Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix some unsigned/signed warnings introduced as part of the fix
for CVE-2015-0293

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Andy Polyakov <appro@openssl.org>

Update the NEWS file with the latest entries from CHANGES ready for the
release.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Update CHANGES fiel with all the latest fixes ready for the release.

Conflicts:
	CHANGES

Conflicts:
	CHANGES

Reviewed-by: Richard Levitte <levitte@openssl.org>

This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.

Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.

CVE-2015-0293

This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>

Conflicts:
	crypto/pkcs7/pk7_doit.c

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>

CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

They are moved to the COMPLEMENTOFDEFAULT instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Cleanse various intermediate buffers used by the PRF (backported version
from master).

Conflicts:
	ssl/s3_enc.c

Conflicts:
	ssl/t1_enc.c

Conflicts:
	ssl/t1_enc.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

Fix compiler warnings (similar to commit 25012d5e

)

Reviewed-by: Richard Levitte <levitte@openssl.org>

Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd)

The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b5)

Conflicts:
	crypto/asn1/x_long.c

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 84903716)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06e)

PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit d3b7cac4)

Reviewed-by: Andy Polyakov <appro@openssl.org>

Conflicts:
	crypto/pem/pem.h

Conflicts:
	crypto/pem/pem.h

This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 0.9.8 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	ssl/ssl_ciph.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Conflicts:
	apps/apps.c
	crypto/crypto.h
	crypto/rand/md_rand.c
	ssl/d1_pkt.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

openssl-format-source

Conflicts:
	crypto/aes/aes_x86core.c

Conflicts:
	crypto/aes/aes_x86core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>