Prepare for 1.1.0a release

Reviewed-by: Richard Levitte <levitte@openssl.org>

.gitignore

@@ -16,6 +16,8 @@
 
 # *all* Makefiles
 Makefile
+# ... except in demos
+!/demos/*/Makefile
 
 # Links under apps
 /apps/CA.pl
@@ -72,6 +74,7 @@ Makefile
 /include/openssl/opensslconf.h
 /tools/c_rehash
 /tools/c_rehash.pl
+/util/shlib_wrap.sh
 /tags
 /TAGS
 /crypto.map

.travis.yml

@@ -39,16 +39,16 @@ matrix:
           env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
         - os: linux
           compiler: clang-3.6
-          env: CONFIG_OPTS="no-shared enable-asan"
+          env: CONFIG_OPTS="enable-asan"
         - os: linux
           compiler: clang-3.6
-          env: CONFIG_OPTS="no-shared enable-msan"
+          env: CONFIG_OPTS="enable-msan"
         - os: linux
           compiler: clang-3.6
           env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
         - os: linux
           compiler: clang-3.6
-          env: CONFIG_OPTS="no-shared no-asm enable-asan enable-rc5 enable-md2"
+          env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
         - os: linux
           compiler: clang-3.6
           env: CONFIG_OPTS="no-stdio"

CHANGES

@@ -2,7 +2,82 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.2h and 1.1.0  [xx XXX xxxx]
+ Changes between 1.1.0 and 1.1.0a [22 Sep 2016]
+
+  *) OCSP Status Request extension unbounded memory growth
+
+     A malicious client can send an excessively large OCSP Status Request
+     extension. If that client continually requests renegotiation, sending a
+     large OCSP Status Request extension each time, then there will be unbounded
+     memory growth on the server. This will eventually lead to a Denial Of
+     Service attack through memory exhaustion. Servers with a default
+     configuration are vulnerable even if they do not support OCSP. Builds using
+     the "no-ocsp" build time option are not affected.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6304)
+     [Matt Caswell]
+
+  *) SSL_peek() hang on empty record
+
+     OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer
+     sends an empty record. This could be exploited by a malicious peer in a
+     Denial Of Service attack.
+
+     This issue was reported to OpenSSL by Alex Gaynor.
+     (CVE-2016-6305)
+     [Matt Caswell]
+
+  *) Excessive allocation of memory in tls_get_message_header() and
+     dtls1_preprocess_fragment()
+
+     A (D)TLS message includes 3 bytes for its length in the header for the
+     message. This would allow for messages up to 16Mb in length. Messages of
+     this length are excessive and OpenSSL includes a check to ensure that a
+     peer is sending reasonably sized messages in order to avoid too much memory
+     being consumed to service a connection. A flaw in the logic of version
+     1.1.0 means that memory for the message is allocated too early, prior to
+     the excessive message length check. Due to way memory is allocated in
+     OpenSSL this could mean an attacker could force up to 21Mb to be allocated
+     to service a connection. This could lead to a Denial of Service through
+     memory exhaustion. However, the excessive message length check still takes
+     place, and this would cause the connection to immediately fail. Assuming
+     that the application calls SSL_free() on the failed conneciton in a timely
+     manner then the 21Mb of allocated memory will then be immediately freed
+     again. Therefore the excessive memory allocation will be transitory in
+     nature. This then means that there is only a security impact if:
+
+     1) The application does not call SSL_free() in a timely manner in the event
+     that the connection fails
+     or
+     2) The application is working in a constrained environment where there is
+     very little free memory
+     or
+     3) The attacker initiates multiple connection attempts such that there are
+     multiple connections in a state where memory has been allocated for the
+     connection; SSL_free() has not yet been called; and there is insufficient
+     memory to service the multiple requests.
+
+     Except in the instance of (1) above any Denial Of Service is likely to be
+     transitory because as soon as the connection fails the memory is
+     subsequently freed again in the SSL_free() call. However there is an
+     increased risk during this period of application crashes due to the lack of
+     memory - which would then mean a more serious Denial of Service.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6307 and CVE-2016-6308)
+     [Matt Caswell]
+
+  *) solaris-x86-cc, i.e. 32-bit configuration with vendor compiler,
+     had to be removed. Primary reason is that vendor assembler can't
+     assemble our modules with -KPIC flag. As result it, assembly
+     support, was not even available as option. But its lack means
+     lack of side-channel resistant code, which is incompatible with
+     security by todays standards. Fortunately gcc is readily available
+     prepackaged option, which we firmly point at...
+     [Andy Polyakov]
+
+ Changes between 1.0.2h and 1.1.0  [25 Aug 2016]
 
   *) Windows command-line tool supports UTF-8 opt-in option for arguments
      and console input. Setting OPENSSL_WIN32_UTF8 environment variable
@@ -874,10 +949,6 @@
      combination: call this in fips_test_suite.
      [Steve Henson]
 
-  *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
-     and POST to handle Dual EC cases.
-     [Steve Henson]
-
   *) Add support for canonical generation of DSA parameter 'g'. See 
      FIPS 186-3 A.2.3.
 

Configurations/10-main.conf

@@ -14,7 +14,10 @@ sub vc_win64a_info {
                                 asflags   => "/c /Cp /Cx /Zi",
                                 asoutflag => "/Fo" };
         } else {
-            die "NASM not found - please read INSTALL and NOTES.WIN for further details\n";
+            $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
+            $vc_win64a_info = { as        => "{unknown}",
+                                asflags   => "",
+                                asoutflag => "" };
         }
     }
     return $vc_win64a_info;
@@ -36,7 +39,11 @@ sub vc_win32_info {
                                asoutflag => "/Fo",
                                perlasm_scheme => "win32" };
         } else {
-            die "NASM not found - please read INSTALL and NOTES.WIN for further details\n";
+            $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n");
+            $vc_win32_info = { as        => "{unknown}",
+                               asflags   => "",
+                               asoutflag => "",
+                               perlasm_scheme => "win32" };
         }
     }
     return $vc_win32_info;
@@ -46,18 +53,26 @@ my $vc_wince_info = {};
 sub vc_wince_info {
     unless (%$vc_wince_info) {
         # sanity check
-        die '%OSVERSION% is not defined' if (!defined($ENV{'OSVERSION'}));
-        die '%PLATFORM% is not defined'  if (!defined($ENV{'PLATFORM'}));
-        die '%TARGETCPU% is not defined' if (!defined($ENV{'TARGETCPU'}));
+        $die->('%OSVERSION% is not defined') if (!defined($ENV{'OSVERSION'}));
+        $die->('%PLATFORM% is not defined')  if (!defined($ENV{'PLATFORM'}));
+        $die->('%TARGETCPU% is not defined') if (!defined($ENV{'TARGETCPU'}));
 
         #
         # Idea behind this is to mimic flags set by eVC++ IDE...
         #
         my $wcevers = $ENV{'OSVERSION'};                    # WCENNN
-        die '%OSVERSION% value is insane'
-            if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/);
-        my $wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2"; # -D_WIN32_WCE=NNN
-        my $wcelflag = "/subsystem:windowsce,$1.$2";        # ...,N.NN
+	my $wcevernum;
+	my $wceverdotnum;
+	if ($wcevers =~ /^WCE([1-9])([0-9]{2})$/) {
+	    $wcevernum = "$1$2";
+	    $wceverdotnum = "$1.$2";
+	} else {
+	    $die->('%OSVERSION% value is insane');
+	    $wcevernum = "{unknown}";
+	    $wceverdotnum = "{unknown}";
+	}
+        my $wcecdefs = "-D_WIN32_WCE=$wcevernum -DUNDER_CE=$wcevernum"; # -D_WIN32_WCE=NNN
+        my $wcelflag = "/subsystem:windowsce,$wceverdotnum";        # ...,N.NN
 
         my $wceplatf =  $ENV{'PLATFORM'};
 
@@ -185,7 +200,7 @@ sub vms_info {
                                        threads("-pthread")),
         bn_ops           => "BN_LLONG",
         shared_cflag     => "-fPIC",
-        shared_ldflag    => "-shared",
+        shared_ldflag    => "-shared -static-libgcc",
     },
     "solaris64-x86_64-gcc" => {
         # -shared -static-libgcc might appear controversial, but modules
@@ -210,19 +225,18 @@ sub vms_info {
     },
 
 #### Solaris x86 with Sun C setups
-    "solaris-x86-cc" => {
-        inherit_from     => [ "solaris-common" ],
-        cc               => "cc",
-        cflags           => add_before(picker(default => "-xarch=generic -xstrconst -Xa -DL_ENDIAN",
-                                              debug   => "-g",
-                                              release => "-xO5 -xregs=frameptr -xdepend -xbuiltin"),
-                                       threads("-D_REENTRANT")),
-        lflags           => add(threads("-mt")),
-        ex_libs          => add(threads("-lpthread")),
-        bn_ops           => "BN_LLONG RC4_CHAR",
-        shared_cflag     => "-KPIC",
-        shared_ldflag    => "-G -dy -z text",
-    },
+    # There used to be solaris-x86-cc target, but it was removed,
+    # primarily because vendor assembler can't assemble our modules
+    # with -KPIC flag. As result it, assembly support, was not even
+    # available as option. But its lack means lack of side-channel
+    # resistant code, which is incompatible with security by todays
+    # standards. Fortunately gcc is readily available prepackaged
+    # option, which we can firmly point at...
+    #
+    # On related note, solaris64-x86_64-cc target won't compile code
+    # paths utilizing AVX and post-Haswell instruction extensions.
+    # Consider switching to solaris64-x86_64-gcc even here...
+    #
     "solaris64-x86_64-cc" => {
         inherit_from     => [ "solaris-common", asm("x86_64_asm") ],
         cc               => "cc",
@@ -294,11 +308,11 @@ sub vms_info {
     },
     "solaris-sparcv9-cc" => {
         inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
-        cflags           => add_before("-xarch=v8plus -xtarget=ultra"),
+        cflags           => add_before("-xarch=v8plus"),
     },
     "solaris64-sparcv9-cc" => {
         inherit_from     => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ],
-        cflags           => add_before("-xarch=v9 -xtarget=ultra"),
+        cflags           => add_before("-xarch=v9"),
         lflags           => add_before("-xarch=v9"),
         bn_ops           => "BN_LLONG RC4_CHAR",
         shared_ldflag    => "-xarch=v9 -G -dy -z text",
@@ -851,7 +865,7 @@ sub vms_info {
     #
     # It takes pair of prior-set environment variables to make it work:
     #
-    # CROSS_SYSROOT=/some/where/android-ndk-<ver>/platforms/android-<apiver>/arch-<
+    # CROSS_SYSROOT=/some/where/android-ndk-<ver>/platforms/android-<apiver>/arch-<arch>
     # CROSS_COMPILE=<prefix>
     #
     # As well as PATH adjusted to cover ${CROSS_COMPILE}gcc and company.
@@ -860,7 +874,7 @@ sub vms_info {
     # ANDROID_NDK=/some/where/android-ndk-10d
     # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm
     # CROSS_COMPILE=arm-linux-adroideabi-
-    # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/
+    # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin
     #
     "android" => {
         inherit_from     => [ "linux-generic32" ],
@@ -1128,6 +1142,11 @@ sub vms_info {
     },
 
 #### IBM's AIX.
+    # Below targets assume AIX >=5. Caveat lector. If you are accustomed
+    # to control compilation "bitness" by setting $OBJECT_MODE environment
+    # variable, then you should know that in OpenSSL case it's considered
+    # only in ./config. Once configured, build procedure remains "deaf" to
+    # current value of $OBJECT_MODE.
     "aix-gcc" => {
         inherit_from     => [ "BASE_unix", asm("ppc32_asm") ],
         cc               => "gcc",
@@ -1141,7 +1160,7 @@ sub vms_info {
         perlasm_scheme   => "aix32",
         dso_scheme       => "dlfcn",
         shared_target    => "aix-shared",
-        shared_ldflag    => "-shared -Wl,-G",
+        shared_ldflag    => "-shared -static-libgcc -Wl,-G",
         shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
         arflags          => "-X32",
     },
@@ -1158,13 +1177,10 @@ sub vms_info {
         perlasm_scheme   => "aix64",
         dso_scheme       => "dlfcn",
         shared_target    => "aix-shared",
-        shared_ldflag    => "-maix64 -shared -Wl,-G",
+        shared_ldflag    => "-maix64 -shared -static-libgcc -Wl,-G",
         shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
         arflags          => "-X64",
     },
-    # Below targets assume AIX 5. Idea is to effectively disregard
-    # $OBJECT_MODE at build time. $OBJECT_MODE is respected at
-    # ./config stage!
     "aix-cc" => {
         inherit_from     => [ "BASE_unix", asm("ppc32_asm") ],
         cc               => "cc",
@@ -1175,6 +1191,7 @@ sub vms_info {
         sys_id           => "AIX",
         bn_ops           => "BN_LLONG RC4_CHAR",
         thread_scheme    => "pthreads",
+        ex_libs          => threads("-lpthreads"),
         perlasm_scheme   => "aix32",
         dso_scheme       => "dlfcn",
         shared_target    => "aix-shared",
@@ -1192,6 +1209,7 @@ sub vms_info {
         sys_id           => "AIX",
         bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
         thread_scheme    => "pthreads",
+        ex_libs          => threads("-lpthreads"),
         perlasm_scheme   => "aix64",
         dso_scheme       => "dlfcn",
         shared_target    => "aix-shared",
@@ -1737,7 +1755,7 @@ sub vms_info {
         dso_scheme       => "vms",
         thread_scheme    => "pthreads",
 
-        apps_aux_src     => "vms_decc_init.c",
+        apps_aux_src     => "vms_decc_init.c vms_term_sock.c",
     },
 
     "vms-alpha" => {

Configurations/descrip.mms.tmpl

@@ -151,7 +151,7 @@ INSTALLTOP={- our $installtop =
               $installtop -}
 SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
 # This is the standard central area to store certificates, private keys...
-OPENSSLDIR={- catdir($config{openssldir}) ||
+OPENSSLDIR={- catdir($config{openssldir}) or
               $config{prefix} ? catdir($config{prefix},"COMMON")
                               : "SYS\$COMMON:[OPENSSL-COMMON]" -}
 # The same, but for C
@@ -508,7 +508,7 @@ debug_logicals :
 
 # Building targets ###################################################
 
-configdata.pm : {- join(" ", sourcefile("Configurations", "descrip.mms.tmpl"), sourcefile("Configurations", "common.tmpl")) -} $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_infos}}) -}
+configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
         @ WRITE SYS$OUTPUT "Reconfiguring..."
         perl $(SRCDIR)Configure reconf
         @ WRITE SYS$OUTPUT "*************************************************"
@@ -677,10 +677,11 @@ EOF
       # previous line's file spec as default, so if no directory spec
       # is present in the current line and the previous line has one that
       # doesn't apply, you're in for a surprise.
-      my $write_opt =
+      my $write_opt1 =
           join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
                                  "WRITE OPT_FILE \"$x" } @objs).
-          "\"\n\t".
+          "\"";
+      my $write_opt2 =
           join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
                              $x =~ s|(\.EXE)|$1/SHARE|;
                              $x =~ s|(\.OLB)|$1/LIB|;
@@ -690,7 +691,8 @@ EOF
 $lib.EXE : $deps
         OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT
         TYPE $engine_opt /OUTPUT=OPT_FILE:
-        $write_opt
+        $write_opt1
+        $write_opt2
         CLOSE OPT_FILE
         LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS)
         - PURGE $lib.EXE,$lib.OPT,$lib.MAP
@@ -723,10 +725,11 @@ EOF
       # previous line's file spec as default, so if no directory spec
       # is present in the current line and the previous line has one that
       # doesn't apply, you're in for a surprise.
-      my $write_opt =
+      my $write_opt1 =
           join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
                                  "WRITE OPT_FILE \"$x" } @objs).
-          "\"\n\t".
+          "\"";
+      my $write_opt2 =
           join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
                              $x =~ s|(\.EXE)|$1/SHARE|;
                              $x =~ s|(\.OLB)|$1/LIB|;
@@ -735,7 +738,8 @@ EOF
       return <<"EOF";
 $bin.EXE : $deps
         OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
-        $write_opt
+        $write_opt1
+        $write_opt2
         CLOSE OPT_FILE
         LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS)
         - PURGE $bin.EXE,$bin.OPT

