theuni · March 23, 2015 18:53
diff --git a/gentoodiff b/gentoodiff
 cory@cory-i7:~/dev/openssl(OpenSSL_1_0_1m-backport)$ git diff -w manual-backport..gentoo-patched

 diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
 index 6f19829..d28dc60 100644
 --- a/crypto/asn1/tasn_dec.c
 +++ b/crypto/asn1/tasn_dec.c
 @@ -130,11 +130,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
 	{
 	ASN1_TLC c;
 	ASN1_VALUE *ptmpval = NULL;
 -	if (!pval)
 -		pval = &ptmpval;
 	asn1_tlc_clear_nc(&c);
 -	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
 -		return *pval;
 +	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
 +	    ptmpval = *pval;
 +	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
 +	    if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
 +		if (*pval)
 +		    ASN1_item_free(*pval, it);
 +		*pval = ptmpval;
 +	    }
 +	    return ptmpval;
 +	}
 	return NULL;
 	}
 
 @@ -310,6 +316,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 		case ASN1_ITYPE_CHOICE:
 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
 				goto auxerr;
 +
 		if (*pval) {
 		    /* Free up and zero CHOICE value if initialised */
 		    i = asn1_get_choice_selector(pval, it);
 @@ -320,7 +327,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 			asn1_set_choice_selector(pval, -1, it);
 		    }
 		} else if (!ASN1_item_ex_new(pval, it)) {
 -			{
 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
 						ERR_R_NESTED_ASN1_ERROR);
 			goto err;
 diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
 index b854827..de3df9e 100644
 --- a/crypto/asn1/x_x509.c
 +++ b/crypto/asn1/x_x509.c
 @@ -170,14 +170,8 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
 	const unsigned char *q;
 	X509 *ret;
 -        int freeret = 0;
 -
 	/* Save start position */
 	q = *pp;
 -
 -        if(!a || *a == NULL) {
 -            freeret = 1;
 -        }
 	ret = d2i_X509(a, pp, length);
 	/* If certificate unreadable then forget it */
 	if(!ret) return NULL;
 @@ -187,11 +181,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
 	return ret;
 	err:
 -        if(freeret) {
 	X509_free(ret);
 -            if (a)
 -                *a = NULL;
 -        }
 	return NULL;
 }
 
 diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
 index 60e3786..52d31c2 100644
 --- a/crypto/ec/ec_asn1.c
 +++ b/crypto/ec/ec_asn1.c
 @@ -1142,6 +1142,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 +		if (a)
 +			*a = ret;
 		}
 	else
 		ret = *a;
 @@ -1222,13 +1224,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 		/* Remember the original private-key-only encoding. */
 		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 		}
 -        if (a)
 -            *a = ret;
 +
 	ok = 1;
 err:
 	if (!ok)
 		{
 -                if (ret && (a == NULL || *a != ret))
 +		if (ret)
 			EC_KEY_free(ret);
 		ret = NULL;
 		}
 @@ -1377,6 +1378,8 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
 			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
 			return NULL;
 			}
 +		if (a)
 +			*a = ret;
 		}
 	else
 		ret = *a;
 @@ -1384,14 +1387,9 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
 	if (!d2i_ECPKParameters(&ret->group, in, len))
 		{
 		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
 -                if (a == NULL || *a != ret)
 -                     EC_KEY_free(ret);
 		return NULL;
 		}
 
 -        if (a)
 -            *a = ret;
 -
 	return ret;
 	}
 
 diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
 index 29928ba..31b8a46 100644
 --- a/crypto/pkcs7/pk7_doit.c
 +++ b/crypto/pkcs7/pk7_doit.c
 @@ -462,7 +462,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 	return NULL;
     }
 
 -
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
 
 @@ -919,6 +918,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			goto err;
 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
 		}
 +
 	if (!PKCS7_is_detached(p7)) {
 	    /*
 	     * NOTE(emilia): I think we only reach os == NULL here because detached
 @@ -930,13 +930,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 		char *cont;
 		long contlen;
 		btmp = BIO_find_type(bio, BIO_TYPE_MEM);
 -		if (btmp == NULL)
 -			{
 +		if (btmp == NULL) {
 		    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
 		    goto err;
 		}
 		contlen = BIO_get_mem_data(btmp, &cont);
 -		/* Mark the BIO read only then we can use its copy of the data
 +		/*
 +		 * Mark the BIO read only then we can use its copy of the data
 		 * instead of making an extra copy.
 		 */
 		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
 diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
 index 69d4816..e2fc802 100644
 --- a/crypto/pkcs7/pk7_lib.c
 +++ b/crypto/pkcs7/pk7_lib.c
 @@ -70,8 +70,8 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 	nid=OBJ_obj2nid(p7->type);
 
 	switch (cmd)
 -        /* NOTE(emilia): does not support detached digested data. */
 		{
 +	/* NOTE(emilia): does not support detached digested data. */
 	case PKCS7_OP_SET_DETACHED_SIGNATURE:
 		if (nid == NID_pkcs7_signed)
 			{
 @@ -459,9 +459,9 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
 	}
 
