
-			memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage));
-#else
-			memset(&(data->peer), 0x00, sizeof(struct sockaddr_in));
-#endif
+			memset(&(data->peer), 0x00, sizeof(data->peer));
 			}
 		break;
 	case BIO_CTRL_DGRAM_GET_PEER:
-		to = (struct sockaddr *) ptr;
-
+		switch (data->peer.sa.sa_family)
+			{
+			case AF_INET:
+				ret=sizeof(data->peer.sa_in);
+				break;
 #if OPENSSL_USE_IPV6
-		memcpy(to, &(data->peer), sizeof(struct sockaddr_storage));
-		ret = sizeof(struct sockaddr_storage);
-#else
-		memcpy(to, &(data->peer), sizeof(struct sockaddr_in));
-		ret = sizeof(struct sockaddr_in);
+			case AF_INET6:
+				ret=sizeof(data->peer.sa_in6);
+				break;
 #endif
+			default:
+				ret=sizeof(data->peer.sa);
+				break;
+			}
+		if (num==0 || num>ret)
+			num=ret;
+		memcpy(ptr,&data->peer,(ret=num));
 		break;
 	case BIO_CTRL_DGRAM_SET_PEER:
 		to = (struct sockaddr *) ptr;
-
+		switch (to->sa_family)
+			{
+			case AF_INET:
+				memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+				break;
 #if OPENSSL_USE_IPV6
-		memcpy(&(data->peer), to, sizeof(struct sockaddr_storage));
-#else
-		memcpy(&(data->peer), to, sizeof(struct sockaddr_in));
+			case AF_INET6:
+				memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+				break;
 #endif
+			default:
+				memcpy(&data->peer,to,sizeof(data->peer.sa));
+				break;
+			}
 		break;
 	case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
 		memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));

crypto/bn/bn_mul.c

@@ -1032,15 +1032,15 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 				goto err;
 			if (al > j || bl > j)
 				{
-				bn_wexpand(t,k*4);
-				bn_wexpand(rr,k*4);
+				if (bn_wexpand(t,k*4) == NULL) goto err;
+				if (bn_wexpand(rr,k*4) == NULL) goto err;
 				bn_mul_part_recursive(rr->d,a->d,b->d,
 					j,al-j,bl-j,t->d);
 				}
 			else	/* al <= j || bl <= j */
 				{
-				bn_wexpand(t,k*2);
-				bn_wexpand(rr,k*2);
+				if (bn_wexpand(t,k*2) == NULL) goto err;
+				if (bn_wexpand(rr,k*2) == NULL) goto err;
 				bn_mul_recursive(rr->d,a->d,b->d,
 					j,al-j,bl-j,t->d);
 				}

crypto/cast/c_cfb64.c

@@ -65,7 +65,7 @@
  */
 
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, CAST_KEY *schedule, unsigned char *ivec,
+			long length, const CAST_KEY *schedule, unsigned char *ivec,
 			int *num, int enc)
 	{
 	register CAST_LONG v0,v1,t;
@@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 	v0=v1=ti[0]=ti[1]=t=c=cc=0;
 	*num=n;
 	}
-

crypto/cast/c_ecb.c

@@ -63,7 +63,7 @@
 const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
 
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-		      CAST_KEY *ks, int enc)
+		      const CAST_KEY *ks, int enc)
 	{
 	CAST_LONG l,d[2];
 
@@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	l=d[1]; l2n(l,out);
 	l=d[0]=d[1]=0;
 	}
-

crypto/cast/c_enc.c

@@ -59,9 +59,10 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 
-void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
 	{
-	register CAST_LONG l,r,*k,t;
+	register CAST_LONG l,r,t;
+	const register CAST_LONG *k;
 
 	k= &(key->data[0]);
 	l=data[0];
@@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
 	data[0]=r&0xffffffffL;
 	}
 
-void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
 	{
-	register CAST_LONG l,r,*k,t;
+	register CAST_LONG l,r,t;
+	const register CAST_LONG *k;
 
 	k= &(key->data[0]);
 	l=data[0];
@@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
 	}
 
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     CAST_KEY *ks, unsigned char *iv, int enc)
+	     const CAST_KEY *ks, unsigned char *iv, int enc)
 	{
 	register CAST_LONG tin0,tin1;
 	register CAST_LONG tout0,tout1,xor0,xor1;
@@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 	tin0=tin1=tout0=tout1=xor0=xor1=0;
 	tin[0]=tin[1]=0;
 	}
-

crypto/cast/c_ofb64.c

@@ -64,7 +64,7 @@
  * 64bit block we have used is contained in *num;
  */
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, CAST_KEY *schedule, unsigned char *ivec,
+			long length, const CAST_KEY *schedule, unsigned char *ivec,
 			int *num)
 	{
 	register CAST_LONG v0,v1,t;
@@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
 	t=v0=v1=ti[0]=ti[1]=0;
 	*num=n;
 	}
-

crypto/cast/cast.h

@@ -85,17 +85,17 @@ typedef struct cast_key_st
 
  
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
 		      int enc);
-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-		      CAST_KEY *ks, unsigned char *iv, int enc);
+		      const CAST_KEY *ks, unsigned char *iv, int enc);
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, CAST_KEY *schedule, unsigned char *ivec,
+			long length, const CAST_KEY *schedule, unsigned char *ivec,
 			int *num, int enc);
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
-			long length, CAST_KEY *schedule, unsigned char *ivec,
+			long length, const CAST_KEY *schedule, unsigned char *ivec,
 			int *num);
 
 #ifdef  __cplusplus

crypto/comp/Makefile

@@ -86,12 +86,13 @@ c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 c_rle.o: ../../include/openssl/symhacks.h c_rle.c
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
-c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c
+c_zlib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_zlib.o: c_zlib.c
 comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
 comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

crypto/comp/c_zlib.c

@@ -136,15 +136,6 @@ struct zlib_state
 
 static int zlib_stateful_ex_idx = -1;
 
-static void zlib_stateful_free_ex_data(void *obj, void *item,
-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-	{
-	struct zlib_state *state = (struct zlib_state *)item;
-	inflateEnd(&state->istream);
-	deflateEnd(&state->ostream);
-	OPENSSL_free(state);
-	}
-
 static int zlib_stateful_init(COMP_CTX *ctx)
 	{
 	int err;
@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 
 static void zlib_stateful_finish(COMP_CTX *ctx)
 	{
+	struct zlib_state *state =
+		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+			zlib_stateful_ex_idx);
+	inflateEnd(&state->istream);
+	deflateEnd(&state->ostream);
+	OPENSSL_free(state);
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
 	}
 
@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
 			if (zlib_stateful_ex_idx == -1)
 				zlib_stateful_ex_idx =
 					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+						0,NULL,NULL,NULL,NULL);
 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
 			if (zlib_stateful_ex_idx == -1)
 				goto err;

crypto/crypto-lib.com

@@ -193,7 +193,8 @@ $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
 $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
 $ LIB_MODES = "cbc128,ctr128,cfb128,ofb128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM") THEN LIB_BN_ASM = "bn_asm"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
+     LIB_BN_ASM = "bn_asm"
 $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
 	"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
 	"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -

crypto/dsa/dsa_pmeth.c

@@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 
 	ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
 
-	if (ret < 0)
+	if (ret <= 0)
 		return ret;
 	*siglen = sltmp;
 	return 1;

crypto/ec/ec_pmeth.c

@@ -143,7 +143,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 
 	ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
 
-	if (ret < 0)
+	if (ret <= 0)
 		return ret;
 	*siglen = (size_t)sltmp;
 	return 1;

crypto/ecdsa/ecs_ossl.c

@@ -212,7 +212,7 @@ err:
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
 		const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
 {
-	int     ok = 0;
+	int     ok = 0, i;
 	BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
 	const BIGNUM *ckinv;
 	BN_CTX     *ctx = NULL;
@@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
 		goto err;
 	}
-	if (8 * dgst_len > BN_num_bits(order))
+	i = BN_num_bits(order);
+	/* Need to truncate digest if it is too long: first truncate whole
+	 * bytes.
+	 */
+	if (8 * dgst_len > i)
+		dgst_len = (i + 7)/8;
+	if (!BN_bin2bn(dgst, dgst_len, m))
 	{
-		/* XXX
-		 * 
-		 * Should provide for optional hash truncation:
-		 * Keep the BN_num_bits(order) leftmost bits of dgst
-		 * (see March 2006 FIPS 186-3 draft, which has a few
-		 * confusing errors in this part though)
-		 */
-
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-			ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
 		goto err;
 	}
-
-	if (!BN_bin2bn(dgst, dgst_len, m))
+	/* If still too long truncate remaining bits with a shift */
+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
 	{
 		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
 		goto err;
@@ -346,7 +343,7 @@ err:
 static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
 		const ECDSA_SIG *sig, EC_KEY *eckey)
 {
-	int ret = -1;
+	int ret = -1, i;
 	BN_CTX   *ctx;
 	BIGNUM   *order, *u1, *u2, *m, *X;
 	EC_POINT *point = NULL;
@@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
 		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
 		goto err;
 	}
-	if (8 * dgst_len > BN_num_bits(order))
-	{
-		/* XXX
-		 * 
-		 * Should provide for optional hash truncation:
-		 * Keep the BN_num_bits(order) leftmost bits of dgst
-		 * (see March 2006 FIPS 186-3 draft, which has a few
-		 * confusing errors in this part though)
-		 */
-
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,
-			ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		ret = 0;
-		goto err;
-	}
 
 	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 
 	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
@@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
 		goto err;
 	}
 	/* digest -> m */
+	i = BN_num_bits(order);
+	/* Need to truncate digest if it is too long: first truncate whole
+	 * bytes.
+	 */
+	if (8 * dgst_len > i)
+		dgst_len = (i + 7)/8;
 	if (!BN_bin2bn(dgst, dgst_len, m))
 	{
 		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
 		goto err;
 	}
+	/* If still too long truncate remaining bits with a shift */
+	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
 	/* u1 = m * tmp mod order */
 	if (!BN_mod_mul(u1, m, u2, order, ctx))
 	{

crypto/engine/engine.h

@@ -335,11 +335,7 @@ void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
 void ENGINE_load_padlock(void);
-#ifdef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_NO_CAPIENG
 void ENGINE_load_capi(void);
-#endif
-#endif
 #ifndef OPENSSL_NO_GMP
 void ENGINE_load_gmp(void);
 #endif

crypto/evp/c_allc.c

@@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher(EVP_des_cfb8());
 	EVP_add_cipher(EVP_des_ede_cfb());
 	EVP_add_cipher(EVP_des_ede3_cfb());
+	EVP_add_cipher(EVP_des_ede3_cfb1());
+	EVP_add_cipher(EVP_des_ede3_cfb8());
 
 	EVP_add_cipher(EVP_des_ofb());
 	EVP_add_cipher(EVP_des_ede_ofb());

crypto/evp/digest.c

@@ -126,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
 	{
 	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
 
-	EVP_MD_CTX_init(ctx);
+	if (ctx)
+		EVP_MD_CTX_init(ctx);
 
 	return ctx;
 	}
@@ -202,6 +203,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 			{
 			ctx->update = type->update;
 			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+			if (ctx->md_data == NULL)
+				{
+				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
+							ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
 			}
 		}
 #ifndef OPENSSL_NO_ENGINE
@@ -286,8 +293,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 
 	if (in->md_data && out->digest->ctx_size)
 		{
-		if (tmp_buf) out->md_data = tmp_buf;
-		else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+		if (tmp_buf)
+			out->md_data = tmp_buf;
+		else
+			{
+			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+			if (!out->md_data)
+				{
+				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
 		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
 		}
 

crypto/evp/evp.h

@@ -1289,6 +1289,8 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR			 145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR			 146
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_UNKNOWN_CIPHER				 160
+#define EVP_R_UNKNOWN_DIGEST				 161
 #define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
 #define EVP_R_UNSUPPORTED_ALGORITHM			 156

crypto/evp/evp_err.c

@@ -185,6 +185,8 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
 {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
+{ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},

crypto/evp/evp_lib.c

@@ -159,6 +159,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 
 		return NID_des_cfb64;
 
