Even though it's hard to imagine, it turned out that upper half of
arguments passed to V8+ subroutine can be non-zero.

["n" pseudo-instructions, such as srln being srl in 32-bit case and
srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
that Solaris assembler implemented it around same time, i.e. 2000.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f198cc43)

Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>

The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>

RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>

OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5d28ff38)

This reverts commit 58b18779

.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 82f31fe4)

aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 0def528b)

tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87)

[Note that in master declaration is different.]

RT#4568

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 14d3c0dd)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4973a60c)

RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3d32bab8)

Sender verified that the fix works.  This is a backport/cherry-pick
of just the bugfix part of 0f91e1df



Reviewed-by: Richard Levitte <levitte@openssl.org>

This reverts commit 75f90688

.

TerminateProcess is asynchronous, so the code as written in the above
commit is not correct (and doesn't even compile at the moment). It is
also probably not needed in the speed case. Reverting in order to figure
out the correct solution.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c1a9ccf)

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit fdcb499c)

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bace847e)

Reviewed-by: Matt Caswell <matt@openssl.org>
Manual cherry-pick of 538860a3.

The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7c46746b)

Couple of never-used symbols were clasing with FIPS module, "weakening"
them allows to resolve linking errors.

RT#3699

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Use string_to_hex, OPENSSL_hexstr2buf() doesn't exist in OpenSSL 1.0.2

Reviewed-by: Rich Salz <rsalz@openssl.org>

crypto/mem_clr.c was harmonized with master branch and doesn't use
cleanse_ctr kludge anymore.

RT#4563

Reviewed-by: Rich Salz <rsalz@openssl.org>

Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.

RT#4554

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6ec6d520)

Conflicts:
	apps/s_client.c
	apps/s_server.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6b360288)

It's probably worth reminding that this is a fall-back implementation
for platforms that don't have assembly OPENSSL_cleanse.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5000a6d1)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 8605abf1)

The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.

A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.

Reviewed-by: Rich Salz <rsalz@openssl.org>

The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.

Reviewed-by: Andy Polyakov <appro@openssl.org>

On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.

RT#4501

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 37258dad)