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
 +	{
 	if (p7 == NULL || p7->d.ptr == NULL)
 		return NULL;
 -	{
 	if (PKCS7_type_is_signed(p7))
 		{
 		return(p7->d.sign->signer_info);
 diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
 index 6876d6c..48183dc 100644
 --- a/crypto/x509/x509_req.c
 +++ b/crypto/x509/x509_req.c
 @@ -92,8 +92,6 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 		goto err;
 
 	pktmp = X509_get_pubkey(x);
 -        if (pktmp == NULL)
 -            goto err;
 	i=X509_REQ_set_pubkey(ret,pktmp);
 	EVP_PKEY_free(pktmp);
 	if (!i) goto err;
 diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
 index 0aa1bad..6086d0a 100644
 --- a/doc/apps/ciphers.pod
 +++ b/doc/apps/ciphers.pod
 @@ -109,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings.
 
 =item B<DEFAULT>
 
 -the default cipher list. This is determined at compile time and
 -is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
 +the default cipher list. This is determined at compile time and, as of OpenSSL
 +1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>
 diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
 index 298ec54..6fed4b1 100644
 --- a/doc/crypto/d2i_X509.pod
 +++ b/doc/crypto/d2i_X509.pod
 @@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts of the reused structure may
 persist if they are not present in the new one. As a result the use
 of this "reuse" behaviour is strongly discouraged.
 
 +Current versions of OpenSSL will not modify B<*px> if an error occurs.
 +If parsing succeeds then B<*px> is freed (if it is not NULL) and then
 +set to the value of the newly decoded structure. As a result B<*px>
 +B<must not> be allocated on the stack or an attempt will be made to
 +free an invalid pointer.
 +
 i2d_X509() will not return an error in many versions of OpenSSL,
 if mandatory fields are not initialized due to a programming error
 then the encoded structure may contain invalid data or omit the
 @@ -210,7 +216,9 @@ always succeed.
 
 d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
 -L<ERR_get_error(3)|ERR_get_error(3)>. 
 +L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
 +with a valid X509 structure being passed in via B<px> then the object is not
 +modified in the event of error.
 
 i2d_X509() returns the number of bytes successfully encoded or a negative
 value if an error occurs. The error code can be obtained by
 diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
 index f7410b4..1406b3b 100644
 --- a/ssl/s2_srvr.c
 +++ b/ssl/s2_srvr.c
 @@ -371,8 +371,7 @@ end:
 
 static int get_client_master_key(SSL *s)
 	{
 -        int is_export, i, n, keya;
 -        unsigned int ek;
 +	int is_export,i,n,keya,ek;
 	unsigned long len;
 	unsigned char *p;
 	const SSL_CIPHER *cp;
 @@ -455,7 +454,6 @@ static int get_client_master_key(SSL *s)
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
 		return(-1);
 		}
 -
 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
 	
 	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
 @@ -491,7 +489,7 @@ static int get_client_master_key(SSL *s)
 	 * must be zero).
 	 */
 	if ((!is_export && s->s2->tmp.clear != 0) ||
 -            (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) {
 +	    (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
 	    ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
 	    SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
 	    return -1;
 @@ -502,7 +500,7 @@ static int get_client_master_key(SSL *s)
 	 * bytes to fit the key in the buffer, stop now.
 	 */
 	if ((is_export && s->s2->tmp.enc < ek) ||
 -            (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) {
 +	    (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
 	    ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 	    SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
 	    return -1;
 @@ -519,7 +517,7 @@ static int get_client_master_key(SSL *s)
 	/* If a bad decrypt, continue with protocol but with a
 	 * random master secret (Bleichenbacher attack) */
 	if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
 -                        || (is_export && i != (int)ek))) {
 +			|| (is_export && i != ek))) {
 		ERR_clear_error();
 		if (is_export)
 			i=ek;
 @@ -549,7 +547,8 @@ static int get_client_master_key(SSL *s)
 		}
 #endif
 