Configurations/unix-Makefile.tmpl

@@ -775,18 +775,14 @@ dist:
 
 # Helper targets #####################################################
 
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/shlib_wrap.sh
+link-utils: $(BLDDIR)/util/opensslwrap.sh
 
 $(BLDDIR)/util/opensslwrap.sh: configdata.pm
 	@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
 	    mkdir -p "$(BLDDIR)/util"; \
 	    ln -sf "../$(SRCDIR)/util/opensslwrap.sh" "$(BLDDIR)/util"; \
 	fi
-$(BLDDIR)/util/shlib_wrap.sh: configdata.pm
-	@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
-	    mkdir -p "$(BLDDIR)/util"; \
-	    ln -sf "../$(SRCDIR)/util/shlib_wrap.sh" "$(BLDDIR)/util"; \
-	fi
+
 FORCE:
 
 # Building targets ###################################################
@@ -797,6 +793,7 @@ libcrypto.pc:
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
 	    echo 'includedir=$${prefix}/include'; \
+	    echo 'enginesdir=$${libdir}/engines-{- $sover -}'; \
 	    echo ''; \
 	    echo 'Name: OpenSSL-libcrypto'; \
 	    echo 'Description: OpenSSL cryptography library'; \
@@ -830,7 +827,7 @@ openssl.pc:
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: libssl libcrypto' ) > openssl.pc
 
-configdata.pm: {- $config{build_file_template} -} $(SRCDIR)/Configurations/common.tmpl $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_infos}}) -}
+configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
 	@echo "Detected changed: $?"
 	@echo "Reconfiguring..."
 	$(SRCDIR)/Configure reconf
@@ -944,30 +941,11 @@ EOF
                       dso => '$(DSO_CFLAGS)',
                       bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
       my $makedepprog = $config{makedepprog};
-      my $recipe = "";
-      if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
-          $recipe .= <<"EOF";
-$obj$depext: $deps
-	-\$(MAKEDEPEND) -f- -o"|$obj$objext" -- $incs \$(CFLAGS) $ecflags -- $srcs \\
-	    >\$\@.tmp 2>/dev/null
-	-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' \$\@.tmp
-	\@if cmp \$\@.tmp \$\@ > /dev/null 2> /dev/null; then \\
-		rm -f \$\@.tmp; \\
-	else \\
-		mv \$\@.tmp \$\@; \\
-	fi
-EOF
-          $deps = $obj.$depext;
-      }
-      if ($disabled{makedepend} || $makedepprog =~ /\/makedepend/) {
-          $recipe .= <<"EOF";
+      my $recipe = <<"EOF";
 $obj$objext: $deps
-	\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
 EOF
-      }
       if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) {
           $recipe .= <<"EOF";
-$obj$objext: $deps
 	\$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs
 	\@touch $obj$depext.tmp
 	\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
@@ -976,6 +954,22 @@ $obj$objext: $deps
 		mv $obj$depext.tmp $obj$depext; \\
 	fi
 EOF
+      } else {
+          $recipe .= <<"EOF";
+	\$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs
+EOF
+          if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) {
+              $recipe .= <<"EOF";
+	-\$(MAKEDEPEND) -f- -o"|\$\@" -- $incs \$(CFLAGS) $ecflags -- $srcs \\
+	    >$obj$depext.tmp 2>/dev/null
+	-\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' $obj$depext.tmp
+	\@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\
+		rm -f $obj$depext.tmp; \\
+	else \\
+		mv $obj$depext.tmp $obj$depext; \\
+	fi
+EOF
+          }
       }
       return $recipe;
   }

Configurations/windows-makefile.tmpl

@@ -322,7 +322,7 @@ uninstall_html_docs:
 
 # Building targets ###################################################
 
-configdata.pm: "{- $config{build_file_template} -}" "$(SRCDIR)\Configurations\common.tmpl" "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_infos}}) -}
+configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
 	@echo "Detected changed: $?"
 	@echo "Reconfiguring..."
 	"$(PERL)" "$(SRCDIR)\Configure" reconf

Configure

@@ -66,6 +66,22 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through
+# -static       while -static is also a pass-through compiler option (and
+#               as such is limited to environments where it's actually
+#               meaningful), it triggers a number configuration options,
+#               namely no-dso, no-pic, no-shared and no-threads. It is
+#               argued that the only reason to produce statically linked
+#               binaries (and in context it means executables linked with
+#               -static flag, and not just executables linked with static
+#               libcrypto.a) is to eliminate dependency on specific run-time,
+#               a.k.a. libc version. The mentioned config options are meant
+#               to achieve just that. Unfortunately on Linux it's impossible
+#               to eliminate the dependency completely for openssl executable
+#               because of getaddrinfo and gethostbyname calls, which can
+#               invoke dynamically loadable library facility anyway to meet
+#               the lookup requests. For this reason on Linux statically
+#               linked openssl executable has rather debugging value than
+#               production quality.
 #
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
 #		provided to stack calls. Generates unique stack functions for
@@ -184,6 +200,45 @@ my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
 $config{sourcedir} = abs2rel($srcdir);
 $config{builddir} = abs2rel($blddir);
 
+# Collect reconfiguration information if needed
+my @argvcopy=@ARGV;
+
+if (grep /^reconf(igure)?$/, @argvcopy) {
+    if (-f "./configdata.pm") {
+	my $file = "./configdata.pm";
+	unless (my $return = do $file) {
+	    die "couldn't parse $file: $@" if $@;
+            die "couldn't do $file: $!"    unless defined $return;
+            die "couldn't run $file"       unless $return;
+	}
+
+	@argvcopy = defined($configdata::config{perlargv}) ?
+	    @{$configdata::config{perlargv}} : ();
+	die "Incorrect data to reconfigure, please do a normal configuration\n"
+	    if (grep(/^reconf/,@argvcopy));
+	$ENV{CROSS_COMPILE} = $configdata::config{cross_compile_prefix}
+	    if defined($configdata::config{cross_compile_prefix});
+	$ENV{CC} = $configdata::config{cc}
+	    if defined($configdata::config{cc});
+	$ENV{BUILDFILE} = $configdata::config{build_file}
+	    if defined($configdata::config{build_file});
+	$ENV{$local_config_envname} = $configdata::config{local_config_dir}
+	    if defined($configdata::config{local_config_dir});
+
+	print "Reconfiguring with: ", join(" ",@argvcopy), "\n";
+	print "    CROSS_COMPILE = ",$ENV{CROSS_COMPILE},"\n"
+	    if $ENV{CROSS_COMPILE};
+	print "    CC = ",$ENV{CC},"\n" if $ENV{CC};
+	print "    BUILDFILE = ",$ENV{BUILDFILE},"\n" if $ENV{BUILDFILE};
+	print "    $local_config_envname = ",$ENV{$local_config_envname},"\n"
+	    if $ENV{$local_config_envname};
+    } else {
+	die "Insufficient data to reconfigure, please do a normal configuration\n";
+    }
+}
+
+$config{perlargv} = [ @argvcopy ];
+
 # Collect version numbers
 $config{version} = "unknown";
 $config{version_num} = "unknown";
@@ -245,7 +300,7 @@ my $default_ranlib;
 $config{fips}=0;
 
 # Top level directories to build
-$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools", "fuzz" ];
+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
 # crypto/ subdirectories to build
 $config{sdirs} = [
     "objects",
@@ -483,58 +538,6 @@ my $target="";
 $config{options}="";
 $config{build_type} = "release";
 
-my @argvcopy=@ARGV;
-
-if (grep /^reconf(igure)?$/, @argvcopy) {
-    if (-f "./configdata.pm") {
-	my $file = "./configdata.pm";
-	unless (my $return = do $file) {
-	    die "couldn't parse $file: $@" if $@;
-            die "couldn't do $file: $!"    unless defined $return;
-            die "couldn't run $file"       unless $return;
-	}
-
-	@argvcopy = defined($configdata::config{perlargv}) ?
-	    @{$configdata::config{perlargv}} : ();
-	die "Incorrect data to reconfigure, please do a normal configuration\n"
-	    if (grep(/^reconf/,@argvcopy));
-	$ENV{CROSS_COMPILE} = $configdata::config{cross_compile_prefix}
-	    if defined($configdata::config{cross_compile_prefix});
-	$ENV{CC} = $configdata::config{cc}
-	    if defined($configdata::config{cc});
-
-	print "Reconfiguring with: ", join(" ",@argvcopy), "\n";
-	print "    CROSS_COMPILE = ",$ENV{CROSS_COMPILE},"\n"
-	    if $ENV{CROSS_COMPILE};
-	print "    CC = ",$ENV{CC},"\n" if $ENV{CC};
-    } elsif (open IN, "<Makefile") {
-        #
-        # THIS SECTION IS TEMPORARY, it helps transitioning from Makefile
-        # centered information gathering the reading configdata.pm
-        #
-        while (<IN>) {
-            s|\R$||;
-            if (/^CONFIGURE_ARGS=\s*(.*)\s*/) {
-                # Older form, we split the string and hope for the best
-                @argvcopy = split /\s+/, $_;
-                die "Incorrect data to reconfigure, please do a normal configuration\n"
-                    if (grep(/^reconf/,@argvcopy));
-            } elsif (/^CROSS_COMPILE=\s*(.*)/) {
-                $ENV{CROSS_COMPILE}=$1;
-            } elsif (/^CC=\s*(?:\$\(CROSS_COMPILE\))?(.*?)$/) {
-                $ENV{CC}=$1;
-            }
-        }
-        #
-        # END OF TEMPORARY SECTION
-        #
-    } else {
-	die "Insufficient data to reconfigure, please do a normal configuration\n";
-    }
-}
-
-$config{perlargv} = [ @argvcopy ];
-
 my %unsupported_options = ();
 my %deprecated_options = ();
 foreach (@argvcopy)
@@ -728,6 +731,7 @@ foreach (@argvcopy)
 		elsif (/^-static$/)
 			{
 			$libs.=$_." ";
+			$disabled{"dso"} = "forced";
 			$disabled{"pic"} = "forced";
 			$disabled{"shared"} = "forced";
 			$disabled{"threads"} = "forced";
@@ -776,6 +780,13 @@ foreach (@argvcopy)
 		}
 	}
 
+if ($libs =~ /(^|\s)-Wl,-rpath,/
+    && !$disabled{shared}
+    && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) {
+    die "***** Cannot simultaneously use -rpath, shared libraries, and\n",
+	"***** any of asan, msan or ubsan\n";
+}
+
 if ($config{fips})
 	{
 	delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/);
@@ -800,7 +811,9 @@ while (@tocheckfor) {
     @tocheckfor = (keys %new_tocheckfor);
 }
 
+our $die = sub { die @_; };
 if ($target eq "TABLE") {
+    local $die = sub { warn @_; };
     foreach (sort keys %table) {
 	print_table_entry($_, "TABLE");
     }
@@ -815,6 +828,7 @@ if ($target eq "LIST") {
 }
 
 if ($target eq "HASH") {
+    local $die = sub { warn @_; };
     print "%table = (\n";
     foreach (sort keys %table) {
 	print_table_entry($_, "HASH");
@@ -856,33 +870,35 @@ foreach (sort (keys %disabled))
 		@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
 		@{$config{sdirs}} = grep !/^engine$/, @{$config{sdirs}};
 		push @{$config{openssl_other_defines}}, "OPENSSL_NO_ENGINE";
+		print " OPENSSL_NO_ENGINE (skip engines)";
 		}
 	else
 		{
-		my ($ALGO, $algo);
-		($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
+		my ($WHAT, $what);
 
-		if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/ || /^async$/
-				|| /^autoalginit/ || /^autoerrinit/)
+		($WHAT = $what = $_) =~ tr/[\-a-z]/[_A-Z]/;
+
+		# Fix up C macro end names
+		$WHAT = "RMD160" if $what eq "ripemd";
+
+		# fix-up crypto/directory name(s)
+		$what = "ripemd" if $what eq "rmd160";
+		$what = "whrlpool" if $what eq "whirlpool";
+
+		if ($what ne "async" && $what ne "err"
+		    && grep { $_ eq $what } @{$config{sdirs}})
 			{
-			push @{$config{openssl_other_defines}}, "OPENSSL_NO_$ALGO";
-			print " OPENSSL_NO_$ALGO";
+			push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$WHAT";
+			@{$config{sdirs}} = grep { $_ ne $what} @{$config{sdirs}};
 
-			if (/^err$/)	{ push @user_defines, "OPENSSL_NO_ERR"; }
+			print " OPENSSL_NO_$WHAT (skip dir)";
 			}
 		else
 			{
-			($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd");
+			push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT";
+			print " OPENSSL_NO_$WHAT";
 
-			push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$ALGO";
-			print " OPENSSL_NO_$ALGO";
-
-			# fix-up crypto/directory name(s)
-			$algo="whrlpool" if $algo eq "whirlpool";
-			$algo="ripemd" if $algo eq "rmd160";
-			@{$config{sdirs}} = grep { $_ ne $algo} @{$config{sdirs}};
-
-			print " (skip dir)";
+			if (/^err$/)	{ push @user_defines, "OPENSSL_NO_ERR"; }
 			}
 		}
 
@@ -906,6 +922,8 @@ my %target = resolve_config($target);
 
 &usage if (!%target || $target{template});
 
+my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
+$config{conf_files} = [ sort keys %conf_files ];
 %target = ( %{$table{DEFAULTS}}, %target );
 
 $target{exe_extension}="";
@@ -938,8 +956,12 @@ $target{nm} =      $ENV{'NM'}      || $target{nm}      || "nm";
 $target{rc} =
     $ENV{'RC'}  || $ENV{'WINDRES'} || $target{rc}      || "windres";
 
-# Cache the C compiler command for reconfiguration
+# Allow overriding the build file name
+$target{build_file} = $ENV{BUILDFILE} || $target{build_file} || "Makefile";
+
+# Cache information necessary for reconfiguration
 $config{cc} = $target{cc};
+$config{build_file} = $target{build_file};
 
 # For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
 # or release_ attributes.
@@ -1126,6 +1148,9 @@ unless ($disabled{asm}) {
 	push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);
 	push @{$config{defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/);
     }
+    if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) {
+	push @{$config{defines}}, "RC4_ASM";
+    }
     if ($target{md5_asm_src}) {
 	push @{$config{defines}}, "MD5_ASM";
     }
@@ -1176,7 +1201,7 @@ if ($^O ne "VMS" && !$disabled{makedepend}) {
         # We know that GNU C version 3 and up as well as all clang
         # versions support dependency generation
         $config{makedepprog} = $ccpcc
-            if (/clang/ || (/gcc/ && $compiler_major > 3));
+            if (/clang/ || (/gcc/ && $compiler_major >= 3));
         $ecc = "clang" if /clang/;
         $ecc = "gcc" if /gcc/;
         last if ($config{makedepprog} || !$lines--);
@@ -1292,31 +1317,6 @@ my %unified_info = ();
 
 my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
 if ($builder eq "unified") {
-    # Store the name of the template file we will build the build file from
-    # in %config.  This may be useful for the build file itself.
-    my $build_file_template;
-
-    for my $filename (( $builder_platform."-".$target{build_file}.".tmpl",
-                        $target{build_file}.".tmpl" )) {
-        if (defined $ENV{$local_config_envname}) {
-            if ($^O eq 'VMS') {
-                # VMS environment variables are logical names,
-                # which can be used as is
-                $build_file_template = $local_config_envname . ':' . $filename;
-            } else {
-                $build_file_template = catfile($ENV{$local_config_envname},
-                                               $filename);
-            }
-        }
-
-        last if -f $build_file_template;
-
-        $build_file_template = catfile($srcdir, "Configurations", $filename);
-
-        last if -f $build_file_template;
-    }
-    $config{build_file_template} = $build_file_template;
-
     use lib catdir(dirname(__FILE__),"util");
     use with_fallback qw(Text::Template);
 