+		case NID_des_ede3_cfb64:
+		case NID_des_ede3_cfb8:
+		case NID_des_ede3_cfb1:
+
+		return NID_des_cfb64;
+
 		default:
 		/* Check it has an OID and it is valid */
 		otmp = OBJ_nid2obj(nid);

crypto/evp/evp_pbe.c

@@ -174,12 +174,26 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 	if (cipher_nid == -1)
 		cipher = NULL;
 	else
+		{
 		cipher = EVP_get_cipherbynid(cipher_nid);
+		if (!cipher)
+			{
+			EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
+			return 0;
+			}
+		}
 
 	if (md_nid == -1)
 		md = NULL;
 	else
+		{
 		md = EVP_get_digestbynid(md_nid);
+		if (!md)
+			{
+			EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
+			return 0;
+			}
+		}
 
 	if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
 		{

crypto/evp/p_lib.c

@@ -220,7 +220,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 #ifndef OPENSSL_NO_ENGINE
 		/* If we have an ENGINE release it */
 		if (pkey->engine)
+			{
 			ENGINE_finish(pkey->engine);
+			pkey->engine = NULL;
+			}
 #endif
 		}
 	if (str)

crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x10000004L
+#define OPENSSL_VERSION_NUMBER	0x10000005L
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips-beta4 10 Nov 2009"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips-beta5 20 Jan 2010"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-beta4 10 Nov 2009"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-beta5 20 Jan 2010"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

crypto/perlasm/x86_64-xlate.pl

@@ -241,9 +241,11 @@ my %globals;
 
 	if ($gas) {
 	    # Solaris /usr/ccs/bin/as can't handle multiplications
-	    # in $self->{label}
+	    # in $self->{label}, new gas requires sign extension...
+	    use integer;
 	    $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
 	    $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+	    $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
 	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
 
 	    if (defined($self->{index})) {

crypto/perlasm/x86masm.pl

@@ -128,7 +128,7 @@ ___
 
     if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
     {	my $comm=<<___;
-.bss	SEGMENT
+.bss	SEGMENT 'BSS'
 COMM	${nmdecor}OPENSSL_ia32cap_P:DWORD
 .bss	ENDS
 ___

crypto/pkcs7/pkcs7.h

@@ -383,8 +383,6 @@ int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
 
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
 
 BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
 

crypto/rand/rand_win.c

@@ -463,7 +463,7 @@ int RAND_poll(void)
 		PROCESSENTRY32 p;
 		THREADENTRY32 t;
 		MODULEENTRY32 m;
-		DWORD stoptime = 0;
+		DWORD starttime = 0;
 
 		snap = (CREATETOOLHELP32SNAPSHOT)
 			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
@@ -496,7 +496,7 @@ int RAND_poll(void)
                          */
 			ZeroMemory(&hlist, sizeof(HEAPLIST32));
 			hlist.dwSize = sizeof(HEAPLIST32);		
-			if (good) stoptime = GetTickCount() + MAXDELAY;
+			if (good) starttime = GetTickCount();
 #ifdef _MSC_VER
 			if (heaplist_first(handle, &hlist))
 				{
@@ -536,7 +536,7 @@ int RAND_poll(void)
 							ex_cnt_limit--;
 						}
 					} while (heaplist_next(handle, &hlist) 
-						&& GetTickCount() < stoptime 
+						&& (!good || (GetTickCount()-starttime)<MAXDELAY)
 						&& ex_cnt_limit > 0);
 				}
 
@@ -559,7 +559,7 @@ int RAND_poll(void)
 							&& --entrycnt > 0);
 						}
 					} while (heaplist_next(handle, &hlist) 
-						&& GetTickCount() < stoptime);
+						&& (!good || (GetTickCount()-starttime)<MAXDELAY));
 				}
 #endif
 
@@ -570,11 +570,11 @@ int RAND_poll(void)
                          */
 			p.dwSize = sizeof(PROCESSENTRY32);
 		
-			if (good) stoptime = GetTickCount() + MAXDELAY;
+			if (good) starttime = GetTickCount();
 			if (process_first(handle, &p))
 				do
 					RAND_add(&p, p.dwSize, 9);
-				while (process_next(handle, &p) && GetTickCount() < stoptime);
+				while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
 
 			/* thread walking */
                         /* THREADENTRY32 contains 6 fields that will change
@@ -582,11 +582,11 @@ int RAND_poll(void)
                          * 1 byte of entropy.
                          */
 			t.dwSize = sizeof(THREADENTRY32);
-			if (good) stoptime = GetTickCount() + MAXDELAY;
+			if (good) starttime = GetTickCount();
 			if (thread_first(handle, &t))
 				do
 					RAND_add(&t, t.dwSize, 6);
-				while (thread_next(handle, &t) && GetTickCount() < stoptime);
+				while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
 
 			/* module walking */
                         /* MODULEENTRY32 contains 9 fields that will change
@@ -594,12 +594,12 @@ int RAND_poll(void)
                          * 1 byte of entropy.
                          */
 			m.dwSize = sizeof(MODULEENTRY32);
-			if (good) stoptime = GetTickCount() + MAXDELAY;
+			if (good) starttime = GetTickCount();
 			if (module_first(handle, &m))
 				do
 					RAND_add(&m, m.dwSize, 9);
 				while (module_next(handle, &m)
-					       	&& (GetTickCount() < stoptime));
+					       	&& (!good || (GetTickCount()-starttime)<MAXDELAY));
 			if (close_snap)
 				close_snap(handle);
 			else

crypto/rsa/rsa_lib.c

@@ -182,7 +182,16 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->mt_blinding=NULL;
 	ret->bignum_data=NULL;
 	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+		{
+#ifndef OPENSSL_NO_ENGINE
+	if (ret->engine)
+		ENGINE_finish(ret->engine);
+#endif
+		OPENSSL_free(ret);
+		return(NULL);
+		}
+
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 #ifndef OPENSSL_NO_ENGINE

crypto/s390xcap.c

@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+
+extern unsigned long OPENSSL_s390xcap_P;
+
+static sigjmp_buf ill_jmp;
+static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+
+unsigned long OPENSSL_s390x_facilities(void);
+
+void OPENSSL_cpuid_setup(void)
+	{
+	sigset_t oset;
+	struct sigaction ill_act,oact;
+
+	if (OPENSSL_s390xcap_P) return;
+
+	memset(&ill_act,0,sizeof(ill_act));
+	ill_act.sa_handler = ill_handler;
+	sigfillset(&ill_act.sa_mask);
+	sigdelset(&ill_act.sa_mask,SIGILL);
+	sigdelset(&ill_act.sa_mask,SIGTRAP);
+	sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
+	sigaction (SIGILL,&ill_act,&oact);
+
+	/* protection against missing store-facility-list-extended */
+	if (sigsetjmp(ill_jmp,0) == 0)
+		OPENSSL_s390xcap_P = OPENSSL_s390x_facilities();
+	else
+		OPENSSL_s390xcap_P = 1UL<<63;
+
+	sigaction (SIGILL,&oact,NULL);
+	sigprocmask(SIG_SETMASK,&oset,NULL);
+	}

crypto/s390xcpuid.S

@@ -1,12 +1,5 @@
 .text
 
-.globl	OPENSSL_cpuid_setup
-.type	OPENSSL_cpuid_setup,@function
-.align	16
-OPENSSL_cpuid_setup:
-	br	%r14		# reserved for future
-.size	OPENSSL_cpuid_setup,.-OPENSSL_cpuid_setup
-
 .globl	OPENSSL_s390x_facilities
 .type	OPENSSL_s390x_facilities,@function
 .align	16
@@ -14,6 +7,8 @@ OPENSSL_s390x_facilities:
 	lghi	%r0,0
 	.long	0xb2b0f010	# stfle	16(%r15)
 	lg	%r2,16(%r15)
+	larl	%r1,OPENSSL_s390xcap_P
+	stg	%r2,0(%r1)
 	br	%r14
 .size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
 
@@ -88,3 +83,8 @@ OPENSSL_cleanse:
 	jnz	.Little
 	br	%r14
 .size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.section	.init
+	brasl	%r14,OPENSSL_cpuid_setup
+
+.comm	OPENSSL_s390xcap_P,8,8

crypto/sha/asm/sha1-s390x.pl

@@ -143,6 +143,10 @@ Ktable: .long	0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
 sha1_block_data_order:
 ___
 $code.=<<___ if ($kimdfunc);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,0(%r1)
+	tmhl	%r0,0x4000	# check for message-security assist
+	jz	.Lsoftware
 	lghi	%r0,0
 	la	%r1,16($sp)
 	.long	0xb93e0002	# kimd %r0,%r2
@@ -213,6 +217,7 @@ $code.=<<___;
 	br	%r14
 .size	sha1_block_data_order,.-sha1_block_data_order
 .string	"SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm	OPENSSL_s390xcap_P,8,8
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

crypto/sha/asm/sha512-s390x.pl

@@ -214,6 +214,10 @@ $code.=<<___;
 $Func:
 ___
 $code.=<<___ if ($kimdfunc);
+	larl	%r1,OPENSSL_s390xcap_P
+	lg	%r0,0(%r1)
+	tmhl	%r0,0x4000	# check for message-security assist
+	jz	.Lsoftware
 	lghi	%r0,0
 	la	%r1,16($sp)
 	.long	0xb93e0002	# kimd %r0,%r2
@@ -286,6 +290,7 @@ $code.=<<___;
 	br	%r14
 .size	$Func,.-$Func
 .string	"SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm	OPENSSL_s390xcap_P,8,8
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

crypto/sha/sha512.c

@@ -380,7 +380,7 @@ static const SHA_LONG64 K512[80] = {
 				((SHA_LONG64)hi)<<32|lo;	})
 #   endif
 #  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#   define ROTR(a,n)	({ unsigned long ret;		\
+#   define ROTR(a,n)	({ SHA_LONG64 ret;		\
 				asm ("rotrdi %0,%1,%2"	\
 				: "=r"(ret)		\
 				: "r"(a),"K"(n)); ret;	})

crypto/stack/safestack.h

@@ -186,7 +186,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 				ex_tag, ex_class)
 
 #define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	i2d_ASN1_SET(CHECKED_STACK_OF(type, st), pp, \
+  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
 				CHECKED_I2D_OF(type, i2d_func), \
 				ex_tag, ex_class, is_set)
 

crypto/symhacks.h

@@ -138,6 +138,8 @@
 #define X509_policy_node_get0_qualifiers	X509_pcy_node_get0_qualifiers
 #undef X509_STORE_CTX_get_explicit_policy
 #define X509_STORE_CTX_get_explicit_policy	X509_STORE_CTX_get_expl_policy
+#undef X509_STORE_CTX_get0_current_issuer
+#define X509_STORE_CTX_get0_current_issuer	X509_STORE_CTX_get0_cur_issuer
 
 /* Hack some long CRYPTO names */
 #undef CRYPTO_set_dynlock_destroy_callback

crypto/x509/x509.h

@@ -961,6 +961,11 @@ unsigned long	X509_issuer_name_hash(X509 *a);
 int		X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long	X509_subject_name_hash(X509 *x);
 
+#ifndef OPENSSL_NO_MD5
+unsigned long	X509_issuer_name_hash_old(X509 *a);
+unsigned long	X509_subject_name_hash_old(X509 *x);
+#endif
+
 int		X509_cmp(const X509 *a, const X509 *b);
 int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long	X509_NAME_hash(X509_NAME *x);

crypto/x509/x509_cmp.c

@@ -133,6 +133,13 @@ unsigned long X509_issuer_name_hash(X509 *x)
 	return(X509_NAME_hash(x->cert_info->issuer));
 	}
 
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *x)
+	{
+	return(X509_NAME_hash_old(x->cert_info->issuer));
+	}
+#endif
+
 X509_NAME *X509_get_subject_name(X509 *a)
 	{
 	return(a->cert_info->subject);
@@ -148,6 +155,13 @@ unsigned long X509_subject_name_hash(X509 *x)
 	return(X509_NAME_hash(x->cert_info->subject));
 	}
 
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_subject_name_hash_old(X509 *x)
+	{
+	return(X509_NAME_hash_old(x->cert_info->subject));
+	}
+#endif
+
 #ifndef OPENSSL_NO_SHA
 /* Compare two certificates: they must be identical for
  * this to work. NB: Although "cmp" operations are generally

crypto/x509/x509_lu.c

@@ -200,7 +200,13 @@ X509_STORE *X509_STORE_new(void)
 	ret->lookup_crls = 0;
 	ret->cleanup = 0;
 
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+		{
+		sk_X509_OBJECT_free(ret->objs);
+		OPENSSL_free(ret);
+		return NULL;
+		}
+
 	ret->references=1;
 	return ret;
 	}

crypto/x509/x509_vfy.c

@@ -1727,6 +1727,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
 			offset= -offset;
 		}
 	atm.type=ctm->type;
+	atm.flags = 0;
 	atm.length=sizeof(buff2);
 	atm.data=(unsigned char *)buff2;
 

demos/pkcs12/pkread.c

@@ -20,7 +20,7 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Usage: pkread p12file password opfile\n");
 		exit (1);
 	}
-	SSLeay_add_all_algorithms();
+	OpenSSL_add_all_algorithms();
 	ERR_load_crypto_strings();
 	if (!(fp = fopen(argv[1], "rb"))) {
 		fprintf(stderr, "Error opening file %s\n", argv[1]);

doc/apps/tsget.pod

@@ -144,25 +144,25 @@ absolute path.
 