 -	if (is_export) i = EVP_CIPHER_key_length(c);
 +	if (is_export)
 +		i = EVP_CIPHER_key_length(c);
 
 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
 		{
 diff --git a/ssl/ssl.h b/ssl/ssl.h
 index f8db039..2ba5923 100644
 --- a/ssl/ssl.h
 +++ b/ssl/ssl.h
 @@ -332,7 +332,7 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
 -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
 +#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
 /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
  * throwing out anonymous and unencrypted ciphersuites!
 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
 index a97929f..b767361 100644
 --- a/ssl/ssl_ciph.c
 +++ b/ssl/ssl_ciph.c
 @@ -230,8 +230,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
 
 	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
 -        {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
 -         SSL_EXP_MASK, 0, 0, 0},
 +	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
 
 	/* key exchange aliases
 	 * (some of those using only a single bit here combine
 @@ -980,10 +979,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 #ifdef CIPHER_DEBUG
 			fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
 #endif
 -                        if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
 -                            goto ok;
 -                        if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
 -                            goto ok;
 +
 			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
 				continue;
 			if (alg_auth && !(alg_auth & cp->algorithm_auth))
 @@ -1000,8 +996,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 				continue;
 			}
 
 -    ok:
 -
 #ifdef CIPHER_DEBUG
 		fprintf(stderr, "Action = %d\n", rule);
 #endif
	cory@cory-i7:~/dev/openssl(OpenSSL_1_0_1m-backport)$ git diff -w manual-backport..gentoo-patched

	diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
	index 6f19829..d28dc60 100644
	--- a/crypto/asn1/tasn_dec.c
	+++ b/crypto/asn1/tasn_dec.c
	@@ -130,11 +130,17 @@ ASN1_VALUE ASN1_item_d2i(ASN1_VALUE *pval,
	{
	ASN1_TLC c;
	ASN1_VALUE *ptmpval = NULL;
	- if (!pval)
	- pval = &ptmpval;
	asn1_tlc_clear_nc(&c);
	- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
	- return *pval;
	+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
	+ ptmpval = *pval;
	+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
	+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
	+ if (*pval)
	+ ASN1_item_free(*pval, it);
	+ *pval = ptmpval;
	+ }
	+ return ptmpval;
	+ }
	return NULL;
	}

	@@ -310,6 +316,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	case ASN1_ITYPE_CHOICE:
	if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
	goto auxerr;
	+
	if (*pval) {
	/* Free up and zero CHOICE value if initialised */
	i = asn1_get_choice_selector(pval, it);
	@@ -320,7 +327,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	asn1_set_choice_selector(pval, -1, it);
	}
	} else if (!ASN1_item_ex_new(pval, it)) {
	- {
	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
	ERR_R_NESTED_ASN1_ERROR);
	goto err;
	diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
	index b854827..de3df9e 100644
	--- a/crypto/asn1/x_x509.c
	+++ b/crypto/asn1/x_x509.c
	@@ -170,14 +170,8 @@ X509 d2i_X509_AUX(X509 a, const unsigned char *pp, long length)
	{
	const unsigned char *q;
	X509 *ret;
	- int freeret = 0;
	-
	/* Save start position */
	q = *pp;
	-
	- if(!a \|\| *a == NULL) {
	- freeret = 1;
	- }
	ret = d2i_X509(a, pp, length);
	/* If certificate unreadable then forget it */
	if(!ret) return NULL;
	@@ -187,11 +181,7 @@ X509 d2i_X509_AUX(X509 a, const unsigned char *pp, long length)
	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
	return ret;
	err:
	- if(freeret) {
	X509_free(ret);
	- if (a)
	- *a = NULL;
	- }
	return NULL;
	}

	diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
	index 60e3786..52d31c2 100644
	--- a/crypto/ec/ec_asn1.c
	+++ b/crypto/ec/ec_asn1.c
	@@ -1142,6 +1142,8 @@ EC_KEY d2i_ECPrivateKey(EC_KEY a, const unsigned char *in, long len)
	ERR_R_MALLOC_FAILURE);
	goto err;
	}
	+ if (a)
	+ *a = ret;
	}
	else
	ret = *a;
	@@ -1222,13 +1224,12 @@ EC_KEY d2i_ECPrivateKey(EC_KEY a, const unsigned char *in, long len)
	/* Remember the original private-key-only encoding. */
	ret->enc_flag \|= EC_PKEY_NO_PUBKEY;
	}
	- if (a)
	- *a = ret;
	+
	ok = 1;
	err:
	if (!ok)
	{
	- if (ret && (a == NULL \|\| *a != ret))
	+ if (ret)
	EC_KEY_free(ret);
	ret = NULL;
	}
	@@ -1377,6 +1378,8 @@ EC_KEY d2i_ECParameters(EC_KEY a, const unsigned char *in, long len)
	ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
	return NULL;
	}
	+ if (a)
	+ *a = ret;
	}
	else
	ret = *a;
	@@ -1384,14 +1387,9 @@ EC_KEY d2i_ECParameters(EC_KEY a, const unsigned char *in, long len)
	if (!d2i_ECPKParameters(&ret->group, in, len))
	{
	ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
	- if (a == NULL \|\| *a != ret)
	- EC_KEY_free(ret);
	return NULL;
	}

	- if (a)
	- *a = ret;
	-
	return ret;
	}

	diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
	index 29928ba..31b8a46 100644
	--- a/crypto/pkcs7/pk7_doit.c
	+++ b/crypto/pkcs7/pk7_doit.c
	@@ -462,7 +462,6 @@ BIO PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 *pcert)
	return NULL;
	}

	-
	i=OBJ_obj2nid(p7->type);
	p7->state=PKCS7_S_HEADER;

	@@ -919,6 +918,7 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
	goto err;
	M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
	}
	+
	if (!PKCS7_is_detached(p7)) {
	/*
	* NOTE(emilia): I think we only reach os == NULL here because detached
	@@ -930,13 +930,13 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
	char *cont;
	long contlen;
	btmp = BIO_find_type(bio, BIO_TYPE_MEM);
	- if (btmp == NULL)
	- {
	+ if (btmp == NULL) {
	PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
	goto err;
	}
	contlen = BIO_get_mem_data(btmp, &cont);
	- /* Mark the BIO read only then we can use its copy of the data
	+ /*
	+ * Mark the BIO read only then we can use its copy of the data
	* instead of making an extra copy.
	*/
	BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
	diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
	index 69d4816..e2fc802 100644
	--- a/crypto/pkcs7/pk7_lib.c
	+++ b/crypto/pkcs7/pk7_lib.c
	@@ -70,8 +70,8 @@ long PKCS7_ctrl(PKCS7 p7, int cmd, long larg, char parg)
	nid=OBJ_obj2nid(p7->type);

	switch (cmd)
	- /* NOTE(emilia): does not support detached digested data. */
	{
	+ /* NOTE(emilia): does not support detached digested data. */
	case PKCS7_OP_SET_DETACHED_SIGNATURE:
	if (nid == NID_pkcs7_signed)
	{
	@@ -459,9 +459,9 @@ int PKCS7_set_digest(PKCS7 p7, const EVP_MD md)
	}

	STACK_OF(PKCS7_SIGNER_INFO) PKCS7_get_signer_info(PKCS7 p7)
	+ {
	if (p7 == NULL \|\| p7->d.ptr == NULL)
	return NULL;
	- {
	if (PKCS7_type_is_signed(p7))
	{
	return(p7->d.sign->signer_info);
	diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
	index 6876d6c..48183dc 100644
	--- a/crypto/x509/x509_req.c
	+++ b/crypto/x509/x509_req.c
	@@ -92,8 +92,6 @@ X509_REQ X509_to_X509_REQ(X509 x, EVP_PKEY pkey, const EVP_MD md)
	goto err;

	pktmp = X509_get_pubkey(x);
	- if (pktmp == NULL)
	- goto err;
	i=X509_REQ_set_pubkey(ret,pktmp);
	EVP_PKEY_free(pktmp);
	if (!i) goto err;
	diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
	index 0aa1bad..6086d0a 100644
	--- a/doc/apps/ciphers.pod
	+++ b/doc/apps/ciphers.pod
	@@ -109,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings.

	=item B<DEFAULT>

	-the default cipher list. This is determined at compile time and
	-is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
	+the default cipher list. This is determined at compile time and, as of OpenSSL
	+1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
	specified.

	=item B<COMPLEMENTOFDEFAULT>
	diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
	index 298ec54..6fed4b1 100644
	--- a/doc/crypto/d2i_X509.pod
	+++ b/doc/crypto/d2i_X509.pod
	@@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts of the reused structure may
	persist if they are not present in the new one. As a result the use
	of this "reuse" behaviour is strongly discouraged.