@@ -1353,6 +1353,47 @@ if ($builder eq "unified") {
         return $res;
     }
 
+    # Store the name of the template file we will build the build file from
+    # in %config.  This may be useful for the build file itself.
+    my @build_file_template_names =
+	( $builder_platform."-".$target{build_file}.".tmpl",
+	  $target{build_file}.".tmpl" );
+    my @build_file_templates = ();
+
+    # First, look in the user provided directory, if given
+    if (defined $ENV{$local_config_envname}) {
+	@build_file_templates =
+	    map {
+		if ($^O eq 'VMS') {
+		    # VMS environment variables are logical names,
+		    # which can be used as is
+		    $local_config_envname . ':' . $_;
+		} else {
+		    catfile($ENV{$local_config_envname}, $_);
+		}
+	    }
+	    @build_file_template_names;
+    }
+    # Then, look in our standard directory
+    push @build_file_templates,
+	( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+	  @build_file_template_names );
+
+    my $build_file_template;
+    for $_ (@build_file_templates) {
+	$build_file_template = $_;
+        last if -f $build_file_template;
+
+        $build_file_template = undef;
+    }
+    if (!defined $build_file_template) {
+	die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n";
+    }
+    $config{build_file_templates}
+      = [ $build_file_template,
+          cleanfile($srcdir, catfile("Configurations", "common.tmpl"),
+                    $blddir) ];
+
     my @build_infos = ( [ ".", "build.info" ] );
     foreach (@{$config{dirs}}) {
         push @build_infos, [ $_, "build.info" ]
@@ -2028,8 +2069,7 @@ print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int;
 my %builders = (
     unified => sub {
         run_dofile(catfile($blddir, $target{build_file}),
-                   $config{build_file_template},
-                   catfile($srcdir, "Configurations", "common.tmpl"));
+                   @{$config{build_file_templates}});
     },
     );
 
@@ -2207,7 +2247,8 @@ sub read_config {
     close(CONFFILE);
     my %targets = ();
     {
-	local %table = %::table;    # Protect %table from tampering
+	# Protect certain tables from tampering
+	local %table = %::table;
 
 	eval $content;
 	warn $@ if $@;
@@ -2222,7 +2263,9 @@ sub read_config {
 		warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n";
 	    }
 	    delete $targets{$_};
-	}
+	} else {
+            $targets{$_}->{_conf_fname_int} = add([ $fname ]);
+        }
     }
 
     %table = (%table, %targets);
@@ -2391,7 +2434,8 @@ sub run_dofile
     foreach (@templates) {
         die "Can't open $_, $!" unless -f $_;
     }
-    my $cmd = "$config{perl} \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
+    my $perlcmd = (quotify("maybeshell", $config{perl}))[0];
+    my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
     #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
     system($cmd);
     exit 1 if $? != 0;
@@ -2438,41 +2482,53 @@ sub print_table_entry
 	"unistd",
 	"ld",
 	"lflags",
+	"loutflag",
 	"plib_lflags",
 	"ex_libs",
 	"bn_ops",
-	"cpuid_obj",
-	"bn_obj",
-	"ec_obj",
-	"des_obj",
-	"aes_obj",
-	"bf_obj",
-	"md5_obj",
-	"sha1_obj",
-	"cast_obj",
-	"rc4_obj",
-	"rmd160_obj",
-	"rc5_obj",
-	"wp_obj",
-	"cmll_obj",
-	"modes_obj",
-	"padlock_obj",
+	"apps_aux_src",
+	"cpuid_asm_src",
+	"uplink_aux_src",
+	"bn_asm_src",
+	"ec_asm_src",
+	"des_asm_src",
+	"aes_asm_src",
+	"bf_asm_src",
+	"md5_asm_src",
+	"cast_asm_src",
+	"sha1_asm_src",
+	"rc4_asm_src",
+	"rmd160_asm_src",
+	"rc5_asm_src",
+	"wp_asm_src",
+	"cmll_asm_src",
+	"modes_asm_src",
+	"padlock_asm_src",
+	"chacha_asm_src",
+	"poly1035_asm_src",
 	"thread_scheme",
 	"perlasm_scheme",
 	"dso_scheme",
 	"shared_target",
 	"shared_cflag",
+	"shared_defines",
 	"shared_ldflag",
 	"shared_rcflag",
 	"shared_extension",
-	"shared_extension_simple",
-	"shared_import_extension",
 	"dso_extension",
 	"obj_extension",
 	"exe_extension",
 	"ranlib",
 	"ar",
 	"arflags",
+	"aroutflag",
+	"rc",
+	"rcflags",
+	"rcoutflag",
+	"mt",
+	"mtflags",
+	"mtinflag",
+	"mtoutflag",
 	"multilib",
 	"build_scheme",
 	);
@@ -2551,6 +2607,14 @@ sub quotify {
 	perl    => sub { my $x = shift;
 			 $x =~ s/([\\\$\@"])/\\$1/g;
 			 return '"'.$x.'"'; },
+	maybeshell => sub { my $x = shift;
+			    (my $y = $x) =~ s/([\\\"])/\\$1/g;
+			    if ($x ne $y || $x =~ m|\s|) {
+				return '"'.$y.'"';
+			    } else {
+				return $x;
+			    }
+			},
 	);
     my $for = shift;
     my $processor =

INSTALL

@@ -479,10 +479,9 @@
   no-<alg>
                    Build without support for the specified algorithm, where
                    <alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
-                   des, dh, dsa, ecdh, ecdsa, idea, md4, md5, mdc2, ocb,
-                   ploy1305, rc2, rc4, rmd160, scrypt, seed or whirlpool. The
-                   "ripemd" algorithm is deprecated and if used is synonymous
-                   with rmd160.
+                   des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
+                   rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
+                   algorithm is deprecated and if used is synonymous with rmd160.
 
   -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx
                    These system specific options will be passed through to the
@@ -770,6 +769,13 @@
  AR
                 The name of the ar executable to use.
 
+ BUILDFILE
+                Use a different build file name than the platform default
+                ("Makefile" on Unixly platforms, "makefile" on native Windows,
+                "descrip.mms" on OpenVMS).  This requires that there is a
+                corresponding build file template.  See Configurations/README
+                for further information.
+
  CC
                 The compiler to use. Configure will attempt to pick a default
                 compiler for your platform but this choice can be overridden
@@ -786,13 +792,19 @@
 
  OPENSSL_LOCAL_CONFIG_DIR
                 OpenSSL comes with a database of information about how it
-                should be built on different platforms. This information is
-                held in ".conf" files in the Configurations directory. See the
+                should be built on different platforms as well as build file
+                templates for those platforms. The database is comprised of
+                ".conf" files in the Configurations directory.  The build
+                file templates reside there as well as ".tmpl" files. See the
                 file Configurations/README for further information about the
-                format of ".conf" files. As well as the standard ".conf" files
-                it is possible to create your own ".conf" files and store them
-                locally, outside the OpenSSL source tree. This environment
-                variable can be set to the directory where these files are held.
+                format of ".conf" files as well as information on the ".tmpl"
+                files.
+                In addition to the standard ".conf" and ".tmpl" files, it is
+                possible to create your own ".conf" and ".tmpl" files and store
+                them locally, outside the OpenSSL source tree. This environment
+                variable can be set to the directory where these files are held
+                and will have Configure to consider them in addition to the
+                standard ones.
 
  PERL
                 The name of the Perl executable to use when building OpenSSL.

Makefile.shared

@@ -150,8 +150,8 @@ LINK_SO_DSO=	INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
 LINK_SO_SHLIB_VIA_O=	\
   SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \
   ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
-  ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS.o $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
-    ld $(LDFLAGS) -r -o $$SHOBJECTS.o $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
+  ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
+    ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
   $(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
 
 LINK_SO_SHLIB_UNPACKED=	\
@@ -526,6 +526,7 @@ link_dso.aix:
 	ALLSYMSFLAGS=''; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
 	$(LINK_SO_DSO);
 link_shlib.aix:
 	@ $(CALC_VERSIONS); \
@@ -536,6 +537,7 @@ link_shlib.aix:
 	ALLSYMSFLAGS='-bnogc'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
 	$(LINK_SO_SHLIB_VIA_O)
 link_app.aix:
 	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \

NEWS

@@ -5,7 +5,16 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release]
+  Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SSL_peek() hang on empty record (CVE-2016-6305)
+      o Excessive allocation of memory in tls_get_message_header()
+       (CVE-2016-6307)
+      o Excessive allocation of memory in dtls1_preprocess_fragment()
+       (CVE-2016-6308)
+
+  Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
 
       o Copyright text was shrunk to a boilerplate that points to the license
       o "shared" builds are now the default when possible

README

@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.0-pre7-dev
+ OpenSSL 1.1.0a 22 Sep 2016
 
  Copyright (c) 1998-2016 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

apps/apps.c

@@ -2300,6 +2300,36 @@ int app_isdir(const char *name)
 #endif
 
 /* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+    TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+}
+
+int fileno_stdin(void)
+{
+    if (stdin_sock == -1) {
+        TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
+        atexit(close_stdin_sock);
+    }
+
+    return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+    return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+    return fileno(stdout);
+}
+
 #if defined(_WIN32) && defined(STD_INPUT_HANDLE)
 int raw_read_stdin(void *buf, int siz)
 {
@@ -2309,10 +2339,17 @@ int raw_read_stdin(void *buf, int siz)
     else
         return (-1);
 }
+#elif defined(__VMS)
+#include <sys/socket.h>
+
+int raw_read_stdin(void *buf, int siz)
+{
+    return recv(fileno_stdin(), buf, siz, 0);
+}
 #else
 int raw_read_stdin(void *buf, int siz)
 {
-    return read(fileno(stdin), buf, siz);
+    return read(fileno_stdin(), buf, siz);
 }
 #endif
 
@@ -2328,7 +2365,7 @@ int raw_write_stdout(const void *buf, int siz)
 #else
 int raw_write_stdout(const void *buf, int siz)
 {
-    return write(fileno(stdout), buf, siz);
+    return write(fileno_stdout(), buf, siz);
 }
 #endif
 

apps/apps.h

@@ -548,6 +548,8 @@ void store_setup_crl_download(X509_STORE *st);
 
 int app_isdir(const char *);
 int app_access(const char *, int flag);
+int fileno_stdin(void);
+int fileno_stdout(void);
 int raw_read_stdin(void *, int);
 int raw_write_stdout(const void *, int);
 

apps/cms.c

@@ -72,7 +72,7 @@ typedef enum OPTION_choice {
     OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
     OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
     OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
-    OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+    OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
     OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
     OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
     OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
@@ -99,7 +99,7 @@ OPTIONS cms_options[] = {
     {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
     {"sign", OPT_SIGN, '-', "Sign message"},
     {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
-    {"resign", OPT_RESIGN, '-'},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
     {"verify", OPT_VERIFY, '-', "Verify signed message"},
     {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
     {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
@@ -122,22 +122,21 @@ OPTIONS cms_options[] = {
      "Don't include signers certificate when signing"},
     {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
     {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
-    {"nosmimecap", OPT_NOSMIMECAP, '-'},
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
     {"binary", OPT_BINARY, '-', "Don't translate message to text"},
     {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
     {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
     {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
     {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
-    {"stream", OPT_INDEF, '-'},
-    {"indef", OPT_INDEF, '-'},
-    {"noindef", OPT_NOINDEF, '-'},
-    {"nooldmime", OPT_NOOLDMIME, '-'},
-    {"crlfeol", OPT_CRLFEOL, '-'},
+    {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+    {"indef", OPT_INDEF, '-', "Same as -stream"},
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
     {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
-    {"receipt_request_print", OPT_RR_PRINT, '-'},
+    {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
     {"receipt_request_all", OPT_RR_ALL, '-'},
     {"receipt_request_first", OPT_RR_FIRST, '-'},
-    {"rctform", OPT_RCTFORM, 'F'},
+    {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
     {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
     {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
     {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
@@ -147,7 +146,8 @@ OPTIONS cms_options[] = {
      "Do not load certificates from the default certificates directory"},
     {"content", OPT_CONTENT, '<',
      "Supply or override content for detached signature"},
-    {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"},
+    {"print", OPT_PRINT, '-', 
+     "For the -cmsout operation print out all fields of the CMS structure"},
     {"secretkey", OPT_SECRETKEY, 's'},
     {"secretkeyid", OPT_SECRETKEYID, 's'},
     {"pwri_password", OPT_PWRI_PASSWORD, 's'},
@@ -346,9 +346,6 @@ int cms_main(int argc, char **argv)
         case OPT_NOINDEF:
             flags &= ~CMS_STREAM;
             break;
-        case OPT_NOOLDMIME:
-            flags |= CMS_NOOLDMIMETYPE;
-            break;
         case OPT_CRLFEOL:
             mime_eol = "\r\n";
             flags |= CMS_CRLFEOL;

apps/crl.c

@@ -41,7 +41,7 @@ OPTIONS crl_options[] = {
     {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
     {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
     {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
-    {"gendelta", OPT_GENDELTA, '<'},
+    {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
     {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
     {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
     {"no-CAfile", OPT_NOCAFILE, '-',

apps/dgst.c

@@ -185,6 +185,10 @@ int dgst_main(int argc, char **argv)
     }
     argc = opt_num_rest();
     argv = opt_rest();
+    if (keyfile != NULL && argc > 1) {
+        BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
+        goto end;
+    }
 
     if (do_verify && !sigfile) {
         BIO_printf(bio_err,

apps/gendsa.c

@@ -34,7 +34,7 @@ OPTIONS gendsa_options[] = {
     {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
     {"help", OPT_HELP, '-', "Display this summary"},
     {"out", OPT_OUT, '>', "Output the key to the specified file"},
-    {"passout", OPT_PASSOUT, 's'},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
     {"rand", OPT_RAND, 's',
      "Load the file(s) into the random number generator"},
     {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},

apps/ocsp.c

@@ -107,7 +107,8 @@ OPTIONS ocsp_options[] = {
     {"url", OPT_URL, 's', "Responder URL"},
     {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
     {"port", OPT_PORT, 'p', "Port to run responder on"},
-    {"ignore_err", OPT_IGNORE_ERR, '-'},
+    {"ignore_err", OPT_IGNORE_ERR, '-',
+     "Ignore Error response from OCSP responder, and retry "},
     {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
     {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
     {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
@@ -124,7 +125,8 @@ OPTIONS ocsp_options[] = {
     {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"},
     {"no_cert_checks", OPT_NO_CERT_CHECKS, '-',
      "Don't do additional checks on signing certificate"},
-    {"no_explicit", OPT_NO_EXPLICIT, '-'},
+    {"no_explicit", OPT_NO_EXPLICIT, '-',
+     "Do not explicitly check the chain, just verify the root"},
     {"trust_other", OPT_TRUST_OTHER, '-',
      "Don't verify additional certificates"},
     {"no_intern", OPT_NO_INTERN, '-',

apps/passwd.c

@@ -319,6 +319,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
         || !EVP_DigestUpdate(md, magic, magic_len)
         || !EVP_DigestUpdate(md, "$", 1)
         || !EVP_DigestUpdate(md, salt_out, salt_len))
+        goto err;
 
     md2 = EVP_MD_CTX_new();
     if (md2 == NULL

apps/pkcs7.c

@@ -33,7 +33,7 @@ OPTIONS pkcs7_options[] = {
     {"out", OPT_OUT, '>', "Output file"},
     {"noout", OPT_NOOUT, '-', "Don't output encoded data"},
     {"text", OPT_TEXT, '-', "Print full details of certificates"},
-    {"print", OPT_PRINT, '-'},
+    {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
     {"print_certs", OPT_PRINT_CERTS, '-',
      "Print_certs  print any certs or crl in the input"},
 #ifndef OPENSSL_NO_ENGINE

apps/pkcs8.c

@@ -38,7 +38,7 @@ OPTIONS pkcs8_options[] = {
     {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
     {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
     {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
-    {"v2prf", OPT_V2PRF, 's'},
+    {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
     {"iter", OPT_ITER, 'p', "Specify the iteration count"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},

apps/rehash.c

@@ -403,6 +403,7 @@ OPTIONS rehash_options[] = {
     {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
     {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
     {"help", OPT_HELP, '-', "Display this summary"},
+    {"h", OPT_HELP, '-', "Display this summary"},
     {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
     {"old", OPT_OLD, '-', "Use old-style hash to generate links"},
     {"n", OPT_N, '-', "Do not remove existing links"},

apps/s_client.c

@@ -812,7 +812,9 @@ int s_client_main(int argc, char **argv)
     int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
     int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
     int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
     int at_eof = 0;
+#endif
     int read_buf_len = 0;
     int fallback_scsv = 0;
     long randamt = 0;
@@ -854,7 +856,10 @@ int s_client_main(int argc, char **argv)
     enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
     int count4or6 = 0;
     int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
-    int c_tlsextdebug = 0, c_status_req = 0;
+    int c_tlsextdebug = 0;
+#ifndef OPENSSL_NO_OCSP
+    int c_status_req = 0;
+#endif
     BIO *bio_c_msg = NULL;
 