 Get a time stamp response for file1.tsq over HTTP, output is written to 
 file1.tsr:
-	
+
   tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
 
 Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
 progress, output is written to file1.reply and file2.reply respectively:
-	
+
   tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
 	file1.tsq file2.tsq
 
 Create a time stamp request, write it to file3.tsq, send it to the server and
 write the response to file3.tsr:
-	
+
   openssl ts -query -data file3.txt -cert | tee file3.tsq \
 	| tsget -h http://tsa.opentsa.org:8080/tsa \
 	-o file3.tsr
 
 Get a time stamp response for file1.tsq over HTTPS without client
 authentication:
-	
+
   tsget -h https://tsa.opentsa.org:8443/tsa \
 	-C cacerts.pem file1.tsq
 

doc/apps/x509.pod

@@ -158,6 +158,16 @@ outputs the "hash" of the certificate issuer name.
 
 synonym for "-subject_hash" for backward compatibility reasons.
 
+=item B<-subject_hash_old>
+
+outputs the "hash" of the certificate subject name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
+=item B<-issuer_hash_old>
+
+outputs the "hash" of the certificate issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
 =item B<-subject>
 
 outputs the subject name.
@@ -837,4 +847,10 @@ L<x509v3_config(5)|x509v3_config(5)>
 
 Before OpenSSL 0.9.8, the default digest for RSA keys was MD5.
 
+The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
+before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
+of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
+canonical version of the DN using SHA1. This means that any directories using
+the old form must have their links rebuilt using B<c_rehash> or similar. 
+
 =cut

doc/crypto/ASN1_generate_nconf.pod

@@ -178,7 +178,7 @@ An IA5String explicitly tagged using APPLICATION tagging:
 
 A BITSTRING with bits 1 and 5 set and all others zero:
 
- FORMAT=BITLIST,BITSTRING:1,5
+ FORMAT:BITLIST,BITSTRING:1,5
 
 A more complex example using a config file to produce a
 SEQUENCE consiting of a BOOL an OID and a UTF8String:

doc/ssl/SSL_CTX_set_options.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
 
 =head1 SYNOPSIS
 
@@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - man
  long SSL_CTX_set_options(SSL_CTX *ctx, long options);
  long SSL_set_options(SSL *ssl, long options);
 
+ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
+
  long SSL_CTX_get_options(SSL_CTX *ctx);
  long SSL_get_options(SSL *ssl);
 
+ long SSL_get_secure_renegotiation_support(SSL *ssl);
+
 =head1 DESCRIPTION
 
+Note: all these functions are implemented using macros.
+
 SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
 Options already set before are not cleared!
 
 SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
 Options already set before are not cleared!
 
+SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+to B<ctx>.
+
+SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
+
 SSL_CTX_get_options() returns the options set for B<ctx>.
 
 SSL_get_options() returns the options set for B<ssl>.
 
+SSL_get_secure_renegotiation_support() indicates whether the peer supports
+secure renegotiation.
+
 =head1 NOTES
 
 The behaviour of the SSL library can be changed by setting several options.
 The options are coded as bitmasks and can be combined by a logical B<or>
-operation (|). Options can only be added but can never be reset.
+operation (|).
 
 SSL_CTX_set_options() and SSL_set_options() affect the (external)
 protocol behaviour of the SSL library. The (internal) behaviour of
@@ -199,7 +214,7 @@ Do not use the TLSv1 protocol.
 
 When performing renegotiation as a server, always start a new session
 (i.e., session resumption requests are only accepted in the initial
-handshake).  This option is not needed for clients.
+handshake). This option is not needed for clients.
 
 =item SSL_OP_NO_TICKET
 
@@ -209,15 +224,63 @@ of RFC4507bis tickets for stateless session resumption.
 If this option is set this functionality is disabled and tickets will
 not be used by clients or servers.
 
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+See the B<SECURE RENEGOTIATION> section for a discussion of the purpose of
+this option
+
 =back
 
+=head1 SECURE RENEGOTIATION
+
+OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
+described in draft-ietf-tls-renegotiation (FIXME: replace by RFC). This
+counters a prefix attack described in the draft and elsewhere (FIXME: need full
+reference).
+
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as I<patched>. A server not supporting secure
+renegotiation is referred to as I<unpatched>.
+
+If an unpatched client attempts to connect to a patched OpenSSL server then
+the attempt will succeed but renegotiation is not permitted. As required
+by the standard a B<no_renegotiation> alert is sent back to the client if
+the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results
+in a fatal B<handshake_failed> alert.
+
+If a patched OpenSSL client attempts to connect to an unpatched server
+then the connection will fail because it is not possible to determine
+whether an attack is taking place.
+
+If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then the
+above restrictions are relaxed. Renegotiation is permissible and initial
+connections to unpatched servers will succeed.
+
+This option should be used with caution because it leaves both clients and
+servers vulnerable. However unpatched servers and clients are likely to be
+around for some time and refusing to connect to unpatched servers or denying
+renegotion altogether may be unacceptable. So applications may be forced to
+tolerate unsafe renegotiation for the immediate future.
+
+The function SSL_get_secure_renegotiation_support() indicates whether the peer
+supports secure renegotiation. 
+
+The deprecated SSLv2 protocol does not support secure renegotiation at all.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
 after adding B<options>.
 
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+after clearing B<options>.
+
 SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
 
+SSL_get_secure_renegotiation_support() returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
+
 =head1 SEE ALSO
 
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
@@ -240,4 +303,10 @@ Versions up to OpenSSL 0.9.6c do not include the countermeasure that
 can be disabled with this option (in OpenSSL 0.9.6d, it was always
 enabled).
 
+SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
+0.9.8m.
+
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> was first added in OpenSSL
+0.9.8m.
+
 =cut

engines/Makefile

@@ -107,7 +107,7 @@ install:
 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		set -e; \
-		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines; \
+		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
 		for l in $(LIBNAMES); do \
 			( echo installing $$l; \
 			  pfx=lib; \

engines/ccgost/Makefile

@@ -53,13 +53,13 @@ install:
 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
 			*) sfx=".bad";; \
 			esac; \
-			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 		else \
 			sfx=".so"; \
-			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
 		fi; \
-		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx; \
+		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
 	fi
 
 links:

engines/ccgost/gost_crypt.c

@@ -34,7 +34,7 @@ EVP_CIPHER cipher_gost =
 	NID_id_Gost28147_89,
 	1,/*block_size*/
 	32,/*key_size*/
-	8,/*iv_len - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+	8,/*iv_len */
 	EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
 	EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
 	gost_cipher_init,
@@ -52,7 +52,7 @@ EVP_CIPHER cipher_gost_cpacnt =
 	NID_gost89_cnt,
 	1,/*block_size*/
 	32,/*key_size*/
-	8,/*iv_len - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+	8,/*iv_len */
 	EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
 	EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
 	gost_cipher_init_cpa,

engines/ccgost/gosthash.c

@@ -86,7 +86,7 @@ static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len)
  */
 static int hash_step(gost_ctx *c,byte *H,const byte *M) 
 	{
-	static byte U[32],W[32],V[32],S[32],Key[32];
+	byte U[32],W[32],V[32],S[32],Key[32];
 	int i;
 	/* Compute first key */
 	xor_blocks(W,H,M,32);
@@ -253,4 +253,3 @@ int finish_hash(gost_hash_ctx *ctx,byte *hashval)
 	memcpy(hashval,H,32);
 	return 1;
 	}
-

engines/e_capi.c

@@ -71,6 +71,22 @@
 
 #include <wincrypt.h>
 
+/*
+ * This module uses several "new" interfaces, among which is
+ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
+ * one of possible values you can pass to function in question. By
+ * checking if it's defined we can see if wincrypt.h and accompanying
+ * crypt32.lib are in shape. Yes, it's rather "weak" test and if
+ * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG.
+ */
+#ifdef CERT_KEY_PROV_INFO_PROP_ID
+# define __COMPILE_CAPIENG
+#endif /* CERT_KEY_PROV_INFO_PROP_ID */
+#endif /* OPENSSL_NO_CAPIENG */
+#endif /* OPENSSL_SYS_WIN32 */
+
+#ifdef __COMPILE_CAPIENG
+
 #undef X509_EXTENSIONS
 #undef X509_CERT_PAIR
 
@@ -1784,12 +1800,13 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
 	}
 #endif
 
-#endif
-#else /* !WIN32 */
+#else /* !__COMPILE_CAPIENG */
 #include <openssl/engine.h>
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
+#else
+void ENGINE_load_capi(void){}
 #endif
 #endif

makevms.com

@@ -349,7 +349,7 @@ $ ENDIF
 $!
 $! There are many places where this is needed.
 $!
-$ WRITE H_FILE "#define _XOPEN_SOURCE_EXTENDED"
+$!!! WRITE H_FILE "#define _XOPEN_SOURCE_EXTENDED"
 $!
 $! Close the [.CRYPTO.<ARCH>]OPENSSLCONF.H file
 $!

ms/bcb4.bat

@@ -1,6 +1,6 @@
-perl Configure BC-32
-perl util\mkfiles.pl > MINFO
-
-@rem create make file
-perl util\mk1mf.pl no-asm BC-NT > bcb.mak
-
+perl Configure BC-32
+perl util\mkfiles.pl > MINFO
+
+@rem create make file
+perl util\mk1mf.pl no-asm BC-NT > bcb.mak
+

ms/do_nt.bat

@@ -1,7 +1,7 @@
-
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
-
-perl util\mkdef.pl libeay NT > ms\libeay32.def
-perl util\mkdef.pl ssleay NT > ms\ssleay32.def
+
+perl util\mkfiles.pl >MINFO
+perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
+perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
+
+perl util\mkdef.pl libeay NT > ms\libeay32.def
+perl util\mkdef.pl ssleay NT > ms\ssleay32.def

ms/do_win64a.bat

@@ -1,9 +1,9 @@
-
-perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64a > ms\uptable.asm
-ml64 -c -Foms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+
+perl util\mkfiles.pl >MINFO
+perl ms\uplink.pl win64a > ms\uptable.asm
+ml64 -c -Foms\uptable.obj ms\uptable.asm
+perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak
+perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak
+
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

ms/do_win64i.bat

@@ -1,9 +1,9 @@
-
-perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64i > ms\uptable.asm
-ias -o ms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+
+perl util\mkfiles.pl >MINFO
+perl ms\uplink.pl win64i > ms\uptable.asm
+ias -o ms\uptable.obj ms\uptable.asm
+perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak
+perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak
+
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

