5.5.1

deployment/winscpsetup.iss

@@ -7,7 +7,7 @@
 #define WebDocumentation WebRoot+"eng/docs/"
 #define WebReport WebRoot+"install.php"
 #define WebPuTTY "http://www.chiark.greenend.org.uk/~sgtatham/putty/"
-#define Year 2013
+#define Year 2014
 #define EnglishLang "English"
 #define SetupTypeData "SetupType"
 #define InnoSetupReg "Software\Microsoft\Windows\CurrentVersion\Uninstall\" + AppId + "_is1"

dotnet/properties/AssemblyInfo.cs

@@ -21,7 +21,7 @@ using System.Runtime.InteropServices;
 
 [assembly: AssemblyVersion("1.1.4.0")]
 [assembly: AssemblyFileVersion("1.1.4.0")]
-[assembly: AssemblyInformationalVersionAttribute("5.5.0.0")]
+[assembly: AssemblyInformationalVersionAttribute("5.5.1.0")]
 
 [assembly: CLSCompliant(true)]
 

libs/openssl/crypto/armcap.c

@@ -23,7 +23,7 @@ unsigned int _armv7_tick(void);
 
 unsigned int OPENSSL_rdtsc(void)
 	{
-	if (OPENSSL_armcap_P|ARMV7_TICK)
+	if (OPENSSL_armcap_P & ARMV7_TICK)
 		return _armv7_tick();
 	else
 		return 0;

libs/openssl/crypto/asn1/a_int.c

@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	int pad=0,ret,i,neg;
 	unsigned char *p,*n,pb=0;
 
-	if ((a == NULL) || (a->data == NULL)) return(0);
+	if (a == NULL) return(0);
 	neg=a->type & V_ASN1_NEG;
 	if (a->length == 0)
 		ret=1;

libs/openssl/crypto/bn/bn_nist.c

@@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void)
 	}
 
 
-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
 	{
 	int i;
-	BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
 	OPENSSL_assert(top <= max);
 #endif
-	for (i = (top); i != 0; i--)
-		*_tmp1++ = *_tmp2++;
-	for (i = (max) - (top); i != 0; i--)
-		*_tmp1++ = (BN_ULONG) 0;
+	for (i = 0; i < top; i++)
+		dst[i] = src[i];
+	for (; i < max; i++)
+		dst[i] = 0;
 	}
 
-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
 	{ 
 	int i;
-	BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-	for (i = (top); i != 0; i--)
-		*_tmp1++ = *_tmp2++;
+
+	for (i = 0; i < top; i++)
+		dst[i] = src[i];
 	}
 
 #if BN_BITS2 == 64
@@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	 */
 	mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
 	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = c_d;
 	res   = (BN_ULONG *)
-	 (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
+	 (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
 	r->top = BN_NIST_192_TOP;
 	bn_correct_top(r);
@@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	int	top = a->top, i;
 	int	carry;
 	BN_ULONG *r_d, *a_d = a->d;
-	BN_ULONG buf[BN_NIST_224_TOP],
-		 c_d[BN_NIST_224_TOP],
+	union	{
+		BN_ULONG	bn[BN_NIST_224_TOP];
+		unsigned int	ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+		} buf;
+	BN_ULONG c_d[BN_NIST_224_TOP],
 		*res;
 	PTR_SIZE_INT mask;
 	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/* copy upper 256 bits of 448 bit number ... */
 	nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
 	/* ... and right shift by 32 to obtain upper 224 bits */
-	nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
+	nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
 	/* truncate lower part to 224 bits too */
 	r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
-	nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+	nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
 
 #if defined(NIST_INT64) && BN_BITS2!=64
 	{
 	NIST_INT64		acc;	/* accumulator */
 	unsigned int		*rp=(unsigned int *)r_d;
-	const unsigned int	*bp=(const unsigned int *)buf;
+	const unsigned int	*bp=(const unsigned int *)buf.ui;
 
 	acc  = rp[0];	acc -= bp[7-7];
 			acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	{
 	BN_ULONG t_d[BN_NIST_224_TOP];
 
-	nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+	nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
 	carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+	nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
 	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+	nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
 	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+	nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
 	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
@@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/* otherwise it's effectively same as in BN_nist_mod_192... */
 	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
 	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	res   = c_d;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
 	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
 	r->top = BN_NIST_224_TOP;
@@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
 	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
 	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	res   = c_d;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
 	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_256_TOP);
 	r->top = BN_NIST_256_TOP;
@@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
 	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
 	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	res   = c_d;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
 	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
 	r->top = BN_NIST_384_TOP;
@@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
 	bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
 	mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-	res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+	res  = t_d;
+	res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
 	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d,res,BN_NIST_521_TOP);
 	r->top = BN_NIST_521_TOP;

libs/openssl/crypto/buffer/buffer.c

@@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
 	return(len);
 	}
 
-void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
 	{
 	size_t i;
 	if (in)
 		{
 		out += size - 1;
 		for (i = 0; i < size; i++)
-			*in++ = *out--;
+			*out-- = *in++;
 		}
 	else
 		{

libs/openssl/crypto/buffer/buffer.h

@@ -88,7 +88,7 @@ int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *	BUF_strdup(const char *str);
 char *	BUF_strndup(const char *str, size_t siz);
 void *	BUF_memdup(const void *data, size_t siz);
-void	BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
+void	BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);

libs/openssl/crypto/buildinf.h

@@ -9,11 +9,11 @@
   /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
   #define CFLAGS "cl  /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS  -DDSO_WIN32  -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE    "
   #define PLATFORM "VC-WIN32"
-  #define DATE "Tue Feb 12 22:48:05 2013"
+  #define DATE "Fri Jan 10 14:05:30 2014"
 #endif
 #ifdef MK1MF_PLATFORM_BC_NT
   /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
   #define CFLAGS "bcc32 -DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -O2 -ff -fp -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE    "
   #define PLATFORM "BC-NT"
-  #define DATE "Tue Feb 12 22:48:05 2013"
+  #define DATE "Fri Jan 10 14:05:30 2014"
 #endif

libs/openssl/crypto/evp/digest.c

@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 	{
-	EVP_MD_CTX_cleanup(ctx);
-	OPENSSL_free(ctx);
+	if (ctx)
+		{
+		EVP_MD_CTX_cleanup(ctx);
+		OPENSSL_free(ctx);
+		}
 	}
 
 /* This call frees resources associated with the context */

libs/openssl/crypto/evp/e_aes.c

@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			gctx->ctr = NULL;
 			break;
 			}
+		else
 #endif
+		(void)0;	/* terminate potentially open 'else' */
+
 		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
 		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			xctx->xts.block1 = (block128_f)vpaes_decrypt;
 			}
 
-		vpaes_set_encrypt_key(key + ctx->key_len/2,
+		    vpaes_set_encrypt_key(key + ctx->key_len/2,
 						ctx->key_len * 4, &xctx->ks2);
-		xctx->xts.block2 = (block128_f)vpaes_encrypt;
+		    xctx->xts.block2 = (block128_f)vpaes_encrypt;
 
-		xctx->xts.key1 = &xctx->ks1;
-		break;
-		}
+		    xctx->xts.key1 = &xctx->ks1;
+		    break;
+		    }
+		else
 #endif
+		(void)0;	/* terminate potentially open 'else' */
+
 		if (enc)
 			{
 			AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);

libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c

@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 				if (res!=SHA_CBLOCK) continue;
 
-				mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+				/* j is not incremented yet */
+				mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
 				data->u[SHA_LBLOCK-1] |= bitlen&mask;
 				sha1_block_data_order(&key->md,data,1);
-				mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+				mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
 				pmac->u[0] |= key->md.h0 & mask;
 				pmac->u[1] |= key->md.h1 & mask;
 				pmac->u[2] |= key->md.h2 & mask;

libs/openssl/crypto/evp/e_des3.c

@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, size_t inl)
 {
-	if (inl>=EVP_MAXCHUNK)
+	while (inl>=EVP_MAXCHUNK)
 		{
 		DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
 			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	printf("\n");
 	}
 #endif    /* KSSL_DEBUG */
-	if (inl>=EVP_MAXCHUNK)
+	while (inl>=EVP_MAXCHUNK)
 		{
 		DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
 			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, size_t inl)
 {
-	if (inl>=EVP_MAXCHUNK)
+	while (inl>=EVP_MAXCHUNK)
 		{
 		DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
 			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,

libs/openssl/crypto/evp/p5_crpt2.c

@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 	unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
 	int cplen, j, k, tkeylen, mdlen;
 	unsigned long i = 1;
-	HMAC_CTX hctx;
+	HMAC_CTX hctx_tpl, hctx;
 
 	mdlen = EVP_MD_size(digest);
 	if (mdlen < 0)
 		return 0;
 
-	HMAC_CTX_init(&hctx);
+	HMAC_CTX_init(&hctx_tpl);
 	p = out;
 	tkeylen = keylen;
 	if(!pass)
 		passlen = 0;
 	else if(passlen == -1)
 		passlen = strlen(pass);
+	if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
+		{
+		HMAC_CTX_cleanup(&hctx_tpl);
+		return 0;
+		}
 	while(tkeylen)
 		{
 		if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 		itmp[1] = (unsigned char)((i >> 16) & 0xff);
 		itmp[2] = (unsigned char)((i >> 8) & 0xff);
 		itmp[3] = (unsigned char)(i & 0xff);
-		if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
-			|| !HMAC_Update(&hctx, salt, saltlen)
-			|| !HMAC_Update(&hctx, itmp, 4)
-			|| !HMAC_Final(&hctx, digtmp, NULL))
+		if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
 			{
+			HMAC_CTX_cleanup(&hctx_tpl);
+			return 0;
+			}
+		if (!HMAC_Update(&hctx, salt, saltlen)
+		    || !HMAC_Update(&hctx, itmp, 4)
+		    || !HMAC_Final(&hctx, digtmp, NULL))
+			{
+			HMAC_CTX_cleanup(&hctx_tpl);
 			HMAC_CTX_cleanup(&hctx);
 			return 0;
 			}
+		HMAC_CTX_cleanup(&hctx);
 		memcpy(p, digtmp, cplen);
 		for(j = 1; j < iter; j++)
 			{
-			HMAC(digest, pass, passlen,
-				 digtmp, mdlen, digtmp, NULL);
+			if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+				{
+				HMAC_CTX_cleanup(&hctx_tpl);
+				return 0;
+				}
+			if (!HMAC_Update(&hctx, digtmp, mdlen)
+			    || !HMAC_Final(&hctx, digtmp, NULL))
+				{
+				HMAC_CTX_cleanup(&hctx_tpl);
+				HMAC_CTX_cleanup(&hctx);
+				return 0;
+				}
+			HMAC_CTX_cleanup(&hctx);
 			for(k = 0; k < cplen; k++)
 				p[k] ^= digtmp[k];
 			}
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 		i++;
 		p+= cplen;
 		}
-	HMAC_CTX_cleanup(&hctx);
+	HMAC_CTX_cleanup(&hctx_tpl);
 #ifdef DEBUG_PKCS5V2
 	fprintf(stderr, "Password:\n");
 	h__dump (pass, passlen);

libs/openssl/crypto/modes/cbc128.c

@@ -117,7 +117,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
 			unsigned char ivec[16], block128_f block)
 {
 	size_t n;
-	union { size_t align; unsigned char c[16]; } tmp;
+	union { size_t t[16/sizeof(size_t)]; unsigned char c[16]; } tmp;
 
 	assert(in && out && key && ivec);
 
@@ -137,11 +137,13 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
 				out += 16;
 			}
 		}
-		else {
+		else  if (16%sizeof(size_t) == 0) { /* always true */
 			while (len>=16) {
+				size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv;
+
 				(*block)(in, out, key);
-				for(n=0; n<16; n+=sizeof(size_t))
-					*(size_t *)(out+n) ^= *(size_t *)(iv+n);
+				for(n=0; n<16/sizeof(size_t); n++)
+					out_t[n] ^= iv_t[n];
 				iv = in;
 				len -= 16;
 				in  += 16;
@@ -165,15 +167,16 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
 				out += 16;
 			}
 		}
-		else {
-			size_t c;
+		else if (16%sizeof(size_t) == 0) { /* always true */
 			while (len>=16) {
+				size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
+				const size_t *in_t=(const size_t *)in;
+
 				(*block)(in, tmp.c, key);
-				for(n=0; n<16; n+=sizeof(size_t)) {
-					c = *(size_t *)(in+n);
-					*(size_t *)(out+n) =
-					*(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
-					*(size_t *)(ivec+n) = c;
+				for(n=0; n<16/sizeof(size_t); n++) {
+					c = in_t[n];
+					out_t[n] = tmp.t[n] ^ ivec_t[n];
+					ivec_t[n] = c;
 				}
 				len -= 16;
 				in  += 16;

libs/openssl/crypto/modes/ccm128.c

@@ -87,7 +87,7 @@ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
 		ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));
 	}
 	else
-		*(u32*)(&ctx->nonce.c[8]) = 0;
+		ctx->nonce.u[1] = 0;
 
 	ctx->nonce.c[12] = (u8)(mlen>>24);
 	ctx->nonce.c[13] = (u8)(mlen>>16);

libs/openssl/crypto/modes/cts128.c

@@ -108,12 +108,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
 	(*cbc)(in,out-16,residue,key,ivec,1);
 	memcpy(out,tmp.c,residue);
 #else
-	{
-	size_t n;
-	for (n=0; n<16; n+=sizeof(size_t))
-		*(size_t *)(tmp.c+n) = 0;
+	memset(tmp.c,0,sizeof(tmp));
 	memcpy(tmp.c,in,residue);
-	}
 	memcpy(out,out-16,residue);
 	(*cbc)(tmp.c,out-16,16,key,ivec,1);
 #endif
@@ -144,12 +140,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
 #if defined(CBC_HANDLES_TRUNCATED_IO)
 	(*cbc)(in,out-16+residue,residue,key,ivec,1);
 #else
-	{
-	size_t n;
-	for (n=0; n<16; n+=sizeof(size_t))
-		*(size_t *)(tmp.c+n) = 0;
+	memset(tmp.c,0,sizeof(tmp));
 	memcpy(tmp.c,in,residue);
-	}
 	(*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
 #endif
 	return len+residue;
@@ -177,8 +169,7 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
 
 	(*block)(in,tmp.c+16,key);
 
-	for (n=0; n<16; n+=sizeof(size_t))
-		*(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+	memcpy(tmp.c,tmp.c+16,16);
 	memcpy(tmp.c,in+16,residue);
 	(*block)(tmp.c,tmp.c,key);
 
@@ -220,8 +211,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
 
 	(*block)(in+residue,tmp.c+16,key);
 
-	for (n=0; n<16; n+=sizeof(size_t))
-		*(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+	memcpy(tmp.c,tmp.c+16,16);
 	memcpy(tmp.c,in,residue);
 	(*block)(tmp.c,tmp.c,key);
 
@@ -240,7 +230,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
 			size_t len, const void *key,
 			unsigned char ivec[16], cbc128_f cbc)
-{	size_t residue, n;
+{	size_t residue;
 	union { size_t align; unsigned char c[32]; } tmp;
 
 	assert (in && out && key && ivec);
@@ -257,8 +247,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
 		out += len;
 	}
 
-	for (n=16; n<32; n+=sizeof(size_t))
-		*(size_t *)(tmp.c+n) = 0;
+	memset(tmp.c,0,sizeof(tmp));
 	/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
 	(*cbc)(in,tmp.c,16,key,tmp.c+16,0);
 
@@ -275,7 +264,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
 size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
 			size_t len, const void *key,
 			unsigned char ivec[16], cbc128_f cbc)
-{	size_t residue, n;
+{	size_t residue;
 	union { size_t align; unsigned char c[32]; } tmp;
 
 	assert (in && out && key && ivec);
@@ -297,8 +286,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
 		out += len;
 	}
 
-	for (n=16; n<32; n+=sizeof(size_t))
-		*(size_t *)(tmp.c+n) = 0;
+	memset(tmp.c,0,sizeof(tmp));
 	/* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
 	(*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);
 

libs/openssl/crypto/modes/gcm128.c

@@ -941,15 +941,17 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 		    size_t j=GHASH_CHUNK;
 
 		    while (j) {
+		    	size_t *out_t=(size_t *)out;
+		    	const size_t *in_t=(const size_t *)in;
+
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
 				PUTU32(ctx->Yi.c+12,ctr);
 			else
 				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16; i+=sizeof(size_t))
-				*(size_t *)(out+i) =
-				*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+			for (i=0; i<16/sizeof(size_t); ++i)
+				out_t[i] = in_t[i] ^ ctx->EKi.t[i];
 			out += 16;
 			in  += 16;
 			j   -= 16;
@@ -961,15 +963,17 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 		    size_t j=i;
 
 		    while (len>=16) {
+		    	size_t *out_t=(size_t *)out;
+		    	const size_t *in_t=(const size_t *)in;
+
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
 				PUTU32(ctx->Yi.c+12,ctr);
 			else
 				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16; i+=sizeof(size_t))
-				*(size_t *)(out+i) =
-				*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+			for (i=0; i<16/sizeof(size_t); ++i)
+				out_t[i] = in_t[i] ^ ctx->EKi.t[i];
 			out += 16;
 			in  += 16;
 			len -= 16;
@@ -978,16 +982,18 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
 		}
 #else
 		while (len>=16) {
+		    	size_t *out_t=(size_t *)out;
+		    	const size_t *in_t=(const size_t *)in;
+
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
 				PUTU32(ctx->Yi.c+12,ctr);
 			else
 				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16; i+=sizeof(size_t))
-				*(size_t *)(ctx->Xi.c+i) ^=
-				*(size_t *)(out+i) =
-				*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+			for (i=0; i<16/sizeof(size_t); ++i)
+				ctx->Xi.t[i] ^=
+				out_t[i] = in_t[i]^ctx->EKi.t[i];
 			GCM_MUL(ctx,Xi);
 			out += 16;
 			in  += 16;
@@ -1091,15 +1097,17 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 
 		    GHASH(ctx,in,GHASH_CHUNK);
 		    while (j) {
+		    	size_t *out_t=(size_t *)out;
+		    	const size_t *in_t=(const size_t *)in;
+
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
 				PUTU32(ctx->Yi.c+12,ctr);
 			else
 				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16; i+=sizeof(size_t))
-				*(size_t *)(out+i) =
-				*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+			for (i=0; i<16/sizeof(size_t); ++i)
+				out_t[i] = in_t[i]^ctx->EKi.t[i];
 			out += 16;
 			in  += 16;
 			j   -= 16;
@@ -1109,15 +1117,17 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 		if ((i = (len&(size_t)-16))) {
 		    GHASH(ctx,in,i);
 		    while (len>=16) {
+		    	size_t *out_t=(size_t *)out;
+		    	const size_t *in_t=(const size_t *)in;
+
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
 				PUTU32(ctx->Yi.c+12,ctr);
 			else
 				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16; i+=sizeof(size_t))
-				*(size_t *)(out+i) =
-				*(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+			for (i=0; i<16/sizeof(size_t); ++i)
+				out_t[i] = in_t[i]^ctx->EKi.t[i];
 			out += 16;
 			in  += 16;
 			len -= 16;
@@ -1125,16 +1135,19 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 		}
 #else
 		while (len>=16) {
+		    	size_t *out_t=(size_t *)out;
+		    	const size_t *in_t=(const size_t *)in;
+
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
 				PUTU32(ctx->Yi.c+12,ctr);
 			else
 				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16; i+=sizeof(size_t)) {
-				size_t c = *(size_t *)(in+i);
-				*(size_t *)(out+i) = c^*(size_t *)(ctx->EKi.c+i);
-				*(size_t *)(ctx->Xi.c+i) ^= c;
+			for (i=0; i<16/sizeof(size_t); ++i) {
+				size_t c = in[i];
+				out[i] = c^ctx->EKi.t[i];
+				ctx->Xi.t[i] ^= c;
 			}
 			GCM_MUL(ctx,Xi);
 			out += 16;
@@ -1669,6 +1682,46 @@ static const u8	IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0
 			0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f},
 		T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a};
 