     FD_ZERO(&readfds);
@@ -1065,7 +1070,9 @@ int s_client_main(int argc, char **argv)
             c_tlsextdebug = 1;
             break;
         case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
             c_status_req = 1;
+#endif
             break;
         case OPT_WDEBUG:
 #ifdef WATT32
@@ -1819,7 +1826,10 @@ int s_client_main(int argc, char **argv)
     SSL_set_connect_state(con);
 
     /* ok, lets connect */
-    width = SSL_get_fd(con) + 1;
+    if (fileno_stdin() > SSL_get_fd(con))
+        width = fileno_stdin() + 1;
+    else
+        width = SSL_get_fd(con) + 1;
 
     read_tty = 1;
     write_tty = 0;
@@ -2148,9 +2158,11 @@ int s_client_main(int argc, char **argv)
                  * set the flag so we exit.
                  */
                 if (read_tty && !at_eof)
-                    openssl_fdset(fileno(stdin), &readfds);
+                    openssl_fdset(fileno_stdin(), &readfds);
+#if !defined(OPENSSL_SYS_VMS)
                 if (write_tty)
-                    openssl_fdset(fileno(stdout), &writefds);
+                    openssl_fdset(fileno_stdout(), &writefds);
+#endif
             }
             if (read_ssl)
                 openssl_fdset(SSL_get_fd(con), &readfds);
@@ -2276,11 +2288,11 @@ int s_client_main(int argc, char **argv)
                 goto shut;
             }
         }
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS)
         /* Assume Windows/DOS/BeOS can always write */
         else if (!ssl_pending && write_tty)
 #else
-        else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds))
+        else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds))
 #endif
         {
 #ifdef CHARSET_EBCDIC
@@ -2369,7 +2381,7 @@ int s_client_main(int argc, char **argv)
 #if defined(OPENSSL_SYS_MSDOS)
         else if (has_stdin_waiting())
 #else
-        else if (FD_ISSET(fileno(stdin), &readfds))
+        else if (FD_ISSET(fileno_stdin(), &readfds))
 #endif
         {
             if (crlf) {
@@ -2392,9 +2404,10 @@ int s_client_main(int argc, char **argv)
                 assert(lf_num == 0);
             } else
                 i = raw_read_stdin(cbuf, BUFSIZZ);
-
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
             if (i == 0)
                 at_eof = 1;
+#endif
 
             if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
                 BIO_printf(bio_err, "DONE\n");

apps/s_server.c

@@ -932,7 +932,10 @@ int s_server_main(int argc, char *argv[])
     const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL;
     const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
     char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
-    int s_tlsextstatus = 0, no_resume_ephemeral = 0;
+#ifndef OPENSSL_NO_OCSP
+    int s_tlsextstatus = 0;
+#endif
+    int no_resume_ephemeral = 0;
     unsigned int split_send_fragment = 0, max_pipelines = 0;
     const char *s_serverinfo_file = NULL;
 
@@ -1206,14 +1209,20 @@ int s_server_main(int argc, char *argv[])
             s_tlsextdebug = 1;
             break;
         case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
             s_tlsextstatus = 1;
+#endif
             break;
         case OPT_STATUS_VERBOSE:
+#ifndef OPENSSL_NO_OCSP
             s_tlsextstatus = tlscstatp.verbose = 1;
+#endif
             break;
         case OPT_STATUS_TIMEOUT:
+#ifndef OPENSSL_NO_OCSP
             s_tlsextstatus = 1;
             tlscstatp.timeout = atoi(opt_arg());
+#endif
             break;
         case OPT_STATUS_URL:
 #ifndef OPENSSL_NO_OCSP
@@ -2107,7 +2116,10 @@ static int sv_body(int s, int stype, unsigned char *context)
         SSL_set_tlsext_debug_arg(con, bio_s_out);
     }
 
-    width = s + 1;
+    if (fileno_stdin() > s)
+        width = fileno_stdin() + 1;
+    else
+        width = s + 1;
     for (;;) {
         int read_from_terminal;
         int read_from_sslcon;
@@ -2119,7 +2131,7 @@ static int sv_body(int s, int stype, unsigned char *context)
         if (!read_from_sslcon) {
             FD_ZERO(&readfds);
 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
-            openssl_fdset(fileno(stdin), &readfds);
+            openssl_fdset(fileno_stdin(), &readfds);
 #endif
             openssl_fdset(s, &readfds);
             /*
@@ -2159,7 +2171,7 @@ static int sv_body(int s, int stype, unsigned char *context)
 
             if (i <= 0)
                 continue;
-            if (FD_ISSET(fileno(stdin), &readfds))
+            if (FD_ISSET(fileno_stdin(), &readfds))
                 read_from_terminal = 1;
 #endif
             if (FD_ISSET(s, &readfds))
@@ -2186,6 +2198,7 @@ static int sv_body(int s, int stype, unsigned char *context)
                 assert(lf_num == 0);
             } else
                 i = raw_read_stdin(buf, bufsize);
+
             if (!s_quiet && !s_brief) {
                 if ((i <= 0) || (buf[0] == 'Q')) {
                     BIO_printf(bio_s_out, "DONE\n");

apps/smime.c

@@ -37,7 +37,7 @@ typedef enum OPTION_choice {
     OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
     OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
     OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
-    OPT_NOOLDMIME, OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
+    OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
     OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
     OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
     OPT_V_ENUM,
@@ -88,14 +88,14 @@ OPTIONS smime_options[] = {
      "Do not load the default certificates file"},
     {"no-CApath", OPT_NOCAPATH, '-',
      "Do not load certificates from the default certificates directory"},
-    {"resign", OPT_RESIGN, '-'},
-    {"nochain", OPT_NOCHAIN, '-'},
-    {"nosmimecap", OPT_NOSMIMECAP, '-'},
-    {"stream", OPT_STREAM, '-'},
-    {"indef", OPT_INDEF, '-'},
-    {"noindef", OPT_NOINDEF, '-'},
-    {"nooldmime", OPT_NOOLDMIME, '-'},
-    {"crlfeol", OPT_CRLFEOL, '-'},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"nochain", OPT_NOCHAIN, '-', 
+     "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
+    {"indef", OPT_INDEF, '-', "Same as -stream" },
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
     {"rand", OPT_RAND, 's',
      "Load the file(s) into the random number generator"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
@@ -220,9 +220,6 @@ int smime_main(int argc, char **argv)
         case OPT_NOINDEF:
             indef = 0;
             break;
-        case OPT_NOOLDMIME:
-            flags |= PKCS7_NOOLDMIMETYPE;
-            break;
         case OPT_CRLFEOL:
             flags |= PKCS7_CRLFEOL;
             mime_eol = "\r\n";

apps/spkac.c

@@ -38,7 +38,8 @@ OPTIONS spkac_options[] = {
     {"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
     {"pubkey", OPT_PUBKEY, '-', "Output public key"},
     {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
-    {"spksect", OPT_SPKSECT, 's'},
+    {"spksect", OPT_SPKSECT, 's',
+     "Specify the name of an SPKAC-dedicated section of configuration"},
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif

apps/ts.c

@@ -107,7 +107,7 @@ OPTIONS ts_options[] = {
     {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"inkey", OPT_INKEY, '<', "File with private key for reply"},
-    {"signer", OPT_SIGNER, 's'},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
     {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
     {"verify", OPT_VERIFY, '-', "Verify a TS response"},
     {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},

apps/vms_term_sock.c

@@ -0,0 +1,590 @@
+/*
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef __VMS
+# define OPENSSL_SYS_VMS
+# pragma message disable DOLLARID
+
+
+# include <openssl/opensslconf.h>
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+#  define _POSIX_C_SOURCE 2
+# endif
+
+# include <stdio.h>
+
+# undef _POSIX_C_SOURCE
+
+# include <sys/types.h>
+# include <sys/socket.h>
+# include <netinet/in.h>
+# include <inet.h>
+# include <unistd.h>
+# include <string.h>
+# include <errno.h>
+# include <starlet.h>
+# include <iodef.h>
+# ifdef __alpha
+#  include <iosbdef.h>
+# else
+typedef struct _iosb {           /* Copied from IOSBDEF.H for Alpha  */
+#  pragma __nomember_alignment
+    __union  {
+        __struct  {
+            unsigned short int iosb$w_status; /* Final I/O status           */
+            __union  {
+                __struct  {             /* 16-bit byte count variant        */
+                    unsigned short int iosb$w_bcnt; /* 16-bit byte count    */
+                    __union  {
+                        unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
+                        unsigned int iosb$l_pid; /* 32-bit pid              */
+                    } iosb$r_l;
+                } iosb$r_bcnt_16;
+                __struct  {             /* 32-bit byte count variant        */
+                    unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
+                    unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
+                } iosb$r_bcnt_32;
+            } iosb$r_devdepend;
+        } iosb$r_io_64;
+        __struct  {
+            __union  {
+                unsigned int iosb$l_getxxi_status; /* Final GETxxI status   */
+                unsigned int iosb$l_reg_status; /* Final $Registry status   */
+            } iosb$r_l_status;
+            unsigned int iosb$l_reserved; /* Reserved field                 */
+        } iosb$r_get_64;
+    } iosb$r_io_get;
+} IOSB;
+
+#  if !defined(__VAXC)
+#   define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
+#   define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
+#   define iosb$r_l        iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
+#   define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
+#   define iosb$l_pid iosb$r_l.iosb$l_pid
+#   define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
+#   define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
+#   define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
+#   define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
+#  endif          /* #if !defined(__VAXC) */
+
+# endif  /* End of IOSBDEF */
+
+# include <efndef.h>
+# include <stdlib.h>
+# include <ssdef.h>
+# include <time.h>
+# include <stdarg.h>
+# include <descrip.h>
+
+# include "vms_term_sock.h"
+
+# ifdef __alpha
+static struct _iosb TerminalDeviceIosb;
+# else
+IOSB TerminalDeviceIosb;
+# endif
+
+static char TerminalDeviceBuff[255 + 2];
+static int TerminalSocketPair[2] = {0, 0};
+static unsigned short TerminalDeviceChan = 0;
+
+static int CreateSocketPair (int, int, int, int *);
+static void SocketPairTimeoutAst (int);
+static int TerminalDeviceAst (int);
+static void LogMessage (char *, ...);
+
+/*
+** Socket Pair Timeout Value (must be 0-59 seconds)
+*/
+# define SOCKET_PAIR_TIMEOUT_VALUE 20
+
+/*
+** Socket Pair Timeout Block which is passed to timeout AST
+*/
+typedef struct _SocketPairTimeoutBlock {
+    unsigned short SockChan1;
+    unsigned short SockChan2;
+} SPTB;
+
+# ifdef TERM_SOCK_TEST
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+int main (int argc, char *argv[], char *envp[])
+{
+    char TermBuff[80];
+    int TermSock,
+        status,
+        len;
+
+    LogMessage ("Enter 'q' or 'Q' to quit ...");
+    while (strcasecmp (TermBuff, "Q")) {
+        /*
+        ** Create the terminal socket
+        */
+        status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
+        if (status != TERM_SOCK_SUCCESS)
+            exit (1);
+
+        /*
+        ** Process the terminal input
+        */
+        LogMessage ("Waiting on terminal I/O ...\n");
+        len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
+        TermBuff[len] = '\0';
+        LogMessage ("Received terminal I/O [%s]", TermBuff);
+
+        /*
+        ** Delete the terminal socket
+        */
+        status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
+        if (status != TERM_SOCK_SUCCESS)
+            exit (1);
+    }
+
+    return 1;
+
+}
+# endif
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket)
+{
+    int status;
+    $DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
+
+    /*
+    ** Process the requested function code
+    */
+    switch (FunctionCode) {
+    case TERM_SOCK_CREATE:
+        /*
+        ** Create a socket pair
+        */
+        status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
+        if (status == -1) {
+            LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
+            if (TerminalSocketPair[0])
+                close (TerminalSocketPair[0]);
+            if (TerminalSocketPair[1])
+                close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Assign a channel to the terminal device
+        */
+        status = sys$assign (&TerminalDeviceDesc,
+                             &TerminalDeviceChan,
+                             0, 0, 0);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Queue an async IO to the terminal device
+        */
+        status = sys$qio (EFN$C_ENF,
+                          TerminalDeviceChan,
+                          IO$_READVBLK,
+                          &TerminalDeviceIosb,
+                          TerminalDeviceAst,
+                          0,
+                          TerminalDeviceBuff,
+                          sizeof (TerminalDeviceBuff) - 2,
+                          0, 0, 0, 0);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Return the input side of the socket pair
+        */
+        *ReturnSocket = TerminalSocketPair[1];
+        break;
+
+    case TERM_SOCK_DELETE:
+        /*
+        ** Cancel any pending IO on the terminal channel
+        */
+        status = sys$cancel (TerminalDeviceChan);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+	** Deassign the terminal channel
+	*/
+        status = sys$dassgn (TerminalDeviceChan);
+        if (! (status & 1)) {
+            LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
+            close (TerminalSocketPair[0]);
+            close (TerminalSocketPair[1]);
+            return (TERM_SOCK_FAILURE);
+        }
+
+        /*
+        ** Close the terminal socket pair
+        */
+        close (TerminalSocketPair[0]);
+        close (TerminalSocketPair[1]);
+
+        /*
+	** Return the initialized socket
+	*/
+        *ReturnSocket = 0;
+        break;
+
+    default:
+        /*
+	** Invalid function code
+	*/
+        LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
+        return (TERM_SOCK_FAILURE);
+        break;
+    }
+
+    /*
+    ** Return success
+    */
+    return (TERM_SOCK_SUCCESS);
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static int CreateSocketPair (int SocketFamily,
+                             int SocketType,
+                             int SocketProtocol,
+                             int *SocketPair)
+{
+    struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
+    static const char* LocalHostAddr = {"127.0.0.1"};
+    unsigned short TcpAcceptChan = 0,
+        TcpDeviceChan = 0;
+    unsigned long BinTimeBuff[2];
+    struct sockaddr_in sin;
+    char AscTimeBuff[32];
+    short LocalHostPort;
+    int status;
+    unsigned int slen;
+
+# ifdef __alpha
+    struct _iosb iosb;
+# else
+    IOSB iosb;
+# endif
+
+    int SockDesc1 = 0,
+        SockDesc2 = 0;
+    SPTB sptb;
+    $DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
+
+    /*
+    ** Create a socket
+    */
+    SockDesc1 = socket (SocketFamily, SocketType, 0);
+    if (SockDesc1 < 0) {
+        LogMessage ("CreateSocketPair: socket () - %d", errno);
+        return (-1);
+    }
+
+    /*
+    ** Initialize the socket information
+    */
+    slen = sizeof (sin);
+    memset ((char *) &sin, 0, slen);
+    sin.sin_family = SocketFamily;
+    sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
+    sin.sin_port = 0;
+
+    /*
+    ** Bind the socket to the local IP
+    */
+    status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
+    if (status < 0) {
+        LogMessage ("CreateSocketPair: bind () - %d", errno);
+        close (SockDesc1);
+        return (-1);
+    }
+
+    /*
+    ** Get the socket name so we can save the port number
+    */
+    status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
+    if (status < 0) {
+        LogMessage ("CreateSocketPair: getsockname () - %d", errno);
+        close (SockDesc1);
+        return (-1);
+    } else
+        LocalHostPort = sin.sin_port;
+
+    /*
+    ** Setup a listen for the socket
+    */
+    listen (SockDesc1, 5);
+
+    /*
+    ** Get the binary (64-bit) time of the specified timeout value
+    */
+    sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
+    AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
+    AscTimeDesc.dsc$a_pointer = AscTimeBuff;
+    status = sys$bintim (&AscTimeDesc, BinTimeBuff);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
+        close (SockDesc1);
+        return (-1);
+    }
+
+    /*
+    ** Assign another channel to the TCP/IP device for the accept.
+    ** This is the channel that ends up being connected to.
+    */
+    status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
+        close (SockDesc1);
+        return (-1);
+    }
+
+    /*
+    ** Get the channel of the first socket for the accept
+    */
+    TcpAcceptChan = decc$get_sdc (SockDesc1);
+
+    /*
+    ** Perform the accept using $QIO so we can do this asynchronously
+    */
+    status = sys$qio (EFN$C_ENF,
+                      TcpAcceptChan,
+                      IO$_ACCESS | IO$M_ACCEPT,
+                      &iosb,
+                      0, 0, 0, 0, 0,
+                      &TcpDeviceChan,
+                      0, 0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
+        close (SockDesc1);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Create the second socket to do the connect
+    */
+    SockDesc2 = socket (SocketFamily, SocketType, 0);
+    if (SockDesc2 < 0) {
+        LogMessage ("CreateSocketPair: socket () - %d", errno);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        sys$dassgn (TcpDeviceChan);
+        return (-1) ;
+    }
+
+    /*
+    ** Setup the Socket Pair Timeout Block
+    */
+    sptb.SockChan1 = TcpAcceptChan;
+    sptb.SockChan2 = decc$get_sdc (SockDesc2);
+
+    /*
+    ** Before we block on the connect, set a timer that can cancel I/O on our
+    ** two sockets if it never connects.
+    */
+    status = sys$setimr (EFN$C_ENF,
+                         BinTimeBuff,
+                         SocketPairTimeoutAst,
+                         &sptb,
+                         0);
+    if (! (status & 1)) {
+        LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Now issue the connect
+    */
+    memset ((char *) &sin, 0, sizeof (sin)) ;
+    sin.sin_family = SocketFamily;
+    sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
+    sin.sin_port = LocalHostPort ;
+
+    status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
+    if (status < 0 ) {
+        LogMessage ("CreateSocketPair: connect () - %d", errno);
+        sys$cantim (&sptb, 0);
+        sys$cancel (TcpAcceptChan);
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Wait for the asynch $QIO to finish.  Note that if the I/O was aborted
+    ** (SS$_ABORT), then we probably canceled it from the AST routine - so log
+    ** a timeout.
+    */
+    status = sys$synch (EFN$C_ENF, &iosb);
+    if (! (iosb.iosb$w_status & 1)) {
+        if (iosb.iosb$w_status == SS$_ABORT)
+            LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
+        else {
+            LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
+                        iosb.iosb$w_status);
+            sys$cantim (&sptb, 0);
+        }
+        close (SockDesc1);
+        close (SockDesc2);
+        sys$dassgn (TcpDeviceChan);
+        return (-1);
+    }
+
+    /*
+    ** Here we're successfully connected, so cancel the timer, convert the
+    ** I/O channel to a socket fd, close the listener socket and return the
+    ** connected pair.
+    */
+    sys$cantim (&sptb, 0);
+
+    close (SockDesc1) ;
+    SocketPair[0] = SockDesc2 ;
+    SocketPair[1] = socket_fd (TcpDeviceChan);
+
+    return (0) ;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static void SocketPairTimeoutAst (int astparm)
+{
+    SPTB *sptb = (SPTB *) astparm;
+
+    sys$cancel (sptb->SockChan2); /* Cancel the connect() */
+    sys$cancel (sptb->SockChan1); /* Cancel the accept() */
+
+    return;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static int TerminalDeviceAst (int astparm)
+{
+    int status;
+
+    /*
+    ** Terminate the terminal buffer
+    */
+    TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
+    strcat (TerminalDeviceBuff, "\n");
+
+    /*
+    ** Send the data read from the terminal device throught the socket pair
+    */
+    send (TerminalSocketPair[0], TerminalDeviceBuff,
+          TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
+
+    /*
+    ** Queue another async IO to the terminal device
+    */
+    status = sys$qio (EFN$C_ENF,
+                      TerminalDeviceChan,
+                      IO$_READVBLK,
+                      &TerminalDeviceIosb,
+                      TerminalDeviceAst,
+                      0,
+                      TerminalDeviceBuff,
+                      sizeof (TerminalDeviceBuff) - 1,
+                      0, 0, 0, 0);
+
+    /*
+    ** Return status
+    */
+    return status;
+
+}
+
+/*----------------------------------------------------------------------------*/
+/*                                                                            */
+/*----------------------------------------------------------------------------*/
+static void LogMessage (char *msg, ...)
+{
+    char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+    static unsigned int pid = 0;
+    va_list args;
+    time_t CurTime;
+    struct tm *LocTime;
+    char MsgBuff[256];
+
+    /*
+    ** Get the process pid
+    */
+    if (pid == 0)
+        pid = getpid ();
+
+    /*
+    ** Convert the current time into local time
+    */
+    CurTime = time (NULL);
+    LocTime = localtime (&CurTime);
+
+    /*
+    ** Format the message buffer
+    */
+    sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
+             LocTime->tm_mday, Month[LocTime->tm_mon],
+             (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
+             LocTime->tm_sec, pid, msg);
+
+    /*
+    ** Get any variable arguments and add them to the print of the message
+    ** buffer
+    */
+    va_start (args, msg);
+    vfprintf (stderr, MsgBuff, args);
+    va_end (args);
+
+    /*
+    ** Flush standard error output
+    */
+    fsync (fileno (stderr));
+
+    return;
+
+}
+#endif