ms/mingw32.bat

@@ -1,90 +1,90 @@
-@rem OpenSSL with Mingw32+GNU as
-@rem ---------------------------
-
-perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8
-
-@echo off
-
-perl -e "exit 1 if '%1' eq 'no-asm'"
-if errorlevel 1 goto noasm
-
-echo Generating x86 for GNU assember
-
-echo Bignum
-cd crypto\bn\asm
-perl bn-586.pl gaswin > bn-win32.s
-perl co-586.pl gaswin > co-win32.s
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl gaswin > d-win32.s
-cd ..\..\..
-
-echo crypt
-cd crypto\des\asm
-perl crypt586.pl gaswin > y-win32.s
-cd ..\..\..
-
-echo Blowfish
-cd crypto\bf\asm
-perl bf-586.pl gaswin > b-win32.s
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl gaswin > c-win32.s
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl gaswin > r4-win32.s
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl gaswin > m5-win32.s
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl gaswin > s1-win32.s
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl gaswin > rm-win32.s
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl gaswin > r5-win32.s
-cd ..\..\..
-
-:noasm
-
-echo Generating makefile
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak
-echo Generating DLL definition files
-perl util\mkdef.pl 32 libeay >ms\libeay32.def
-if errorlevel 1 goto end
-perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
-if errorlevel 1 goto end
-
-rem copy ms\tlhelp32.h outinc
-
-echo Building the libraries
-mingw32-make -f ms/mingw32a.mak
-if errorlevel 1 goto end
-
-echo Generating the DLLs and input libraries
-dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
-if errorlevel 1 goto end
-dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
-if errorlevel 1 goto end
-
-echo Done compiling OpenSSL
-
-:end
-
+@rem OpenSSL with Mingw32+GNU as
+@rem ---------------------------
+
+perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8
+
+@echo off
+
+perl -e "exit 1 if '%1' eq 'no-asm'"
+if errorlevel 1 goto noasm
+
+echo Generating x86 for GNU assember
+
+echo Bignum
+cd crypto\bn\asm
+perl bn-586.pl gaswin > bn-win32.s
+perl co-586.pl gaswin > co-win32.s
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl gaswin > d-win32.s
+cd ..\..\..
+
+echo crypt
+cd crypto\des\asm
+perl crypt586.pl gaswin > y-win32.s
+cd ..\..\..
+
+echo Blowfish
+cd crypto\bf\asm
+perl bf-586.pl gaswin > b-win32.s
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl gaswin > c-win32.s
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl gaswin > r4-win32.s
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl gaswin > m5-win32.s
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl gaswin > s1-win32.s
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl gaswin > rm-win32.s
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl gaswin > r5-win32.s
+cd ..\..\..
+
+:noasm
+
+echo Generating makefile
+perl util\mkfiles.pl >MINFO
+perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak
+echo Generating DLL definition files
+perl util\mkdef.pl 32 libeay >ms\libeay32.def
+if errorlevel 1 goto end
+perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
+if errorlevel 1 goto end
+
+rem copy ms\tlhelp32.h outinc
+
+echo Building the libraries
+mingw32-make -f ms/mingw32a.mak
+if errorlevel 1 goto end
+
+echo Generating the DLLs and input libraries
+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
+if errorlevel 1 goto end
+dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
+if errorlevel 1 goto end
+
+echo Done compiling OpenSSL
+
+:end
+

ms/mw.bat

@@ -1,26 +1,26 @@
-@rem OpenSSL with Mingw32
-@rem --------------------
-
-@rem Makefile
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl Mingw32 >ms\mingw32.mak
-@rem DLL definition files
-perl util\mkdef.pl 32 libeay >ms\libeay32.def
-if errorlevel 1 goto end
-perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
-if errorlevel 1 goto end
-
-@rem Build the libraries
-make -f ms/mingw32.mak
-if errorlevel 1 goto end
-
-@rem Generate the DLLs and input libraries
-dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
-if errorlevel 1 goto end
-dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
-if errorlevel 1 goto end
-
-echo Done compiling OpenSSL
-
-:end
-
+@rem OpenSSL with Mingw32
+@rem --------------------
+
+@rem Makefile
+perl util\mkfiles.pl >MINFO
+perl util\mk1mf.pl Mingw32 >ms\mingw32.mak
+@rem DLL definition files
+perl util\mkdef.pl 32 libeay >ms\libeay32.def
+if errorlevel 1 goto end
+perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
+if errorlevel 1 goto end
+
+@rem Build the libraries
+make -f ms/mingw32.mak
+if errorlevel 1 goto end
+
+@rem Generate the DLLs and input libraries
+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
+if errorlevel 1 goto end
+dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
+if errorlevel 1 goto end
+
+echo Done compiling OpenSSL
+
+:end
+

ms/tenc.bat

@@ -1,14 +1,14 @@
-rem called by testenc
-
-echo test %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-
-:err
+rem called by testenc
+
+echo test %1 %2 %3 %4 %5 %6 
+%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%cmp% %input% %out1%
+if errorlevel 1 goto err
+
+echo test base64 %1 %2 %3 %4 %5 %6 
+%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%cmp% %input% %out1%
+
+:err

ms/tencce.bat

@@ -1,19 +1,19 @@
-rem called by testencce
-
-echo test %1 %2 %3 %4 %5 %6 
-cecopy %input% CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6 
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
-
-:err
+rem called by testencce
+
+echo test %1 %2 %3 %4 %5 %6 
+cecopy %input% CE:\OpenSSL
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
+del %out1% >nul 2>&1
+cecopy CE:\OpenSSL\%out1% .
+%cmp% %input% %out1%
+if errorlevel 1 goto err
+
+echo test base64 %1 %2 %3 %4 %5 %6 
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
+del %out1% >nul 2>&1
+cecopy CE:\OpenSSL\%out1% .
+%cmp% %input% %out1%
+
+:err

ms/testenc.bat

@@ -1,94 +1,94 @@
-@echo off
-echo start testenc
-
-path=..\ms;%path%
-set ssleay=%1%
-set input=..\ms\testenc.bat
-set tmp1=..\ms\cipher.out
-set out1=..\ms\clear.out
-set cmp=perl ..\ms\cmp.pl
-
-cd
-call tenc.bat enc
-if errorlevel 1 goto err
-
-call tenc.bat rc4
-if errorlevel 1 goto err
-
-call tenc.bat des-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ecb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3
-if errorlevel 1 goto err
-
-call tenc.bat des-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tenc.bat idea-ecb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cfb
-if errorlevel 1 goto err
-
-call tenc.bat idea-ofb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cbc
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tenc.bat bf-ecb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cfb
-if errorlevel 1 goto err
-
-call tenc.bat bf-ofb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1%
-del %tmp1%
-:err
-
+@echo off
+echo start testenc
+
+path=..\ms;%path%
+set ssleay=%1%
+set input=..\ms\testenc.bat
+set tmp1=..\ms\cipher.out
+set out1=..\ms\clear.out
+set cmp=perl ..\ms\cmp.pl
+
+cd
+call tenc.bat enc
+if errorlevel 1 goto err
+
+call tenc.bat rc4
+if errorlevel 1 goto err
+
+call tenc.bat des-cfb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede-cfb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3-cfb
+if errorlevel 1 goto err
+
+call tenc.bat des-ofb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede-ofb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3-ofb
+if errorlevel 1 goto err
+
+call tenc.bat des-ecb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3
+if errorlevel 1 goto err
+
+call tenc.bat des-cbc
+if errorlevel 1 goto err
+
+call tenc.bat des-ede-cbc
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3-cbc
+if errorlevel 1 goto err
+
+call tenc.bat idea-ecb
+if errorlevel 1 goto err
+
+call tenc.bat idea-cfb
+if errorlevel 1 goto err
+
+call tenc.bat idea-ofb
+if errorlevel 1 goto err
+
+call tenc.bat idea-cbc
+if errorlevel 1 goto err
+
+call tenc.bat rc2-ecb
+if errorlevel 1 goto err
+
+call tenc.bat rc2-cfb
+if errorlevel 1 goto err
+
+call tenc.bat rc2-ofb
+if errorlevel 1 goto err
+
+call tenc.bat rc2-cbc
+if errorlevel 1 goto err
+
+call tenc.bat bf-ecb
+if errorlevel 1 goto err
+
+call tenc.bat bf-cfb
+if errorlevel 1 goto err
+
+call tenc.bat bf-ofb
+if errorlevel 1 goto err
+
+call tenc.bat bf-cbc
+if errorlevel 1 goto err
+
+echo OK
+del %out1%
+del %tmp1%
+:err
+

ms/testencce.bat

@@ -1,97 +1,97 @@
-@echo off
-echo start testenc
-
-path=..\ms;%path%
-set ssleay=%1%
-copy ..\ms\testenc.bat >nul
-set input=testenc.bat
-set tmp1=cipher.out
-set out1=clear.out
-set cmp=perl ..\ms\cmp.pl
-
-cecopy %ssleay% CE:\OpenSSL
-
-cd
-call tencce.bat enc
-if errorlevel 1 goto err
-
-call tencce.bat rc4
-if errorlevel 1 goto err
-
-call tencce.bat des-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ecb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3
-if errorlevel 1 goto err
-
-call tencce.bat des-cbc
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tencce.bat idea-ecb
-if errorlevel 1 goto err
-
-call tencce.bat idea-cfb
-if errorlevel 1 goto err
-
-call tencce.bat idea-ofb
-if errorlevel 1 goto err
-
-call tencce.bat idea-cbc
-if errorlevel 1 goto err
-
-call tencce.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tencce.bat bf-ecb
-if errorlevel 1 goto err
-
-call tencce.bat bf-cfb
-if errorlevel 1 goto err
-
-call tencce.bat bf-ofb
-if errorlevel 1 goto err
-
-call tencce.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1% >nul 2>&1
-del %tmp1% >nul 2>&1
-:err
-
+@echo off
+echo start testenc
+
+path=..\ms;%path%
+set ssleay=%1%
+copy ..\ms\testenc.bat >nul
+set input=testenc.bat
+set tmp1=cipher.out
+set out1=clear.out
+set cmp=perl ..\ms\cmp.pl
+
+cecopy %ssleay% CE:\OpenSSL
+
+cd
+call tencce.bat enc
+if errorlevel 1 goto err
+
+call tencce.bat rc4
+if errorlevel 1 goto err
+
+call tencce.bat des-cfb
+if errorlevel 1 goto err
+
+call tencce.bat des-ede-cfb
+if errorlevel 1 goto err
+
+call tencce.bat des-ede3-cfb
+if errorlevel 1 goto err
+
+call tencce.bat des-ofb
+if errorlevel 1 goto err
+
+call tencce.bat des-ede-ofb
+if errorlevel 1 goto err
+
+call tencce.bat des-ede3-ofb
+if errorlevel 1 goto err
+
+call tencce.bat des-ecb
+if errorlevel 1 goto err
+
+call tencce.bat des-ede
+if errorlevel 1 goto err
+
+call tencce.bat des-ede3
+if errorlevel 1 goto err
+
+call tencce.bat des-cbc
+if errorlevel 1 goto err
+
+call tencce.bat des-ede-cbc
+if errorlevel 1 goto err
+
+call tencce.bat des-ede3-cbc
+if errorlevel 1 goto err
+
+call tencce.bat idea-ecb
+if errorlevel 1 goto err
+
+call tencce.bat idea-cfb
+if errorlevel 1 goto err
+
+call tencce.bat idea-ofb
+if errorlevel 1 goto err
+
+call tencce.bat idea-cbc
+if errorlevel 1 goto err
+
+call tencce.bat rc2-ecb
+if errorlevel 1 goto err
+
+call tencce.bat rc2-cfb
+if errorlevel 1 goto err
+
+call tencce.bat rc2-ofb
+if errorlevel 1 goto err
+
+call tencce.bat rc2-cbc
+if errorlevel 1 goto err
+
+call tencce.bat bf-ecb
+if errorlevel 1 goto err
+
+call tencce.bat bf-cfb
+if errorlevel 1 goto err
+
+call tencce.bat bf-ofb
+if errorlevel 1 goto err
+
+call tencce.bat bf-cbc
+if errorlevel 1 goto err
+
+echo OK
+del %out1% >nul 2>&1
+del %tmp1% >nul 2>&1
+:err
+

ms/testpem.bat

@@ -1,32 +1,32 @@
-@echo off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=fc.exe
-
-call tpem.bat crl ..\test\testcrl.pem
-if errorlevel 1 goto err
-
-call tpem.bat pkcs7 ..\test\testp7.pem
-if errorlevel 1 goto err
-
-call tpem.bat req ..\test\testreq2.pem
-if errorlevel 1 goto err
-
-call tpem.bat rsa ..\test\testrsa.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\testx509.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat sess_id ..\test\testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1%
-:err
+@echo off
+set ssleay=%1%
+set tmp1=pem.out
+set cmp=fc.exe
+
+call tpem.bat crl ..\test\testcrl.pem
+if errorlevel 1 goto err
+
+call tpem.bat pkcs7 ..\test\testp7.pem
+if errorlevel 1 goto err
+
+call tpem.bat req ..\test\testreq2.pem
+if errorlevel 1 goto err
+
+call tpem.bat rsa ..\test\testrsa.pem
+if errorlevel 1 goto err
+
+call tpem.bat x509 ..\test\testx509.pem
+if errorlevel 1 goto err
+
+call tpem.bat x509 ..\test\v3-cert1.pem
+if errorlevel 1 goto err
+
+call tpem.bat x509 ..\test\v3-cert1.pem
+if errorlevel 1 goto err
+
+call tpem.bat sess_id ..\test\testsid.pem
+if errorlevel 1 goto err
+
+echo OK
+del %tmp1%
+:err