+/* Test Case 19 */
+#define K19 K1
+#define P19 P1
+#define IV19 IV1
+#define C19 C1
+static const u8 A19[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
+			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
+			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
+			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55,
+			0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
+			0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
+			0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
+			0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad},
+		T19[]= {0x5f,0xea,0x79,0x3a,0x2d,0x6f,0x97,0x4d,0x37,0xe6,0x8e,0x0c,0xb8,0xff,0x94,0x92};
+
+/* Test Case 20 */
+#define K20 K1
+#define A20 A1
+static const u8 IV20[64]={0xff,0xff,0xff,0xff},	/* this results in 0xff in counter LSB */
+		P20[288],
+		C20[]= {0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,0x2b,0x64,0xfe,0x1e,0x9a,0x17,0xb6,0x14,
+			0x25,0xf1,0x0d,0x47,0xa7,0x5a,0x5f,0xce,0x13,0xef,0xc6,0xbc,0x78,0x4a,0xf2,0x4f,
+			0x41,0x41,0xbd,0xd4,0x8c,0xf7,0xc7,0x70,0x88,0x7a,0xfd,0x57,0x3c,0xca,0x54,0x18,
+			0xa9,0xae,0xff,0xcd,0x7c,0x5c,0xed,0xdf,0xc6,0xa7,0x83,0x97,0xb9,0xa8,0x5b,0x49,
+			0x9d,0xa5,0x58,0x25,0x72,0x67,0xca,0xab,0x2a,0xd0,0xb2,0x3c,0xa4,0x76,0xa5,0x3c,
+			0xb1,0x7f,0xb4,0x1c,0x4b,0x8b,0x47,0x5c,0xb4,0xf3,0xf7,0x16,0x50,0x94,0xc2,0x29,
+			0xc9,0xe8,0xc4,0xdc,0x0a,0x2a,0x5f,0xf1,0x90,0x3e,0x50,0x15,0x11,0x22,0x13,0x76,
+			0xa1,0xcd,0xb8,0x36,0x4c,0x50,0x61,0xa2,0x0c,0xae,0x74,0xbc,0x4a,0xcd,0x76,0xce,
+			0xb0,0xab,0xc9,0xfd,0x32,0x17,0xef,0x9f,0x8c,0x90,0xbe,0x40,0x2d,0xdf,0x6d,0x86,
+			0x97,0xf4,0xf8,0x80,0xdf,0xf1,0x5b,0xfb,0x7a,0x6b,0x28,0x24,0x1e,0xc8,0xfe,0x18,
+			0x3c,0x2d,0x59,0xe3,0xf9,0xdf,0xff,0x65,0x3c,0x71,0x26,0xf0,0xac,0xb9,0xe6,0x42,
+			0x11,0xf4,0x2b,0xae,0x12,0xaf,0x46,0x2b,0x10,0x70,0xbe,0xf1,0xab,0x5e,0x36,0x06,
+			0x87,0x2c,0xa1,0x0d,0xee,0x15,0xb3,0x24,0x9b,0x1a,0x1b,0x95,0x8f,0x23,0x13,0x4c,
+			0x4b,0xcc,0xb7,0xd0,0x32,0x00,0xbc,0xe4,0x20,0xa2,0xf8,0xeb,0x66,0xdc,0xf3,0x64,
+			0x4d,0x14,0x23,0xc1,0xb5,0x69,0x90,0x03,0xc1,0x3e,0xce,0xf4,0xbf,0x38,0xa3,0xb6,
+			0x0e,0xed,0xc3,0x40,0x33,0xba,0xc1,0x90,0x27,0x83,0xdc,0x6d,0x89,0xe2,0xe7,0x74,
+			0x18,0x8a,0x43,0x9c,0x7e,0xbc,0xc0,0x67,0x2d,0xbd,0xa4,0xdd,0xcf,0xb2,0x79,0x46,
+			0x13,0xb0,0xbe,0x41,0x31,0x5e,0xf7,0x78,0x70,0x8a,0x70,0xee,0x7d,0x75,0x16,0x5c},
+		T20[]= {0x8b,0x30,0x7f,0x6b,0x33,0x28,0x6d,0x0a,0xb0,0x26,0xa9,0xed,0x3f,0xe1,0xe8,0x5f};
+
 #define TEST_CASE(n)	do {					\
 	u8 out[sizeof(P##n)];					\
 	AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key);		\
@@ -1713,6 +1766,8 @@ int main()
 	TEST_CASE(16);
 	TEST_CASE(17);
 	TEST_CASE(18);
+	TEST_CASE(19);
+	TEST_CASE(20);
 
 #ifdef OPENSSL_CPUID_OBJ
 	{
@@ -1743,11 +1798,16 @@ int main()
 			ctr_t/(double)sizeof(buf),
 			(gcm_t-ctr_t)/(double)sizeof(buf));
 #ifdef GHASH
-	GHASH(&ctx,buf.c,sizeof(buf));
+	{
+	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
+				const u8 *inp,size_t len)	= ctx.ghash;
+
+	GHASH((&ctx),buf.c,sizeof(buf));
 	start = OPENSSL_rdtsc();
-	for (i=0;i<100;++i) GHASH(&ctx,buf.c,sizeof(buf));
+	for (i=0;i<100;++i) GHASH((&ctx),buf.c,sizeof(buf));
 	gcm_t = OPENSSL_rdtsc() - start;
 	printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i);
+	}
 #endif
 	}
 #endif

libs/openssl/crypto/modes/modes_lcl.h

@@ -29,10 +29,7 @@ typedef unsigned char u8;
 #if defined(__i386)	|| defined(__i386__)	|| \
     defined(__x86_64)	|| defined(__x86_64__)	|| \
     defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64) || \
-    defined(__s390__)	|| defined(__s390x__)	|| \
-    ( (defined(__arm__)	|| defined(__arm)) && \
-      (defined(__ARM_ARCH_7__)	|| defined(__ARM_ARCH_7A__) || \
-       defined(__ARM_ARCH_7R__)	|| defined(__ARM_ARCH_7M__)) )
+    defined(__s390__)	|| defined(__s390x__)
 # undef STRICT_ALIGNMENT
 #endif
 
@@ -101,8 +98,8 @@ typedef struct { u64 hi,lo; } u128;
 
 struct gcm128_context {
 	/* Following 6 names follow names in GCM specification */
-	union { u64 u[2]; u32 d[4]; u8 c[16]; }	Yi,EKi,EK0,len,
-						Xi,H;
+	union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; }
+	  Yi,EKi,EK0,len,Xi,H;
 	/* Relative position of Xi, H and pre-computed Htable is used
 	 * in some assembler modules, i.e. don't change the order! */
 #if TABLE_BITS==8

libs/openssl/crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000105fL
+#define OPENSSL_VERSION_NUMBER	0x1000106fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1e-fips 11 Feb 2013"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f-fips 6 Jan 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1e 11 Feb 2013"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f 6 Jan 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

libs/openssl/crypto/pem/pem_info.c

@@ -167,6 +167,7 @@ start:
 #ifndef OPENSSL_NO_RSA
 			if (strcmp(name,PEM_STRING_RSA) == 0)
 			{
+			d2i=(D2I_OF(void))d2i_RSAPrivateKey;
 			if (xi->x_pkey != NULL) 
 				{
 				if (!sk_X509_INFO_push(ret,xi)) goto err;

libs/openssl/crypto/pkcs12/p12_crt.c

@@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
 	/* Set defaults */
 	if (!nid_cert)
+		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+		else
+#endif
 		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+		}
 	if (!nid_key)
 		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 	if (!iter)

libs/openssl/crypto/rand/md_rand.c

@@ -380,8 +380,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	 * are fed into the hash function and the results are kept in the
 	 * global 'md'.
 	 */
-
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+	/* NB: in FIPS mode we are already under a lock */
+	if (!FIPS_mode())
+#endif
+		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
 	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +463,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
 	/* before unlocking, we must clear 'crypto_lock_rand' */
 	crypto_lock_rand = 0;
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+	if (!FIPS_mode())
+#endif
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	while (num > 0)
 		{
@@ -512,10 +518,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 	MD_Init(&m);
 	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+	if (!FIPS_mode())
+#endif
+		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
 	MD_Final(&m,md);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+	if (!FIPS_mode())
+#endif
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	EVP_MD_CTX_cleanup(&m);
 	if (ok)

libs/openssl/crypto/rand/rand.h

@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
 #define RAND_F_SSLEAY_RAND_BYTES			 100
 
 /* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED			 104
 #define RAND_R_ERROR_INITIALISING_DRBG			 102
 #define RAND_R_ERROR_INSTANTIATING_DRBG			 103
 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 101

libs/openssl/crypto/rand/rand_err.c

@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 
 static ERR_STRING_DATA RAND_str_reasons[]=
 	{
+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
 {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},

libs/openssl/crypto/rand/rand_lib.c

@@ -269,6 +269,14 @@ int RAND_init_fips(void)
 	DRBG_CTX *dctx;
 	size_t plen;
 	unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+	if (fips_drbg_type >> 16)
+		{
+		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+		return 0;
+		}
+#endif
+		
 	dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
 		{

libs/openssl/crypto/rsa/rsa_ameth.c

@@ -351,27 +351,27 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
 
 	if (!BIO_indent(bp, indent, 128))
 		goto err;
-	if (BIO_puts(bp, "Salt Length: ") <= 0)
+	if (BIO_puts(bp, "Salt Length: 0x") <= 0)
 			goto err;
 	if (pss->saltLength)
 		{
 		if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
 			goto err;
 		}
-	else if (BIO_puts(bp, "20 (default)") <= 0)
+	else if (BIO_puts(bp, "0x14 (default)") <= 0)
 		goto err;
 	BIO_puts(bp, "\n");
 
 	if (!BIO_indent(bp, indent, 128))
 		goto err;
-	if (BIO_puts(bp, "Trailer Field: ") <= 0)
+	if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
 			goto err;
 	if (pss->trailerField)
 		{
 		if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
 			goto err;
 		}
-	else if (BIO_puts(bp, "0xbc (default)") <= 0)
+	else if (BIO_puts(bp, "BC (default)") <= 0)
 		goto err;
 	BIO_puts(bp, "\n");
 	

libs/openssl/crypto/rsa/rsa_chk.c

@@ -59,6 +59,12 @@ int RSA_check_key(const RSA *key)
 	BN_CTX *ctx;
 	int r;
 	int ret=1;
+
+	if (!key->p || !key->q || !key->n || !key->e || !key->d)
+		{
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+		return 0;
+		}
 	
 	i = BN_new();
 	j = BN_new();

libs/openssl/crypto/rsa/rsa_pmeth.c

@@ -611,6 +611,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
 			pm = RSA_NO_PADDING;
 		else if (!strcmp(value, "oeap"))
 			pm = RSA_PKCS1_OAEP_PADDING;
+		else if (!strcmp(value, "oaep"))
+			pm = RSA_PKCS1_OAEP_PADDING;
 		else if (!strcmp(value, "x931"))
 			pm = RSA_X931_PADDING;
 		else if (!strcmp(value, "pss"))

libs/openssl/crypto/sha/sha512.c

@@ -232,7 +232,14 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
 {   return SHA512_Update (c,data,len);   }
 
 void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
-{   sha512_block_data_order (c,data,1);  }
+	{
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+	if ((size_t)data%sizeof(c->u.d[0]) != 0)
+		memcpy(c->u.p,data,sizeof(c->u.p)),
+		data = c->u.p;
+#endif
+	sha512_block_data_order (c,data,1);
+	}
 
 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
 	{

libs/openssl/crypto/srp/srp_grps.h

@@ -1,22 +1,22 @@
 /* start of generated data */
 
 static BN_ULONG bn_group_1024_value[] = {
-	bn_pack4(9FC6,1D2F,C0EB,06E3),
-	bn_pack4(FD51,38FE,8376,435B),
-	bn_pack4(2FD4,CBF4,976E,AA9A),
-	bn_pack4(68ED,BC3C,0572,6CC0),
-	bn_pack4(C529,F566,660E,57EC),
-	bn_pack4(8255,9B29,7BCF,1885),
-	bn_pack4(CE8E,F4AD,69B1,5D49),
-	bn_pack4(5DC7,D7B4,6154,D6B6),
-	bn_pack4(8E49,5C1D,6089,DAD1),
-	bn_pack4(E0D5,D8E2,50B9,8BE4),
-	bn_pack4(383B,4813,D692,C6E0),
-	bn_pack4(D674,DF74,96EA,81D3),
-	bn_pack4(9EA2,314C,9C25,6576),
-	bn_pack4(6072,6187,75FF,3C0B),
-	bn_pack4(9C33,F80A,FA8F,C5E8),
-	bn_pack4(EEAF,0AB9,ADB3,8DD6)
+	bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
+	bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
+	bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
+	bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0),
+	bn_pack4(0xC529,0xF566,0x660E,0x57EC),
+	bn_pack4(0x8255,0x9B29,0x7BCF,0x1885),
+	bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49),
+	bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6),
+	bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1),
+	bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4),
+	bn_pack4(0x383B,0x4813,0xD692,0xC6E0),
+	bn_pack4(0xD674,0xDF74,0x96EA,0x81D3),
+	bn_pack4(0x9EA2,0x314C,0x9C25,0x6576),
+	bn_pack4(0x6072,0x6187,0x75FF,0x3C0B),
+	bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
+	bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
 };
 static BIGNUM bn_group_1024 = {
 	bn_group_1024_value,
@@ -27,30 +27,30 @@ static BIGNUM bn_group_1024 = {
 };
 
 static BN_ULONG bn_group_1536_value[] = {
-	bn_pack4(CF76,E3FE,D135,F9BB),
-	bn_pack4(1518,0F93,499A,234D),
-	bn_pack4(8CE7,A28C,2442,C6F3),
-	bn_pack4(5A02,1FFF,5E91,479E),
-	bn_pack4(7F8A,2FE9,B8B5,292E),
-	bn_pack4(837C,264A,E3A9,BEB8),
-	bn_pack4(E442,734A,F7CC,B7AE),
-	bn_pack4(6577,2E43,7D6C,7F8C),
-	bn_pack4(DB2F,D53D,24B7,C486),
-	bn_pack4(6EDF,0195,3934,9627),
-	bn_pack4(158B,FD3E,2B9C,8CF5),
-	bn_pack4(764E,3F4B,53DD,9DA1),
-	bn_pack4(4754,8381,DBC5,B1FC),
-	bn_pack4(9B60,9E0B,E3BA,B63D),
-	bn_pack4(8134,B1C8,B979,8914),
-	bn_pack4(DF02,8A7C,EC67,F0D0),
-	bn_pack4(80B6,55BB,9A22,E8DC),
-	bn_pack4(1558,903B,A0D0,F843),
-	bn_pack4(51C6,A94B,E460,7A29),
-	bn_pack4(5F4F,5F55,6E27,CBDE),
-	bn_pack4(BEEE,A961,4B19,CC4D),
-	bn_pack4(DBA5,1DF4,99AC,4C80),
-	bn_pack4(B1F1,2A86,17A4,7BBB),
-	bn_pack4(9DEF,3CAF,B939,277A)
+	bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
+	bn_pack4(0x1518,0x0F93,0x499A,0x234D),
+	bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
+	bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E),
+	bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E),
+	bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8),
+	bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE),
+	bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C),
+	bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486),
+	bn_pack4(0x6EDF,0x0195,0x3934,0x9627),
+	bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5),
+	bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1),
+	bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC),
+	bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D),
+	bn_pack4(0x8134,0xB1C8,0xB979,0x8914),
+	bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0),
+	bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC),
+	bn_pack4(0x1558,0x903B,0xA0D0,0xF843),
+	bn_pack4(0x51C6,0xA94B,0xE460,0x7A29),
+	bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE),
+	bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D),
+	bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80),
+	bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
+	bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
 };
 static BIGNUM bn_group_1536 = {
 	bn_group_1536_value,
@@ -61,38 +61,38 @@ static BIGNUM bn_group_1536 = {
 };
 
 static BN_ULONG bn_group_2048_value[] = {
-	bn_pack4(0FA7,111F,9E4A,FF73),
-	bn_pack4(9B65,E372,FCD6,8EF2),
-	bn_pack4(35DE,236D,525F,5475),
-	bn_pack4(94B5,C803,D89F,7AE4),
-	bn_pack4(71AE,35F8,E9DB,FBB6),
-	bn_pack4(2A56,98F3,A8D0,C382),
-	bn_pack4(9CCC,041C,7BC3,08D8),
-	bn_pack4(AF87,4E73,03CE,5329),
-	bn_pack4(6160,2790,04E5,7AE6),
-	bn_pack4(032C,FBDB,F52F,B378),
-	bn_pack4(5EA7,7A27,75D2,ECFA),
-	bn_pack4(5445,23B5,24B0,D57D),
-	bn_pack4(5B9D,32E6,88F8,7748),
-	bn_pack4(F1D2,B907,8717,461A),
-	bn_pack4(76BD,207A,436C,6481),
-	bn_pack4(CA97,B43A,23FB,8016),
-	bn_pack4(1D28,1E44,6B14,773B),
-	bn_pack4(7359,D041,D5C3,3EA7),
-	bn_pack4(A80D,740A,DBF4,FF74),
-	bn_pack4(55F9,7993,EC97,5EEA),
-	bn_pack4(2918,A996,2F0B,93B8),
-	bn_pack4(661A,05FB,D5FA,AAE8),
-	bn_pack4(CF60,9517,9A16,3AB3),
-	bn_pack4(E808,3969,EDB7,67B0),
-	bn_pack4(CD7F,48A9,DA04,FD50),
-	bn_pack4(D523,12AB,4B03,310D),
-	bn_pack4(8193,E075,7767,A13D),
-	bn_pack4(A373,29CB,B4A0,99ED),
-	bn_pack4(FC31,9294,3DB5,6050),
-	bn_pack4(AF72,B665,1987,EE07),
-	bn_pack4(F166,DE5E,1389,582F),
-	bn_pack4(AC6B,DB41,324A,9A9B)
+	bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
+	bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
+	bn_pack4(0x35DE,0x236D,0x525F,0x5475),
+	bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4),
+	bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6),
+	bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382),
+	bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8),
+	bn_pack4(0xAF87,0x4E73,0x03CE,0x5329),
+	bn_pack4(0x6160,0x2790,0x04E5,0x7AE6),
+	bn_pack4(0x032C,0xFBDB,0xF52F,0xB378),
+	bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA),
+	bn_pack4(0x5445,0x23B5,0x24B0,0xD57D),
+	bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748),
+	bn_pack4(0xF1D2,0xB907,0x8717,0x461A),
+	bn_pack4(0x76BD,0x207A,0x436C,0x6481),
+	bn_pack4(0xCA97,0xB43A,0x23FB,0x8016),
+	bn_pack4(0x1D28,0x1E44,0x6B14,0x773B),
+	bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7),
+	bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74),
+	bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA),
+	bn_pack4(0x2918,0xA996,0x2F0B,0x93B8),
+	bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8),
+	bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3),
+	bn_pack4(0xE808,0x3969,0xEDB7,0x67B0),
+	bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50),
+	bn_pack4(0xD523,0x12AB,0x4B03,0x310D),
+	bn_pack4(0x8193,0xE075,0x7767,0xA13D),
+	bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED),
+	bn_pack4(0xFC31,0x9294,0x3DB5,0x6050),
+	bn_pack4(0xAF72,0xB665,0x1987,0xEE07),
+	bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
+	bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
 };
 static BIGNUM bn_group_2048 = {
 	bn_group_2048_value,
@@ -103,54 +103,54 @@ static BIGNUM bn_group_2048 = {
 };
 