apps/vms_term_sock.h

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef TERM_SOCK_H
+# define TERM_SOCK_H
+
+/*
+** Terminal Socket Function Codes
+*/
+# define TERM_SOCK_CREATE       1
+# define TERM_SOCK_DELETE       2
+
+/*
+** Terminal Socket Status Codes
+*/
+# define TERM_SOCK_FAILURE      0
+# define TERM_SOCK_SUCCESS      1
+
+/*
+** Terminal Socket Prototype
+*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket);
+
+#endif

apps/x509.c

@@ -92,7 +92,7 @@ OPTIONS x509_options[] = {
     {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"},
     {"trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate"},
     {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"},
-    {"clrext", OPT_CLREXT, '-', "Clear all rejected purposes"},
+    {"clrext", OPT_CLREXT, '-', "Clear all certificate extensions"},
     {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"},
     {"addreject", OPT_ADDREJECT, 's',
      "Reject certificate for a given purpose"},
@@ -125,9 +125,10 @@ OPTIONS x509_options[] = {
     {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
     {"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"},
     {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
-    {"force_pubkey", OPT_FORCE_PUBKEY, '<'},
-    {"next_serial", OPT_NEXT_SERIAL, '-'},
-    {"clrreject", OPT_CLRREJECT, '-'},
+    {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
+    {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
+    {"clrreject", OPT_CLRREJECT, '-',
+     "Clears all the prohibited or rejected uses of the certificate"},
     {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
     {"", OPT_MD, '-', "Any supported digest"},
 #ifndef OPENSSL_NO_MD5
@@ -626,10 +627,9 @@ int x509_main(int argc, char **argv)
                 i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
                 BIO_printf(out, "\n");
             } else if (next_serial == i) {
-                BIGNUM *bnser;
-                ASN1_INTEGER *ser;
-                ser = X509_get_serialNumber(x);
-                bnser = ASN1_INTEGER_to_BN(ser, NULL);
+                ASN1_INTEGER *ser = X509_get_serialNumber(x);
+                BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL);
+
                 if (!bnser)
                     goto end;
                 if (!BN_add_word(bnser, 1))

crypto/bio/b_addr.c

@@ -604,6 +604,7 @@ static int addrinfo_wrap(int family, int socktype,
 
 DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
 {
+    OPENSSL_init_crypto(0, NULL);
     bio_lookup_lock = CRYPTO_THREAD_lock_new();
     return bio_lookup_lock != NULL;
 }

crypto/bio/bss_file.c

@@ -73,7 +73,11 @@ BIO *BIO_new_file(const char *filename, const char *mode)
     if (file == NULL) {
         SYSerr(SYS_F_FOPEN, get_last_sys_error());
         ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
-        if (errno == ENOENT)
+        if (errno == ENOENT
+# ifdef ENXIO
+            || errno == ENXIO
+# endif
+            )
             BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
         else
             BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);

crypto/bn/asm/x86_64-gcc.c

@@ -203,7 +203,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
     BN_ULONG ret, waste;
 
  asm("divq      %4":"=a"(ret), "=d"(waste)
- :     "a"(l), "d"(h), "g"(d)
+ :     "a"(l), "d"(h), "r"(d)
  :     "cc");
 
     return ret;

crypto/bn/bn_div.c

@@ -105,7 +105,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
         ({  asm volatile (                      \
                 "divl   %4"                     \
                 : "=a"(q), "=d"(rem)            \
-                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "a"(n1), "d"(n0), "r"(d0)     \
                 : "cc");                        \
             q;                                  \
         })
@@ -120,7 +120,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
         ({  asm volatile (                      \
                 "divq   %4"                     \
                 : "=a"(q), "=d"(rem)            \
-                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "a"(n1), "d"(n0), "r"(d0)     \
                 : "cc");                        \
             q;                                  \
         })

crypto/bn/bn_lcl.h

@@ -428,8 +428,8 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 #   endif
 #  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #   if defined(__GNUC__) && __GNUC__>=2
-#    if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
-                                     /* "h" constraint is no more since 4.4 */
+#    if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+      /* "h" constraint is not an option on R6 and was removed in 4.4 */
 #     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
 #     define BN_UMULT_LOHI(low,high,a,b) ({     \
         __uint128_t ret=(__uint128_t)(a)*(b);   \

crypto/bn/bn_lib.c

@@ -1031,5 +1031,7 @@ void bn_correct_top(BIGNUM *a)
         }
         a->top = tmp_top;
     }
+    if (a->top == 0)
+        a->neg = 0;
     bn_pollute(a);
 }

crypto/bn/bn_print.c

@@ -23,12 +23,9 @@ char *BN_bn2hex(const BIGNUM *a)
     char *buf;
     char *p;
 
-    if (a->neg && BN_is_zero(a)) {
-        /* "-0" == 3 bytes including NULL terminator */
-        buf = OPENSSL_malloc(3);
-    } else {
-        buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
-    }
+    if (BN_is_zero(a))
+        return OPENSSL_strdup("0");
+    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
     if (buf == NULL) {
         BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -186,10 +183,12 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
     }
     ret->top = h;
     bn_correct_top(ret);
-    ret->neg = neg;
 
     *bn = ret;
     bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
     return (num);
  err:
     if (*bn == NULL)
@@ -241,7 +240,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
     if (j == BN_DEC_NUM)
         j = 0;
     l = 0;
-    while (*a) {
+    while (--i >= 0) {
         l *= 10;
         l += *a - '0';
         a++;
@@ -253,11 +252,13 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
             j = 0;
         }
     }
-    ret->neg = neg;
 
     bn_correct_top(ret);
     *bn = ret;
     bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
     return (num);
  err:
     if (*bn == NULL)
@@ -268,6 +269,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
 int BN_asc2bn(BIGNUM **bn, const char *a)
 {
     const char *p = a;
+
     if (*p == '-')
         p++;
 
@@ -278,7 +280,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
         if (!BN_dec2bn(bn, p))
             return 0;
     }
-    if (*a == '-')
+    /* Don't set the negative flag if it's zero. */
+    if (*a == '-' && (*bn)->top != 0)
         (*bn)->neg = 1;
     return 1;
 }

crypto/bn/bn_rand.c

@@ -20,15 +20,14 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     int ret = 0, bit, bytes, mask;
     time_t tim;
 
-    if (bits < 0 || (bits == 1 && top > 0)) {
-        BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
-        return 0;
-    }
-
     if (bits == 0) {
+        if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
+            goto toosmall;
         BN_zero(rnd);
         return 1;
     }
+    if (bits < 0 || (bits == 1 && top > 0))
+        goto toosmall;
 
     bytes = (bits + 7) / 8;
     bit = (bits - 1) % 8;
@@ -88,6 +87,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     OPENSSL_clear_free(buf, bytes);
     bn_check_top(rnd);
     return (ret);
+
+toosmall:
+    BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+    return 0;
 }
 
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)

crypto/chacha/asm/chacha-ppc.pl

@@ -133,6 +133,7 @@ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
 
 $code.=<<___;
 .machine	"any"
+.text
 
 .globl	.ChaCha20_ctr32_int
 .align	5

crypto/dsa/dsa_gen.c

@@ -100,6 +100,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     p = BN_CTX_get(ctx);
     test = BN_CTX_get(ctx);
 
+    if (test == NULL)
+        goto err;
+
     if (!BN_lshift(test, BN_value_one(), bits - 1))
         goto err;
 

crypto/ec/ec_ameth.c

@@ -171,6 +171,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
     const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
     const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
         *pb = EC_KEY_get0_public_key(b->pkey.ec);
+    if (group == NULL || pa == NULL || pb == NULL)
+        return -2;
     r = EC_POINT_cmp(group, pa, pb, NULL);
     if (r == 0)
         return 1;
@@ -311,6 +313,8 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
         *group_b = EC_KEY_get0_group(b->pkey.ec);
+    if (group_a == NULL || group_b == NULL)
+        return -2;
     if (EC_GROUP_cmp(group_a, group_b, NULL))
         return 0;
     else
@@ -341,7 +345,7 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype)
         return 0;
     }
 
-    if (ktype != EC_KEY_PRINT_PARAM) {
+    if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
         publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
         if (publen == 0)
             goto err;

crypto/ec/ec_lcl.h

@@ -169,7 +169,7 @@ struct ec_method_st {
     /* custom ECDH operation */
     int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
                             const EC_POINT *pub_key, const EC_KEY *ecdh);
-} /* EC_METHOD */ ;
+};
 
 /*
  * Types and functions to manipulate pre-computed values.
@@ -228,11 +228,16 @@ struct ec_group_st {
     /* data for ECDSA inverse */
     BN_MONT_CTX *mont_data;
 
-    /* precomputed values for speed. */
+    /*
+     * Precomputed values for speed. The PCT_xxx names match the
+     * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP
+     * macros, below.
+     */
     enum {
-        pct_none,
-        pct_nistp224, pct_nistp256, pct_nistp521, pct_nistz256,
-        pct_ec } pre_comp_type;
+        PCT_none,
+        PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256,
+        PCT_ec
+    } pre_comp_type;
     union {
         NISTP224_PRE_COMP *nistp224;
         NISTP256_PRE_COMP *nistp256;
@@ -240,12 +245,12 @@ struct ec_group_st {
         NISTZ256_PRE_COMP *nistz256;
         EC_PRE_COMP *ec;
     } pre_comp;
-} /* EC_GROUP */ ;
+};
 