ms/testpemce.bat

@@ -1,42 +1,42 @@
-@echo off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=fc.exe
-
-cecopy %ssleay% CE:\OpenSSL
-
-copy ..\test\testcrl.pem >nul
-call tpemce.bat crl testcrl.pem
-if errorlevel 1 goto err
-
-copy ..\test\testp7.pem >nul
-call tpemce.bat pkcs7 testp7.pem
-if errorlevel 1 goto err
-
-copy ..\test\testreq2.pem >nul
-call tpemce.bat req testreq2.pem
-if errorlevel 1 goto err
-
-copy ..\test\testrsa.pem >nul
-call tpemce.bat rsa testrsa.pem
-if errorlevel 1 goto err
-
-copy ..\test\testx509.pem >nul
-call tpemce.bat x509 testx509.pem
-if errorlevel 1 goto err
-
-copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
-
-copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
-
-copy ..\test\testsid.pem >nul
-call tpemce.bat sess_id testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1% >nul 2>&1
-:err
+@echo off
+set ssleay=%1%
+set tmp1=pem.out
+set cmp=fc.exe
+
+cecopy %ssleay% CE:\OpenSSL
+
+copy ..\test\testcrl.pem >nul
+call tpemce.bat crl testcrl.pem
+if errorlevel 1 goto err
+
+copy ..\test\testp7.pem >nul
+call tpemce.bat pkcs7 testp7.pem
+if errorlevel 1 goto err
+
+copy ..\test\testreq2.pem >nul
+call tpemce.bat req testreq2.pem
+if errorlevel 1 goto err
+
+copy ..\test\testrsa.pem >nul
+call tpemce.bat rsa testrsa.pem
+if errorlevel 1 goto err
+
+copy ..\test\testx509.pem >nul
+call tpemce.bat x509 testx509.pem
+if errorlevel 1 goto err
+
+copy ..\test\v3-cert1.pem >nul
+call tpemce.bat x509 v3-cert1.pem
+if errorlevel 1 goto err
+
+copy ..\test\v3-cert1.pem >nul
+call tpemce.bat x509 v3-cert1.pem
+if errorlevel 1 goto err
+
+copy ..\test\testsid.pem >nul
+call tpemce.bat sess_id testsid.pem
+if errorlevel 1 goto err
+
+echo OK
+del %tmp1% >nul 2>&1
+:err

ms/testss.bat

@@ -1,98 +1,98 @@
-@echo off
-
-rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509 -sha1
-set verifycmd=%ssleay% verify
-
-set CAkey=keyCA.ss
-set CAcert=certCA.ss
-set CAserial=certCA.srl
-set CAreq=reqCA.ss
-set CAconf=..\test\CAss.cnf
-set CAreq2=req2CA.ss	
-
-set Uconf=..\test\Uss.cnf
-set Ukey=keyU.ss
-set Ureq=reqU.ss
-set Ucert=certU.ss
-
-echo make a certificate request using 'req'
-%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
-if errorlevel 1 goto e_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
-if errorlevel 1 goto e_x509_2
-
-%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
-
-%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
-
-%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
-
-echo --
-echo make another certificate request using 'req'
-%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
-if errorlevel 1 goto e_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
-
-%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-del err.ss
-
-goto end
-
-:e_req
-echo error using 'req' to generate a certificate request
-goto end
-:e_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:e_vrfy_1
-echo first generated request is invalid
-goto end
-:e_vrfy_2
-echo second generated request is invalid
-goto end
-:e_vrfy_3
-echo first generated cert is invalid
-goto end
-:e_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:e_x_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
+@echo off
+
+rem set ssleay=..\out\ssleay
+set ssleay=%1
+
+set reqcmd=%ssleay% req
+set x509cmd=%ssleay% x509 -sha1
+set verifycmd=%ssleay% verify
+
+set CAkey=keyCA.ss
+set CAcert=certCA.ss
+set CAserial=certCA.srl
+set CAreq=reqCA.ss
+set CAconf=..\test\CAss.cnf
+set CAreq2=req2CA.ss	
+
+set Uconf=..\test\Uss.cnf
+set Ukey=keyU.ss
+set Ureq=reqU.ss
+set Ucert=certU.ss
+
+echo make a certificate request using 'req'
+%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
+if errorlevel 1 goto e_req
+
+echo convert the certificate request into a self signed certificate using 'x509'
+%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
+if errorlevel 1 goto e_x509
+
+echo --
+echo convert a certificate into a certificate request using 'x509'
+%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
+if errorlevel 1 goto e_x509_2
+
+%reqcmd% -verify -in %CAreq% -noout
+if errorlevel 1 goto e_vrfy_1
+
+%reqcmd% -verify -in %CAreq2% -noout
+if errorlevel 1 goto e_vrfy_2
+
+%verifycmd% -CAfile %CAcert% %CAcert%
+if errorlevel 1 goto e_vrfy_3
+
+echo --
+echo make another certificate request using 'req'
+%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
+if errorlevel 1 goto e_req_gen
+
+echo --
+echo sign certificate request with the just created CA via 'x509'
+%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
+if errorlevel 1 goto e_x_sign
+
+%verifycmd% -CAfile %CAcert% %Ucert%
+echo --
+echo Certificate details
+%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
+
+echo Everything appeared to work
+echo --
+echo The generated CA certificate is %CAcert%
+echo The generated CA private key is %CAkey%
+echo The current CA signing serial number is in %CAserial%
+
+echo The generated user certificate is %Ucert%
+echo The generated user private key is %Ukey%
+echo --
+
+del err.ss
+
+goto end
+
+:e_req
+echo error using 'req' to generate a certificate request
+goto end
+:e_x509
+echo error using 'x509' to self sign a certificate request
+goto end
+:e_x509_2
+echo error using 'x509' convert a certificate to a certificate request
+goto end
+:e_vrfy_1
+echo first generated request is invalid
+goto end
+:e_vrfy_2
+echo second generated request is invalid
+goto end
+:e_vrfy_3
+echo first generated cert is invalid
+goto end
+:e_req_gen
+echo error using 'req' to generate a certificate request
+goto end
+:e_x_sign
+echo error using 'x509' to sign a certificate request
+goto end
+
+:end

ms/testssce.bat

@@ -1,104 +1,104 @@
-rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
-set verifycmd=%ssleay% verify
-
-set CAkey=\OpenSSL\keyCA.ss
-set CAcert=\OpenSSL\certCA.ss
-set CAserial=\OpenSSL\certCA.srl
-set CAreq=\OpenSSL\reqCA.ss
-cecopy ..\test\CAss.cnf CE:\OpenSSL
-set CAconf=\OpenSSL\CAss.cnf
-set CAreq2=\OpenSSL\req2CA.ss	
-
-cecopy ..\test\Uss.cnf CE:\OpenSSL
-set Uconf=\OpenSSL\Uss.cnf
-set Ukey=\OpenSSL\keyU.ss
-set Ureq=\OpenSSL\reqU.ss
-set Ucert=\OpenSSL\certU.ss
-
-echo make a certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509_2
-
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
-
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
-
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
-
-echo --
-echo make another certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
-
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-cecopy CE:%CAcert% .
-cecopy CE:%CAkey% .
-cecopy CE:%CAserial% .
-cecopy CE:%Ucert% .
-cecopy CE:%Ukey% .
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-cedel CE:\OpenSSL\err.ss
-
-goto end
-
-:e_req
-echo error using 'req' to generate a certificate request
-goto end
-:e_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:e_vrfy_1
-echo first generated request is invalid
-goto end
-:e_vrfy_2
-echo second generated request is invalid
-goto end
-:e_vrfy_3
-echo first generated cert is invalid
-goto end
-:e_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:e_x_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
+rem set ssleay=..\out\ssleay
+set ssleay=%1
+
+set reqcmd=%ssleay% req
+set x509cmd=%ssleay% x509
+set verifycmd=%ssleay% verify
+
+set CAkey=\OpenSSL\keyCA.ss
+set CAcert=\OpenSSL\certCA.ss
+set CAserial=\OpenSSL\certCA.srl
+set CAreq=\OpenSSL\reqCA.ss
+cecopy ..\test\CAss.cnf CE:\OpenSSL
+set CAconf=\OpenSSL\CAss.cnf
+set CAreq2=\OpenSSL\req2CA.ss	
+
+cecopy ..\test\Uss.cnf CE:\OpenSSL
+set Uconf=\OpenSSL\Uss.cnf
+set Ukey=\OpenSSL\keyU.ss
+set Ureq=\OpenSSL\reqU.ss
+set Ucert=\OpenSSL\certU.ss
+
+echo make a certificate request using 'req'
+cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
+if errorlevel 1 goto e_req
+
+echo convert the certificate request into a self signed certificate using 'x509'
+cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
+if errorlevel 1 goto e_x509
+
+echo --
+echo convert a certificate into a certificate request using 'x509'
+cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
+if errorlevel 1 goto e_x509_2
+
+cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
+if errorlevel 1 goto e_vrfy_1
+
+cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
+if errorlevel 1 goto e_vrfy_2
+
+cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
+if errorlevel 1 goto e_vrfy_3
+
+echo --
+echo make another certificate request using 'req'
+cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
+if errorlevel 1 goto e_req_gen
+
+echo --
+echo sign certificate request with the just created CA via 'x509'
+cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
+if errorlevel 1 goto e_x_sign
+
+cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
+echo --
+echo Certificate details
+cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
+
+cecopy CE:%CAcert% .
+cecopy CE:%CAkey% .
+cecopy CE:%CAserial% .
+cecopy CE:%Ucert% .
+cecopy CE:%Ukey% .
+
+echo Everything appeared to work
+echo --
+echo The generated CA certificate is %CAcert%
+echo The generated CA private key is %CAkey%
+echo The current CA signing serial number is in %CAserial%
+
+echo The generated user certificate is %Ucert%
+echo The generated user private key is %Ukey%
+echo --
+
+cedel CE:\OpenSSL\err.ss
+
+goto end
+
+:e_req
+echo error using 'req' to generate a certificate request
+goto end
+:e_x509
+echo error using 'x509' to self sign a certificate request
+goto end
+:e_x509_2
+echo error using 'x509' convert a certificate to a certificate request
+goto end
+:e_vrfy_1
+echo first generated request is invalid
+goto end
+:e_vrfy_2
+echo second generated request is invalid
+goto end
+:e_vrfy_3
+echo first generated cert is invalid
+goto end
+:e_req_gen
+echo error using 'req' to generate a certificate request
+goto end
+:e_x_sign
+echo error using 'x509' to sign a certificate request
+goto end
+
+:end

ms/tpem.bat

@@ -1,6 +1,6 @@
-rem called by testpem
-
-echo test %1 %2
-%ssleay% %1 -in %2 -out %tmp1%
-%cmp% %2 %tmp1%
-
+rem called by testpem
+
+echo test %1 %2
+%ssleay% %1 -in %2 -out %tmp1%
+%cmp% %2 %tmp1%
+

ms/tpemce.bat

@@ -1,8 +1,8 @@
-rem called by testpemce
-
-echo test %1 %2
-cecopy %2 CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
-del %tmp1% >nul 2>&1
-cecopy CE:\OpenSSL\%tmp1% .
-%cmp% %2 %tmp1%
+rem called by testpemce
+
+echo test %1 %2
+cecopy %2 CE:\OpenSSL
+cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
+del %tmp1% >nul 2>&1
+cecopy CE:\OpenSSL\%tmp1% .
+%cmp% %2 %tmp1%

ms/x86asm.bat

@@ -1,57 +1,57 @@
-
-@echo off
-echo Generating x86 assember
-
-echo Bignum
-cd crypto\bn\asm
-perl x86.pl win32n > bn-win32.asm
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl win32n > d-win32.asm
-cd ..\..\..
-
-echo "crypt(3)"
-
-cd crypto\des\asm
-perl crypt586.pl win32n > y-win32.asm
-cd ..\..\..
-
-echo Blowfish
-
-cd crypto\bf\asm
-perl bf-586.pl win32n > b-win32.asm
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl win32n > c-win32.asm
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl win32n > r4-win32.asm
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl win32n > m5-win32.asm
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl win32n > s1-win32.asm
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl win32n > rm-win32.asm
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl win32n > r5-win32.asm
-cd ..\..\..
-
-echo on
+
+@echo off
+echo Generating x86 assember
+
+echo Bignum
+cd crypto\bn\asm
+perl x86.pl win32n > bn-win32.asm
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl win32n > d-win32.asm
+cd ..\..\..
+
+echo "crypt(3)"
+
+cd crypto\des\asm
+perl crypt586.pl win32n > y-win32.asm
+cd ..\..\..
+
+echo Blowfish
+
+cd crypto\bf\asm
+perl bf-586.pl win32n > b-win32.asm
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl win32n > c-win32.asm
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl win32n > r4-win32.asm
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl win32n > m5-win32.asm
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl win32n > s1-win32.asm
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl win32n > rm-win32.asm
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl win32n > r5-win32.asm
+cd ..\..\..
+
+echo on

ssl/d1_both.c

@@ -764,6 +764,24 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		p+=i;
 		l=i;
 