 static BN_ULONG bn_group_3072_value[] = {
-	bn_pack4(FFFF,FFFF,FFFF,FFFF),
-	bn_pack4(4B82,D120,A93A,D2CA),
-	bn_pack4(43DB,5BFC,E0FD,108E),
-	bn_pack4(08E2,4FA0,74E5,AB31),
-	bn_pack4(7709,88C0,BAD9,46E2),
-	bn_pack4(BBE1,1757,7A61,5D6C),
-	bn_pack4(521F,2B18,177B,200C),
-	bn_pack4(D876,0273,3EC8,6A64),
-	bn_pack4(F12F,FA06,D98A,0864),
-	bn_pack4(CEE3,D226,1AD2,EE6B),
-	bn_pack4(1E8C,94E0,4A25,619D),
-	bn_pack4(ABF5,AE8C,DB09,33D7),
-	bn_pack4(B397,0F85,A6E1,E4C7),
-	bn_pack4(8AEA,7157,5D06,0C7D),
-	bn_pack4(ECFB,8504,58DB,EF0A),
-	bn_pack4(A855,21AB,DF1C,BA64),
-	bn_pack4(AD33,170D,0450,7A33),
-	bn_pack4(1572,8E5A,8AAA,C42D),
-	bn_pack4(15D2,2618,98FA,0510),
-	bn_pack4(3995,497C,EA95,6AE5),
-	bn_pack4(DE2B,CBF6,9558,1718),
-	bn_pack4(B5C5,5DF0,6F4C,52C9),
-	bn_pack4(9B27,83A2,EC07,A28F),
-	bn_pack4(E39E,772C,180E,8603),
-	bn_pack4(3290,5E46,2E36,CE3B),
-	bn_pack4(F174,6C08,CA18,217C),
-	bn_pack4(670C,354E,4ABC,9804),
-	bn_pack4(9ED5,2907,7096,966D),
-	bn_pack4(1C62,F356,2085,52BB),
-	bn_pack4(8365,5D23,DCA3,AD96),
-	bn_pack4(6916,3FA8,FD24,CF5F),
-	bn_pack4(98DA,4836,1C55,D39A),
-	bn_pack4(C200,7CB8,A163,BF05),
-	bn_pack4(4928,6651,ECE4,5B3D),
-	bn_pack4(AE9F,2411,7C4B,1FE6),
-	bn_pack4(EE38,6BFB,5A89,9FA5),
-	bn_pack4(0BFF,5CB6,F406,B7ED),
-	bn_pack4(F44C,42E9,A637,ED6B),
-	bn_pack4(E485,B576,625E,7EC6),
-	bn_pack4(4FE1,356D,6D51,C245),
-	bn_pack4(302B,0A6D,F25F,1437),
-	bn_pack4(EF95,19B3,CD3A,431B),
-	bn_pack4(514A,0879,8E34,04DD),
-	bn_pack4(020B,BEA6,3B13,9B22),
-	bn_pack4(2902,4E08,8A67,CC74),
-	bn_pack4(C4C6,628B,80DC,1CD1),
-	bn_pack4(C90F,DAA2,2168,C234),
-	bn_pack4(FFFF,FFFF,FFFF,FFFF)
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+	bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
+	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_3072 = {
 	bn_group_3072_value,
@@ -161,70 +161,70 @@ static BIGNUM bn_group_3072 = {
 };
 
 static BN_ULONG bn_group_4096_value[] = {
-	bn_pack4(FFFF,FFFF,FFFF,FFFF),
-	bn_pack4(4DF4,35C9,3406,3199),
-	bn_pack4(86FF,B7DC,90A6,C08F),
-	bn_pack4(93B4,EA98,8D8F,DDC1),
-	bn_pack4(D006,9127,D5B0,5AA9),
-	bn_pack4(B81B,DD76,2170,481C),
-	bn_pack4(1F61,2970,CEE2,D7AF),
-	bn_pack4(233B,A186,515B,E7ED),
-	bn_pack4(99B2,964F,A090,C3A2),
-	bn_pack4(287C,5947,4E6B,C05D),
-	bn_pack4(2E8E,FC14,1FBE,CAA6),
-	bn_pack4(DBBB,C2DB,04DE,8EF9),
-	bn_pack4(2583,E9CA,2AD4,4CE8),
-	bn_pack4(1A94,6834,B615,0BDA),
-	bn_pack4(99C3,2718,6AF4,E23C),
-	bn_pack4(8871,9A10,BDBA,5B26),
-	bn_pack4(1A72,3C12,A787,E6D7),
-	bn_pack4(4B82,D120,A921,0801),
-	bn_pack4(43DB,5BFC,E0FD,108E),
-	bn_pack4(08E2,4FA0,74E5,AB31),
-	bn_pack4(7709,88C0,BAD9,46E2),
-	bn_pack4(BBE1,1757,7A61,5D6C),
-	bn_pack4(521F,2B18,177B,200C),
-	bn_pack4(D876,0273,3EC8,6A64),
-	bn_pack4(F12F,FA06,D98A,0864),
-	bn_pack4(CEE3,D226,1AD2,EE6B),
-	bn_pack4(1E8C,94E0,4A25,619D),
-	bn_pack4(ABF5,AE8C,DB09,33D7),
-	bn_pack4(B397,0F85,A6E1,E4C7),
-	bn_pack4(8AEA,7157,5D06,0C7D),
-	bn_pack4(ECFB,8504,58DB,EF0A),
-	bn_pack4(A855,21AB,DF1C,BA64),
-	bn_pack4(AD33,170D,0450,7A33),
-	bn_pack4(1572,8E5A,8AAA,C42D),
-	bn_pack4(15D2,2618,98FA,0510),
-	bn_pack4(3995,497C,EA95,6AE5),
-	bn_pack4(DE2B,CBF6,9558,1718),
-	bn_pack4(B5C5,5DF0,6F4C,52C9),
-	bn_pack4(9B27,83A2,EC07,A28F),
-	bn_pack4(E39E,772C,180E,8603),
-	bn_pack4(3290,5E46,2E36,CE3B),
-	bn_pack4(F174,6C08,CA18,217C),
-	bn_pack4(670C,354E,4ABC,9804),
-	bn_pack4(9ED5,2907,7096,966D),
-	bn_pack4(1C62,F356,2085,52BB),
-	bn_pack4(8365,5D23,DCA3,AD96),
-	bn_pack4(6916,3FA8,FD24,CF5F),
-	bn_pack4(98DA,4836,1C55,D39A),
-	bn_pack4(C200,7CB8,A163,BF05),
-	bn_pack4(4928,6651,ECE4,5B3D),
-	bn_pack4(AE9F,2411,7C4B,1FE6),
-	bn_pack4(EE38,6BFB,5A89,9FA5),
-	bn_pack4(0BFF,5CB6,F406,B7ED),
-	bn_pack4(F44C,42E9,A637,ED6B),
-	bn_pack4(E485,B576,625E,7EC6),
-	bn_pack4(4FE1,356D,6D51,C245),
-	bn_pack4(302B,0A6D,F25F,1437),
-	bn_pack4(EF95,19B3,CD3A,431B),
-	bn_pack4(514A,0879,8E34,04DD),
-	bn_pack4(020B,BEA6,3B13,9B22),
-	bn_pack4(2902,4E08,8A67,CC74),
-	bn_pack4(C4C6,628B,80DC,1CD1),
-	bn_pack4(C90F,DAA2,2168,C234),
-	bn_pack4(FFFF,FFFF,FFFF,FFFF)
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+	bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
+	bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+	bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+	bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+	bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+	bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+	bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+	bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+	bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+	bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+	bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+	bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+	bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+	bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+	bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+	bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+	bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_4096 = {
 	bn_group_4096_value,
@@ -235,102 +235,102 @@ static BIGNUM bn_group_4096 = {
 };
 
 static BN_ULONG bn_group_6144_value[] = {
-	bn_pack4(FFFF,FFFF,FFFF,FFFF),
-	bn_pack4(E694,F91E,6DCC,4024),
-	bn_pack4(12BF,2D5B,0B74,74D6),
-	bn_pack4(043E,8F66,3F48,60EE),
-	bn_pack4(387F,E8D7,6E3C,0468),
-	bn_pack4(DA56,C9EC,2EF2,9632),
-	bn_pack4(EB19,CCB1,A313,D55C),
-	bn_pack4(F550,AA3D,8A1F,BFF0),
-	bn_pack4(06A1,D58B,B7C5,DA76),
-	bn_pack4(A797,15EE,F29B,E328),
-	bn_pack4(14CC,5ED2,0F80,37E0),
-	bn_pack4(CC8F,6D7E,BF48,E1D8),
-	bn_pack4(4BD4,07B2,2B41,54AA),
-	bn_pack4(0F1D,45B7,FF58,5AC5),
-	bn_pack4(23A9,7A7E,36CC,88BE),
-	bn_pack4(59E7,C97F,BEC7,E8F3),
-	bn_pack4(B5A8,4031,900B,1C9E),
-	bn_pack4(D55E,702F,4698,0C82),
-	bn_pack4(F482,D7CE,6E74,FEF6),
-	bn_pack4(F032,EA15,D172,1D03),
-	bn_pack4(5983,CA01,C64B,92EC),
-	bn_pack4(6FB8,F401,378C,D2BF),
-	bn_pack4(3320,5151,2BD7,AF42),
-	bn_pack4(DB7F,1447,E6CC,254B),
-	bn_pack4(44CE,6CBA,CED4,BB1B),
-	bn_pack4(DA3E,DBEB,CF9B,14ED),
-	bn_pack4(1797,27B0,865A,8918),
-	bn_pack4(B06A,53ED,9027,D831),
-	bn_pack4(E5DB,382F,4130,01AE),
-	bn_pack4(F8FF,9406,AD9E,530E),
-	bn_pack4(C975,1E76,3DBA,37BD),
-	bn_pack4(C1D4,DCB2,6026,46DE),
-	bn_pack4(36C3,FAB4,D27C,7026),
-	bn_pack4(4DF4,35C9,3402,8492),
-	bn_pack4(86FF,B7DC,90A6,C08F),
-	bn_pack4(93B4,EA98,8D8F,DDC1),
-	bn_pack4(D006,9127,D5B0,5AA9),
-	bn_pack4(B81B,DD76,2170,481C),
-	bn_pack4(1F61,2970,CEE2,D7AF),
-	bn_pack4(233B,A186,515B,E7ED),
-	bn_pack4(99B2,964F,A090,C3A2),
-	bn_pack4(287C,5947,4E6B,C05D),
-	bn_pack4(2E8E,FC14,1FBE,CAA6),
-	bn_pack4(DBBB,C2DB,04DE,8EF9),
-	bn_pack4(2583,E9CA,2AD4,4CE8),
-	bn_pack4(1A94,6834,B615,0BDA),
-	bn_pack4(99C3,2718,6AF4,E23C),
-	bn_pack4(8871,9A10,BDBA,5B26),
-	bn_pack4(1A72,3C12,A787,E6D7),
-	bn_pack4(4B82,D120,A921,0801),
-	bn_pack4(43DB,5BFC,E0FD,108E),
-	bn_pack4(08E2,4FA0,74E5,AB31),
-	bn_pack4(7709,88C0,BAD9,46E2),
-	bn_pack4(BBE1,1757,7A61,5D6C),
-	bn_pack4(521F,2B18,177B,200C),
-	bn_pack4(D876,0273,3EC8,6A64),
-	bn_pack4(F12F,FA06,D98A,0864),
-	bn_pack4(CEE3,D226,1AD2,EE6B),
-	bn_pack4(1E8C,94E0,4A25,619D),
-	bn_pack4(ABF5,AE8C,DB09,33D7),
-	bn_pack4(B397,0F85,A6E1,E4C7),
-	bn_pack4(8AEA,7157,5D06,0C7D),
-	bn_pack4(ECFB,8504,58DB,EF0A),
-	bn_pack4(A855,21AB,DF1C,BA64),
-	bn_pack4(AD33,170D,0450,7A33),
-	bn_pack4(1572,8E5A,8AAA,C42D),
-	bn_pack4(15D2,2618,98FA,0510),
-	bn_pack4(3995,497C,EA95,6AE5),
-	bn_pack4(DE2B,CBF6,9558,1718),
-	bn_pack4(B5C5,5DF0,6F4C,52C9),
-	bn_pack4(9B27,83A2,EC07,A28F),
-	bn_pack4(E39E,772C,180E,8603),
-	bn_pack4(3290,5E46,2E36,CE3B),
-	bn_pack4(F174,6C08,CA18,217C),
-	bn_pack4(670C,354E,4ABC,9804),
-	bn_pack4(9ED5,2907,7096,966D),
-	bn_pack4(1C62,F356,2085,52BB),
-	bn_pack4(8365,5D23,DCA3,AD96),
-	bn_pack4(6916,3FA8,FD24,CF5F),
-	bn_pack4(98DA,4836,1C55,D39A),
-	bn_pack4(C200,7CB8,A163,BF05),
-	bn_pack4(4928,6651,ECE4,5B3D),
-	bn_pack4(AE9F,2411,7C4B,1FE6),
-	bn_pack4(EE38,6BFB,5A89,9FA5),
-	bn_pack4(0BFF,5CB6,F406,B7ED),
-	bn_pack4(F44C,42E9,A637,ED6B),
-	bn_pack4(E485,B576,625E,7EC6),
-	bn_pack4(4FE1,356D,6D51,C245),
-	bn_pack4(302B,0A6D,F25F,1437),
-	bn_pack4(EF95,19B3,CD3A,431B),
-	bn_pack4(514A,0879,8E34,04DD),
-	bn_pack4(020B,BEA6,3B13,9B22),
-	bn_pack4(2902,4E08,8A67,CC74),
-	bn_pack4(C4C6,628B,80DC,1CD1),
-	bn_pack4(C90F,DAA2,2168,C234),
-	bn_pack4(FFFF,FFFF,FFFF,FFFF)
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+	bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
+	bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+	bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+	bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+	bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+	bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+	bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+	bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+	bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+	bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+	bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+	bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+	bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+	bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+	bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+	bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+	bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+	bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+	bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+	bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+	bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+	bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+	bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+	bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+	bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+	bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+	bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+	bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+	bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+	bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+	bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+	bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+	bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+	bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+	bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+	bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+	bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+	bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+	bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+	bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+	bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+	bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+	bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+	bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+	bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+	bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+	bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+	bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+	bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_6144 = {
 	bn_group_6144_value,
@@ -341,134 +341,134 @@ static BIGNUM bn_group_6144 = {
 };
 
 static BN_ULONG bn_group_8192_value[] = {
-	bn_pack4(FFFF,FFFF,FFFF,FFFF),
-	bn_pack4(60C9,80DD,98ED,D3DF),
-	bn_pack4(C81F,56E8,80B9,6E71),
-	bn_pack4(9E30,50E2,7656,94DF),
-	bn_pack4(9558,E447,5677,E9AA),
-	bn_pack4(C919,0DA6,FC02,6E47),
-	bn_pack4(889A,002E,D5EE,382B),
-	bn_pack4(4009,438B,481C,6CD7),
-	bn_pack4(3590,46F4,EB87,9F92),
-	bn_pack4(FAF3,6BC3,1ECF,A268),
-	bn_pack4(B1D5,10BD,7EE7,4D73),
-	bn_pack4(F9AB,4819,5DED,7EA1),
-	bn_pack4(64F3,1CC5,0846,851D),
-	bn_pack4(4597,E899,A025,5DC1),
-	bn_pack4(DF31,0EE0,74AB,6A36),
-	bn_pack4(6D2A,13F8,3F44,F82D),
-	bn_pack4(062B,3CF5,B3A2,78A6),
-	bn_pack4(7968,3303,ED5B,DD3A),
-	bn_pack4(FA9D,4B7F,A2C0,87E8),
-	bn_pack4(4BCB,C886,2F83,85DD),
-	bn_pack4(3473,FC64,6CEA,306B),
-	bn_pack4(13EB,57A8,1A23,F0C7),
-	bn_pack4(2222,2E04,A403,7C07),
-	bn_pack4(E3FD,B8BE,FC84,8AD9),
-	bn_pack4(238F,16CB,E39D,652D),
-	bn_pack4(3423,B474,2BF1,C978),
-	bn_pack4(3AAB,639C,5AE4,F568),
-	bn_pack4(2576,F693,6BA4,2466),
-	bn_pack4(741F,A7BF,8AFC,47ED),
-	bn_pack4(3BC8,32B6,8D9D,D300),
-	bn_pack4(D8BE,C4D0,73B9,31BA),
-	bn_pack4(3877,7CB6,A932,DF8C),
-	bn_pack4(74A3,926F,12FE,E5E4),
-	bn_pack4(E694,F91E,6DBE,1159),
-	bn_pack4(12BF,2D5B,0B74,74D6),
-	bn_pack4(043E,8F66,3F48,60EE),
-	bn_pack4(387F,E8D7,6E3C,0468),
-	bn_pack4(DA56,C9EC,2EF2,9632),
-	bn_pack4(EB19,CCB1,A313,D55C),
-	bn_pack4(F550,AA3D,8A1F,BFF0),
-	bn_pack4(06A1,D58B,B7C5,DA76),
-	bn_pack4(A797,15EE,F29B,E328),
-	bn_pack4(14CC,5ED2,0F80,37E0),
-	bn_pack4(CC8F,6D7E,BF48,E1D8),
-	bn_pack4(4BD4,07B2,2B41,54AA),
-	bn_pack4(0F1D,45B7,FF58,5AC5),
-	bn_pack4(23A9,7A7E,36CC,88BE),
-	bn_pack4(59E7,C97F,BEC7,E8F3),
-	bn_pack4(B5A8,4031,900B,1C9E),
-	bn_pack4(D55E,702F,4698,0C82),
-	bn_pack4(F482,D7CE,6E74,FEF6),
-	bn_pack4(F032,EA15,D172,1D03),
-	bn_pack4(5983,CA01,C64B,92EC),
-	bn_pack4(6FB8,F401,378C,D2BF),
-	bn_pack4(3320,5151,2BD7,AF42),
-	bn_pack4(DB7F,1447,E6CC,254B),
-	bn_pack4(44CE,6CBA,CED4,BB1B),
-	bn_pack4(DA3E,DBEB,CF9B,14ED),
-	bn_pack4(1797,27B0,865A,8918),
-	bn_pack4(B06A,53ED,9027,D831),
-	bn_pack4(E5DB,382F,4130,01AE),
-	bn_pack4(F8FF,9406,AD9E,530E),
-	bn_pack4(C975,1E76,3DBA,37BD),
-	bn_pack4(C1D4,DCB2,6026,46DE),
-	bn_pack4(36C3,FAB4,D27C,7026),
-	bn_pack4(4DF4,35C9,3402,8492),
-	bn_pack4(86FF,B7DC,90A6,C08F),
-	bn_pack4(93B4,EA98,8D8F,DDC1),
-	bn_pack4(D006,9127,D5B0,5AA9),
-	bn_pack4(B81B,DD76,2170,481C),
-	bn_pack4(1F61,2970,CEE2,D7AF),
-	bn_pack4(233B,A186,515B,E7ED),
-	bn_pack4(99B2,964F,A090,C3A2),
-	bn_pack4(287C,5947,4E6B,C05D),
-	bn_pack4(2E8E,FC14,1FBE,CAA6),
-	bn_pack4(DBBB,C2DB,04DE,8EF9),
-	bn_pack4(2583,E9CA,2AD4,4CE8),
-	bn_pack4(1A94,6834,B615,0BDA),
-	bn_pack4(99C3,2718,6AF4,E23C),
-	bn_pack4(8871,9A10,BDBA,5B26),
-	bn_pack4(1A72,3C12,A787,E6D7),
-	bn_pack4(4B82,D120,A921,0801),
-	bn_pack4(43DB,5BFC,E0FD,108E),
-	bn_pack4(08E2,4FA0,74E5,AB31),
-	bn_pack4(7709,88C0,BAD9,46E2),
-	bn_pack4(BBE1,1757,7A61,5D6C),
-	bn_pack4(521F,2B18,177B,200C),
-	bn_pack4(D876,0273,3EC8,6A64),
-	bn_pack4(F12F,FA06,D98A,0864),
-	bn_pack4(CEE3,D226,1AD2,EE6B),
-	bn_pack4(1E8C,94E0,4A25,619D),
-	bn_pack4(ABF5,AE8C,DB09,33D7),
-	bn_pack4(B397,0F85,A6E1,E4C7),
-	bn_pack4(8AEA,7157,5D06,0C7D),
-	bn_pack4(ECFB,8504,58DB,EF0A),
-	bn_pack4(A855,21AB,DF1C,BA64),
-	bn_pack4(AD33,170D,0450,7A33),
-	bn_pack4(1572,8E5A,8AAA,C42D),
-	bn_pack4(15D2,2618,98FA,0510),
-	bn_pack4(3995,497C,EA95,6AE5),
-	bn_pack4(DE2B,CBF6,9558,1718),
-	bn_pack4(B5C5,5DF0,6F4C,52C9),
-	bn_pack4(9B27,83A2,EC07,A28F),
-	bn_pack4(E39E,772C,180E,8603),
-	bn_pack4(3290,5E46,2E36,CE3B),
-	bn_pack4(F174,6C08,CA18,217C),
-	bn_pack4(670C,354E,4ABC,9804),
-	bn_pack4(9ED5,2907,7096,966D),
-	bn_pack4(1C62,F356,2085,52BB),
-	bn_pack4(8365,5D23,DCA3,AD96),
-	bn_pack4(6916,3FA8,FD24,CF5F),
-	bn_pack4(98DA,4836,1C55,D39A),
-	bn_pack4(C200,7CB8,A163,BF05),
-	bn_pack4(4928,6651,ECE4,5B3D),
-	bn_pack4(AE9F,2411,7C4B,1FE6),
-	bn_pack4(EE38,6BFB,5A89,9FA5),
-	bn_pack4(0BFF,5CB6,F406,B7ED),
-	bn_pack4(F44C,42E9,A637,ED6B),
-	bn_pack4(E485,B576,625E,7EC6),
-	bn_pack4(4FE1,356D,6D51,C245),
-	bn_pack4(302B,0A6D,F25F,1437),
-	bn_pack4(EF95,19B3,CD3A,431B),
-	bn_pack4(514A,0879,8E34,04DD),
-	bn_pack4(020B,BEA6,3B13,9B22),
-	bn_pack4(2902,4E08,8A67,CC74),
-	bn_pack4(C4C6,628B,80DC,1CD1),
-	bn_pack4(C90F,DAA2,2168,C234),
-	bn_pack4(FFFF,FFFF,FFFF,FFFF)
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+	bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
+	bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
+	bn_pack4(0x9E30,0x50E2,0x7656,0x94DF),
+	bn_pack4(0x9558,0xE447,0x5677,0xE9AA),
+	bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47),
+	bn_pack4(0x889A,0x002E,0xD5EE,0x382B),
+	bn_pack4(0x4009,0x438B,0x481C,0x6CD7),
+	bn_pack4(0x3590,0x46F4,0xEB87,0x9F92),
+	bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268),
+	bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73),
+	bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1),
+	bn_pack4(0x64F3,0x1CC5,0x0846,0x851D),
+	bn_pack4(0x4597,0xE899,0xA025,0x5DC1),
+	bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36),
+	bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D),
+	bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6),
+	bn_pack4(0x7968,0x3303,0xED5B,0xDD3A),
+	bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8),
+	bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD),
+	bn_pack4(0x3473,0xFC64,0x6CEA,0x306B),
+	bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7),
+	bn_pack4(0x2222,0x2E04,0xA403,0x7C07),
+	bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9),
+	bn_pack4(0x238F,0x16CB,0xE39D,0x652D),
+	bn_pack4(0x3423,0xB474,0x2BF1,0xC978),
+	bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568),
+	bn_pack4(0x2576,0xF693,0x6BA4,0x2466),
+	bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED),
+	bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300),
+	bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA),
+	bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C),
+	bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4),
+	bn_pack4(0xE694,0xF91E,0x6DBE,0x1159),
+	bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+	bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+	bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+	bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+	bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+	bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+	bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+	bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+	bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+	bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+	bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+	bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+	bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+	bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+	bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+	bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+	bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+	bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+	bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+	bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+	bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+	bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+	bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+	bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+	bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+	bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+	bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+	bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+	bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+	bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+	bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+	bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+	bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+	bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+	bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+	bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+	bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+	bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+	bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+	bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+	bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+	bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+	bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+	bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+	bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+	bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+	bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+	bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_8192 = {
 	bn_group_8192_value,