	+Current versions of OpenSSL will not modify B<*px> if an error occurs.
	+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
	+set to the value of the newly decoded structure. As a result B<*px>
	+B<must not> be allocated on the stack or an attempt will be made to
	+free an invalid pointer.
	+
	i2d_X509() will not return an error in many versions of OpenSSL,
	if mandatory fields are not initialized due to a programming error
	then the encoded structure may contain invalid data or omit the
	@@ -210,7 +216,9 @@ always succeed.

	d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
	or B<NULL> if an error occurs. The error code that can be obtained by
	-L<ERR_get_error(3)\|ERR_get_error(3)>.
	+L<ERR_get_error(3)\|ERR_get_error(3)>. If the "reuse" capability has been used
	+with a valid X509 structure being passed in via B<px> then the object is not
	+modified in the event of error.

	i2d_X509() returns the number of bytes successfully encoded or a negative
	value if an error occurs. The error code can be obtained by
	diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
	index f7410b4..1406b3b 100644
	--- a/ssl/s2_srvr.c
	+++ b/ssl/s2_srvr.c
	@@ -371,8 +371,7 @@ end:

	static int get_client_master_key(SSL *s)
	{
	- int is_export, i, n, keya;
	- unsigned int ek;
	+ int is_export,i,n,keya,ek;
	unsigned long len;
	unsigned char *p;
	const SSL_CIPHER *cp;
	@@ -455,7 +454,6 @@ static int get_client_master_key(SSL *s)
	SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
	return(-1);
	}
	-
	is_export=SSL_C_IS_EXPORT(s->session->cipher);

	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
	@@ -491,7 +489,7 @@ static int get_client_master_key(SSL *s)
	* must be zero).
	*/
	if ((!is_export && s->s2->tmp.clear != 0) \|\|
	- (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) {
	+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
	ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
	SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
	return -1;
	@@ -502,7 +500,7 @@ static int get_client_master_key(SSL *s)
	* bytes to fit the key in the buffer, stop now.
	*/
	if ((is_export && s->s2->tmp.enc < ek) \|\|
	- (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) {
	+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
	ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
	SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
	return -1;
	@@ -519,7 +517,7 @@ static int get_client_master_key(SSL *s)
	/* If a bad decrypt, continue with protocol but with a
	* random master secret (Bleichenbacher attack) */
	if ((i < 0) \|\| ((!is_export && i != EVP_CIPHER_key_length(c))
	- \|\| (is_export && i != (int)ek))) {
	+ \|\| (is_export && i != ek))) {
	ERR_clear_error();
	if (is_export)
	i=ek;
	@@ -549,7 +547,8 @@ static int get_client_master_key(SSL *s)
	}
	#endif

	- if (is_export) i = EVP_CIPHER_key_length(c);
	+ if (is_export)
	+ i = EVP_CIPHER_key_length(c);

	if (i > SSL_MAX_MASTER_KEY_LENGTH)
	{
	diff --git a/ssl/ssl.h b/ssl/ssl.h
	index f8db039..2ba5923 100644
	--- a/ssl/ssl.h
	+++ b/ssl/ssl.h
	@@ -332,7 +332,7 @@ extern "C" {
	/* The following cipher list is used by default.
	* It also is substituted when an application-defined cipher list string
	* starts with 'DEFAULT'. */
	-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
	+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
	/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
	* starts with a reasonable order, and all we have to do for DEFAULT is
	* throwing out anonymous and unencrypted ciphersuites!
	diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
	index a97929f..b767361 100644
	--- a/ssl/ssl_ciph.c
	+++ b/ssl/ssl_ciph.c
	@@ -230,8 +230,7 @@ static const SSL_CIPHER cipher_aliases[]={
	{0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},

	/* "COMPLEMENTOFDEFAULT" (does not include ciphersuites not found in ALL!) */
	- {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
	- SSL_EXP_MASK, 0, 0, 0},
	+ {0,SSL_TXT_CMPDEF,0, SSL_kEDH\|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},

	/* key exchange aliases
	* (some of those using only a single bit here combine
	@@ -980,10 +979,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
	#ifdef CIPHER_DEBUG
	fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
	#endif
	- if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
	- goto ok;
	- if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
	- goto ok;
	+
	if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
	continue;
	if (alg_auth && !(alg_auth & cp->algorithm_auth))
	@@ -1000,8 +996,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
	continue;
	}

	- ok:
	-
	#ifdef CIPHER_DEBUG
	fprintf(stderr, "Action = %d\n", rule);
	#endif