+	/* Copy the finished so we can use it for
+	 * renegotiation checks
+	 */
+	if(s->type == SSL_ST_CONNECT)
+		{
+		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+		memcpy(s->s3->previous_client_finished, 
+		       s->s3->tmp.finish_md, i);
+		s->s3->previous_client_finished_len=i;
+		}
+	else
+		{
+		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+		memcpy(s->s3->previous_server_finished, 
+		       s->s3->tmp.finish_md, i);
+		s->s3->previous_server_finished_len=i;
+		}
+
 #ifdef OPENSSL_SYS_WIN16
 		/* MSVC 1.5 does not clear the top bytes of the word unless
 		 * I do this.

ssl/d1_clnt.c

@@ -286,16 +286,44 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CR_CERT_A:
 		case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+			ret=ssl3_check_finished(s);
+			if (ret <= 0) goto end;
+			if (ret == 2)
+				{
+				s->hit = 1;
+				if (s->tlsext_ticket_expected)
+					s->state=SSL3_ST_CR_SESSION_TICKET_A;
+				else
+					s->state=SSL3_ST_CR_FINISHED_A;
+				s->init_num=0;
+				break;
+				}
+#endif
 			/* Check if it is anon DH or PSK */
 			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
 			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
 				{
 				ret=ssl3_get_server_certificate(s);
 				if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+				if (s->tlsext_status_expected)
+					s->state=SSL3_ST_CR_CERT_STATUS_A;
+				else
+					s->state=SSL3_ST_CR_KEY_EXCH_A;
+				}
+			else
+				{
+				skip = 1;
+				s->state=SSL3_ST_CR_KEY_EXCH_A;
+				}
+#else
 				}
 			else
 				skip=1;
+
 			s->state=SSL3_ST_CR_KEY_EXCH_A;
+#endif
 			s->init_num=0;
 			break;
 
@@ -437,11 +465,36 @@ int dtls1_connect(SSL *s)
 				}
 			else
 				{
+#ifndef OPENSSL_NO_TLSEXT
+				/* Allow NewSessionTicket if ticket expected */
+				if (s->tlsext_ticket_expected)
+					s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+				else
+#endif
+				
 				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
 				}
 			s->init_num=0;
 			break;
 
+#ifndef OPENSSL_NO_TLSEXT
+		case SSL3_ST_CR_SESSION_TICKET_A:
+		case SSL3_ST_CR_SESSION_TICKET_B:
+			ret=ssl3_get_new_session_ticket(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CR_FINISHED_A;
+			s->init_num=0;
+		break;
+
+		case SSL3_ST_CR_CERT_STATUS_A:
+		case SSL3_ST_CR_CERT_STATUS_B:
+			ret=ssl3_get_cert_status(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_CR_KEY_EXCH_A;
+			s->init_num=0;
+		break;
+#endif
+
 		case SSL3_ST_CR_FINISHED_A:
 		case SSL3_ST_CR_FINISHED_B:
 			s->d1->change_cipher_spec_ok = 1;
@@ -554,8 +607,14 @@ int dtls1_client_hello(SSL *s)
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
 		{
+		SSL_SESSION *sess = s->session;
 		if ((s->session == NULL) ||
 			(s->session->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+			!sess->session_id_length ||
+#else
+			(!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
 			(s->session->not_resumable))
 			{
 			if (!ssl_get_new_session(s,0))
@@ -635,7 +694,15 @@ int dtls1_client_hello(SSL *s)
 			*(p++)=comp->id;
 			}
 		*(p++)=0; /* Add the NULL method */
-		
+
+#ifndef OPENSSL_NO_TLSEXT
+		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+			{
+			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+#endif		
+
 		l=(p-d);
 		d=buf;
 

ssl/d1_srvr.c

@@ -266,7 +266,6 @@ int dtls1_accept(SSL *s)
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
 			dtls1_stop_timer(s);
-			s->new_session = 2;
 
 			if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
 				s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
@@ -301,12 +300,23 @@ int dtls1_accept(SSL *s)
 			
 		case SSL3_ST_SW_SRVR_HELLO_A:
 		case SSL3_ST_SW_SRVR_HELLO_B:
+			s->new_session = 2;
 			dtls1_start_timer(s);
 			ret=dtls1_send_server_hello(s);
 			if (ret <= 0) goto end;
 
+#ifndef OPENSSL_NO_TLSEXT
 			if (s->hit)
-				s->state=SSL3_ST_SW_CHANGE_A;
+				{
+				if (s->tlsext_ticket_expected)
+					s->state=SSL3_ST_SW_SESSION_TICKET_A;
+				else
+					s->state=SSL3_ST_SW_CHANGE_A;
+				}
+#else
+			if (s->hit)
+					s->state=SSL3_ST_SW_CHANGE_A;
+#endif
 			else
 				s->state=SSL3_ST_SW_CERT_A;
 			s->init_num=0;
@@ -321,10 +331,24 @@ int dtls1_accept(SSL *s)
 				dtls1_start_timer(s);
 				ret=dtls1_send_server_certificate(s);
 				if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+				if (s->tlsext_status_expected)
+					s->state=SSL3_ST_SW_CERT_STATUS_A;
+				else
+					s->state=SSL3_ST_SW_KEY_EXCH_A;
+				}
+			else
+				{
+				skip = 1;
+				s->state=SSL3_ST_SW_KEY_EXCH_A;
+				}
+#else
 				}
 			else
 				skip=1;
+
 			s->state=SSL3_ST_SW_KEY_EXCH_A;
+#endif
 			s->init_num=0;
 			break;
 
@@ -519,11 +543,34 @@ int dtls1_accept(SSL *s)
 			dtls1_stop_timer(s);
 			if (s->hit)
 				s->state=SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+			else if (s->tlsext_ticket_expected)
+				s->state=SSL3_ST_SW_SESSION_TICKET_A;
+#endif
 			else
 				s->state=SSL3_ST_SW_CHANGE_A;
 			s->init_num=0;
 			break;
 
+#ifndef OPENSSL_NO_TLSEXT
+		case SSL3_ST_SW_SESSION_TICKET_A:
+		case SSL3_ST_SW_SESSION_TICKET_B:
+			ret=dtls1_send_newsession_ticket(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_SW_CHANGE_A;
+			s->init_num=0;
+			break;
+
+		case SSL3_ST_SW_CERT_STATUS_A:
+		case SSL3_ST_SW_CERT_STATUS_B:
+			ret=ssl3_send_cert_status(s);
+			if (ret <= 0) goto end;
+			s->state=SSL3_ST_SW_KEY_EXCH_A;
+			s->init_num=0;
+			break;
+
+#endif
+
 		case SSL3_ST_SW_CHANGE_A:
 		case SSL3_ST_SW_CHANGE_B:
 
@@ -749,6 +796,8 @@ int dtls1_send_server_hello(SSL *s)
 		p+=sl;
 
 		/* put the cipher */
+		if (s->s3->tmp.new_cipher == NULL)
+			return -1;
 		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
 		p+=i;
 
@@ -762,6 +811,14 @@ int dtls1_send_server_hello(SSL *s)
 			*(p++)=s->s3->tmp.new_compression->id;
 #endif
 
+#ifndef OPENSSL_NO_TLSEXT
+		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
+#endif
+
 		/* do the header */
 		l=(p-d);
 		d=buf;
@@ -1384,3 +1441,114 @@ int dtls1_send_server_certificate(SSL *s)
 	/* SSL3_ST_SW_CERT_B */
 	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
 	}
+
+#ifndef OPENSSL_NO_TLSEXT
+int dtls1_send_newsession_ticket(SSL *s)
+	{
+	if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
+		{
+		unsigned char *p, *senc, *macstart;
+		int len, slen;
+		unsigned int hlen, msg_len;
+		EVP_CIPHER_CTX ctx;
+		HMAC_CTX hctx;
+		SSL_CTX *tctx = s->initial_ctx;
+		unsigned char iv[EVP_MAX_IV_LENGTH];
+		unsigned char key_name[16];
+
+		/* get session encoding length */
+		slen = i2d_SSL_SESSION(s->session, NULL);
+		/* Some length values are 16 bits, so forget it if session is
+ 		 * too long
+ 		 */
+		if (slen > 0xFF00)
+			return -1;
+		/* Grow buffer if need be: the length calculation is as
+ 		 * follows 12 (DTLS handshake message header) +
+ 		 * 4 (ticket lifetime hint) + 2 (ticket length) +
+ 		 * 16 (key name) + max_iv_len (iv length) +
+ 		 * session_length + max_enc_block_size (max encrypted session
+ 		 * length) + max_md_size (HMAC).
+ 		 */
+		if (!BUF_MEM_grow(s->init_buf,
+			DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
+			EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
+			return -1;
+		senc = OPENSSL_malloc(slen);
+		if (!senc)
+			return -1;
+		p = senc;
+		i2d_SSL_SESSION(s->session, &p);
+
+		p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+		EVP_CIPHER_CTX_init(&ctx);
+		HMAC_CTX_init(&hctx);
+		/* Initialize HMAC and cipher contexts. If callback present
+		 * it does all the work otherwise use generated values
+		 * from parent ctx.
+		 */
+		if (tctx->tlsext_ticket_key_cb)
+			{
+			if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+							 &hctx, 1) < 0)
+				{
+				OPENSSL_free(senc);
+				return -1;
+				}
+			}
+		else
+			{
+			RAND_pseudo_bytes(iv, 16);
+			EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+					tctx->tlsext_tick_aes_key, iv);
+			HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+					tlsext_tick_md(), NULL);
+			memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+			}
+		l2n(s->session->tlsext_tick_lifetime_hint, p);
+		/* Skip ticket length for now */
+		p += 2;
+		/* Output key name */
+		macstart = p;
+		memcpy(p, key_name, 16);
+		p += 16;
+		/* output IV */
+		memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+		p += EVP_CIPHER_CTX_iv_length(&ctx);
+		/* Encrypt session data */
+		EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+		p += len;
+		EVP_EncryptFinal(&ctx, p, &len);
+		p += len;
+		EVP_CIPHER_CTX_cleanup(&ctx);
+
+		HMAC_Update(&hctx, macstart, p - macstart);
+		HMAC_Final(&hctx, p, &hlen);
+		HMAC_CTX_cleanup(&hctx);
+
+		p += hlen;
+		/* Now write out lengths: p points to end of data written */
+		/* Total length */
+		len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+		p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
+		s2n(len - 18, p);  /* Ticket length */
+
+		/* number of bytes to write */
+		s->init_num= len;
+		s->state=SSL3_ST_SW_SESSION_TICKET_B;
+		s->init_off=0;
+		OPENSSL_free(senc);
+
+		/* XDTLS:  set message header ? */
+		msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+		dtls1_set_message_header(s, (void *)s->init_buf->data,
+			SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
+
+		/* buffer the message to handle re-xmits */
+		dtls1_buffer_message(s, 0);
+		}
+
+	/* SSL3_ST_SW_SESSION_TICKET_B */
+	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+	}
+#endif

ssl/s23_clnt.c

@@ -305,6 +305,8 @@ static int ssl23_client_hello(SSL *s)
 			ssl2_compat = 0;
 		if (s->tlsext_status_type != -1)
 			ssl2_compat = 0;
+		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+			ssl2_compat = 0;
 		