libs/openssl/crypto/srp/srp_lib.c

@@ -63,13 +63,17 @@
 #include <openssl/evp.h>
 
 #if (BN_BYTES == 8)
-#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul
-#endif
-#if (BN_BYTES == 4)
-#define bn_pack4(a1,a2,a3,a4)  0x##a3##a4##ul, 0x##a1##a2##ul
-#endif
-#if (BN_BYTES == 2)
-#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+# elif defined(__arch64__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+# else
+#  define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+# endif
+#elif (BN_BYTES == 4)
+# define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+#else
+# error "unsupported BN_BYTES"
 #endif
 
 

libs/openssl/crypto/x509/x509_vfy.c

@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
 	X509_CRL *crl = NULL, *dcrl = NULL;
 	X509 *x;
 	int ok, cnum;
+	unsigned int last_reasons;
 	cnum = ctx->error_depth;
 	x = sk_X509_value(ctx->chain, cnum);
 	ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
 	ctx->current_reasons = 0;
 	while (ctx->current_reasons != CRLDP_ALL_REASONS)
 		{
+		last_reasons = ctx->current_reasons;
 		/* Try to retrieve relevant CRL */
 		if (ctx->get_crl)
 			ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
 		X509_CRL_free(dcrl);
 		crl = NULL;
 		dcrl = NULL;
+		/* If reasons not updated we wont get anywhere by
+		 * another iteration, so exit loop.
+		 */
+		if (last_reasons == ctx->current_reasons)
+			{
+			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+			ok = ctx->verify_cb(0, ctx);
+			goto err;
+			}
 		}
 	err:
 	X509_CRL_free(crl);

libs/openssl/crypto/x509/x_all.c

@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
 	{
+	x->cert_info->enc.modified = 1;
 	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
 		x->cert_info->signature,
 		x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
 	{
+	x->crl->enc.modified = 1;
 	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
 		x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
 	}

libs/openssl/ssl/d1_both.c

@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
 static void
 dtls1_hm_fragment_free(hm_fragment *frag)
 	{
+
+	if (frag->msg_header.is_ccs)
+		{
+		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+		}
 	if (frag->fragment) OPENSSL_free(frag->fragment);
 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
 	OPENSSL_free(frag);
@@ -313,9 +319,10 @@ int dtls1_do_write(SSL *s, int type)
 				s->init_off -= DTLS1_HM_HEADER_LENGTH;
 				s->init_num += DTLS1_HM_HEADER_LENGTH;
 
-				/* write atleast DTLS1_HM_HEADER_LENGTH bytes */
-				if ( len <= DTLS1_HM_HEADER_LENGTH)  
-					len += DTLS1_HM_HEADER_LENGTH;
+				if ( s->init_num > curr_mtu)
+					len = curr_mtu;
+				else
+					len = s->init_num;
 				}
 
 			dtls1_fix_message_header(s, frag_off, 

libs/openssl/ssl/d1_clnt.c

@@ -538,13 +538,6 @@ int dtls1_connect(SSL *s)
 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
 			if (ret <= 0) goto end;
 
-#ifndef OPENSSL_NO_SCTP
-			/* Change to new shared key of SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
 			s->state=SSL3_ST_CW_FINISHED_A;
 			s->init_num=0;
 
@@ -571,6 +564,16 @@ int dtls1_connect(SSL *s)
 				goto end;
 				}
 			
+#ifndef OPENSSL_NO_SCTP
+				if (s->hit)
+					{
+					/* Change to new shared key of SCTP-Auth,
+					 * will be ignored if no SCTP used.
+					 */
+					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+					}
+#endif
+
 			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
 			break;
 
@@ -613,6 +616,13 @@ int dtls1_connect(SSL *s)
 				}
 			else
 				{
+#ifndef OPENSSL_NO_SCTP
+				/* Change to new shared key of SCTP-Auth,
+				 * will be ignored if no SCTP used.
+				 */
+				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
 				/* Allow NewSessionTicket if ticket expected */
 				if (s->tlsext_ticket_expected)
@@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s)
 	unsigned char *buf;
 	unsigned char *p,*d;
 	unsigned int i,j;
-	unsigned long Time,l;
+	unsigned long l;
 	SSL_COMP *comp;
 
 	buf=(unsigned char *)s->init_buf->data;
@@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s)
 
 		/* if client_random is initialized, reuse it, we are
 		 * required to use same upon reply to HelloVerify */
-		for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+		for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++)
+			;
 		if (i==sizeof(s->s3->client_random))
-			{
-			Time=(unsigned long)time(NULL);	/* Time */
-			l2n(Time,p);
-			RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-			}
+			ssl_fill_hello_random(s, 0, p,
+					      sizeof(s->s3->client_random));
 
 		/* Do the message type and length last */
 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

libs/openssl/ssl/d1_lib.c

@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
 	pqueue_free(s->d1->buffered_app_data.q);
 
 	OPENSSL_free(s->d1);
+	s->d1 = NULL;
 	}
 
 void dtls1_clear(SSL *s)

libs/openssl/ssl/d1_pkt.c

@@ -847,6 +847,12 @@ start:
 			}
 		}
 
+	if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+		{
+		rr->length = 0;
+		goto start;
+		}
+
 	/* we now have a packet which can be read and processed */
 
 	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1051,6 +1057,7 @@ start:
 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
 			!s->s3->renegotiate)
 			{
+			s->d1->handshake_read_seq++;
 			s->new_session = 1;
 			ssl3_renegotiate(s);
 			if (ssl3_renegotiate_check(s))

libs/openssl/ssl/d1_srvr.c

@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
 		case SSL3_ST_SW_HELLO_REQ_B:
 
 			s->shutdown=0;
+			dtls1_clear_record_buffer(s);
 			dtls1_start_timer(s);
 			ret=dtls1_send_hello_request(s);
 			if (ret <= 0) goto end;
-			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 			s->state=SSL3_ST_SW_FLUSH;
 			s->init_num=0;
 
@@ -721,10 +722,13 @@ int dtls1_accept(SSL *s)
 			if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-			/* Change to new shared key of SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+			if (!s->hit)
+				{
+				/* Change to new shared key of SCTP-Auth,
+				 * will be ignored if no SCTP used.
+				 */
+				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+				}
 #endif
 
 			s->state=SSL3_ST_SW_FINISHED_A;
@@ -749,7 +753,16 @@ int dtls1_accept(SSL *s)
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
 			if (s->hit)
+				{
 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+				/* Change to new shared key of SCTP-Auth,
+				 * will be ignored if no SCTP used.
+				 */
+				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+				}
 			else
 				{
 				s->s3->tmp.next_state=SSL_ST_OK;
@@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s)
 	unsigned char *p,*d;
 	int i;
 	unsigned int sl;
-	unsigned long l,Time;
+	unsigned long l;
 
 	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
 		{
 		buf=(unsigned char *)s->init_buf->data;
 		p=s->s3->server_random;
-		Time=(unsigned long)time(NULL);			/* Time */
-		l2n(Time,p);
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+		ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
 		/* Do the message type and length last */
 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 

libs/openssl/ssl/s23_clnt.c

@@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
 	return 1;
 	}
 
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+	{
+	int send_time = 0;
+
+	if (len < 4)
+		return 0;
+	if (server)
+		send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+	else
+		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+	if (send_time)
+		{
+		unsigned long Time = time(NULL);
+		unsigned char *p = result;
+		l2n(Time, p);
+		return RAND_pseudo_bytes(p, len-4);
+		}
+	else
+		return RAND_pseudo_bytes(result, len);
+	}
+
 static int ssl23_client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int i,ch_len;
-	unsigned long Time,l;
+	unsigned long l;
 	int ssl2_compat;
 	int version = 0, version_major, version_minor;
 #ifndef OPENSSL_NO_COMP
@@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
 		p=s->s3->client_random;
-		Time=(unsigned long)time(NULL);		/* Time */
-		l2n(Time,p);
-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
 			return -1;
 
 		if (version == TLS1_2_VERSION)

libs/openssl/ssl/s3_both.c

@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			sender,slen,s->s3->tmp.finish_md);
+		if (i == 0)
+			return 0;
 		s->s3->tmp.finish_md_len = i;
 		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
@@ -208,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
 	{
 	const char *sender;
 	int slen;
-
+	/* If no new cipher setup return immediately: other functions will
+	 * set the appropriate error.
+	 */
+	if (s->s3->tmp.new_cipher == NULL)
+		return;
 	if (s->state & SSL_ST_CONNECT)
 		{
 		sender=s->method->ssl3_enc->server_finished_label;

libs/openssl/ssl/s3_cbc.c

@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 	unsigned padding_length, good, to_check, i;
 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
 	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
 		{
 		/* These lengths are all public so we can test them in
 		 * non-constant time.

libs/openssl/ssl/s3_clnt.c

@@ -655,7 +655,7 @@ int ssl3_client_hello(SSL *s)
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int i;
-	unsigned long Time,l;
+	unsigned long l;
 #ifndef OPENSSL_NO_COMP
 	int j;
 	SSL_COMP *comp;
@@ -680,9 +680,8 @@ int ssl3_client_hello(SSL *s)
 		/* else use the pre-loaded session */
 
 		p=s->s3->client_random;
-		Time=(unsigned long)time(NULL);			/* Time */
-		l2n(Time,p);
-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+
+		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
 			goto err;
 
 		/* Do the message type and length last */

libs/openssl/ssl/s3_lib.c

@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	168,
 	168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	128,
 	128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	256,
 	256,
@@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s)
 		s->s3->tmp.ecdh = NULL;
 		}
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+	s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
@@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		ii=sk_SSL_CIPHER_find(allow,c);
 		if (ii >= 0)
 			{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+			if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+				{
+				if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+				continue;
+				}
+#endif
 			ret=sk_SSL_CIPHER_value(allow,ii);
 			break;
 			}
@@ -4274,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
 long ssl_get_algorithm2(SSL *s)
 	{
 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+	if (s->method->version == TLS1_2_VERSION &&
 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;

libs/openssl/ssl/s3_pkt.c

@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 			if (version != s->version)
 				{
 				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
                                 	/* Send back error using their minor version number :-) */
 					s->version = (unsigned short)version;
 				al=SSL_AD_PROTOCOL_VERSION;
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
 		slen=s->method->ssl3_enc->client_finished_label_len;
 		}
 
-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+	i = s->method->ssl3_enc->final_finish_mac(s,
 		sender,slen,s->s3->tmp.peer_finish_md);
+	if (i == 0)
+		{
+		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+		return 0;
+		}
+	s->s3->tmp.peer_finish_md_len = i;
 
 	return(1);
 	}

libs/openssl/ssl/s3_srvr.c

@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
 	    (s->version != DTLS1_VERSION && s->client_version < s->version))
 		{
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-		if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
+		if ((s->client_version>>8) == SSL3_VERSION_MAJOR && 
+			!s->enc_write_ctx && !s->write_hash)
 			{
 			/* similar to ssl3_get_record, send alert using remote version number */
 			s->version = s->client_version;
@@ -1193,12 +1194,9 @@ int ssl3_get_client_hello(SSL *s)
 	 * server_random before calling tls_session_secret_cb in order to allow
 	 * SessionTicket processing to use it in key derivation. */
 	{
-		unsigned long Time;
 		unsigned char *pos;
-		Time=(unsigned long)time(NULL);			/* Time */
 		pos=s->s3->server_random;
-		l2n(Time,pos);
-		if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
+		if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0)
 			{
 			al=SSL_AD_INTERNAL_ERROR;
 			goto f_err;
@@ -1435,19 +1433,13 @@ int ssl3_send_server_hello(SSL *s)
 	unsigned char *p,*d;
 	int i,sl;
 	unsigned long l;
-#ifdef OPENSSL_NO_TLSEXT
-	unsigned long Time;
-#endif
 
 	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
 		{
 		buf=(unsigned char *)s->init_buf->data;
 #ifdef OPENSSL_NO_TLSEXT
 		p=s->s3->server_random;
-		/* Generate server_random if it was not needed previously */
-		Time=(unsigned long)time(NULL);			/* Time */
-		l2n(Time,p);
-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+		if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
 			return -1;
 #endif
 		/* Do the message type and length last */

libs/openssl/ssl/ssl.h

@@ -555,11 +555,14 @@ struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
 
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x0
+
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
  * the workaround is not needed.  Unfortunately some broken SSL/TLS
@@ -641,6 +644,12 @@ struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */

libs/openssl/ssl/ssl3.h

@@ -539,6 +539,15 @@ typedef struct ssl3_state_st
 	/* Set if we saw the Next Protocol Negotiation extension from our peer. */
 	int next_proto_neg_seen;
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+	/* This is set to true if we believe that this is a version of Safari
+	 * running on OS X 10.6 or newer. We wish to know this because Safari
+	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+	char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 	} SSL3_STATE;
 
 #endif

libs/openssl/ssl/ssl_lib.c

@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
 	ret->extra_certs=NULL;
-	ret->comp_methods=SSL_COMP_get_compression_methods();
+	/* No compression for DTLS */
+	if (meth->version != DTLS1_VERSION)
+		ret->comp_methods=SSL_COMP_get_compression_methods();
 
 	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
 /* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
 	{
-	if (s->server)
-		return(ssl_get_server_send_cert(s));
-	else if (s->cert != NULL)
+	if (s->cert != NULL)
 		return(s->cert->key->x509);
 	else
 		return(NULL);

libs/openssl/ssl/ssl_locl.h

@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
+
 #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
 				s_get_meth) \
 const SSL_METHOD *func_name(void)  \
@@ -847,6 +849,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);

libs/openssl/ssl/t1_enc.c

@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
 			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
 			else
 			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
-		if (s->enc_write_ctx != NULL)
+		if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
 			reuse_dd = 1;
-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+		else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
 			goto err;
-		else
-			/* make sure it's intialized in case we exit later with an error */
-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
 		dd= s->enc_write_ctx;
-		mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+		if (SSL_IS_DTLS(s))
+			{
+			mac_ctx = EVP_MD_CTX_create();
+			if (!mac_ctx)
+				goto err;
+			s->write_hash = mac_ctx;
+			}
+		else
+			mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
 #ifndef OPENSSL_NO_COMP
 		if (s->compress != NULL)
 			{
@@ -915,18 +920,19 @@ int tls1_final_finish_mac(SSL *s,
 		if (mask & ssl_get_algorithm2(s))
 			{
 			int hashsize = EVP_MD_size(md);
-			if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+			if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
 				{
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
 				}
 			else
 				{
-				EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-				EVP_DigestFinal_ex(&ctx,q,&i);
-				if (i != (unsigned int)hashsize) /* can't really happen */
+				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+					!EVP_DigestFinal_ex(&ctx,q,&i) ||
+					(i != (unsigned int)hashsize))
 					err = 1;
-				q+=i;
+				q+=hashsize;
 				}
 			}
 		}

libs/openssl/ssl/t1_lib.c

@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
 	tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-	tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
 	{
 	size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-	/* If FIPS mode don't include MD5 which is last */
-	if (FIPS_mode())
-		slen -= 2;
-#endif
 	if (p)
 		memcpy(p, tls12_sigalgs, slen);
 	return (int)slen;
@@ -866,6 +858,89 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	return ret;
 	}
 
+#ifndef OPENSSL_NO_EC
+/* ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |d|, of length |n|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
+	unsigned short type, size;
+	static const unsigned char kSafariExtensionsBlock[] = {
+		0x00, 0x0a,  /* elliptic_curves extension */
+		0x00, 0x08,  /* 8 bytes */
+		0x00, 0x06,  /* 6 bytes of curve ids */
+		0x00, 0x17,  /* P-256 */
+		0x00, 0x18,  /* P-384 */
+		0x00, 0x19,  /* P-521 */
+
+		0x00, 0x0b,  /* ec_point_formats */
+		0x00, 0x02,  /* 2 bytes */
+		0x01,        /* 1 point format */
+		0x00,        /* uncompressed */
+	};
+
+	/* The following is only present in TLS 1.2 */
+	static const unsigned char kSafariTLS12ExtensionsBlock[] = {
+		0x00, 0x0d,  /* signature_algorithms */
+		0x00, 0x0c,  /* 12 bytes */
+		0x00, 0x0a,  /* 10 bytes */
+		0x05, 0x01,  /* SHA-384/RSA */
+		0x04, 0x01,  /* SHA-256/RSA */
+		0x02, 0x01,  /* SHA-1/RSA */
+		0x04, 0x03,  /* SHA-256/ECDSA */
+		0x02, 0x03,  /* SHA-1/ECDSA */
+	};
+
+	if (data >= (d+n-2))
+		return;
+	data += 2;
+
+	if (data > (d+n-4))
+		return;
+	n2s(data,type);
+	n2s(data,size);
+
+	if (type != TLSEXT_TYPE_server_name)
+		return;
+
+	if (data+size > d+n)
+		return;
+	data += size;
+
+	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+		{
+		const size_t len1 = sizeof(kSafariExtensionsBlock);
+		const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+
+		if (data + len1 + len2 != d+n)
+			return;
+		if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+			return;
+		if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+			return;
+		}
+	else
+		{
+		const size_t len = sizeof(kSafariExtensionsBlock);
+
+		if (data + len != d+n)
+			return;
+		if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+			return;
+		}
+
+	s->s3->is_probably_safari = 1;
+}
+#endif /* !OPENSSL_NO_EC */
+
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
 	{
 	unsigned short type;
@@ -886,6 +961,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
 #endif
 