 #define SETPRECOMP(g, type, pre) \
-    g->pre_comp_type = pct_##type, g->pre_comp.type = pre
+    g->pre_comp_type = PCT_##type, g->pre_comp.type = pre
 #define HAVEPRECOMP(g, type) \
-    g->pre_comp_type == pct_##type && g->pre_comp.type != NULL
+    g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL
 
 struct ec_key_st {
     const EC_KEY_METHOD *meth;
@@ -260,7 +265,7 @@ struct ec_key_st {
     int flags;
     CRYPTO_EX_DATA ex_data;
     CRYPTO_RWLOCK *lock;
-} /* EC_KEY */ ;
+};
 
 struct ec_point_st {
     const EC_METHOD *meth;
@@ -274,7 +279,7 @@ struct ec_point_st {
                                  * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
     int Z_is_one;               /* enable optimized point arithmetics for
                                  * special case */
-} /* EC_POINT */ ;
+};
 
 NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
 NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
@@ -574,7 +579,7 @@ struct ec_key_method_st {
                   const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
     int (*verify_sig)(const unsigned char *dgst, int dgst_len,
                       const ECDSA_SIG *sig, EC_KEY *eckey);
-} /* EC_KEY_METHOD */ ;
+};
 
 #define EC_KEY_METHOD_DYNAMIC   1
 

crypto/ec/ec_lib.c

@@ -69,22 +69,22 @@ void EC_pre_comp_free(EC_GROUP *group)
     default:
         break;
 #ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
-    case pct_nistz256:
+    case PCT_nistz256:
         EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
         break;
 #endif
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    case pct_nistp224:
+    case PCT_nistp224:
         EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
         break;
-    case pct_nistp256:
+    case PCT_nistp256:
         EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
         break;
-    case pct_nistp521:
+    case PCT_nistp521:
         EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
         break;
 #endif
-    case pct_ec:
+    case PCT_ec:
         EC_ec_pre_comp_free(group->pre_comp.ec);
         break;
     }
@@ -147,22 +147,22 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
         dest->pre_comp.ec = NULL;
         break;
 #ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
-    case pct_nistz256:
+    case PCT_nistz256:
         dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
         break;
 #endif
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    case pct_nistp224:
+    case PCT_nistp224:
         dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
         break;
-    case pct_nistp256:
+    case PCT_nistp256:
         dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
         break;
-    case pct_nistp521:
+    case PCT_nistp521:
         dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
         break;
 #endif
-    case pct_ec:
+    case PCT_ec:
         dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
         break;
     }

crypto/engine/eng_lib.c

@@ -18,6 +18,7 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
 
 DEFINE_RUN_ONCE(do_engine_lock_init)
 {
+    OPENSSL_init_crypto(0, NULL);
     global_engine_lock = CRYPTO_THREAD_lock_new();
     return global_engine_lock != NULL;
 }

crypto/err/err.c

@@ -251,6 +251,7 @@ static void ERR_STATE_free(ERR_STATE *s)
 
 DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
 {
+    OPENSSL_init_crypto(0, NULL);
     err_string_lock = CRYPTO_THREAD_lock_new();
     return err_string_lock != NULL;
 }

crypto/evp/e_rc4_hmac_md5.c

@@ -60,7 +60,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
     return 1;
 }
 
-# if     !defined(OPENSSL_NO_ASM) &&     ( \
+# if     defined(RC4_ASM) && defined(MD5_ASM) &&     (	   \
         defined(__x86_64)       || defined(__x86_64__)  || \
         defined(_M_AMD64)       || defined(_M_X64)      )
 #  define STITCHED_CALL

crypto/evp/p_lib.c

@@ -398,6 +398,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
         return;
     REF_ASSERT_ISNT(i < 0);
     EVP_PKEY_free_it(x);
+    CRYPTO_THREAD_lock_free(x->lock);
     sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
     OPENSSL_free(x);
 }
@@ -413,7 +414,6 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
     ENGINE_finish(x->engine);
     x->engine = NULL;
 #endif
-    CRYPTO_THREAD_lock_free(x->lock);
 }
 
 static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,

crypto/ex_data.c

@@ -38,6 +38,7 @@ static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
 
 DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
 {
+    OPENSSL_init_crypto(0, NULL);
     ex_data_lock = CRYPTO_THREAD_lock_new();
     return ex_data_lock != NULL;
 }

crypto/include/internal/cryptlib.h

@@ -35,7 +35,7 @@ typedef struct ex_callback_st EX_CALLBACK;
 DEFINE_STACK_OF(EX_CALLBACK)
 
 typedef struct app_mem_info_st APP_INFO;
-DEFINE_LHASH_OF(APP_INFO);
+
 typedef struct mem_st MEM;
 DEFINE_LHASH_OF(MEM);
 

crypto/lhash/lhash.c

@@ -213,8 +213,8 @@ static int expand(OPENSSL_LHASH *lh)
         j = (int)lh->num_alloc_nodes * 2;
         n = OPENSSL_realloc(lh->b, (int)(sizeof(OPENSSL_LH_NODE *) * j));
         if (n == NULL) {
-            /* fputs("realloc error in lhash",stderr); */
             lh->error++;
+            lh->num_nodes--;
             lh->p = 0;
             return 0;
         }

crypto/modes/asm/ghash-armv4.pl

@@ -143,8 +143,10 @@ $code=<<___;
 #include "arm_arch.h"
 
 .text
-#if defined(__thumb2__)
+#if defined(__thumb2__) || defined(__clang__)
 .syntax	unified
+#endif
+#if defined(__thumb2__)
 .thumb
 #else
 .code	32

crypto/ocsp/ocsp_srv.c

@@ -193,17 +193,10 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
 
     rid = &brsp->tbsResponseData.responderId;
     if (flags & OCSP_RESPID_KEY) {
-        unsigned char md[SHA_DIGEST_LENGTH];
-        X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
-        if ((rid->value.byKey = ASN1_OCTET_STRING_new()) == NULL)
+        if (!OCSP_RESPID_set_by_key(rid, signer))
             goto err;
-        if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
-            goto err;
-        rid->type = V_OCSP_RESPID_KEY;
-    } else {
-        if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer)))
-            goto err;
-        rid->type = V_OCSP_RESPID_NAME;
+    } else if (!OCSP_RESPID_set_by_name(rid, signer)) {
+        goto err;
     }
 
     if (!(flags & OCSP_NOTIME) &&
@@ -222,3 +215,63 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
  err:
     return 0;
 }
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)
+{
+    if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
+        return 0;
+
+    respid->type = V_OCSP_RESPID_NAME;
+
+    return 1;
+}
+
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert)
+{
+    ASN1_OCTET_STRING *byKey = NULL;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* RFC2560 requires SHA1 */
+    if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+        return 0;
+
+    byKey = ASN1_OCTET_STRING_new();
+    if (byKey == NULL)
+        return 0;
+
+    if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) {
+        ASN1_OCTET_STRING_free(byKey);
+        return 0;
+    }
+
+    respid->type = V_OCSP_RESPID_KEY;
+    respid->value.byKey = byKey;
+
+    return 1;
+}
+
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)
+{
+    if (respid->type == V_OCSP_RESPID_KEY) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        if (respid->value.byKey == NULL)
+            return 0;
+
+        /* RFC2560 requires SHA1 */
+        if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+            return 0;
+
+        return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
+            && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
+                       SHA_DIGEST_LENGTH) == 0);
+    } else if(respid->type == V_OCSP_RESPID_NAME) {
+        if (respid->value.byName == NULL)
+            return 0;
+
+        return X509_NAME_cmp(respid->value.byName,
+                             X509_get_subject_name(cert)) == 0;
+    }
+
+    return 0;
+}

crypto/rand/md_rand.c

@@ -89,6 +89,7 @@ static RAND_METHOD rand_meth = {
 
 DEFINE_RUN_ONCE_STATIC(do_rand_lock_init)
 {
+    OPENSSL_init_crypto(0, NULL);
     rand_lock = CRYPTO_THREAD_lock_new();
     rand_tmp_lock = CRYPTO_THREAD_lock_new();
     return rand_lock != NULL && rand_tmp_lock != NULL;

crypto/rand/randfile.c

@@ -316,12 +316,14 @@ const char *RAND_file_name(char *buf, size_t size)
         }
     }
 #else
-    if (OPENSSL_issetugid() == 0) {
-        s = getenv("RANDFILE");
-    } else {
+    if (OPENSSL_issetugid() != 0) {
         use_randfile = 0;
-        if (OPENSSL_issetugid() == 0)
+    } else {
+        s = getenv("RANDFILE");
+        if (s == NULL || *s == '\0') {
+            use_randfile = 0;
             s = getenv("HOME");
+        }
     }
 #endif
 #ifdef DEFAULT_HOME
@@ -355,14 +357,10 @@ const char *RAND_file_name(char *buf, size_t size)
      * available.
      */
 
-    if (!buf[0])
-        if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
-            return NULL;
-        }
-    if (stat(buf, &sb) == -1)
+    if (!buf[0] || stat(buf, &sb) == -1)
         if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
             return NULL;
         }
 #endif
-    return buf;
+    return buf[0] ? buf : NULL;
 }

crypto/srp/srp_vfy.c

@@ -30,7 +30,7 @@ static char b64table[] =
 /*
  * Convert a base64 string into raw byte array representation.
  */
-static int t_fromb64(unsigned char *a, const char *src)
+static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 {
     char *loc;
     int i, j;
@@ -39,6 +39,9 @@ static int t_fromb64(unsigned char *a, const char *src)
     while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
         ++src;
     size = strlen(src);
+    if (alen > INT_MAX || size > (int)alen)
+        return -1;
+
     i = 0;
     while (i < size) {
         loc = strchr(b64table, src[i]);
@@ -181,13 +184,25 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
     unsigned char tmp[MAX_LEN];
     int len;
 
-    if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
+    vinfo->v = NULL;
+    vinfo->s = NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), v);
+    if (len < 0)
         return 0;
-    len = t_fromb64(tmp, v);
     if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
         return 0;
-    len = t_fromb64(tmp, s);
-    return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
+    len = t_fromb64(tmp, sizeof(tmp), s);
+    if (len < 0)
+        goto err;
+    vinfo->s = BN_bin2bn(tmp, len, NULL);
+    if (vinfo->s == NULL)
+        goto err;
+    return 1;
+ err:
+    BN_free(vinfo->v);
+    vinfo->v = NULL;
+    return 0;
 }
 
 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
@@ -257,10 +272,13 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch)
     if (newgN == NULL)
         return NULL;
 
+    len = t_fromb64(tmp, sizeof(tmp), ch);
+    if (len < 0)
+        goto err;
+
     if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
         goto err;
 
-    len = t_fromb64(tmp, ch);
     if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
         return newgN;
 
@@ -539,11 +557,11 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         goto err;
 
     if (N) {
-        if ((len = t_fromb64(tmp, N)) == 0)
+        if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
             goto err;
         N_bn_alloc = BN_bin2bn(tmp, len, NULL);
         N_bn = N_bn_alloc;
-        if ((len = t_fromb64(tmp, g)) == 0)
+        if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
             goto err;
         g_bn_alloc = BN_bin2bn(tmp, len, NULL);
         g_bn = g_bn_alloc;
@@ -563,7 +581,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
 
         s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
     } else {
-        if ((len = t_fromb64(tmp2, *salt)) == 0)
+        if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0)
             goto err;
         s = BN_bin2bn(tmp2, len, NULL);
     }

crypto/stack/stack.c

@@ -9,6 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/numbers.h"
 #include <openssl/stack.h>
 #include <openssl/objects.h>
 
@@ -16,7 +17,7 @@ struct stack_st {
     int num;
     const char **data;
     int sorted;
-    int num_alloc;
+    size_t num_alloc;
     OPENSSL_sk_compfunc comp;
 };
 
@@ -40,6 +41,9 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
 {
     OPENSSL_STACK *ret;
 
+    if (sk->num < 0)
+        return NULL;
+
     if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
         return NULL;
 
@@ -62,13 +66,16 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
     OPENSSL_STACK *ret;
     int i;
 
+    if (sk->num < 0)
+        return NULL;
+
     if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
         return NULL;
 
     /* direct structure assignment */
     *ret = *sk;
 
-    ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES;
+    ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES;
     ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
     if (ret->data == NULL) {
         OPENSSL_free(ret);
@@ -113,28 +120,40 @@ OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
 
 int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
 {
-    const char **s;
-
-    if (st == NULL)
+    if (st == NULL || st->num < 0 || st->num == INT_MAX) {
         return 0;
-    if (st->num_alloc <= st->num + 1) {
-        s = OPENSSL_realloc((char *)st->data,
-                            (unsigned int)sizeof(char *) * st->num_alloc * 2);
-        if (s == NULL)
-            return (0);
-        st->data = s;
-        st->num_alloc *= 2;
     }
-    if ((loc >= (int)st->num) || (loc < 0))
+
+    if (st->num_alloc <= (size_t)(st->num + 1)) {
+        size_t doub_num_alloc = st->num_alloc * 2;
+        const char **tmpdata;
+
+        /* Overflow checks */
+        if (doub_num_alloc < st->num_alloc)
+            return 0;
+
+        /* Avoid overflow due to multiplication by sizeof(char *) */
+        if (doub_num_alloc > SIZE_MAX / sizeof(char *))
+            return 0;
+
+        tmpdata = OPENSSL_realloc((char *)st->data,
+                                  sizeof(char *) * doub_num_alloc);
+        if (tmpdata == NULL)
+            return 0;
+
+        st->data = tmpdata;
+        st->num_alloc = doub_num_alloc;
+    }
+    if ((loc >= st->num) || (loc < 0)) {
         st->data[st->num] = data;
-    else {
+    } else {
         memmove(&st->data[loc + 1], &st->data[loc],
                 sizeof(st->data[0]) * (st->num - loc));
         st->data[loc] = data;
     }
     st->num++;
     st->sorted = 0;
-    return (st->num);
+    return st->num;
 }
 
 void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)

crypto/ui/ui_lib.c

@@ -670,29 +670,21 @@ char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
 
 enum UI_string_types UI_get_string_type(UI_STRING *uis)
 {
-    if (!uis)
-        return UIT_NONE;
     return uis->type;
 }
 
 int UI_get_input_flags(UI_STRING *uis)
 {
-    if (!uis)
-        return 0;
     return uis->input_flags;
 }
 
 const char *UI_get0_output_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     return uis->out_string;
 }
 
 const char *UI_get0_action_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_BOOLEAN:
@@ -704,8 +696,6 @@ const char *UI_get0_action_string(UI_STRING *uis)
 
 const char *UI_get0_result_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
@@ -717,8 +707,6 @@ const char *UI_get0_result_string(UI_STRING *uis)
 
 const char *UI_get0_test_string(UI_STRING *uis)
 {
-    if (!uis)
-        return NULL;
     switch (uis->type) {
     case UIT_VERIFY:
         return uis->_.string_data.test_buf;
@@ -729,8 +717,6 @@ const char *UI_get0_test_string(UI_STRING *uis)
 
 int UI_get_result_minsize(UI_STRING *uis)
 {
-    if (!uis)
-        return -1;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
@@ -742,8 +728,6 @@ int UI_get_result_minsize(UI_STRING *uis)
 
 int UI_get_result_maxsize(UI_STRING *uis)
 {
-    if (!uis)
-        return -1;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
@@ -759,8 +743,6 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
 
     ui->flags &= ~UI_FLAG_REDOABLE;
 
-    if (!uis)
-        return -1;
     switch (uis->type) {
     case UIT_PROMPT:
     case UIT_VERIFY:
@@ -789,7 +771,7 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
             }
         }
 