 #ifdef TLSEXT_TYPE_opaque_prf_input
 		if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)

ssl/s23_srvr.c

@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
 			 (p[1] == SSL3_VERSION_MAJOR) &&
 			 (p[5] == SSL3_MT_CLIENT_HELLO) &&
 			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
-				|| (p[9] == p[1])))
+				|| (p[9] >= p[1])))
 			{
 			/*
 			 * SSLv3 or tls1 header
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
 				v[1] = TLS1_VERSION_MINOR;
 #endif
 				}
+			/* if major version number > 3 set minor to a value
+			 * which will use the highest version 3 we support.
+			 * If TLS 2.0 ever appears we will need to revise
+			 * this....
+			 */
+			else if (p[9] > SSL3_VERSION_MAJOR)
+				v[1]=0xff;
 			else
 				v[1]=p[10]; /* minor version according to client_version */
 			if (v[1] >= TLS1_VERSION_MINOR)
@@ -488,6 +495,11 @@ int ssl23_get_client_hello(SSL *s)
 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
 #else
+		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+			{
+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+			goto err;
+			}
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3/TLSv1 setup and put in the
 		 * sslv2 stuff. */

ssl/s3_clnt.c

@@ -166,9 +166,6 @@
 
 static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s);
-#endif
 
 static const SSL_METHOD *ssl3_get_client_method(int ver)
 	{
@@ -894,10 +891,31 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		goto f_err;
 		}
+	/* If compression is disabled we'd better not try to resume a session
+	 * using compression.
+	 */
+	if (s->session->compress_meth != 0)
+		{
+		al=SSL_AD_INTERNAL_ERROR;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+		goto f_err;
+		}
 #else
 	j= *(p++);
-	if ((j == 0) || (s->options & SSL_OP_NO_COMPRESSION))
+	if (s->hit && j != s->session->compress_meth)
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+		goto f_err;
+		}
+	if (j == 0)
 		comp=NULL;
+	else if (s->options & SSL_OP_NO_COMPRESSION)
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
+		goto f_err;
+		}
 	else
 		comp=ssl3_comp_find(s->ctx->comp_methods,j);
 	
@@ -915,7 +933,7 @@ int ssl3_get_server_hello(SSL *s)
 
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extensions*/
-	if (s->version > SSL3_VERSION)
+	if (s->version >= SSL3_VERSION)
 		{
 		if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
 			{
@@ -1821,6 +1839,7 @@ int ssl3_get_new_session_ticket(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
 		goto f_err;
 		}
+
 	p=d=(unsigned char *)s->init_msg;
 	n2l(p, s->session->tlsext_tick_lifetime_hint);
 	n2s(p, ticklen);
@@ -2985,7 +3004,7 @@ err:
  */
 
 #ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s)
+int ssl3_check_finished(SSL *s)
 	{
 	int ok;
 	long n;

ssl/s3_pkt.c

@@ -1120,7 +1120,25 @@ start:
 		 * now try again to obtain the (application) data we were asked for */
 		goto start;
 		}
-
+	/* If we are a server and get a client hello when renegotiation isn't
+	 * allowed send back a no renegotiation alert and carry on.
+	 * WARNING: experimental code, needs reviewing (steve)
+	 */
+	if (s->server &&
+		SSL_is_init_finished(s) &&
+    		!s->s3->send_connection_binding &&
+		(s->version > SSL3_VERSION) &&
+		(s->s3->handshake_fragment_len >= 4) &&
+		(s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+		(s->session != NULL) && (s->session->cipher != NULL) &&
+		!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+		
+		{
+		/*s->s3->handshake_fragment_len = 0;*/
+		rr->length = 0;
+		ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+		goto start;
+		}
 	if (s->s3->alert_fragment_len >= 2)
 		{
 		int alert_level = s->s3->alert_fragment[0];
@@ -1150,6 +1168,21 @@ start:
 				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
 				return(0);
 				}
+			/* This is a warning but we receive it if we requested
+			 * renegotiation and the peer denied it. Terminate with
+			 * a fatal alert because if application tried to
+			 * renegotiatie it presumably had a good reason and
+			 * expects it to succeed.
+			 *
+			 * In future we might have a renegotiation where we
+			 * don't care if the peer refused it where we carry on.
+			 */
+			else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
+				{
+				al = SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
+				goto f_err;
+				}
 			}
 		else if (alert_level == 2) /* fatal */
 			{

ssl/s3_srvr.c

@@ -1015,7 +1015,7 @@ int ssl3_get_client_hello(SSL *s)
 
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extensions*/
-	if (s->version > SSL3_VERSION)
+	if (s->version >= SSL3_VERSION)
 		{
 		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
 			{
@@ -1088,7 +1088,50 @@ int ssl3_get_client_hello(SSL *s)
 	 * algorithms from the client, starting at q. */
 	s->s3->tmp.new_compression=NULL;
 #ifndef OPENSSL_NO_COMP
-	if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
+	/* This only happens if we have a cache hit */
+	if (s->session->compress_meth != 0)
+		{
+		int m, comp_id = s->session->compress_meth;
+		/* Perform sanity checks on resumed compression algorithm */
+		/* Can't disable compression */
+		if (s->options & SSL_OP_NO_COMPRESSION)
+			{
+			al=SSL_AD_INTERNAL_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+			goto f_err;
+			}
+		/* Look for resumed compression method */
+		for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
+			{
+			comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
+			if (comp_id == comp->id)
+				{
+				s->s3->tmp.new_compression=comp;
+				break;
+				}
+			}
+		if (s->s3->tmp.new_compression == NULL)
+			{
+			al=SSL_AD_INTERNAL_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
+			goto f_err;
+			}
+		/* Look for resumed method in compression list */
+		for (m = 0; m < i; m++)
+			{
+			if (q[m] == comp_id)
+				break;
+			}
+		if (m >= i)
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
+			goto f_err;
+			}
+		}
+	else if (s->hit)
+		comp = NULL;
+	else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
 		{ /* See if we have a match */
 		int m,nn,o,v,done=0;
 
@@ -1112,6 +1155,16 @@ int ssl3_get_client_hello(SSL *s)
 		else
 			comp=NULL;
 		}
+#else
+	/* If compression is disabled we'd better not try to resume a session
+	 * using compression.
+	 */
+	if (s->session->compress_meth != 0)
+		{
+		al=SSL_AD_INTERNAL_ERROR;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+		goto f_err;
+		}
 #endif
 
 	/* Given s->session->ciphers and SSL_get_ciphers, we must

ssl/ssl.h

@@ -485,7 +485,7 @@ typedef struct ssl_session_st
 	long timeout;
 	long time;
 
-	int compress_meth;		/* Need to lookup the method */
+	unsigned int compress_meth;	/* Need to lookup the method */
 
 	const SSL_CIPHER *cipher;
 	unsigned long cipher_id;	/* when ASN.1 loaded, this
@@ -517,6 +517,8 @@ typedef struct ssl_session_st
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
@@ -524,7 +526,6 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00000400L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -550,6 +551,8 @@ typedef struct ssl_session_st
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
 /* Don't use compression even if supported */
 #define SSL_OP_NO_COMPRESSION				0x00020000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE				0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
@@ -605,17 +608,25 @@ typedef struct ssl_session_st
 
 #define SSL_CTX_set_options(ctx,op) \
 	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
 	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
 	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+	SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 
 #define SSL_CTX_set_mode(ctx,op) \
 	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
 	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+	SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_set_mode(ssl,op) \
 	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
@@ -623,6 +634,8 @@ typedef struct ssl_session_st
 #define SSL_set_mtu(ssl, mtu) \
         SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
 
+#define SSL_get_secure_renegotiation_support(ssl) \
+	SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -1401,6 +1414,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define DTLS_CTRL_HANDLE_TIMEOUT	74
 #define DTLS_CTRL_LISTEN			75
 
+#define SSL_CTRL_GET_RI_SUPPORT			76
+#define SSL_CTRL_CLEAR_OPTIONS			77
+#define SSL_CTRL_CLEAR_MODE			78
+
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1954,7 +1971,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
 #define SSL_F_SSL_NEW					 186
 #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300
+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT		 302
 #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301
+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT		 303
 #define SSL_F_SSL_PEEK					 270
 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281
 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282
@@ -2052,6 +2071,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
 #define SSL_R_CLIENTHELLO_TLSEXT			 226
 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
+#define SSL_R_COMPRESSION_DISABLED			 343
 #define SSL_R_COMPRESSION_FAILURE			 141
 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307
 #define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
@@ -2080,8 +2100,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156
 #define SSL_R_ILLEGAL_PADDING				 283
+#define SSL_R_INCONSISTENT_COMPRESSION			 340
 #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
 #define SSL_R_INVALID_COMMAND				 280
+#define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341
 #define SSL_R_INVALID_PURPOSE				 278
 #define SSL_R_INVALID_STATUS_RESPONSE			 328
 #define SSL_R_INVALID_TICKET_KEYS_LENGTH		 325
@@ -2137,12 +2159,14 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
 #define SSL_R_NO_PUBLICKEY				 192
+#define SSL_R_NO_RENEGOTIATION				 339
 #define SSL_R_NO_REQUIRED_DIGEST			 324
 #define SSL_R_NO_SHARED_CIPHER				 193
 #define SSL_R_NO_VERIFY_CALLBACK			 194
 #define SSL_R_NULL_SSL_CTX				 195
 #define SSL_R_NULL_SSL_METHOD_PASSED			 196
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
+#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
 #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
 #define SSL_R_PACKET_LENGTH_TOO_LONG			 198
@@ -2173,9 +2197,11 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_RENEGOTIATION_ENCODING_ERR		 336
 #define SSL_R_RENEGOTIATION_MISMATCH			 337
 #define SSL_R_REQUIRED_CIPHER_MISSING			 215
+#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING	 342
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
 #define SSL_R_SERVERHELLO_TLSEXT			 275
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
 #define SSL_R_SHORT_READ				 219
@@ -2251,6 +2277,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
 #define SSL_R_UNKNOWN_SSL_VERSION			 254
 #define SSL_R_UNKNOWN_STATE				 255
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED	 338
 #define SSL_R_UNSUPPORTED_CIPHER			 256
 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
 #define SSL_R_UNSUPPORTED_DIGEST_TYPE			 326

ssl/ssl3.h

@@ -128,6 +128,9 @@
 extern "C" {
 #endif
 
+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+#define SSL3_CK_SCSV				0x030000FF
+
 #define SSL3_CK_RSA_NULL_MD5			0x03000001
 #define SSL3_CK_RSA_NULL_SHA			0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5 			0x03000003

ssl/ssl_algs.c

@@ -76,6 +76,10 @@ int SSL_library_init(void)
 #endif  
 #ifndef OPENSSL_NO_RC2
 	EVP_add_cipher(EVP_rc2_cbc());
+	/* Not actually used for SSL/TLS but this makes PKCS#12 work
+	 * if an application only calls SSL_library_init().
+	 */
+	EVP_add_cipher(EVP_rc2_40_cbc());
 #endif
 #ifndef OPENSSL_NO_AES
 	EVP_add_cipher(EVP_aes_128_cbc());

ssl/ssl_err.c

@@ -226,7 +226,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},
 {ERR_FUNC(SSL_F_SSL_NEW),	"SSL_new"},
 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),	"SSL_PARSE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),	"SSL_PARSE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_PEEK),	"SSL_peek"},
 {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),	"SSL_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),	"SSL_PREPARE_SERVERHELLO_TLSEXT"},
@@ -327,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
 {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    ,"clienthello tlsext"},
 {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
+{ERR_REASON(SSL_R_COMPRESSION_DISABLED)  ,"compression disabled"},
 {ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},
 {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
@@ -355,8 +358,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
 {ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
 {ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
+{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
 {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
+{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
 {ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
 {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
@@ -412,12 +417,14 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
 {ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
+{ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
 {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST)    ,"digest requred for handshake isn't computed"},
 {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
+{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
 {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
@@ -448,9 +455,11 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
 {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
 {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
+{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
 {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
 {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
 {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
+{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
 {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
 {ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
@@ -526,6 +535,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
 {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   ,"unknown ssl version"},
 {ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},
+{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
 {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
 {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},

ssl/ssl_lib.c

@@ -1041,8 +1041,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 
 	case SSL_CTRL_OPTIONS:
 		return(s->options|=larg);
+	case SSL_CTRL_CLEAR_OPTIONS:
+		return(s->options&=~larg);
 	case SSL_CTRL_MODE:
 		return(s->mode|=larg);
+	case SSL_CTRL_CLEAR_MODE:
+		return(s->mode &=~larg);
 	case SSL_CTRL_GET_MAX_CERT_LIST:
 		return(s->max_cert_list);
 	case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -1062,6 +1066,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 			return 0;
 		s->max_send_fragment = larg;
 		return 1;
+	case SSL_CTRL_GET_RI_SUPPORT:
+		if (s->s3)
+			return s->s3->send_connection_binding;
+		else return 0;
 	default:
 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
 		}
@@ -1148,8 +1156,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
 		return(ctx->stats.sess_cache_full);
 	case SSL_CTRL_OPTIONS:
 		return(ctx->options|=larg);
+	case SSL_CTRL_CLEAR_OPTIONS:
+		return(ctx->options&=~larg);
 	case SSL_CTRL_MODE:
 		return(ctx->mode|=larg);
+	case SSL_CTRL_CLEAR_MODE:
+		return(ctx->mode&=~larg);
 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
 			return 0;
@@ -1357,6 +1369,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
+	/* If p == q, no ciphers and caller indicates an error. Otherwise
+	 * add SCSV if not renegotiating.
+	 */
+	if (p != q && !s->new_session)
+		{
+		static SSL_CIPHER scsv =
+			{
+			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+			};
+		j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
+		p+=j;
+#ifdef OPENSSL_RI_DEBUG
+		fprintf(stderr, "SCSV sent by client\n");
+#endif
+		}
+
 	return(p-q);
 	}
 