+#ifndef OPENSSL_NO_EC
+	if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+		ssl_check_for_safari(s, data, d, n);
+#endif /* !OPENSSL_NO_EC */
+
 	if (data >= (d+n-2))
 		goto ri_check;
 	n2s(data,len);
@@ -2364,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
 	{
 	switch(hash_alg)
 		{
-#ifndef OPENSSL_NO_MD5
-		case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return NULL;
-#endif
-		return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
 		case TLSEXT_hash_sha1:
 		return EVP_sha1();

source/Console.cbproj

@@ -41,7 +41,7 @@
 			<PackageImports>rtl.bpi;$(PackageImports)</PackageImports>
 			<ProjectType>CppConsoleApplication</ProjectType>
 			<VerInfo_IncludeVerInfo>true</VerInfo_IncludeVerInfo>
-			<VerInfo_Keys>CompanyName=Martin Prikryl;FileDescription=Console interface for WinSCP;FileVersion=4.0.2.0;InternalName=console;LegalCopyright=(c) 2000-2013 Martin Prikryl;LegalTrademarks=;OriginalFilename=winscp.com;ProductName=WinSCP;ProductVersion=5.5.0.0;ReleaseType=stable;WWW=http://winscp.net/</VerInfo_Keys>
+			<VerInfo_Keys>CompanyName=Martin Prikryl;FileDescription=Console interface for WinSCP;FileVersion=4.0.2.0;InternalName=console;LegalCopyright=(c) 2000-2014 Martin Prikryl;LegalTrademarks=;OriginalFilename=winscp.com;ProductName=WinSCP;ProductVersion=5.5.1.0;ReleaseType=stable;WWW=http://winscp.net/</VerInfo_Keys>
 			<VerInfo_Locale>1033</VerInfo_Locale>
 			<VerInfo_MajorVer>4</VerInfo_MajorVer>
 			<VerInfo_Release>2</VerInfo_Release>

source/DragExt.cbproj

@@ -42,7 +42,7 @@
 			<ProjectType>CppDynamicLibrary</ProjectType>
 			<VerInfo_DLL>true</VerInfo_DLL>
 			<VerInfo_IncludeVerInfo>true</VerInfo_IncludeVerInfo>
-			<VerInfo_Keys>CompanyName=Martin Prikryl;FileDescription=Drag&amp;Drop shell extension for WinSCP (32-bit);FileVersion=1.2.1.0;InternalName=dragext32;LegalCopyright=(c) 2000-2013 Martin Prikryl;LegalTrademarks=;OriginalFilename=dragext.dll;ProductName=WinSCP;ProductVersion=5.5.0.0;ReleaseType=stable;WWW=http://winscp.net/</VerInfo_Keys>
+			<VerInfo_Keys>CompanyName=Martin Prikryl;FileDescription=Drag&amp;Drop shell extension for WinSCP (32-bit);FileVersion=1.2.1.0;InternalName=dragext32;LegalCopyright=(c) 2000-2014 Martin Prikryl;LegalTrademarks=;OriginalFilename=dragext.dll;ProductName=WinSCP;ProductVersion=5.5.1.0;ReleaseType=stable;WWW=http://winscp.net/</VerInfo_Keys>
 			<VerInfo_Locale>1033</VerInfo_Locale>
 			<VerInfo_MinorVer>2</VerInfo_MinorVer>
 			<VerInfo_Release>1</VerInfo_Release>

source/DragExt64.rc

@@ -1,6 +1,6 @@
 1 VERSIONINFO
 FILEVERSION 1,2,1,0
-PRODUCTVERSION 5,5,0,0
+PRODUCTVERSION 5,5,1,0
 FILEOS 0x4
 FILETYPE 0x2
 {
@@ -12,11 +12,11 @@ FILETYPE 0x2
             VALUE "FileDescription", "Drag&Drop shell extension for WinSCP (64-bit)\0"
             VALUE "FileVersion", "1.2.1.0\0"
             VALUE "InternalName", "dragext64\0"
-            VALUE "LegalCopyright", "(c) 2000-2013 Martin Prikryl\0"
+            VALUE "LegalCopyright", "(c) 2000-2014 Martin Prikryl\0"
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "dragext64.dll\0"
             VALUE "ProductName", "WinSCP\0"
-            VALUE "ProductVersion", "5.5.0.0\0"
+            VALUE "ProductVersion", "5.5.1.0\0"
             VALUE "ReleaseType", "stable\0"
             VALUE "WWW", "http://winscp.net/\0"
         }

source/WinSCP.cbproj

@@ -54,10 +54,11 @@
 			<ProjectType>CppVCLApplication</ProjectType>
 			<UsingDelphiRTL>true</UsingDelphiRTL>
 			<VerInfo_IncludeVerInfo>true</VerInfo_IncludeVerInfo>
-			<VerInfo_Keys>CompanyName=Martin Prikryl;FileDescription=WinSCP: SFTP, FTP and SCP client;FileVersion=5.5.0.0;InternalName=winscp;LegalCopyright=(c) 2000-2013 Martin Prikryl;LegalTrademarks=;OriginalFilename=winscp.exe;ProductName=WinSCP;ProductVersion=5.5.0.0;ReleaseType=stable;WWW=http://winscp.net/</VerInfo_Keys>
+			<VerInfo_Keys>CompanyName=Martin Prikryl;FileDescription=WinSCP: SFTP, FTP and SCP client;FileVersion=5.5.1.0;InternalName=winscp;LegalCopyright=(c) 2000-2014 Martin Prikryl;LegalTrademarks=;OriginalFilename=winscp.exe;ProductName=WinSCP;ProductVersion=5.5.1.0;ReleaseType=stable;WWW=http://winscp.net/</VerInfo_Keys>
 			<VerInfo_Locale>1033</VerInfo_Locale>
 			<VerInfo_MajorVer>5</VerInfo_MajorVer>
 			<VerInfo_MinorVer>5</VerInfo_MinorVer>
+			<VerInfo_Release>1</VerInfo_Release>
 		</PropertyGroup>
 		<PropertyGroup Condition="'$(Cfg_1)'!=''">
 			<BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>

source/core/Common.cpp

@@ -1780,6 +1780,7 @@ UnicodeString __fastcall DecodeUrlChars(UnicodeString S)
             UTF8String UTF8(Bytes.c_str(), Bytes.Length());
             UnicodeString Chars(UTF8);
             S.Insert(Chars, i);
+            i += Chars.Length() - 1;
           }
         }
         break;

source/core/PuttyIntf.cpp

@@ -497,7 +497,8 @@ TKeyType KeyType(UnicodeString FileName)
 {
   assert(ktUnopenable == SSH_KEYTYPE_UNOPENABLE);
   assert(ktSSHCom == SSH_KEYTYPE_SSHCOM);
-  Filename * KeyFile = filename_from_str(AnsiString(FileName).c_str());
+  AnsiString AnsiFileName = AnsiString(FileName);
+  Filename * KeyFile = filename_from_str(AnsiFileName.c_str());
   TKeyType Result = (TKeyType)key_type(KeyFile);
   filename_free(KeyFile);
   return Result;

source/core/Terminal.cpp

@@ -3271,6 +3271,12 @@ void __fastcall TTerminal::CalculateFileSize(UnicodeString FileName,
     FileName = File->FileName;
   }
 
+  if (OperationProgress && OperationProgress->Operation == foCalculateSize)
+  {
+    if (OperationProgress->Cancel != csContinue) Abort();
+    OperationProgress->SetFile(FileName);
+  }
+
   bool AllowTransfer = (AParams->CopyParam == NULL);
   if (!AllowTransfer)
   {
@@ -3325,12 +3331,6 @@ void __fastcall TTerminal::CalculateFileSize(UnicodeString FileName,
       AParams->Stats->SymLinks++;
     }
   }
-
-  if (OperationProgress && OperationProgress->Operation == foCalculateSize)
-  {
-    if (OperationProgress->Cancel != csContinue) Abort();
-    OperationProgress->SetFile(FileName);
-  }
 }
 //---------------------------------------------------------------------------
 void __fastcall TTerminal::DoCalculateDirectorySize(const UnicodeString FileName,

source/filezilla/TransferSocket.cpp

@@ -799,7 +799,9 @@ void CTransferSocket::OnSend(int nErrorCode)
 					return;
 				}
 				else if (nError == WSAEWOULDBLOCK)
+				{
 					m_bufferpos += numread;
+				}
 #ifndef MPEXT_NO_SSL
 				else if (m_pSslLayer && nError == WSAESHUTDOWN)
 				{
@@ -831,7 +833,9 @@ void CTransferSocket::OnSend(int nErrorCode)
 					return;
 				}
 				else if (!pos)
+				{
 					m_bufferpos = 0;
+				}
 				else
 				{
 					memmove(m_pBuffer, m_pBuffer+numsent, pos);
@@ -869,7 +873,9 @@ void CTransferSocket::OnSend(int nErrorCode)
 				}
 			}
 			else 
+			{
 				numread = 0;
+			}
 
 			if (!currentBufferSize && !m_bufferpos)
 			{

source/forms/About.cpp

@@ -228,7 +228,14 @@ void __fastcall TAboutDialog::OKButtonMouseDown(TObject * /*Sender*/,
 {
   if ((Button == mbRight) && Shift.Contains(ssAlt))
   {
-    ACCESS_VIOLATION_TEST;
+    try
+    {
+      ACCESS_VIOLATION_TEST;
+    }
+    catch (Exception & E)
+    {
+      throw ExtException(&E, MainInstructions(L"Internal error test."));
+    }
   }
 }
 //---------------------------------------------------------------------------

source/forms/CopyParamCustom.dfm

@@ -6,7 +6,7 @@ object CopyParamCustomDialog: TCopyParamCustomDialog
   BorderIcons = [biSystemMenu, biMinimize, biMaximize, biHelp]
   BorderStyle = bsDialog
   Caption = 'Transfer settings'
-  ClientHeight = 463
+  ClientHeight = 468
   ClientWidth = 420
   Color = clBtnFace
   ParentFont = True
@@ -15,12 +15,12 @@ object CopyParamCustomDialog: TCopyParamCustomDialog
   OnCloseQuery = FormCloseQuery
   DesignSize = (
     420
-    463)
+    468)
   PixelsPerInch = 96
   TextHeight = 13
   object OkButton: TButton
     Left = 168
-    Top = 430
+    Top = 435
     Width = 75
     Height = 25
     Anchors = [akRight, akBottom]
@@ -31,7 +31,7 @@ object CopyParamCustomDialog: TCopyParamCustomDialog
   end
   object CancelButton: TButton
     Left = 252
-    Top = 430
+    Top = 435
     Width = 75
     Height = 25
     Anchors = [akRight, akBottom]
@@ -44,13 +44,13 @@ object CopyParamCustomDialog: TCopyParamCustomDialog
     Left = 0
     Top = 0
     Width = 420
-    Height = 426
+    Height = 431
     HelpType = htKeyword
     TabOrder = 0
   end
   object HelpButton: TButton
     Left = 336
-    Top = 430
+    Top = 435
     Width = 75
     Height = 25
     Anchors = [akRight, akBottom]

source/forms/CopyParamPreset.cpp

@@ -17,13 +17,14 @@
 #endif
 //---------------------------------------------------------------------------
 bool __fastcall DoCopyParamPresetDialog(TCopyParamList * CopyParamList,
-  int & Index, TCopyParamPresetMode Mode, TCopyParamRuleData * CurrentRuleData)
+  int & Index, TCopyParamPresetMode Mode, TCopyParamRuleData * CurrentRuleData,
+  const TCopyParamType & DefaultCopyParams)
 {
   bool Result;
   TCopyParamPresetDialog * Dialog = new TCopyParamPresetDialog(GetFormOwner() , Mode, CurrentRuleData);
   try
   {
-    Result = Dialog->Execute(CopyParamList, Index);
+    Result = Dialog->Execute(CopyParamList, Index, DefaultCopyParams);
   }
   __finally
   {
@@ -58,13 +59,22 @@ void __fastcall TCopyParamPresetDialog::ControlChange(TObject * /*Sender*/)
 }
 //---------------------------------------------------------------------------
 bool __fastcall TCopyParamPresetDialog::Execute(TCopyParamList * CopyParamList,
-  int & Index)
+  int & Index, const TCopyParamType & DefaultCopyParams)
 {
   FCopyParamList = CopyParamList;
   if ((FMode == cpmEdit) || (FMode == cpmDuplicate))
   {
-    CopyParamsFrame->Params = *CopyParamList->CopyParams[Index];
-    const TCopyParamRule * Rule = CopyParamList->Rules[Index];
+    const TCopyParamRule * Rule;
+    if (Index >= 0)
+    {
+      CopyParamsFrame->Params = *CopyParamList->CopyParams[Index];
+      Rule = CopyParamList->Rules[Index];
+    }
+    else
+    {
+      CopyParamsFrame->Params = DefaultCopyParams;
+      Rule = NULL;
+    }
 
     if (FMode == cpmEdit)
     {

source/forms/CopyParamPreset.dfm

@@ -6,7 +6,7 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
   BorderIcons = [biSystemMenu, biMinimize, biMaximize, biHelp]
   BorderStyle = bsDialog
   Caption = 'CopyParamPresetDialog'
-  ClientHeight = 509
+  ClientHeight = 514
   ClientWidth = 675
   Color = clBtnFace
   ParentFont = True
@@ -16,7 +16,7 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
   OnShow = FormShow
   DesignSize = (
     675
-    509)
+    514)
   PixelsPerInch = 96
   TextHeight = 13
   object Label1: TLabel
@@ -29,7 +29,7 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
   end
   object OkButton: TButton
     Left = 423
-    Top = 476
+    Top = 481
     Width = 75
     Height = 25
     Anchors = [akRight, akBottom]
@@ -40,7 +40,7 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
   end
   object CancelButton: TButton
     Left = 507
-    Top = 476
+    Top = 481
     Width = 75
     Height = 25
     Anchors = [akRight, akBottom]
@@ -70,13 +70,13 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
     Left = 426
     Top = 91
     Width = 240
-    Height = 379
+    Height = 384
     Anchors = [akLeft, akTop, akRight]
     Caption = 'Autoselection rule'
     TabOrder = 3
     DesignSize = (
       240
-      379)
+      384)
     object Label2: TLabel
       Left = 16
       Top = 20
@@ -163,9 +163,9 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
       OnClick = CurrentRuleButtonClick
     end
     object RuleMaskHintText: TStaticText
-      Left = 127
+      Left = 95
       Top = 207
-      Width = 97
+      Width = 129
       Height = 17
       Alignment = taRightJustify
       Anchors = [akTop, akRight]
@@ -187,7 +187,7 @@ object CopyParamPresetDialog: TCopyParamPresetDialog
   end
   object HelpButton: TButton
     Left = 591
-    Top = 476
+    Top = 481
     Width = 75
     Height = 25
     Anchors = [akRight, akBottom]

source/forms/CopyParamPreset.h

@@ -51,7 +51,8 @@ public:
   __fastcall TCopyParamPresetDialog(TComponent * Owner,
     TCopyParamPresetMode Mode, TCopyParamRuleData * CurrentRuleData);
 
-  bool __fastcall Execute(TCopyParamList * CopyParamList, int & Index);
+  bool __fastcall Execute(TCopyParamList * CopyParamList, int & Index,
+    const TCopyParamType & DefaultCopyParams);
 };
 //---------------------------------------------------------------------------
 #endif

source/forms/CopyParams.dfm

@@ -2,7 +2,7 @@ object CopyParamsFrame: TCopyParamsFrame
   Left = 0
   Top = 0
   Width = 420
-  Height = 426
+  Height = 431
   HelpType = htKeyword
   TabOrder = 0
   object CommonPropertiesGroup: TGroupBox
@@ -274,12 +274,12 @@ object CopyParamsFrame: TCopyParamsFrame
     Left = 8
     Top = 322
     Width = 405
-    Height = 97
+    Height = 102
     Caption = 'Other'
     TabOrder = 5
     DesignSize = (
       405
-      97)
+      102)
     object IncludeFileMaskLabel: TLabel
       Left = 16
       Top = 20
@@ -311,8 +311,8 @@ object CopyParamsFrame: TCopyParamsFrame
     end
     object NewerOnlyCheck: TCheckBox
       Left = 16
-      Top = 67
-      Width = 218
+      Top = 72
+      Width = 293
       Height = 17
       Caption = '&New and updated files only'
       ParentShowHint = False
@@ -321,11 +321,12 @@ object CopyParamsFrame: TCopyParamsFrame
       OnClick = ControlChange
     end
     object IncludeFileMaskHintText: TStaticText
-      Left = 255
+      Left = 204
       Top = 58
-      Width = 54
+      Width = 105
       Height = 17
-      Alignment = taCenter
+      Alignment = taRightJustify
+      AutoSize = False
       Caption = 'mask hints'
       TabOrder = 2
       TabStop = True

source/forms/CustomScpExplorer.cpp

@@ -138,6 +138,7 @@ __fastcall TCustomScpExplorerForm::TCustomScpExplorerForm(TComponent* Owner):
     TForm(Owner)
 {
   FCurrentSide = osRemote;
+  FEverShown = false;
   FDocks = new TList();
   RestoreParams();
   ConfigurationChanged();
@@ -174,6 +175,7 @@ __fastcall TCustomScpExplorerForm::TCustomScpExplorerForm(TComponent* Owner):
   FPendingQueueActionItem = NULL;
   FLockLevel = 0;
   FLockSuspendLevel = 0;
+  FDisabledOnLockSuspend = false;
   FAlternativeDelete = false;
   FTrayIcon = new ::TTrayIcon(0);
   FTrayIcon->OnClick = TrayIconClick;
@@ -318,7 +320,14 @@ __fastcall TCustomScpExplorerForm::~TCustomScpExplorerForm()
   FDragMoveCursor = NULL;
 
   assert(!FErrorList);
-  StoreParams();
+  if (FEverShown)
+  {
+    // when window is never shown (like when running command-line operation),
+    // particularly window site is not restored correctly (BoundsRect value set
+    // in RestoreForm gets lost during handle allocation), so we do not want
+    // it to be stored
+    StoreParams();
+  }
   Terminal = NULL;
   Queue = NULL;
   assert(NonVisualDataModule && (NonVisualDataModule->ScpExplorer == this));
@@ -361,10 +370,15 @@ LRESULT WINAPI TCustomScpExplorerForm::HiddenWindowProc(
   {
     LONG_PTR Ptr = GetWindowLongPtr(HWnd, GWLP_USERDATA);
     TCustomScpExplorerForm * Form = reinterpret_cast<TCustomScpExplorerForm *>(Ptr);
-    PCOPYDATASTRUCT CopyData = reinterpret_cast<PCOPYDATASTRUCT>(LParam);
-    UnicodeString CommandLine(
-      reinterpret_cast<const wchar_t*>(CopyData->lpData), CopyData->cbData / sizeof(wchar_t));
-    Result = Form->CommandLineFromAnotherInstance(CommandLine) ? 1 : 0;
+
+    TMessage AMessage;
+    AMessage.Msg = Message;
+    AMessage.WParam = WParam;
+    AMessage.LParam = LParam;
+    AMessage.Result = 0;
+    Form->WMCopyData(AMessage);
+
+    Result = AMessage.Result;
   }
   else
   {
@@ -373,6 +387,43 @@ LRESULT WINAPI TCustomScpExplorerForm::HiddenWindowProc(
   return Result;
 }
 //---------------------------------------------------------------------------
+void __fastcall TCustomScpExplorerForm::WMCopyData(TMessage & Message)
+{
+  PCOPYDATASTRUCT CopyData = reinterpret_cast<PCOPYDATASTRUCT>(Message.LParam);
+
+  size_t MessageSize = sizeof(TCopyDataMessage);
+  bool Result = ALWAYS_TRUE(CopyData->cbData == MessageSize);
+  if (Result)
+  {
+    const TCopyDataMessage & Message = *reinterpret_cast<const TCopyDataMessage *>(CopyData->lpData);
+
+    Result = (Message.Version == TCopyDataMessage::Version1);
+
+    if (Result)
+    {
+      switch (Message.Command)
+      {
+        case TCopyDataMessage::CommandCanCommandLine:
+          Result = CanCommandLineFromAnotherInstance();
+          break;
+
+        case TCopyDataMessage::CommandCommandLine:
+          {
+            UnicodeString CommandLine(Message.CommandLine);
+            Result = CommandLineFromAnotherInstance(CommandLine);
+          }
+          break;
+
+      default:
+        Result = false;
+        break;
+      }
+    }
+  }
+
+  Message.Result = Result ? 1 : 0;
+}
+//---------------------------------------------------------------------------
 void __fastcall TCustomScpExplorerForm::CreateHiddenWindow()
 {
   WNDCLASS WindowClass = {0};
@@ -393,11 +444,17 @@ void __fastcall TCustomScpExplorerForm::CreateHiddenWindow()
   }
 }
 //---------------------------------------------------------------------------
+bool __fastcall TCustomScpExplorerForm::CanCommandLineFromAnotherInstance()
+{
+  bool Result = !NonVisualDataModule->Busy;
+  return Result;
+}
+//---------------------------------------------------------------------------
 bool __fastcall TCustomScpExplorerForm::CommandLineFromAnotherInstance(
   const UnicodeString & CommandLine)
 {
   TProgramParams Params(CommandLine);
-  bool Result = !NonVisualDataModule->Busy && ALWAYS_TRUE(Params.ParamCount > 0);
+  bool Result = CanCommandLineFromAnotherInstance() && ALWAYS_TRUE(Params.ParamCount > 0);
   if (Result)
   {
     // this action is initiated from another process,
@@ -1559,7 +1616,10 @@ void __fastcall TCustomScpExplorerForm::CustomCommand(TStrings * FileList,
           if (ALocalFileList == NULL)
           {
             assert(HasDirView[osLocal]);
-            assert(EnableSelectedOperation[osLocal]);
+            // Cannot have focus on both panels, so we have to call AnyFileSelected
+            // directly (instead of EnableSelectedOperation) to pass
+            // false to FocusedFileOnlyWhenFocused
+            assert(DirView(osLocal)->AnyFileSelected(false, false, false));
             LocalFileList = DirView(osLocal)->CreateFileList(false, true, NULL);
           }
           else
@@ -5780,8 +5840,10 @@ void __fastcall TCustomScpExplorerForm::RemoteFileControlDDEnd(TObject * Sender)
         TDragResult DDResult = (Sender == RemoteDirView) ?
           RemoteDirView->LastDDResult : RemoteDriveView->LastDDResult;
 
