Remove local variable and avoid extra assignment.
Reviewed-by: NEmilia Kasper <emilia@silkandcyanide.net>

"Another machine, another version of gcc, another batch
of compiler warnings."  Add "=NULL" to some local variable
declarations that are set by passing thier address into a
utility function; confuses GCC it might not be set.
Reviewed-by: NEmilia Käsper <emilia@silkandcyanide.net>

Remove some redundant logical expressions
Reviewed-by: NEmilia Kasper <emilia@silkandcyanide.net>

Fix a bunch of typo's and speling (sic) errors in the CHANGES file.
Reviewed-by: NTim Hudson <tjh@cryptsoft.com>

Move custom extension structures from SSL_CTX to CERT structure.

This change means the form can be revised in future without binary
compatibility issues. Also since CERT is part of SSL structures
so per-SSL custom extensions could be supported in future as well as
per SSL_CTX.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org

In Makefile, when build manpages, put the current directory
at the start of the podpath so that cross-refs find the
local directory first.
Reviewed-by: NTim Hudson <tjh@cryptosoft.com>

In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.

While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).

Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>

If subcommand fails, just die.
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>

If subcommand fails, just die.
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>

Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to add them to the digest command table.
Reviewed-by: NTim Hudson <tjh@cryptosoft.com>

This reverts commit 691edc99.

The x509_extensions should be req_extensions in the
config example in req.pod

Reviewed-by: tjh@cryptsoft.com

Fully remove old error, per drH
Reviewed-by: rsalz

Add darwin-*-cc as one of the systems for case-insensitive
filenames.  Fixes the manpage install so it doesn't create
looping symlinks.

Not approved; mistakenly pushed commit that added README.md

Reviewed-by: Emilia Kasper

Many of these were already fixed, this catches the last
few that were missed.

Many of these were already fixed, this catches the last
few that were missed.

A small markdown README for GitHub users; points them to
the right README and the website and RT tracker.

The addition of SRP authentication needs to be checked in various places
to work properly. Specifically:

A certificate is not sent.
A certificate request must not be sent.
Server key exchange message must not contain a signature.
If appropriate SRP authentication ciphersuites should be chosen.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Undo unapproved commit that removed DJGPP and WATT32

The "unsigned char *d" should be const.
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>

Use SSL3_AL_FATAL instead of the literal constant "2"
Every bit of cleanup helps.
Reviewed-by: NMatt Caswell <matt@openssl.org>

DJGPP is no longer a supported platform.  Remove all #ifdef, etc.,
cases that refer to it.  DJGPP also #define'd WATT32, so that
is now removed as well.

Check SRP parameters when they are received so we can send back an
appropriate alert.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: NTim Hudson <tjh@openssl.org>

CVE-2014-3509
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

CVE-2014-3510
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

CVE-2014-3511
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NBodo Möller <bodo@openssl.org>

In a couple of functions, a sequence number would be calculated twice.

Additionally, in |dtls1_process_out_of_seq_message|, we know that
|frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len <
msg_hdr->msg_len| can be more clearly written as |frag_len !=
msg_hdr->msg_len|, since that's the only remaining case.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read.

Problem identified by Emilia Käsper, based on previous issue/patch by Adam
Langley.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>