@@ -1366,6 +1394,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 	const SSL_CIPHER *c;
 	STACK_OF(SSL_CIPHER) *sk;
 	int i,n;
+	if (s->s3)
+		s->s3->send_connection_binding = 0;
 
 	n=ssl_put_cipher_by_char(s,NULL,NULL);
 	if ((num%n) != 0)
@@ -1383,6 +1413,26 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 
 	for (i=0; i<num; i+=n)
 		{
+		/* Check for SCSV */
+		if (s->s3 && (n != 3 || !p[0]) &&
+			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
+			{
+			/* SCSV fatal if renegotiating */
+			if (s->new_session)
+				{
+				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 
+				goto err;
+				}
+			s->s3->send_connection_binding = 1;
+			p += n;
+#ifdef OPENSSL_RI_DEBUG
+			fprintf(stderr, "SCSV received by server\n");
+#endif
+			continue;
+			}
+
 		c=ssl_get_cipher_by_char(s,p);
 		p+=n;
 		if (c != NULL)
@@ -1634,6 +1684,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	}
 #endif
 #endif
+	/* Default is to connect to non-RI servers. When RI is more widely
+	 * deployed might change this.
+	 */
+	ret->options = SSL_OP_LEGACY_SERVER_CONNECT;
 
 	return(ret);
 err:

ssl/ssl_locl.h

@@ -949,7 +949,7 @@ void dtls1_start_timer(SSL *s);
 void dtls1_stop_timer(SSL *s);
 int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
-
+int dtls1_send_newsession_ticket(SSL *s);
 
 /* some client-only functions */
 int ssl3_client_hello(SSL *s);
@@ -965,6 +965,9 @@ int ssl3_send_client_key_exchange(SSL *s);
 int ssl3_get_key_exchange(SSL *s);
 int ssl3_get_server_certificate(SSL *s);
 int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_check_finished(SSL *s);
+#endif
 
 int dtls1_client_hello(SSL *s);
 int dtls1_send_client_certificate(SSL *s);
@@ -1053,6 +1056,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
+
 #ifdef OPENSSL_NO_SHA256
 #define tlsext_tick_md	EVP_sha1
 #else

ssl/ssl_stat.c

@@ -224,6 +224,12 @@ case SSL23_ST_SR_CLNT_HELLO_A:	str="SSLv2/v3 read client hello A"; break;
 case SSL23_ST_SR_CLNT_HELLO_B:	str="SSLv2/v3 read client hello B"; break;
 #endif
 
+/* DTLS */
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
+
 default:	str="unknown state"; break;
 		}
 	return(str);
@@ -371,6 +377,11 @@ case SSL23_ST_CR_SRVR_HELLO_B:			str="23RSHA"; break;
 case SSL23_ST_SR_CLNT_HELLO_A:			str="23RCHA"; break;
 case SSL23_ST_SR_CLNT_HELLO_B:			str="23RCHB"; break;
 #endif
+/* DTLS */
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
+case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
+case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
 
 default:					str="UNKWN "; break;
 		}

ssl/ssltest.c

@@ -143,6 +143,9 @@
 #define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
 				   on Linux and GNU platforms. */
 
+#define _XOPEN_SOURCE 500	/* Or isascii won't be declared properly on
+				   VMS (at least with DECompHP C).  */
+
 #include <assert.h>
 #include <errno.h>
 #include <limits.h>
@@ -154,8 +157,6 @@
 #define USE_SOCKETS
 #include "e_os.h"
 
-#define _XOPEN_SOURCE 500	/* Or isascii won't be declared properly on
-				   VMS (at least with DECompHP C).  */
 #include <ctype.h>
 
 #include <openssl/bio.h>

ssl/t1_lib.c

@@ -275,8 +275,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
-	/* don't add extensions for SSLv3 */
-	if (s->client_version == SSL3_VERSION)
+	/* don't add extensions for SSLv3 unless doing secure renegotiation */
+	if (s->client_version == SSL3_VERSION
+					&& !s->s3->send_connection_binding)
 		return p;
 
 	ret+=2;
@@ -315,8 +316,34 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		ret+=size_str;
 		}
 
+        /* Add RI if renegotiating */
+        if (s->new_session)
+          {
+          int el;
+          
+          if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
+              {
+              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+
+          if((limit - p - 4 - el) < 0) return NULL;
+          
+          s2n(TLSEXT_TYPE_renegotiate,ret);
+          s2n(el,ret);
+
+          if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
+              {
+              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+
+          ret += el;
+        }
+
 #ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist != NULL)
+	if (s->tlsext_ecpointformatlist != NULL &&
+	    s->version != DTLS1_VERSION)
 		{
 		/* Add TLS extension ECPointFormats to the ClientHello message */
 		long lenmax; 
@@ -335,7 +362,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
 		ret+=s->tlsext_ecpointformatlist_length;
 		}
-	if (s->tlsext_ellipticcurvelist != NULL)
+	if (s->tlsext_ellipticcurvelist != NULL &&
+	    s->version != DTLS1_VERSION)
 		{
 		/* Add TLS extension EllipticCurves to the ClientHello message */
 		long lenmax; 
@@ -399,7 +427,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		skip_ext:
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL)
+	if (s->s3->client_opaque_prf_input != NULL &&
+	    s->version != DTLS1_VERSION)
 		{
 		size_t col = s->s3->client_opaque_prf_input_len;
 		
@@ -416,7 +445,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		}
 #endif
 
-	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
+	    s->version != DTLS1_VERSION)
 		{
 		int i;
 		long extlen, idlen, itmp;
@@ -476,8 +506,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
-	/* don't add extensions for SSLv3 */
-	if (s->version == SSL3_VERSION)
+	/* don't add extensions for SSLv3, unless doing secure renegotiation */
+	if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
 		return p;
 	
 	ret+=2;
@@ -490,8 +520,34 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		s2n(TLSEXT_TYPE_server_name,ret);
 		s2n(0,ret);
 		}
+
+	if(s->s3->send_connection_binding)
+        {
+          int el;
+          
+          if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
+              {
+              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+
+          if((limit - p - 4 - el) < 0) return NULL;
+          
+          s2n(TLSEXT_TYPE_renegotiate,ret);
+          s2n(el,ret);
+
+          if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
+              {
+              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+              return NULL;
+              }
+
+          ret += el;
+        }
+
 #ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist != NULL)
+	if (s->tlsext_ecpointformatlist != NULL &&
+	    s->version != DTLS1_VERSION)
 		{
 		/* Add TLS extension ECPointFormats to the ServerHello message */
 		long lenmax; 
@@ -530,7 +586,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		}
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->server_opaque_prf_input != NULL)
+	if (s->s3->server_opaque_prf_input != NULL &&
+	    s->version != DTLS1_VERSION)
 		{
 		size_t sol = s->s3->server_opaque_prf_input_len;
 		
@@ -574,15 +631,17 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	unsigned short size;
 	unsigned short len;
 	unsigned char *data = *p;
+	int renegotiate_seen = 0;
+
 	s->servername_done = 0;
 	s->tlsext_status_type = -1;
 
 	if (data >= (d+n-2))
-		return 1;
+		goto ri_check;
 	n2s(data,len);
 
 	if (data > (d+n-len)) 
-		return 1;
+		goto ri_check;
 
 	while (data <= (d+n-4))
 		{
@@ -590,7 +649,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 		n2s(data,size);
 
 		if (data+size > (d+n))
-	   		return 1;
+	   		goto ri_check;
 #if 0
 		fprintf(stderr,"Received extension type %d size %d\n",type,size);
 #endif
@@ -695,7 +754,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			}
 
 #ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats)
+		else if (type == TLSEXT_TYPE_ec_point_formats &&
+	             s->version != DTLS1_VERSION)
 			{
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
@@ -722,7 +782,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			fprintf(stderr,"\n");
 #endif
 			}
-		else if (type == TLSEXT_TYPE_elliptic_curves)
+		else if (type == TLSEXT_TYPE_elliptic_curves &&
+	             s->version != DTLS1_VERSION)
 			{
 			unsigned char *sdata = data;
 			int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -752,7 +813,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			}
 #endif /* OPENSSL_NO_EC */
 #ifdef TLSEXT_TYPE_opaque_prf_input
-		else if (type == TLSEXT_TYPE_opaque_prf_input)
+		else if (type == TLSEXT_TYPE_opaque_prf_input &&
+	             s->version != DTLS1_VERSION)
 			{
 			unsigned char *sdata = data;
 
@@ -790,8 +852,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				return 0;
 				}
 			}
-		else if (type == TLSEXT_TYPE_status_request
-						&& s->ctx->tlsext_status_cb)
+		else if (type == TLSEXT_TYPE_renegotiate)
+			{
+			if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
+				return 0;
+			renegotiate_seen = 1;
+			}
+		else if (type == TLSEXT_TYPE_status_request &&
+		         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
 			{
 		
 			if (size < 5) 
@@ -896,6 +964,20 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 		}
 				
 	*p = data;
+
+	ri_check:
+
+	/* Need RI if renegotiating */
+
+	if (!renegotiate_seen && s->new_session &&
+		!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+		{
+		*al = SSL_AD_HANDSHAKE_FAILURE;
+	 	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
+				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+		return 0;
+		}
+
 	return 1;
 	}
 
@@ -905,11 +987,11 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	unsigned short size;
 	unsigned short len;  
 	unsigned char *data = *p;
-
 	int tlsext_servername = 0;
+	int renegotiate_seen = 0;
 
 	if (data >= (d+n-2))
-		return 1;
+		goto ri_check;
 
 	n2s(data,len);
 
@@ -919,7 +1001,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 		n2s(data,size);
 
 		if (data+size > (d+n))
-	   		return 1;
+	   		goto ri_check;
 
 		if (s->tlsext_debug_cb)
 			s->tlsext_debug_cb(s, 1, type, data, size,
@@ -936,7 +1018,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			}
 
 #ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats)
+		else if (type == TLSEXT_TYPE_ec_point_formats &&
+	             s->version != DTLS1_VERSION)
 			{
 			unsigned char *sdata = data;
 			int ecpointformatlist_length = *(sdata++);
@@ -982,7 +1065,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			s->tlsext_ticket_expected = 1;
 			}
 #ifdef TLSEXT_TYPE_opaque_prf_input
-		else if (type == TLSEXT_TYPE_opaque_prf_input)
+		else if (type == TLSEXT_TYPE_opaque_prf_input &&
+	             s->version != DTLS1_VERSION)
 			{
 			unsigned char *sdata = data;
 
@@ -1012,7 +1096,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				}
 			}
 #endif
-		else if (type == TLSEXT_TYPE_status_request)
+		else if (type == TLSEXT_TYPE_status_request &&
+		         s->version != DTLS1_VERSION)
 			{
 			/* MUST be empty and only sent if we've requested
 			 * a status request message.
@@ -1025,7 +1110,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			/* Set flag to expect CertificateStatus message */
 			s->tlsext_status_expected = 1;
 			}
-
+		else if (type == TLSEXT_TYPE_renegotiate)
+			{
+			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
+				return 0;
+			renegotiate_seen = 1;
+			}
 		data+=size;		
 		}
 
@@ -1057,6 +1147,26 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 		}
 
 	*p = data;
+
+	ri_check:
+
+	/* Determine if we need to see RI. Strictly speaking if we want to
+	 * avoid an attack we should *always* see RI even on initial server
+	 * hello because the client doesn't see any renegotiation during an
+	 * attack. However this would mean we could not connect to any server
+	 * which doesn't support RI so for the immediate future tolerate RI
+	 * absence on initial connect only.
+	 */
+	if (!renegotiate_seen && 
+		(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
+		&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+		{
+		*al = SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
+				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+		return 0;
+		}
+
 	return 1;
 	}