-        // focus is moved to the target application,
-        // but as we are going to present the UI, we need to steal the focus back
+        // Focus is moved to the target application,
+        // but as we are going to present the UI, we need to steal the focus back.
+        // This most likely won't work though (windows does not allow application
+        // to steal focus most of the time)
         Application->BringToFront();
 
         // note that we seem to never get drMove here, see also comment below
@@ -7120,6 +7182,10 @@ void __fastcall TCustomScpExplorerForm::Dispatch(void * Message)
       }
       break;
 
+    case WM_COPYDATA:
+      WMCopyData(*M);
+      break;
+
     default:
       TForm::Dispatch(Message);
       break;
@@ -7382,7 +7448,8 @@ void __fastcall TCustomScpExplorerForm::SuspendWindowLock()
     // for the top-level modal window
     if (ALWAYS_TRUE(FLockSuspendLevel == 0))
     {
-      assert(!Enabled);
+      // won't be disabled when conditions in LockWindow() were not satisfied
+      FDisabledOnLockSuspend = !Enabled;
       Enabled = true;
     }
     FLockSuspendLevel++;
@@ -7399,7 +7466,10 @@ void __fastcall TCustomScpExplorerForm::ResumeWindowLock()
     if (ALWAYS_TRUE(FLockSuspendLevel == 0))
     {
       assert(Enabled);
-      Enabled = false;
+      // we should possibly do the same check as in LockWindow(),
+      // if it is ever possible that the consitions change between
+      // SuspendWindowLock() and ResumeWindowLock()
+      Enabled = !FDisabledOnLockSuspend;
     }
   }
 }
@@ -7557,6 +7627,7 @@ void __fastcall TCustomScpExplorerForm::DestroyWnd()
 void __fastcall TCustomScpExplorerForm::FormShow(TObject * /*Sender*/)
 {
   SideEnter(FCurrentSide);
+  FEverShown = true;
 }
 //---------------------------------------------------------------------------
 void __fastcall TCustomScpExplorerForm::DoFindFiles(

source/forms/CustomScpExplorer.h

@@ -276,6 +276,7 @@ private:
 
 protected:
   TOperationSide FCurrentSide;
+  bool FEverShown;
   TControl * FDDTargetControl;
   TProgressForm * FProgressForm;
   TSynchronizeProgressForm * FSynchronizeProgressForm;
@@ -294,6 +295,7 @@ protected:
   TNotifyEvent FOnNoteClick;
   unsigned int FLockLevel;
   unsigned int FLockSuspendLevel;
+  bool FDisabledOnLockSuspend;
   TImageList * FSystemImageList;
   bool FAlternativeDelete;
   TDragDropFilesEx * FSessionsDragDropFilesEx;
@@ -346,6 +348,7 @@ protected:
   inline void __fastcall WMAppCommand(TMessage & Message);
   inline void __fastcall WMSysCommand(TMessage & Message);
   void __fastcall WMQueryEndSession(TMessage & Message);
+  void __fastcall WMCopyData(TMessage & Message);
   virtual void __fastcall SysResizing(unsigned int Cmd);
   DYNAMIC void __fastcall DoShow();
   TStrings * __fastcall CreateVisitedDirectories(TOperationSide Side);
@@ -501,6 +504,7 @@ protected:
   void __fastcall DirViewContextPopup(
     TOperationSide Side, Byte PopupComponent, const TPoint & MousePos);
   bool __fastcall CommandLineFromAnotherInstance(const UnicodeString & CommandLine);
+  bool __fastcall CanCommandLineFromAnotherInstance();
   void __fastcall SetQueueProgress();
   void __fastcall UpdateQueueLabel();
   TTerminal * __fastcall GetSessionTabTerminal(TTabSheet * TabSheet);

source/forms/FileFind.dfm

@@ -157,9 +157,9 @@ object FileFindDialog: TFileFindDialog
       OnExit = MaskEditExit
     end
     object MaskHintText: TStaticText
-      Left = 267
+      Left = 248
       Top = 59
-      Width = 97
+      Width = 116
       Height = 17
       Alignment = taRightJustify
       Anchors = [akTop, akRight]

source/forms/Glyphs.dfm

@@ -1153,7 +1153,7 @@ object GlyphsModule: TGlyphsModule
       end
       item
         Background = clWindow
-        Name = 'Browse to root folder - local'
+        Name = 'Browse to root folder - remote'
         PngImage.Data = {
           89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF
           61000000097048597300000EC400000EC401952B0E1B00000A4F694343505068
@@ -1239,23 +1239,23 @@ object GlyphsModule: TGlyphsModule
           058F998FCB860D86EB9E383E3939E23F72FDE9FCA743CF64CF269E17FEA2FECB
           AE17162F7EF8D5EBD7CED198D1A197F29793BF6D7CA5FDEAC0EB19AFDBC6C2C6
           1EBEC97833315EF456FBEDC177DC771DEFA3DF0F4FE47C207F28FF68F9B1F553
-          D0A7FB93199393FF040398F3FC63332DDB000001714944415478DA63FCFFFF3F
-          032580B1A18181C98845EE20906D8326F78F919161B26FF5A3025C9A4196336E
-          6E960B1194E45F6DEDAF8F22F9E7F75F86032BCFFCFBF6FDA79D7FD5A3A3380D
-          D8D42277D5DA47534B489C0743C18B471F184EEFBE8DCB01477CAB1FDA820CF8
-          EF1AA042B2DF776FB8C3003480116C00B9010837C0B7F20CC99A37B79B201990
-          5FCCC0F0EB3C2C68C0645AF507063545168692646EB8180352946F9E7908C980
-          9C34A001D7110A81E0C28D3F0C792DDF18D64FE666101660443204426C9E7302
-          C980CC280686DF77E1923095690DBF18D4E419194A125890230F8C36CF3F8B64
-          40AA3730E29FC32561865CB8F99F21AFE31FC3FA7E2606617EA4B0067A65F3A2
-          CB4806240213E1DF0F18FE04BBA28509E88AFF0C2531FF505DB0F406C2007B67
-          4586FFFF7EA284010C5C79C0C250319F9F6151F13B0621DE7F7035870EBC4418
-          E0939A8EEA470CF01F4918C2D832670EC4808D2DB29F191918791848079F8106
-          F031529A9D015A5CBAE11CFA233E0000000049454E44AE426082}
+          D0A7FB93199393FF040398F3FC63332DDB000001774944415478DA63FCFFFF3F
+          032580B1A18181C988456E3F906D8726F78F919161B26FF5A3025C9A4196336E
+          6E960B1194E45F6DEDAF8F22F9E7F75F86FD2BCF307CFFFED3C6BFEAD1519C06
+          6C6A91BB6AEDA3A92524CE83A1E0E5A30F0CA776DFC6EE740686633ED50FAD41
+          06FC770D5021D9EFBB37DC61F0AD7EC8083680DC00841BE05B798664CD9BDB4D
+          900CC82F6660F8751E1634B01002536D33BE32BC7DFF97A1B792172E063660E6
+          21240372D280065C4768861AF4FCD53F86A0BC2F0CF3DBB81834149990CCFFCF
+          B079CE09240332A318187EDF854BC254B6CDFE0DB4FD3F436F292B8AC120B479
+          FE59240352BD8111FF1C2E09B6FD35034350F15F86F98D4C0C1A0A0CA8AE037A
+          65F3A2CB480624DA3030FCFD80EAF7798C0C6F3F3230F416FE43F13BDC054B6F
+          200CB0775664F8FFEF27DC9697EF9919E27B051926677D605095FA8D1A345043
+          0E1D788930C027351DD506064C0D08610863CB9C3970033E01F9BCA4A683FF0C
+          FFBFF8553FE265A4343B03001F8BC4E19929789C0000000049454E44AE426082}
       end
       item
         Background = clWindow
-        Name = 'Browse to root folder - remote'
+        Name = 'Browse to root folder - local'
         PngImage.Data = {
           89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF
           61000000097048597300000EC400000EC401952B0E1B00000A4F694343505068
@@ -1341,19 +1341,19 @@ object GlyphsModule: TGlyphsModule
           058F998FCB860D86EB9E383E3939E23F72FDE9FCA743CF64CF269E17FEA2FECB
           AE17162F7EF8D5EBD7CED198D1A197F29793BF6D7CA5FDEAC0EB19AFDBC6C2C6
           1EBEC97833315EF456FBEDC177DC771DEFA3DF0F4FE47C207F28FF68F9B1F553
-          D0A7FB93199393FF040398F3FC63332DDB000001774944415478DA63FCFFFF3F
-          032580B1A18181C988456E3F906D8726F78F919161B26FF5A3025C9A4196336E
-          6E960B1194E45F6DEDAF8F22F9E7F75F86FD2BCF307CFFFED3C6BFEAD1519C06
-          6C6A91BB6AEDA3A92524CE83A1E0E5A30F0CA776DFC6EE740686633ED50FAD41
-          06FC770D5021D9EFBB37DC61F0AD7EC8083680DC00841BE05B798664CD9BDB4D
-          900CC82F6660F8751E1634B01002536D33BE32BC7DFF97A1B792172E063660E6
-          21240372D280065C4768861AF4FCD53F86A0BC2F0CF3DBB81834149990CCFFCF
-          B079CE09240332A318187EDF854BC254B6CDFE0DB4FD3F436F292B8AC120B479
-          FE59240352BD8111FF1C2E09B6FD35034350F15F86F98D4C0C1A0A0CA8AE037A
-          65F3A2CB480624DA3030FCFD80EAF7798C0C6F3F3230F416FE43F13BDC054B6F
-          200CB0775664F8FFEF27DC9697EF9919E27B051926677D605095FA8D1A345043
-          0E1D788930C027351DD506064C0D08610863CB9C3970033E01F9BCA4A683FF0C
-          FFBFF8553FE265A4343B03001F8BC4E19929789C0000000049454E44AE426082}
+          D0A7FB93199393FF040398F3FC63332DDB000001714944415478DA63FCFFFF3F
+          032580B1A18181C98845EE20906D8326F78F919161B26FF5A3025C9A4196336E
+          6E960B1194E45F6DEDAF8F22F9E7F75F86032BCFFCFBF6FDA79D7FD5A3A3380D
+          D8D42277D5DA47534B489C0743C18B471F184EEFBE8DCB01477CAB1FDA820CF8
+          EF1AA042B2DF776FB8C3003480116C00B9010837C0B7F20CC99A37B79B201990
+          5FCCC0F0EB3C2C68C0645AF507063545168692646EB8180352946F9E7908C980
+          9C34A001D7110A81E0C28D3F0C792DDF18D64FE666101660443204426C9E7302
+          C980CC280686DF77E1923095690DBF18D4E419194A125890230F8C36CF3F8B64
+          40AA3730E29FC32561865CB8F99F21AFE31FC3FA7E2606617EA4B0067A65F3A2
+          CB4806240213E1DF0F18FE04BBA28509E88AFF0C2531FF505DB0F406C2007B67
+          4586FFFF7EA284010C5C79C0C250319F9F6151F13B0621DE7F7035870EBC4418
+          E0939A8EEA470CF01F4918C2D832670EC4808D2DB29F191918791848079F8106
+          F031529A9D015A5CBAE11CFA233E0000000049454E44AE426082}
       end
       item
         Background = clWindow

source/forms/ImportSessions.cpp

@@ -71,7 +71,7 @@ __fastcall TImportSessionsDialog::TImportSessionsDialog(TComponent * AOwner,
     }
   }
 
-  // should not happen as we never get here when there are no session to import
+  // should not happen as we never get here when there are no sessions to import
   if (SourceComboBox->ItemIndex < 0)
   {
     SourceComboBox->ItemIndex = 0;

source/forms/Login.cpp

@@ -68,6 +68,7 @@ __fastcall TLoginDialog::TLoginDialog(TComponent* AOwner)
   FSitesIncrementalSearchHaveNext = false;
   FEditing = false;
   FRenaming = false;
+  FNewSiteKeepName = false;
 
   // we need to make sure that window procedure is set asap
   // (so that CM_SHOWINGCHANGED handling is applied)
@@ -485,7 +486,8 @@ void __fastcall TLoginDialog::SaveSession(TSessionData * SessionData)
 
   TSessionData * EditingSessionData = GetEditingSessionData();
   SessionData->Name =
-    (EditingSessionData != NULL) ? EditingSessionData->Name : SessionData->DefaultSessionName;
+    (EditingSessionData != NULL) ? EditingSessionData->Name :
+        (FNewSiteKeepName ? SessionData->Name : SessionData->DefaultSessionName);
 }
 //---------------------------------------------------------------------
 bool __fastcall TLoginDialog::IsEditable()
@@ -557,25 +559,24 @@ void __fastcall TLoginDialog::UpdateControls()
     EnableControl(ToolsMenuButton, !FEditing);
     EnableControl(CloseButton, !FEditing);
 
-    DefaultButton(LoginButton, !FEditing && !FRenaming);
+    DefaultButton(LoginButton, !FEditing && !FRenaming && !IsCloneToNewSiteDefault());
     CloseButton->Cancel = !FEditing && !FRenaming;
     DefaultButton(SaveButton, FEditing);
     EditCancelButton->Cancel = FEditing;
+    SiteClonetoNewSiteMenuItem->Default = IsCloneToNewSiteDefault();
+    SiteLoginMenuItem->Default = !SiteClonetoNewSiteMenuItem->Default;
 
     UpdateButtonVisibility(SaveButton);
     UpdateButtonVisibility(EditButton);
     UpdateButtonVisibility(EditCancelButton);
 
-    bool CanSaveSssion = FEditing;
     TAction * SaveButtonAction =
-      CanSaveSssion && SupportsSplitButton() ? SaveSessionAction : SaveAsSessionAction;
+      SupportsSplitButton() ? SaveSessionAction : SaveAsSessionAction;
     if (SaveButton->Action != SaveButtonAction)
     {
       SaveButton->Action = SaveButtonAction;
     }
-    SaveSessionMenuItem->Visible = CanSaveSssion;
-    SaveSessionMenuItem->Default = CanSaveSssion;
-    SaveAsSessionMenuItem->Default = !CanSaveSssion;
+    SaveAsSessionMenuItem->Visible = FEditing;
   }
 }
 //---------------------------------------------------------------------------
@@ -607,19 +608,30 @@ void __fastcall TLoginDialog::DataChange(TObject * /*Sender*/)
 //---------------------------------------------------------------------------
 void __fastcall TLoginDialog::FormShow(TObject * /*Sender*/)
 {
-  if (!FInitialized || FLocaleChanging)
+  // this is called twice on startup, first with ControlState = [csRecreating]
+  // we should probably filter this out, it would avoid need for explicit
+  // LoadContents call below
+  bool NeedInitialize = !FInitialized || FLocaleChanging;
+  if (NeedInitialize)
   {
     Init();
-    LoadContents();
   }
 
   // among other this makes the expanded nodes look like expanded,
-  // because the LoadState call in Execute is too early,
+  // because the LoadState call in Execute would be too early,
   // and some stray call to collapsed event during showing process,
   // make the image be set to collapsed.
   // Also LoadState calls RestoreFormSize that has to be
   // called only after DoFormWindowProc(CM_SHOWINGCHANGED).
+  // See also comment about MakeVisible in LoadState().
   LoadState();
+  if (NeedInitialize)
+  {
+    // Need to load contents only after state (as that selects initial node).
+    // Explicit call is needed, as we get here during csRecreating phase,
+    // when SessionTreeChange is not triggered, see initial method comment
+    LoadContents();
+  }
   UpdateControls();
 }
 //---------------------------------------------------------------------------
@@ -662,12 +674,21 @@ void __fastcall TLoginDialog::SessionTreeDblClick(TObject * /*Sender*/)
   if (Node == SessionTree->Selected)
   {
     // EnsureNotEditing must be before CanLogin, as CanLogin checks for FEditing
-    if (EnsureNotEditing() &&
-        CanLogin())
+    if (EnsureNotEditing())
     {
-      if (IsSessionNode(Node) || IsWorkspaceNode(Node))
+      if (IsCloneToNewSiteDefault())
       {
-        Login();
+        CloneToNewSite();
+      }
+      // this can hardle be false
+      // (after editing and clone tests above)
+      // (except for empty folders, but those do not pass a condition below)
+      else if (CanLogin())
+      {
+        if (IsSessionNode(Node) || IsWorkspaceNode(Node))
+        {
+          Login();
+        }
       }
     }
   }
@@ -840,7 +861,9 @@ void __fastcall TLoginDialog::SaveAsSession(bool ForceDialog)
 //---------------------------------------------------------------------------
 void __fastcall TLoginDialog::SaveSessionActionExecute(TObject * /*Sender*/)
 {
-  SaveAsSession(false);
+  bool NewSiteSelected = IsNewSiteNode(SessionTree->Selected);
+  // for new site, the "save" command is actually "save as"
+  SaveAsSession(NewSiteSelected);
 }
 //---------------------------------------------------------------------------
 void __fastcall TLoginDialog::SaveAsSessionActionExecute(TObject * /*Sender*/)
@@ -990,7 +1013,7 @@ void __fastcall TLoginDialog::ActionListUpdate(TBasicAction * BasicAction,
   bool PrevEnabled = Action->Enabled;
 
   if ((Action == EditSessionAction) ||
-      (CloneToNewSiteAction == EditSessionAction))
+      (Action == CloneToNewSiteAction))
   {
     Action->Enabled = SiteSelected && !FEditing;
   }
@@ -1030,7 +1053,7 @@ void __fastcall TLoginDialog::ActionListUpdate(TBasicAction * BasicAction,
   }
   else if (Action == SaveSessionAction)
   {
-    SaveSessionAction->Enabled = FEditing;
+    SaveSessionAction->Enabled = NewSiteSelected || FEditing;
   }
   else if (Action == SessionAdvancedAction)
   {
@@ -1038,6 +1061,7 @@ void __fastcall TLoginDialog::ActionListUpdate(TBasicAction * BasicAction,
   }
   else if (Action == SaveAsSessionAction)
   {
+    // Save as is needed for new site only when !SupportsSplitButton()
     SaveAsSessionAction->Enabled = NewSiteSelected || FEditing;
   }
   else if (Action == NewSessionFolderAction)
@@ -1067,6 +1091,11 @@ void __fastcall TLoginDialog::ActionListUpdate(TBasicAction * BasicAction,
   Idle();
 }
 //---------------------------------------------------------------------------
+bool __fastcall TLoginDialog::IsCloneToNewSiteDefault()
+{
+  return IsSiteNode(SessionTree->Selected) && !FStoredSessions->CanLogin(GetSessionData());
+}
+//---------------------------------------------------------------------------
 bool __fastcall TLoginDialog::CanLogin()
 {
   TSessionData * Data = GetSessionData();
@@ -1110,7 +1139,8 @@ bool __fastcall TLoginDialog::Execute(TList * DataList)
   {
     Default();
   }
-  LoadState();
+  // Not calling LoadState here.
+  // Its redundant and does not work anyway, see comment in the method.
   bool Result = IsDefaultResult(ShowModal());
   SaveState();
   if (Result)
@@ -1249,7 +1279,7 @@ void __fastcall TLoginDialog::LoadState()
   {
     // it does not make any sense to call this before
     // DoFormWindowProc(CM_SHOWINGCHANGED), we would end up on wrong monitor
-    if (Visible)
+    if (ALWAYS_TRUE(Visible))
     {
       RestoreFormSize(CustomWinConfiguration->LoginDialog.WindowSize, this);
     }
@@ -1268,11 +1298,13 @@ void __fastcall TLoginDialog::LoadState()
         SessionTree->Items->Item[Index], OpenedStoredSessionFolders);
     }
 