-        if (!uis->result_buf) {
+        if (uis->result_buf == NULL) {
             UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
             return -1;
         }
@@ -801,7 +783,7 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
         {
             const char *p;
 
-            if (!uis->result_buf) {
+            if (uis->result_buf == NULL) {
                 UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
                 return -1;
             }

demos/bio/Makefile

@@ -0,0 +1,30 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+#    make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./server-arg
+#    LD_LIBRARY_PATH=../.. ./server-cmod
+#    LD_LIBRARY_PATH=../.. ./server-conf
+#    LD_LIBRARY_PATH=../.. ./client-arg
+#    LD_LIBRARY_PATH=../.. ./client-conf
+#    LD_LIBRARY_PATH=../.. ./saccept
+#    LD_LIBRARY_PATH=../.. ./sconnect
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
+
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
+
+client-arg: client-arg.o
+client-conf: client-conf.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<

demos/bio/accept.cnf

@@ -5,8 +5,6 @@ Port = 4433
 # Protocol = ALL, -TLSv1.2
 # Only support 3 curves
 Curves = P-521:P-384:P-256
-# Automatic curve selection
-ECDHParameters = Automatic
 # Restricted signature algorithms
 SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
 Certificate=server.pem

demos/bio/client-arg.c

@@ -23,10 +23,6 @@ int main(int argc, char **argv)
     const char *connect_str = "localhost:4433";
     int nargs = argc - 1;
 
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-    SSL_library_init();
-
     ctx = SSL_CTX_new(TLS_client_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);

demos/bio/client-conf.c

@@ -26,10 +26,6 @@ int main(int argc, char **argv)
     const char *connect_str = "localhost:4433";
     long errline = -1;
 
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-    SSL_library_init();
-
     conf = NCONF_new(NULL);
 
     if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {

demos/bio/descrip.mms

@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+	IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+	IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+	DEASSIGN OPT
+
+.DEFAULT :
+	@ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe : 
+	$(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+      server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c

demos/bio/saccept.c

@@ -26,7 +26,7 @@
 
 static int done = 0;
 
-void interrupt()
+void interrupt(int sig)
 {
     done = 1;
 }
@@ -58,11 +58,6 @@ int main(int argc, char *argv[])
     else
         port = argv[1];
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
-
     ctx = SSL_CTX_new(TLS_server_method());
     if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
         goto err;

demos/bio/sconnect.c

@@ -55,11 +55,6 @@ char *argv[];
     sock_init();
 #endif
 
-    /* Lets get nice error messages */
-    SSL_load_error_strings();
-
-    /* Setup all the global SSL stuff */
-    OpenSSL_add_ssl_algorithms();
     ssl_ctx = SSL_CTX_new(TLS_client_method());
 
     /* Enable trust chain verification */

demos/bio/server-arg.c

@@ -14,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <signal.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -30,11 +31,6 @@ int main(int argc, char *argv[])
     char **args = argv + 1;
     int nargs = argc - 1;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
-
     ctx = SSL_CTX_new(TLS_server_method());
 
     cctx = SSL_CONF_CTX_new();

demos/bio/server-cmod.c

@@ -27,18 +27,13 @@ int main(int argc, char *argv[])
     SSL_CTX *ctx;
     int ret = 1, i;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
+    ctx = SSL_CTX_new(TLS_server_method());
 
     if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
         fprintf(stderr, "Error processing config file\n");
         goto err;
     }
 
-    ctx = SSL_CTX_new(TLS_server_method());
-
     if (SSL_CTX_config(ctx, "server") == 0) {
         fprintf(stderr, "Error configuring server.\n");
         goto err;

demos/bio/server-conf.c

@@ -14,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <signal.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -33,10 +34,7 @@ int main(int argc, char *argv[])
     char buf[512];
     int ret = 1, i;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
+    ctx = SSL_CTX_new(TLS_server_method());
 
     conf = NCONF_new(NULL);
 
@@ -55,7 +53,6 @@ int main(int argc, char *argv[])
         goto err;
     }
 
-    ctx = SSL_CTX_new(TLS_server_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);

demos/bio/shared.opt

@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE

demos/bio/static.opt

@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB

doc/apps/rehash.pod

@@ -11,6 +11,7 @@ c_rehash, rehash - Create symbolic links to files named by the hash values
 
 B<openssl>
 B<rehash>
+B<[-h]>
 B<[-help]>
 B<[-old]>
 B<[-n]>
@@ -82,7 +83,7 @@ optionally prefixed with some text and an equals sign.
 
 =over 4
 
-=item B<-help>
+=item B<-help> B<-h>
 
 Display a brief usage message.
 

doc/apps/s_client.pod

@@ -95,6 +95,7 @@ B<openssl> B<s_client>
 [B<-rand file(s)>]
 [B<-serverinfo types>]
 [B<-status>]
+[B<-alpn protocols>]
 [B<-nextprotoneg protocols>]
 [B<-ct|noct>]
 [B<-ctlogfile>]
@@ -109,7 +110,7 @@ SSL servers.
 
 In addition to the options below the B<s_client> utility also supports the
 common and client only options documented in the
-in the L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS>
+in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)>
 manual page.
 
 =over 4
@@ -472,9 +473,13 @@ file.
 sends a certificate status request to the server (OCSP stapling). The server
 response (if any) is printed out.
 
-=item B<-nextprotoneg protocols>
+=item B<-alpn protocols>, B<-nextprotoneg protocols>
 
-enable Next Protocol Negotiation TLS extension and provide a list of
+these flags enable the 
+Enable the Application-Layer Protocol Negotiation or Next Protocol
+Negotiation extension, respectively. ALPN is the IETF standard and
+replaces NPN.
+The B<protocols> list is a
 comma-separated protocol names that the client should advertise
 support for. The list should contain most wanted protocols first.
 Protocol names are printable ASCII strings, for example "http/1.1" or
@@ -562,6 +567,7 @@ information whenever a session is renegotiated.
 
 =head1 SEE ALSO
 
+L<SSL_CONF_cmd(3)>,
 L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)>
 
 =head1 HISTORY

doc/apps/s_server.pod

@@ -100,6 +100,7 @@ B<openssl> B<s_server>
 [B<-status_verbose>]
 [B<-status_timeout nsec>]
 [B<-status_url url>]
+[B<-alpn protocols>]
 [B<-nextprotoneg protocols>]
 
 =head1 DESCRIPTION
@@ -111,8 +112,8 @@ for connections on a given port using SSL/TLS.
 
 In addition to the options below the B<s_server> utility also supports the
 common and server only options documented in the
-L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS> manual
-page.
+in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)>
+manual page.
 
 =over 4
 
@@ -471,9 +472,13 @@ Sets a fallback responder URL to use if no responder URL is present in the
 server certificate. Without this option an error is returned if the server
 certificate does not contain a responder address.
 
-=item B<-nextprotoneg protocols>
+=item B<-alpn protocols>, B<-nextprotoneg protocols>
 
-Enable Next Protocol Negotiation TLS extension and provide a
+these flags enable the 
+Enable the Application-Layer Protocol Negotiation or Next Protocol
+Negotiation extension, respectively. ALPN is the IETF standard and
+replaces NPN.
+The B<protocols> list is a
 comma-separated list of supported protocol names.
 The list should contain most wanted protocols first.
 Protocol names are printable ASCII strings, for example "http/1.1" or
@@ -553,6 +558,7 @@ unknown cipher suites a client says it supports.
 
 =head1 SEE ALSO
 
+L<SSL_CONF_cmd(3)>,
 L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
 
 =head1 HISTORY

doc/crypto/BN_bn2bin.pod

@@ -57,6 +57,7 @@ including the leading character '-' which means negative, to form a valid
 hexadecimal number representation and converts them to a B<BIGNUM> and
 stores it in **B<bn>. If *B<bn> is NULL, a new B<BIGNUM> is created. If
 B<bn> is NULL, it only computes the length of valid representation.
+A "negative zero" is converted to zero.
 BN_dec2bn() is the same using the decimal system.
 
 BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,

doc/crypto/BN_rand.pod

@@ -20,7 +20,9 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r
 
 BN_rand() generates a cryptographically strong pseudo-random number of
 B<bits> in length and stores it in B<rnd>.
-The value of B<bits> must be zero or greater.
+If B<bits> is less than zero, or too small to
+accomodate the requirements specified by the B<top> and B<bottom>
+parameters, an error is returned.
 The B<top> parameters specifies
 requirements on the most significant bit of the generated number.
 If it is B<BN_RAND_TOP_ANY>, there is no constraint.

doc/crypto/OCSP_response_status.pod

@@ -3,7 +3,8 @@
 =head1 NAME
 
 OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
-OCSP_RESPONSE_free - OCSP response functions
+OCSP_RESPONSE_free, OCSP_RESPID_set_by_name,
+OCSP_RESPID_set_by_key, OCSP_RESPID_match - OCSP response functions
 
 =head1 SYNOPSIS
 
@@ -14,6 +15,10 @@ OCSP_RESPONSE_free - OCSP response functions
  OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
  void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
 
+ int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
 =head1 DESCRIPTION
 
 OCSP_response_status() returns the OCSP response status of B<resp>. It returns
@@ -30,6 +35,20 @@ B<status> and optionally including basic response B<bs>.
 
 OCSP_RESPONSE_free() frees up OCSP response B<resp>.
 
+OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the
+subject name in the supplied X509 certificate B<cert> for the OCSP responder.
+
+OCSP_RESPID_set_by_key() sets the key of the OCSP_RESPID to be the same as the
+key in the supplied X509 certificate B<cert> for the OCSP responder. The key is
+stored as a SHA1 hash.
+
+Note that an OCSP_RESPID can only have one of the name, or the key set. Calling
+OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing
+setting.
+
+OCSP_RESPID_match() tests whether the OCSP_RESPID given in B<respid> matches
+with the X509 certificate B<cert>.
+
 =head1 RETURN VALUES
 
 OCSP_RESPONSE_status() returns a status value.
@@ -42,6 +61,12 @@ if an error occurred.
 
 OCSP_RESPONSE_free() does not return a value.
 
+OCSP_RESPID_set_by_name() and OCSP_RESPID_set_by_key() return 1 on success or 0
+on failure.
+
+OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match
+or 0 otherwise.
+
 =head1 NOTES
 
 OCSP_response_get1_basic() is only called if the status of a response is
@@ -55,6 +80,13 @@ L<OCSP_request_add1_nonce(3)>
 L<OCSP_REQUEST_new(3)>
 L<OCSP_response_find_status(3)>
 L<OCSP_sendreq_new(3)>
+L<OCSP_RESPID_new(3)>
+L<OCSP_RESPID_free(3)>
+
+=head1 HISTORY
+
+The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match()
+functions were added in OpenSSL version 1.1.0a.
 
 =head1 COPYRIGHT
 

doc/ssl/SSL_CONF_cmd.pod

@@ -263,16 +263,6 @@ The B<value> argument is a colon separated list of curves. The curve can be
 either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
 B<prime256v1>). Curve names are case sensitive.
 
-=item B<ECDHParameters>
-
-This sets the temporary curve used for ephemeral ECDH modes. Only used by
-servers
-
-The B<value> argument is a curve name or the special value B<Automatic> which
-picks an appropriate curve based on client and server preferences. The curve
-can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
-(e.g B<prime256v1>). Curve names are case sensitive.
-
 =item B<MinProtocol>
 
 This sets the minimum supported SSL, TLS or DTLS version.

engines/afalg/e_afalg.c

@@ -8,7 +8,9 @@
  */
 
 /* Required for vmsplice */
-#define _GNU_SOURCE
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -17,11 +19,13 @@
 #include <openssl/async.h>
 #include <openssl/err.h>
 
+#include <sys/socket.h>
 #include <linux/version.h>
 #define K_MAJ   4
 #define K_MIN1  1
 #define K_MIN2  0
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
+    !defined(AF_ALG)
 # warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
 # warning "Skipping Compilation of AFALG engine"
 void engine_load_afalg_int(void)
@@ -30,7 +34,6 @@ void engine_load_afalg_int(void)
 #else
 
 # include <linux/if_alg.h>
-# include <sys/socket.h>
 # include <fcntl.h>
 # include <sys/utsname.h>
 

include/openssl/bio.h

@@ -365,9 +365,9 @@ struct bio_dgram_sctp_prinfo {
 #  define BIO_set_conn_port(b,port)     BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
 #  define BIO_set_conn_address(b,addr)  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr)
 #  define BIO_set_conn_ip_family(b,f)   BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
-#  define BIO_get_conn_hostname(b)      ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0,NULL))
-#  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1,NULL))
-#  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL))
+#  define BIO_get_conn_hostname(b)      ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
+#  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
+#  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
 #  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
 #  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
 

include/openssl/ocsp.h

@@ -259,6 +259,9 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
 int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                     X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                     STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
 
 X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
 

include/openssl/opensslv.h

@@ -39,11 +39,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x10100007L
+# define OPENSSL_VERSION_NUMBER  0x1010001fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0-pre7-fips-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0a-fips  22 Sep 2016"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0-pre7-dev  xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0a  22 Sep 2016"
 # endif
 
 /*-

include/openssl/ssl.h

@@ -2482,6 +2482,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
 # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242

ssl/record/rec_layer_d1.c

@@ -443,6 +443,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         }
     }
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -722,6 +730,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
 
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
 #ifndef OPENSSL_NO_SCTP
                 /*

ssl/record/rec_layer_s3.c

@@ -1063,6 +1063,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
     } while (num_recs == 0);
     rr = &rr[curr_rec];
 
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
     /* we now have a packet which can be read and processed */
 
     if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1125,7 +1133,11 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
 
             memcpy(buf, &(rr->data[rr->off]), n);
             buf += n;
-            if (!peek) {
+            if (peek) {
+                /* Mark any zero length record as consumed CVE-2016-6305 */
+                if (SSL3_RECORD_get_length(rr) == 0)
+                    SSL3_RECORD_set_read(rr);
+            } else {
                 SSL3_RECORD_sub_length(rr, n);
                 SSL3_RECORD_add_off(rr, n);
                 if (SSL3_RECORD_get_length(rr) == 0) {
@@ -1333,6 +1345,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         if (alert_level == SSL3_AL_WARNING) {
             s->s3->warn_alert = alert_descr;
             SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+                goto f_err;
+            }
+
             if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                 return (0);

ssl/record/record.h

@@ -178,6 +178,8 @@ typedef struct record_layer_st {
     unsigned char write_sequence[SEQ_NUM_SIZE];
     /* Set to true if this is the first record in a connection */
     unsigned int is_first_record;
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
     DTLS_RECORD_LAYER *d;
 } RECORD_LAYER;
 

ssl/record/record_locl.h

@@ -14,6 +14,8 @@
  *                                                                           *
  *****************************************************************************/
 
+#define MAX_WARN_ALERT_COUNT    5
+
 /* Functions/macros provided by the RECORD_LAYER component */
 
 #define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)

ssl/ssl_ciph.c

@@ -197,9 +197,7 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
     EVP_PKEY_HMAC,
 };
 
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
+static int ssl_mac_secret_size[SSL_MD_NUM_IDX];
 
 #define CIPHER_ADD      1
 #define CIPHER_KILL     2
@@ -221,125 +219,113 @@ typedef struct cipher_order_st {
 
 static const SSL_CIPHER cipher_aliases[] = {
     /* "ALL" doesn't include eNULL (must be specifically enabled) */
-    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
     /* "COMPLEMENTOFALL" */
-    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
 
     /*
      * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
      * ALL!)
      */
-    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
+    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
 
     /*
      * key exchange aliases (some of those using only a single bit here
      * combine multiple key exchange algs according to the RFCs, e.g. kDHE
      * combines DHE_DSS and DHE_RSA)
      */
-    {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kRSA, 0, SSL_kRSA},
 
