PR: 3317

If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348

The "-unix <path>" argument allows s_server and s_client to use a unix
domain socket in the filesystem instead of IPv4 ("-connect", "-port",
"-accept", etc). If s_server exits gracefully, such as when "-naccept"
is used and the requested number of SSL/TLS connections have occurred,
then the domain socket file is removed. On ctrl-C, it is likely that
the stale socket file will be left over, such that s_server would
normally fail to restart with the same arguments. For this reason,
s_server also supports an "-unlink" option, which will clean up any
stale socket file before starting.

If you have any reason to want encrypted IPC within an O/S instance,
this concept might come in handy. Otherwise it just demonstrates that
there is nothing about SSL/TLS that limits it to TCP/IP in any way.

(There might also be benchmarking and profiling use in this path, as
unix domain sockets are much lower overhead than connecting over local
IP addresses).
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

PR#3289
PR#3345

Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

[MD5 is hardly relevant, just cleaning up repository]

sha/asm/sha256-armv4.pl: add ARMv8 code path.

PR: 3338

Even though the meat of dso_vms.c is compiled out on non-VMS builds,
the (pre-)compiler still traverses some of the macro handling. This
trips up at least one non-VMS build configuration, so this commit
makes the skip-VMS case more robust.
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

RT: 3304

It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';

ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
(_bnum2->d[_bnum2->top - 1] != 0)' failed
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

Signed-off-by: NChris Rorvick <chris@rorvick.com>

Specify -f is for compilation flags. Add -d to synopsis section.

Closes #77.

Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.

There are certainly many more constifiable strings in the various
interfaces, which I hope to get to eventually.
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>

to keep up to date with releases.  Reported because
http://www.openssl.org/support/faq.html#MISC1 was out of date

o_time.h was removed in commit ff49a944, which breaks "make update"
unless mkdir.pl is updated accordingly.
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>