-    // tree view tried to make expanded node children all visible, what
+    // tree view tries to make expanded node children all visible, what
     // may scroll the selected node (what should be the first one here),
     // out of the view
     if (SessionTree->Selected != NULL)
     {
+      // see comment for LastStoredSession branch below
+      assert(Visible);
       SessionTree->Selected->MakeVisible();
     }
   }
@@ -1281,7 +1313,12 @@ void __fastcall TLoginDialog::LoadState()
     delete OpenedStoredSessionFolders;
   }
 
-  if (!WinConfiguration->LastStoredSession.IsEmpty())
+  // calling TTreeNode::MakeVisible() when tree view is not visible yet,
+  // sometimes scrolls view horizontally when not needed
+  // (seems like it happens for sites that are at the same level
+  // as site folders, e.g. for the very last root-level site, at long as
+  // there are any folders)
+  if (!WinConfiguration->LastStoredSession.IsEmpty() && ALWAYS_TRUE(Visible))
   {
     UnicodeString Path = WinConfiguration->LastStoredSession;
 
@@ -1362,6 +1399,7 @@ void __fastcall TLoginDialog::ResetNewSessionActionExecute(TObject * /*Sender*/)
 {
   Default();
   EditSession();
+  FNewSiteKeepName = false;
 }
 //---------------------------------------------------------------------------
 void __fastcall TLoginDialog::CMDialogKey(TWMKeyDown & Message)
@@ -2687,13 +2725,20 @@ void __fastcall TLoginDialog::CancelEditing()
   SetNodeImage(SessionTree->Selected, GetSessionImageIndex(GetNodeSession(SessionTree->Selected)));
 }
 //---------------------------------------------------------------------------
-void __fastcall TLoginDialog::CloneToNewSiteActionExecute(TObject * /*Sender*/)
+void __fastcall TLoginDialog::CloneToNewSite()
 {
   FNewSiteData->Assign(SelectedSession);
+  FNewSiteData->MakeUniqueIn(FStoredSessions);
+  FNewSiteKeepName = true;
   NewSite();
   EditSession();
 }
 //---------------------------------------------------------------------------
+void __fastcall TLoginDialog::CloneToNewSiteActionExecute(TObject * /*Sender*/)
+{
+  CloneToNewSite();
+}
+//---------------------------------------------------------------------------
 void __fastcall TLoginDialog::Login()
 {
   if (OpenInNewWindow() && !IsNewSiteNode(SessionTree->Selected))

source/forms/Login.dfm

@@ -472,7 +472,8 @@ object LoginDialog: TLoginDialog
     end
     object SaveAsSessionAction: TAction
       Category = 'Sessions'
-      Caption = '&Save As...'
+      Caption = 'Save &As...'
+      ShortCut = 32833
       OnExecute = SaveAsSessionActionExecute
     end
     object SaveSessionAction: TAction
@@ -578,7 +579,7 @@ object LoginDialog: TLoginDialog
     end
     object SessionAdvancedAction: TAction
       Category = 'Session'
-      Caption = '&Advanced...'
+      Caption = 'A&dvanced...'
       OnExecute = SessionAdvancedActionExecute
     end
     object PreferencesLoggingAction: TAction
@@ -1031,6 +1032,7 @@ object LoginDialog: TLoginDialog
     Top = 145
     object SaveSessionMenuItem: TMenuItem
       Action = SaveSessionAction
+      Default = True
     end
     object SaveAsSessionMenuItem: TMenuItem
       Action = SaveAsSessionAction
@@ -1051,7 +1053,7 @@ object LoginDialog: TLoginDialog
       Enabled = False
       Visible = False
     end
-    object Login4: TMenuItem
+    object SiteLoginMenuItem: TMenuItem
       Action = LoginAction
       Default = True
     end
@@ -1070,7 +1072,7 @@ object LoginDialog: TLoginDialog
     object Rename1: TMenuItem
       Action = RenameSessionAction
     end
-    object ClonetoNewSite2: TMenuItem
+    object SiteClonetoNewSiteMenuItem: TMenuItem
       Action = CloneToNewSiteAction
     end
     object N5: TMenuItem

source/forms/Login.h

@@ -149,7 +149,7 @@ __published:
   TMenuItem *Session1;
   TPngImageList *ActionImageList;
   TAction *CloneToNewSiteAction;
-  TMenuItem *ClonetoNewSite2;
+  TMenuItem *SiteClonetoNewSiteMenuItem;
   TAction *PuttyAction;
   TPopupMenu *LoginDropDownMenu;
   TMenuItem *Login1;
@@ -158,7 +158,7 @@ __published:
   TMenuItem *N8;
   TMenuItem *Login3;
   TMenuItem *N9;
-  TMenuItem *Login4;
+  TMenuItem *SiteLoginMenuItem;
   TMenuItem *N10;
   TMenuItem *Login5;
   TMenuItem *N11;
@@ -237,6 +237,7 @@ __published:
 private:
   int NoUpdate;
   TSessionData * FNewSiteData;
+  bool FNewSiteKeepName;
   TSessionData * FSessionData;
   TStoredSessionList * FStoredSessions;
   int FOptions;
@@ -324,6 +325,7 @@ private:
   void __fastcall SaveAsSession(bool ForceDialog);
   void __fastcall InvalidateSessionData();
   bool __fastcall CanLogin();
+  bool __fastcall IsCloneToNewSiteDefault();
   bool __fastcall IsDefaultResult(TModalResult Result);
   int __fastcall GetSessionImageIndex(TSessionData * Data);
   void __fastcall SetNodeImage(TTreeNode * Node, int ImageIndex);
@@ -331,6 +333,7 @@ private:
   bool __fastcall EnsureNotEditing();
   bool __fastcall IsEditable();
   TSessionData * __fastcall CloneSelectedSession();
+  void __fastcall CloneToNewSite();
 
 protected:
   void __fastcall Default();

source/forms/NonVisual.dfm

@@ -120,7 +120,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object LocalCopyFocusedAction: TAction
       Tag = 8
       Category = 'Local Focused Operation'
-      Caption = '&Upload...'
+      Caption = 'Up&load...'
       HelpKeyword = 'task_upload'
       Hint = 'Upload|Upload selected local file(s) to remote directory'
       ImageIndex = 88
@@ -128,7 +128,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object RemoteCopyFocusedAction: TAction
       Tag = 12
       Category = 'Remote Focused Operation'
-      Caption = '&Download...'
+      Caption = 'Down&load...'
       HelpKeyword = 'task_download'
       Hint = 'Download|Download selected remote file(s) to local directory'
       ImageIndex = 89
@@ -136,7 +136,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object RemoteMoveFocusedAction: TAction
       Tag = 12
       Category = 'Remote Focused Operation'
-      Caption = 'Download and D&elete...'
+      Caption = 'Download and Dele&te...'
       HelpKeyword = 'task_download'
       Hint = 
         'Download and Delete|Download selected remote file(s) to local di' +
@@ -146,7 +146,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object RemoteCopyAction: TAction
       Tag = 14
       Category = 'Remote Selected Operation'
-      Caption = '&Download...'
+      Caption = 'Down&load...'
       HelpKeyword = 'task_download'
       Hint = 'Download|Download selected remote file(s) to local directory'
       ImageIndex = 89
@@ -1650,7 +1650,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object LocalCopyAction: TAction
       Tag = 9
       Category = 'Local Selected Operation'
-      Caption = '&Upload...'
+      Caption = 'Up&load...'
       HelpKeyword = 'task_upload'
       Hint = 'Upload|Upload selected local file(s) to remote directory'
       ImageIndex = 88
@@ -1944,7 +1944,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object LocalMoveAction: TAction
       Tag = 9
       Category = 'Local Selected Operation'
-      Caption = 'Upload and D&elete...'
+      Caption = 'Upload and Dele&te...'
       HelpKeyword = 'task_upload'
       Hint = 
         'Upload and Delete|Upload selected local file(s) to remote direct' +
@@ -2004,7 +2004,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object RemoteMoveAction: TAction
       Tag = 14
       Category = 'Remote Selected Operation'
-      Caption = 'Download and D&elete...'
+      Caption = 'Download and Dele&te...'
       HelpKeyword = 'task_download'
       Hint = 
         'Download and Delete|Download selected remote file(s) to local di' +
@@ -2072,7 +2072,7 @@ object NonVisualDataModule: TNonVisualDataModule
     object LocalMoveFocusedAction: TAction
       Tag = 8
       Category = 'Local Focused Operation'
-      Caption = 'Upload and D&elete...'
+      Caption = 'Upload and Dele&te...'
       HelpKeyword = 'task_upload'
       Hint = 
         'Upload and Delete|Upload selected local file(s) to remote direct' +

source/forms/Preferences.cpp

@@ -625,8 +625,8 @@ void __fastcall TPreferencesDialog::SaveConfiguration()
       (ExplorerKeyboardShortcutsCombo->ItemIndex != 0);
     BOOLPROP(UseLocationProfiles);
 
-    WinConfiguration->ScpCommander.CompareByTime = CompareByTimeCheck->Checked;
-    WinConfiguration->ScpCommander.CompareBySize = CompareBySizeCheck->Checked;
+    ScpCommander.CompareByTime = CompareByTimeCheck->Checked;
+    ScpCommander.CompareBySize = CompareBySizeCheck->Checked;
 
     // Local panel
     ScpCommander.PreserveLocalDirectory = PreserveLocalDirectoryCheck->Checked;
@@ -982,8 +982,7 @@ void __fastcall TPreferencesDialog::UpdateControls()
 
     bool CopyParamSelected = (CopyParamListView->Selected != NULL);
     EnableControl(EditCopyParamButton, CopyParamSelected);
-    EnableControl(DuplicateCopyParamButton,
-      CopyParamSelected && (CopyParamListView->ItemIndex >= 1));
+    EnableControl(DuplicateCopyParamButton, CopyParamSelected);
     EnableControl(RemoveCopyParamButton,
       CopyParamSelected && (CopyParamListView->ItemIndex >= 1));
     EnableControl(UpCopyParamButton,
@@ -1455,22 +1454,17 @@ void __fastcall TPreferencesDialog::AddEditCopyParam(TCopyParamPresetMode Mode)
 {
   int Index = CopyParamListView->ItemIndex;
   bool Result;
-  if ((Index == 0) && (Mode != cpmAdd))
+  if ((Index == 0) && (Mode == cpmEdit))
   {
     Result = DoCopyParamCustomDialog(FCopyParams, 0);
   }
   else
   {
-    if (Index == 0)
-    {
-      assert(Mode == cpmAdd);
-      Index = 1;
-    }
-
     TCopyParamRuleData * CopyParamRuleData =
       (FDialogData != NULL ? FDialogData->CopyParamRuleData : NULL);
+    // negative (when default is selected) means add to the end
     Index--;
-    Result = DoCopyParamPresetDialog(FCopyParamList, Index, Mode, CopyParamRuleData);
+    Result = DoCopyParamPresetDialog(FCopyParamList, Index, Mode, CopyParamRuleData, FCopyParams);
     if (Result)
     {
       UpdateCopyParamListView();
@@ -1498,10 +1492,7 @@ void __fastcall TPreferencesDialog::EditCopyParamButtonClick(TObject * /*Sender*
 //---------------------------------------------------------------------------
 void __fastcall TPreferencesDialog::DuplicateCopyParamButtonClick(TObject * /*Sender*/)
 {
-  if (ALWAYS_TRUE(CopyParamListView->ItemIndex >= 1))
-  {
-    AddEditCopyParam(cpmDuplicate);
-  }
+  AddEditCopyParam(cpmDuplicate);
 }
 //---------------------------------------------------------------------------
 void __fastcall TPreferencesDialog::CopyParamListViewDblClick(

source/forms/Preferences.dfm

@@ -2724,7 +2724,7 @@ object PreferencesDialog: TPreferencesDialog
             Top = 21
             Width = 131
             Height = 13
-            Caption = '&PuTTY/Terminal client path:'
+            Caption = 'PuTTY/Terminal &client path:'
             FocusControl = PuttyPathEdit
           end
           object PuttyRegistryStorageKeyLabel: TLabel

source/forms/Progress.cpp

@@ -46,6 +46,7 @@ __fastcall TProgressForm::TProgressForm(TComponent* AOwner)
 {
   FLastOperation = foNone;
   FLastTotalSizeSet = false;
+  FDataGot = false;
   FDataReceived = false;
   FAsciiTransferChanged = false;
   FResumeStatusChanged = false;
@@ -57,6 +58,9 @@ __fastcall TProgressForm::TProgressForm(TComponent* AOwner)
   FReadOnly = false;
   FShowAsModalStorage = NULL;
   FStarted = Now();
+  FModalBeginHooked = false;
+  FPrevApplicationModalBegin = NULL;
+  FModalLevel = -1;
   UseSystemSettings(this);
   ResetOnceDoneOperation();
 
@@ -86,6 +90,13 @@ __fastcall TProgressForm::~TProgressForm()
     ShowNotification(NULL, LoadStr(BALLOON_OPERATION_COMPLETE), qtInformation);
   }
 
+  if (FModalBeginHooked)
+  {
+    assert(Application->OnModalBegin == ApplicationModalBegin);
+    Application->OnModalBegin = FPrevApplicationModalBegin;
+    FModalBeginHooked = false;
+  }
+
   ReleaseAsModal(this, FShowAsModalStorage);
 }
 //---------------------------------------------------------------------
@@ -234,6 +245,61 @@ void __fastcall TProgressForm::UpdateControls()
 }
 //---------------------------------------------------------------------
 static TDateTime DelayStartInterval(static_cast<double>(OneSecond/5));
+static TDateTime UpdateInterval(static_cast<double>(OneSecond));
+//---------------------------------------------------------------------
+bool __fastcall TProgressForm::ReceiveData(bool Force, int ModalLevelOffset)
+{
+  bool Result = false;
+  if (FDataGot && !FDataReceived &&
+      // Never popup over dialog that appeared later than we started
+      // (this can happen from UpdateTimerTimer when application is
+      // restored while overwrite confirmation dialog [or any other]
+      // is already shown).
+      // TODO We should probably take as-modal windows into account too
+      // (for extreme cases like restoring while reconnecting [as-modal TAuthenticateForm]).
+      ((FModalLevel < 0) || (Application->ModalLevel + ModalLevelOffset <= FModalLevel)))
+  {
+    // delay showing the progress until the application is restored,
+    // otherwise the form popups up unminimized.
+    if (!IsApplicationMinimized() &&
+        (Force || ((Now() - FStarted) > DelayStartInterval)))
+    {
+      FDataReceived = true;
+      // CPS limit is set set only once from TFileOperationProgressType::Start
+      FCPSLimit = FData.CPSLimit;
+      SpeedCombo->Text = SetSpeedLimit(FCPSLimit);
+      ShowAsModal(this, FShowAsModalStorage);
+      // particularly needed for the case, when we are showing the form delayed
+      // because application was minimized when operation started
+      Result = true;
+    }
+    else if (!FModalBeginHooked && ALWAYS_TRUE(FModalLevel < 0))
+    {
+      // record state as of time, the window should be shown,
+      // had not we implemented delayed show
+      FPrevApplicationModalBegin = Application->OnModalBegin;
+      Application->OnModalBegin = ApplicationModalBegin;
+      FModalBeginHooked = true;
+      FModalLevel = Application->ModalLevel;
+    }
+  }
+
+  return Result;
+}
+//---------------------------------------------------------------------------
+void __fastcall TProgressForm::ApplicationModalBegin(TObject * Sender)
+{
+  // Popup before any modal dialog shows (typically overwrite confirmation,
+  // as that popups nerly instantly, i.e. less than DelayStartInterval).
+  // The Application->ModalLevel is already incremented, but we should treat is as
+  // if it were not as the dialog is not created yet (so we can popup if we are not yet).
+  ReceiveData(true, -1);
+
+  if (FPrevApplicationModalBegin != NULL)
+  {
+    FPrevApplicationModalBegin(Sender);
+  }
+}
 //---------------------------------------------------------------------
 void __fastcall TProgressForm::SetProgressData(TFileOperationProgressType & AData)
 {
@@ -261,18 +327,16 @@ void __fastcall TProgressForm::SetProgressData(TFileOperationProgressType & ADat
   }
 
   FData = AData;
-  // delay showing the progress until the application is restored,
-  // otherwise the form popups up unminimized.
-  if (!FDataReceived && !IsApplicationMinimized() &&
-      ((N - FStarted) > DelayStartInterval))
+  FDataGot = true;
+  if (!UpdateTimer->Enabled)
+  {
+    UpdateTimer->Interval = static_cast<unsigned int>(MilliSecondsBetween(TDateTime(), DelayStartInterval));
+    UpdateTimer->Enabled = true;
+    FSinceLastUpdate = TDateTime();
+  }
+
+  if (ReceiveData(false, 0))
   {
-    FDataReceived = true;
-    // CPS limit is set set only once from TFileOperationProgressType::Start
-    FCPSLimit = AData.CPSLimit;
-    SpeedCombo->Text = SetSpeedLimit(FCPSLimit);
-    ShowAsModal(this, FShowAsModalStorage);
-    // particularly needed for the case, when we are showing the form delayed
-    // because application was minimized when operation started
     InstantUpdate = true;
   }
 