-    {0, SSL_TXT_kEDH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kDHE, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kEDH, 0, SSL_kDHE},
+    {0, SSL_TXT_kDHE, 0, SSL_kDHE},
+    {0, SSL_TXT_DH, 0, SSL_kDHE},
 
-    {0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
+    {0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
+    {0, SSL_TXT_ECDH, 0, SSL_kECDHE},
 
-    {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kPSK, 0, SSL_kPSK},
+    {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
+    {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
+    {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
+    {0, SSL_TXT_kSRP, 0, SSL_kSRP},
+    {0, SSL_TXT_kGOST, 0, SSL_kGOST},
 
     /* server authentication aliases */
-    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12, 0, 0, 0, 0, 0, 0,
-     0, 0, 0, 0},
-    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
+    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
+    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
+    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
+    {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
+    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
 
     /* aliases combining key exchange and server authentication */
-    {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_PSK, 0, SSL_PSK, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
+    {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
+    {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
+    {0, SSL_TXT_PSK, 0, SSL_PSK},
+    {0, SSL_TXT_SRP, 0, SSL_kSRP},
 
     /* symmetric encryption aliases */
-    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12, 0,
-     0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
+    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
+    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
+    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
+    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
+    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
     {0, SSL_TXT_AES128, 0, 0, 0,
-     SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
-     0, 0, 0, 0, 0, 0, 0, 0},
+     SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
     {0, SSL_TXT_AES256, 0, 0, 0,
-     SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
-     0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
-     0, 0, 0, 0, 0},
+     SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
+    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
+    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
     {0, SSL_TXT_AES_CCM, 0, 0, 0,
-     SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0,
-     0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0,
-     0, 0},
-    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+     SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
+    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
+    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
+    {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
 
     /* MAC aliases */
-    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12, 0, 0,
-     0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
+    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
+    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
+    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
+    {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
 
     /* protocol version aliases */
-    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION, 0, 0, 0, 0, 0, 0, 0},
-    {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
+    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
 
     /* strength classes */
-    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
-    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
-    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
+    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
     /* FIPS 140-2 approved ciphersuite */
-    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS, 0, 0, 0},
+    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
 
     /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
     {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
-     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0,
-     SSL_HIGH | SSL_FIPS, 0, 0, 0,},
+     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
     {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
-     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0,
-     SSL_HIGH | SSL_FIPS, 0, 0, 0,},
+     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
 
 };
 

ssl/ssl_err.c

@@ -614,6 +614,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "tls illegal exporter label"},
     {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
      "tls invalid ecpointformat list"},
+    {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
     {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
      "unable to find ecdh parameters"},
     {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),

ssl/ssl_stat.c

@@ -43,6 +43,14 @@ const char *SSL_state_string_long(const SSL *s)
         return "error";
 
     switch (SSL_get_state(s)) {
+    case TLS_ST_CR_CERT_STATUS:
+        return "SSLv3/TLS read certificate status";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "SSLv3/TLS write next proto";
+    case TLS_ST_SR_NEXT_PROTO:
+        return "SSLv3/TLS write next proto";
+    case TLS_ST_SW_CERT_STATUS:
+        return "SSLv3/TLS write next proto";
     case TLS_ST_BEFORE:
         return "before SSL initialization";
     case TLS_ST_OK:
@@ -116,6 +124,18 @@ const char *SSL_state_string(const SSL *s)
         return "SSLERR";
 
     switch (SSL_get_state(s)) {
+    case TLS_ST_SR_NEXT_PROTO:
+        return "TRNP";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "TWST";
+    case TLS_ST_SW_CERT_STATUS:
+        return "TWCS";
+    case TLS_ST_CR_CERT_STATUS:
+        return "TRCS";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "TRST";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "TWNP";
     case TLS_ST_BEFORE:
         return "PINIT ";
     case TLS_ST_OK:

ssl/statem/statem.c

@@ -542,6 +542,17 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
                 return SUB_STATE_ERROR;
             }
 
+            /* dtls_get_message already did this */
+            if (!SSL_IS_DTLS(s)
+                    && s->s3->tmp.message_size > 0
+                    && !BUF_MEM_grow_clean(s->init_buf,
+                                           (int)s->s3->tmp.message_size
+                                           + SSL3_HM_HEADER_LENGTH)) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_BUF_LIB);
+                return SUB_STATE_ERROR;
+            }
+
             st->read_state = READ_STATE_BODY;
             /* Fall through */
 
@@ -566,22 +577,24 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
             /* Discard the packet data */
             s->init_num = 0;
 
-            if (ret == MSG_PROCESS_ERROR) {
+            switch (ret) {
+            case MSG_PROCESS_ERROR:
                 return SUB_STATE_ERROR;
-            }
 
-            if (ret == MSG_PROCESS_FINISHED_READING) {
+            case MSG_PROCESS_FINISHED_READING:
                 if (SSL_IS_DTLS(s)) {
                     dtls1_stop_timer(s);
                 }
                 return SUB_STATE_FINISHED;
-            }
 
-            if (ret == MSG_PROCESS_CONTINUE_PROCESSING) {
+            case MSG_PROCESS_CONTINUE_PROCESSING:
                 st->read_state = READ_STATE_POST_PROCESS;
                 st->read_state_work = WORK_MORE_A;
-            } else {
+                break;
+
+            default:
                 st->read_state = READ_STATE_HEADER;
+                break;
             }
             break;
 

ssl/statem/statem_clnt.c

@@ -2378,18 +2378,6 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
         SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
         goto err;
     };
-    /*
-     * If we have client certificate, use its secret as peer key
-     */
-    if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
-        if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <= 0) {
-            /*
-             * If there was an error - just ignore it. Ephemeral key
-             * * would be used
-             */
-            ERR_clear_error();
-        }
-    }
     /*
      * Compute shared IV and store it in algorithm-specific context
      * data
@@ -2434,12 +2422,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
         *len = msglen + 2;
     }
     memcpy(*p, tmp, msglen);
-    /* Check if pubkey from client certificate was used */
-    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-                          NULL) > 0) {
-        /* Set flag "skip certificate verify" */
-        s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-    }
+
     EVP_PKEY_CTX_free(pkey_ctx);
     s->s3->tmp.pms = pms;
     s->s3->tmp.pmslen = pmslen;

ssl/statem/statem_dtls.c

@@ -388,6 +388,20 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len)
     return 1;
 }
 
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+{
+    unsigned long max_len =
+        DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+    if (max_len < (unsigned long)s->max_cert_list)
+        return s->max_cert_list;
+    return max_len;
+}
+
 static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
 {
     size_t frag_off, frag_len, msg_len;
@@ -397,15 +411,16 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
     frag_len = msg_hdr->frag_len;
 
     /* sanity checking */
-    if ((frag_off + frag_len) > msg_len) {
+    if ((frag_off + frag_len) > msg_len
+            || msg_len > dtls1_max_handshake_message_len(s)) {
         SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
         return SSL_AD_ILLEGAL_PARAMETER;
     }
 
     if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
         /*
-         * msg_len is limited to 2^24, but is effectively checked against max
-         * above
+         * msg_len is limited to 2^24, but is effectively checked against
+         * dtls_max_handshake_message_len(s) above
          */
         if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
             SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
@@ -493,20 +508,6 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok)
         return 0;
 }
 
-/*
- * dtls1_max_handshake_message_len returns the maximum number of bytes
- * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
- * may be greater if the maximum certificate list size requires it.
- */
-static unsigned long dtls1_max_handshake_message_len(const SSL *s)
-{
-    unsigned long max_len =
-        DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-    if (max_len < (unsigned long)s->max_cert_list)
-        return s->max_cert_list;
-    return max_len;
-}
-
 static int
 dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
 {

ssl/statem/statem_lib.c

@@ -414,10 +414,6 @@ int tls_get_message_header(SSL *s, int *mt)
          */
         l = RECORD_LAYER_get_rrec_length(&s->rlayer)
             + SSL3_HM_HEADER_LENGTH;
-        if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
-            SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
-            goto err;
-        }
         s->s3->tmp.message_size = l;
 
         s->init_msg = s->init_buf->data;
@@ -430,11 +426,6 @@ int tls_get_message_header(SSL *s, int *mt)
             SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
             goto f_err;
         }
-        if (l && !BUF_MEM_grow_clean(s->init_buf,
-                                     (int)l + SSL3_HM_HEADER_LENGTH)) {
-            SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
-            goto err;
-        }
         s->s3->tmp.message_size = l;
 
         s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
@@ -444,7 +435,6 @@ int tls_get_message_header(SSL *s, int *mt)
     return 1;
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
     return 0;
 }
 

ssl/statem/statem_srvr.c

@@ -3150,34 +3150,35 @@ int tls_construct_new_session_ticket(SSL *s)
 int tls_construct_cert_status(SSL *s)
 {
     unsigned char *p;
+    size_t msglen;
+
     /*-
      * Grow buffer if need be: the length calculation is as
-     * follows 1 (message type) + 3 (message length) +
+     * follows handshake_header_length +
      * 1 (ocsp response type) + 3 (ocsp response length)
      * + (ocsp response)
      */
-    if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) {
-        ossl_statem_set_error(s);
-        return 0;
-    }
+    msglen = 4 + s->tlsext_ocsp_resplen;
+    if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen))
+        goto err;
 
-    p = (unsigned char *)s->init_buf->data;
+    p = ssl_handshake_start(s);
 
-    /* do the header */
-    *(p++) = SSL3_MT_CERTIFICATE_STATUS;
-    /* message length */
-    l2n3(s->tlsext_ocsp_resplen + 4, p);
     /* status type */
     *(p++) = s->tlsext_status_type;
     /* length of OCSP response */
     l2n3(s->tlsext_ocsp_resplen, p);
     /* actual response */
     memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
-    /* number of bytes to write */
-    s->init_num = 8 + s->tlsext_ocsp_resplen;
-    s->init_off = 0;
+
+    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen))
+        goto err;
 
     return 1;
+
+ err:
+    ossl_statem_set_error(s);
+    return 0;
 }
 
 #ifndef OPENSSL_NO_NEXTPROTONEG

ssl/t1_lib.c

@@ -2030,6 +2030,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
                     (&extension, &responder_id_list))
                     return 0;
 
+                /*
+                 * We remove any OCSP_RESPIDs from a previous handshake
+                 * to prevent unbounded memory growth - CVE-2016-6304
+                 */
+                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
+                                        OCSP_RESPID_free);
+                if (PACKET_remaining(&responder_id_list) > 0) {
+                    s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
+                    if (s->tlsext_ocsp_ids == NULL) {
+                        *al = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                    }
+                } else {
+                    s->tlsext_ocsp_ids = NULL;
+                }
+
                 while (PACKET_remaining(&responder_id_list) > 0) {
                     OCSP_RESPID *id;
                     PACKET responder_id;
@@ -2041,13 +2057,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
                         return 0;
                     }
 
-                    if (s->tlsext_ocsp_ids == NULL
-                        && (s->tlsext_ocsp_ids =
-                            sk_OCSP_RESPID_new_null()) == NULL) {
-                        *al = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                    }
-
                     id_data = PACKET_data(&responder_id);
                     id = d2i_OCSP_RESPID(NULL, &id_data,
                                          PACKET_remaining(&responder_id));
@@ -2396,6 +2405,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
                 *al = TLS1_AD_INTERNAL_ERROR;
                 return 0;
             }
+            /*
+             * Could be non-NULL if server has sent multiple NPN extensions in
+             * a single Serverhello
+             */
+            OPENSSL_free(s->next_proto_negotiated);
             s->next_proto_negotiated = OPENSSL_malloc(selected_len);
             if (s->next_proto_negotiated == NULL) {
                 *al = TLS1_AD_INTERNAL_ERROR;

ssl/t1_trce.c

@@ -490,6 +490,7 @@ static ssl_trace_tbl ssl_curve_tbl[] = {
     {26, "brainpoolP256r1"},
     {27, "brainpoolP384r1"},
     {28, "brainpoolP512r1"},
+    {29, "ecdh_x25519"},
     {0xFF01, "arbitrary_explicit_prime_curves"},
     {0xFF02, "arbitrary_explicit_char2_curves"}
 };

test/README

@@ -22,7 +22,7 @@ The number {nn} is (somewhat loosely) grouped as follows:
 05  individual symmetric cipher algorithms
 10  math (bignum)
 15  individual asymmetric cipher algorithms
-20  openssl enc
+20  openssl commands (some otherwise not tested)
 25  certificate forms, generation and verification
 30  engine and evp
 70  PACKET layer

test/handshake_helper.c

@@ -144,6 +144,38 @@ static int servername_reject_cb(SSL *s, int *ad, void *arg)
     return select_server_ctx(s, arg, 0);
 }
 
+static unsigned char dummy_ocsp_resp_good_val = 0xff;
+static unsigned char dummy_ocsp_resp_bad_val = 0xfe;
+
+static int server_ocsp_cb(SSL *s, void *arg)
+{
+    unsigned char *resp;
+
+    resp = OPENSSL_malloc(1);
+    if (resp == NULL)
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+    /*
+     * For the purposes of testing we just send back a dummy OCSP response
+     */
+    *resp = *(unsigned char *)arg;
+    if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int client_ocsp_cb(SSL *s, void *arg)
+{
+    const unsigned char *resp;
+    int len;
+
+    len = SSL_get_tlsext_status_ocsp_resp(s, &resp);
+    if (len != 1 || *resp != dummy_ocsp_resp_good_val)
+        return 0;
+
+    return 1;
+}
+
 static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) {
     X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
     return 0;
@@ -319,6 +351,16 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
         break;
     }
 
+    if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) {
+        SSL_CTX_set_tlsext_status_type(client_ctx, TLSEXT_STATUSTYPE_ocsp);
+        SSL_CTX_set_tlsext_status_cb(client_ctx, client_ocsp_cb);
+        SSL_CTX_set_tlsext_status_arg(client_ctx, NULL);
+        SSL_CTX_set_tlsext_status_cb(server_ctx, server_ocsp_cb);
+        SSL_CTX_set_tlsext_status_arg(server_ctx,
+            ((extra->server.cert_status == SSL_TEST_CERT_STATUS_GOOD_RESPONSE)
+            ? &dummy_ocsp_resp_good_val : &dummy_ocsp_resp_bad_val));
+    }
+
     /*
      * The initial_ctx/session_ctx always handles the encrypt/decrypt of the
      * session ticket. This ticket_key callback is assigned to the second

test/recipes/01-test_symbol_presence.t

@@ -69,6 +69,7 @@ foreach my $libname (@libnames) {
             map { s|;||; s|\s+||g; $_ }
             grep { $in_global = 1 if m|global:|;
                    $in_global = 0 if m|local:|;
+                   $in_global = 0 if m|\}|;
                    $in_global && m|;|; } @def_lines;
 
         note "Number of lines in \@nm_lines after massaging: ", scalar @nm_lines;

test/recipes/20-test_passwd.t

@@ -0,0 +1,38 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+
+setup("test_passwd");
+
+plan tests => 6;
+
+ok(compare1stline([qw{openssl passwd password}], '^.{13}\R$'),
+   'crypt password with random salt');
+ok(compare1stline([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
+   'BSD style MD5 password with random salt');
+ok(compare1stline([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
+   'Apache style MD5 password with random salt');
+ok(compare1stline([qw{openssl passwd -salt xx password}], '^xxj31ZMTZzkVA\R$'),
+   'crypt password with salt xx');
+ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '^\$1\$xxxxxxxx\$UYCIxa628\.9qXjpQCjM4a\.\R$'),
+   'BSD style MD5 password with salt xxxxxxxx');
+ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '^\$apr1\$xxxxxxxx\$dxHfLAsjHkDRmG83UXe8K0\R$'),
+   'Apache style MD5 password with salt xxxxxxxx');
+
+
+sub compare1stline {
+    my ($cmdarray, $regexp) = @_;
+    my @lines = run(app($cmdarray), capture => 1);
+
+    return $lines[0] =~ m|$regexp|;
+}