@@ -296,14 +360,30 @@ void __fastcall TProgressForm::SetProgressData(TFileOperationProgressType & ADat
 //---------------------------------------------------------------------------
 void __fastcall TProgressForm::UpdateTimerTimer(TObject * /*Sender*/)
 {
-  if (FDataReceived) UpdateControls();
+  // popup the progress window at least here, if SetProgressData is
+  // not being called (typically this happens when using custom command
+  // that launches long-lasting external process, such as visual diff)
+  ReceiveData(false, 0);
+
+  if (FDataReceived)
+  {
+    FSinceLastUpdate = IncMilliSecond(FSinceLastUpdate, UpdateTimer->Interval);
+    if (FSinceLastUpdate >= UpdateInterval)
+    {
+      UpdateControls();
+      FSinceLastUpdate = TDateTime();
+    }
+  }
 }
 //---------------------------------------------------------------------------
 void __fastcall TProgressForm::FormShow(TObject * /*Sender*/)
 {
-  UpdateTimer->Enabled = true;
   SpeedCombo->Items = CustomWinConfiguration->History[L"SpeedLimit"];
-  if (FDataReceived) UpdateControls();
+  ReceiveData(false, 0);
+  if (FDataReceived)
+  {
+    UpdateControls();
+  }
   FLastUpdate = 0;
 }
 //---------------------------------------------------------------------------

source/forms/Progress.h

@@ -56,6 +56,7 @@ __published:
 private:
   TCancelStatus FCancel;
   TFileOperationProgressType FData;
+  bool FDataGot;
   bool FDataReceived;
   TFileOperation FLastOperation;
   bool FLastTotalSizeSet;
@@ -72,18 +73,24 @@ private:
   TProgressBar * FOperationProgress;
   TProgressBar * FFileProgress;
   TDateTime FStarted;
+  TDateTime FSinceLastUpdate;
+  bool FModalBeginHooked;
+  TNotifyEvent FPrevApplicationModalBegin;
+  int FModalLevel;
 
   void __fastcall SetOnceDoneOperation(TOnceDoneOperation value);
   void __fastcall SetAllowMinimize(bool value);
   bool __fastcall GetAllowMinimize();
   void __fastcall SetReadOnly(bool value);
   void __fastcall GlobalMinimize(TObject * Sender);
+  void __fastcall ApplicationModalBegin(TObject * Sender);
 
 protected:
   void __fastcall CancelOperation();
   void __fastcall UpdateControls();
   void __fastcall ApplyCPSLimit();
   void __fastcall ResetOnceDoneOperation();
+  bool __fastcall ReceiveData(bool Force, int ModalLevelOffset);
 
 public:
   static UnicodeString __fastcall OperationName(TFileOperation Operation, TOperationSide Side);

source/forms/SelectMask.dfm

@@ -40,7 +40,7 @@ object SelectMaskDialog: TSelectMaskDialog
     object ApplyToDirectoriesCheck: TCheckBox
       Left = 16
       Top = 63
-      Width = 217
+      Width = 209
       Height = 17
       Caption = 'Apply to &directories'
       TabOrder = 2
@@ -58,9 +58,9 @@ object SelectMaskDialog: TSelectMaskDialog
       OnExit = MaskEditExit
     end
     object HintText: TStaticText
-      Left = 232
+      Left = 224
       Top = 64
-      Width = 97
+      Width = 105
       Height = 17
       Alignment = taRightJustify
       Anchors = [akTop, akRight]

source/forms/SiteAdvanced.dfm

@@ -827,7 +827,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
           Height = 117
           Anchors = [akLeft, akTop, akRight]
           Caption = 'Keepalives'
-          TabOrder = 4
+          TabOrder = 3
           DesignSize = (
             393
             117)
@@ -935,7 +935,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
           Height = 117
           Anchors = [akLeft, akTop, akRight]
           Caption = 'Keepalives'
-          TabOrder = 3
+          TabOrder = 2
           DesignSize = (
             393
             117)
@@ -999,7 +999,7 @@ object SiteAdvancedDialog: TSiteAdvancedDialog
           Height = 46
           Anchors = [akLeft, akTop, akRight]
           Caption = 'Internet protocol version'
-          TabOrder = 2
+          TabOrder = 4
           object IPAutoButton: TRadioButton
             Left = 12
             Top = 19

source/forms/Synchronize.cpp

@@ -432,13 +432,13 @@ void __fastcall TSynchronizeDialog::FormShow(TObject * /*Sender*/)
     UpdateControls();
     if (FStartImmediatelly)
     {
+      // if starting get cancelled (from SYNCHRONISE_BEFORE_KEEPUPTODATE2 prompt),
+      // and OnShow gets called again (FSynchronizing is false),
+      // we do not want to try to start again
+      FStartImmediatelly = false;
       StartButtonClick(NULL);
     }
   }
-  else
-  {
-    assert(FStartImmediatelly);
-  }
 }
 //---------------------------------------------------------------------------
 void __fastcall TSynchronizeDialog::FormCloseQuery(TObject * /*Sender*/,

source/packages/dragndrop/DragDrop.pas

@@ -1329,26 +1329,29 @@ begin
                   BuildMenuItemInfo(MIAbortStr, false, CmdAbort, false));
                // Add custom-menuitems ...
                FOwner.DoMenuPopup(self, Menu, DataObj, MinCustCmd, KeyState, pt);
-               dwEffect:=DROPEFFECT_None;
-               Cmd:=Cardinal(TrackPopupMenuEx(Menu, TPM_LEFTALIGN or TPM_RIGHTBUTTON or TPM_RETURNCMD,
-                  pt.x, pt.y, FOwner.DragDropControl.Handle, nil));
-               case Cmd of
-                    CmdMove: dwEffect:=DROPEFFECT_Move;
-                    CmdCopy: dwEffect:=DROPEFFECT_Copy;
-                    CmdLink: dwEffect:=DROPEFFECT_Link;
-                    CmdSeparator, CmdAbort:
-                       dwEffect:=DROPEFFECT_None;
-                    else // custom-menuitem was selected ...
-                    begin
+               try
+                 dwEffect:=DROPEFFECT_None;
+                 Cmd:=Cardinal(TrackPopupMenuEx(Menu, TPM_LEFTALIGN or TPM_RIGHTBUTTON or TPM_RETURNCMD,
+                    pt.x, pt.y, FOwner.DragDropControl.Handle, nil));
+                 case Cmd of
+                      CmdMove: dwEffect:=DROPEFFECT_Move;
+                      CmdCopy: dwEffect:=DROPEFFECT_Copy;
+                      CmdLink: dwEffect:=DROPEFFECT_Link;
+                      CmdSeparator, CmdAbort:
                          dwEffect:=DROPEFFECT_None;
-                         if FOwner.DoMenuExecCmd(self, Menu, DataObj, Cmd, dwEffect) and
-                            assigned(FOwner.FOnMenuSucceeded) then
-                            FOwner.FOnMenuSucceeded(self, KeyState,
-                            FOwner.FDragDropControl.ScreenToClient(pt), dwEffect);
-                    end;
+                      else // custom-menuitem was selected ...
+                      begin
+                           dwEffect:=DROPEFFECT_None;
+                           if FOwner.DoMenuExecCmd(self, Menu, DataObj, Cmd, dwEffect) and
+                              assigned(FOwner.FOnMenuSucceeded) then
+                              FOwner.FOnMenuSucceeded(self, KeyState,
+                              FOwner.FDragDropControl.ScreenToClient(pt), dwEffect);
+                      end;
+                 end;
+               finally
+                 FOwner.DoMenuDestroy(Self, Menu);
+                 DestroyMenu(Menu);
                end;
-               FOwner.DoMenuDestroy(Self, Menu);
-               DestroyMenu(Menu);
           end;
           if assigned(FOwner.OnDrop) then
              FOwner.OnDrop(DataObj, KeyState,

source/packages/filemng/CustomDirView.pas

@@ -265,7 +265,7 @@ type
     procedure DDDropHandlerSucceeded(Sender: TObject; grfKeyState: Longint; Point: TPoint; dwEffect: Longint); virtual;
     procedure DDGiveFeedback(dwEffect: Longint; var Result: HResult); virtual;
     procedure DDMenuPopup(Sender: TObject; AMenu: HMenu; DataObj: IDataObject;
-      AMinCustCmd:integer; grfKeyState: Longint; pt: TPoint);
+      AMinCustCmd:integer; grfKeyState: Longint; pt: TPoint); virtual;
     procedure DDMenuDone(Sender: TObject; AMenu: HMenu); virtual;
     procedure DDProcessDropped(Sender: TObject; grfKeyState: Longint;
       Point: TPoint; dwEffect: Longint);

source/packages/filemng/DirView.pas

@@ -268,6 +268,8 @@ type
 
     procedure DDDragDetect(grfKeyState: Longint; DetectStart, Point: TPoint;
       DragStatus: TDragDetectStatus); override;
+    procedure DDMenuPopup(Sender: TObject; AMenu: HMenu; DataObj: IDataObject;
+      AMinCustCmd:integer; grfKeyState: Longint; pt: TPoint); override;
     procedure DDMenuDone(Sender: TObject; AMenu: HMenu); override;
     procedure DDDropHandlerSucceeded(Sender: TObject; grfKeyState: Longint;
       Point: TPoint; dwEffect: Longint); override;
@@ -3886,15 +3888,44 @@ begin
 end;
 {$ENDIF}
 
+procedure TDirView.DDMenuPopup(Sender: TObject; AMenu: HMenu; DataObj: IDataObject;
+  AMinCustCmd: Integer; grfKeyState: Longint; pt: TPoint);
+begin
+{$IFNDEF NO_THREADS}
+  {$IFDEF USE_DRIVEVIEW}
+  if Assigned(FDriveView) then
+  begin
+    // When a change is detected while menu is popped up
+    // it loses focus (or somethins similar)
+    // preventing it from handling sussequent click.
+    // This typically happens when right-dragging from remote to local panel,
+    // what causes temp directory being created+deleted.
+    // This is HACK, we should implement some uniform watch disabling/enabling
+    TDriveView(FDriveView).SuspendChangeTimer;
+  end;
+  {$ENDIF}
+{$ENDIF}
+
+  inherited;
+end;
+
 procedure TDirView.DDMenuDone(Sender: TObject; AMenu: HMenu);
 begin
 {$IFNDEF NO_THREADS}
   if not WatchThreadActive then
-{$ENDIF}
   begin
     FChangeTimer.Interval := Min(FChangeInterval * 2, 3000);
     FChangeTimer.Enabled  := True;
   end;
+
+  {$IFDEF USE_DRIVEVIEW}
+  if Assigned(FDriveView) then
+  begin
+    TDriveView(FDriveView).ResumeChangeTimer;
+  end;
+  {$ENDIF}
+{$ENDIF}
+
   inherited;
 end;
 
@@ -3903,11 +3934,18 @@ procedure TDirView.DDDropHandlerSucceeded(Sender: TObject; grfKeyState: Longint;
 begin
 {$IFNDEF NO_THREADS}
   if not WatchThreadActive then
-{$ENDIF}
   begin
     FChangeTimer.Interval := FChangeInterval;
     FChangeTimer.Enabled  := True;
   end;
+  {$IFDEF USE_DRIVEVIEW}
+  if Assigned(FDriveView) then
+  begin
+    TDriveView(FDriveView).ResumeChangeTimer;
+  end;
+  {$ENDIF}
+{$ENDIF}
+
   inherited;
 end;
 

source/packages/filemng/DriveView.pas

@@ -151,6 +151,7 @@ type
     FInternalWindowHandle: HWND;
     FPrevSelected: TTreeNode;
     FPrevSelectedIndex: Integer;
+    FChangeTimerSuspended: Integer;
 
     FDesktop: IShellFolder;
     FWorkPlace: IShellFolder;
@@ -332,6 +333,8 @@ type
     {Watchthread handling:}
     procedure StartWatchThread; virtual;
     procedure StopWatchThread; virtual;
+    procedure SuspendChangeTimer;
+    procedure ResumeChangeTimer;
     procedure TerminateWatchThread(Drive: TDrive); virtual;
     procedure StartAllWatchThreads; virtual;
     procedure StopAllWatchThreads; virtual;
@@ -598,6 +601,7 @@ begin
   FRenameNode := nil;
   FPrevSelected := nil;
   FPrevSelectedIndex := -1;
+  FChangeTimerSuspended := 0;
 
   FConfirmOverwrite := True;
   FLastPathCut := '';
@@ -2261,12 +2265,14 @@ begin
   begin
     DirChanged := (Sender as TDiscMonitor).Directories[0];
     if Length(DirChanged) > 0 then
+    begin
       with DriveStatus[DirChanged[1]] do
       begin
         ChangeTimer.Interval := 0;
         ChangeTimer.Interval := FChangeInterval;
         ChangeTimer.Enabled  := True;
       end;
+    end;
   end;
 end; {DirWatchChangeDetected}
 
@@ -2275,7 +2281,7 @@ var
   Node: TTreeNode;
   Drive: TDrive;
 begin
-  if Sender is TTimer then
+  if (FChangeTimerSuspended = 0) and (Sender is TTimer) then
     with TTimer(Sender) do
     begin
       Drive := Chr(Tag);
@@ -2323,6 +2329,17 @@ begin
         DiscMonitor.Enabled := False;
 end; {StopWatchThread}
 
+procedure TDriveView.SuspendChangeTimer;
+begin
+  Inc(FChangeTimerSuspended);
+end;
+
+procedure TDriveView.ResumeChangeTimer;
+begin
+  Assert(FChangeTimerSuspended > 0);
+  Dec(FChangeTimerSuspended);
+end;
+
 procedure TDriveView.TerminateWatchThread(Drive: TDrive);
 begin
   if Drive >= FirstDrive then

source/resource/TextsCore1.rc

@@ -370,8 +370,8 @@ BEGIN
   FILEZILLA_COPYRIGHT2, "Copyright © Tim Kosse"
   FILEZILLA_URL, "http://filezilla-project.org/"
   OPENSSL_BASED_ON, "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit %s."
-  OPENSSL_COPYRIGHT, "Copyright © 1998-2013 The OpenSSL Project"
-  OPENSSL_VERSION, "1.0.1e"
+  OPENSSL_COPYRIGHT, "Copyright © 1998-2014 The OpenSSL Project"
+  OPENSSL_VERSION, "1.0.1f"
   OPENSSL_URL, "http://www.openssl.org/"
   PUTTY_LICENSE_URL, "http://www.chiark.greenend.org.uk/~sgtatham/putty/licence.html"
   MAIN_MSG_TAG, "**"

source/resource/TextsWin1.rc

@@ -465,7 +465,7 @@ BEGIN
         COLOR_PICK_HINT, "Choose any session (panel) color"
 
         WIN_VARIABLE_STRINGS, "WIN_VARIABLE"
-        WINSCP_COPYRIGHT, "Copyright © 2000-2013 Martin Prikryl"
+        WINSCP_COPYRIGHT, "Copyright © 2000-2014 Martin Prikryl"
         HOMEPAGE_URL, "http://winscp.net/"
         HISTORY_URL, "http://winscp.net/eng/docs/history"
         FORUM_URL, "http://winscp.net/forum/"

source/windows/EditorManager.cpp

@@ -226,9 +226,10 @@ void __fastcall TEditorManager::AddFileExternal(const UnicodeString FileName,
   FileData.External = true;
   FileData.Process = Process;
   FileData.Token = NULL;
-  FileData.Monitor = FindFirstChangeNotification(
-    ExtractFilePath(FileData.FileName).c_str(), false,
-    FILE_NOTIFY_CHANGE_LAST_WRITE);
+  UnicodeString FilePath = ExtractFilePath(FileData.FileName);
+  FileData.Monitor =
+    FindFirstChangeNotification(
+      FilePath.c_str(), false, FILE_NOTIFY_CHANGE_LAST_WRITE);
   if (FileData.Monitor == INVALID_HANDLE_VALUE)
   {
     throw Exception(FMTLOAD(FILE_WATCH_ERROR, (FileData.FileName)));

source/windows/TerminalManager.cpp

@@ -492,18 +492,7 @@ void __fastcall TTerminalManager::FreeTerminal(TTerminal * Terminal)
     {
       if ((Count > 0) && !FDestroying)
       {
-        for (int i = 0; i < Count; i++)
-        {
-          if (Terminals[i]->Status == ssOpened)
-          {
-            ActiveTerminal = Terminals[i];
-            break;
-          }
-        }
-        if (ActiveTerminal == Terminal)
-        {
-          ActiveTerminal = Terminals[Index < Count ? Index : 0];
-        }
+        ActiveTerminal = Terminals[Index < Count ? Index : Index - 1];
       }
       else
       {
@@ -665,7 +654,7 @@ void __fastcall TTerminalManager::UpdateAppTitle()
     {
       NewTitle = FProgressTitle + L" - " + NewTitle;
     }
-    else if ((ScpExplorer != NULL) && (GetActiveWindow() != ScpExplorer->Handle) &&
+    else if ((ScpExplorer != NULL) && (ScpExplorer->Handle != GetAncestor(GetActiveWindow(), GA_ROOTOWNER)) &&
              !(QueueProgressTitle = ScpExplorer->GetQueueProgressTitle()).IsEmpty())
     {
       NewTitle = QueueProgressTitle + L" - " + NewTitle;

source/windows/VCLCommon.cpp

@@ -15,6 +15,7 @@
 #include <PathLabel.hpp>
 #include <PasTools.hpp>
 #include <Vcl.Imaging.pngimage.hpp>
+#include <Math.hpp>
 //---------------------------------------------------------------------------
 #pragma package(smart_init)
 //---------------------------------------------------------------------------
@@ -1031,11 +1032,12 @@ static void __fastcall FocusableLabelCanvas(TStaticText * StaticText,
         break;
 
       case taRightJustify:
-        R.Left = R.Right - TextSize.cx;
+        R.Left = Max(0, R.Right - TextSize.cx);
         break;
 
       case taCenter:
         {
+          FAIL; // not used branch, possibly untested
           int Diff = R.Width() - TextSize.cx;
           R.Left += Diff / 2;
           R.Right -= Diff - (Diff / 2);
@@ -1130,7 +1132,7 @@ static void __fastcall FocusableLabelWindowProc(void * Data, TMessage & Message,
           Canvas->LineTo(R.Right + 1, R.Bottom);
           Canvas->Pen->Color = clGrayText;
         }
-        Canvas->MoveTo(R.Left + 1, R.Bottom - 1);
+        Canvas->MoveTo(R.Left, R.Bottom - 1);
         Canvas->LineTo(R.Right, R.Bottom - 1);
       }
     }
@@ -1271,6 +1273,12 @@ static void __fastcall HintLabelWindowProc(void * Data, TMessage & Message)
 //---------------------------------------------------------------------------
 void __fastcall HintLabel(TStaticText * StaticText, UnicodeString Hint)
 {
+  // Currently all are right-justified, when other alignemtn is used,
+  // test respective branches in FocusableLabelCanvas.
+  assert(StaticText->Alignment == taRightJustify);
+  // With right-justify, it has to be off. We may not notice on riginal
+  // English version, results will differ with translations only
+  assert(!StaticText->AutoSize);
   StaticText->ParentFont = true;
   if (!Hint.IsEmpty())
   {

source/windows/WinConfiguration.cpp

@@ -504,7 +504,7 @@ void __fastcall TWinConfiguration::Default()
   FQueueView.HeightPixelsPerInch = USER_DEFAULT_SCREEN_DPI;
   // with 1000 pixels wide screen, both interfaces are wide enough to fit wider queue
   FQueueView.Layout =
-    UnicodeString((WorkAreaWidthScaled > 1000) ? L"70,250,250,80,80,80,80" : L"70,160,160,80,80,80,80") +
+    UnicodeString((WorkAreaWidthScaled > 1000) ? L"70,250,250,80,80,80,100" : L"70,160,160,80,80,80,100") +
     // WORKAROUND (the comma), see GetListViewStr
     L",;" + SaveDefaultPixelsPerInch();
   FQueueView.Show = qvHideWhenEmpty;

source/windows/WinInterface.cpp

@@ -304,12 +304,13 @@ public:
   __fastcall TMessageTimeout(TComponent * AOwner, unsigned int Timeout,
     TButton * Button);
 
-  void __fastcall Reset();
+  void __fastcall Suspend();
   void __fastcall Cancel();
 
 protected:
   unsigned int FOrigTimeout;
   unsigned int FTimeout;
+  unsigned int FSuspended;
   TButton * FButton;
   UnicodeString FOrigCaption;
 
@@ -324,11 +325,13 @@ __fastcall TMessageTimeout::TMessageTimeout(TComponent * AOwner,
   OnTimer = DoTimer;
   Interval = MSecsPerSec;
   FOrigCaption = FButton->Caption;
+  FSuspended = 0;
   UpdateButton();
 }
 //---------------------------------------------------------------------------
-void __fastcall TMessageTimeout::Reset()
+void __fastcall TMessageTimeout::Suspend()
 {
+  FSuspended = 30 * MSecsPerSec;
   FTimeout = FOrigTimeout;
   UpdateButton();
 }
@@ -358,7 +361,16 @@ void __fastcall TMessageTimeout::DoTimer(TObject * /*Sender*/)
   }
   else
   {
-    FTimeout -= MSecsPerSec;
+    unsigned int & Timeout = (FSuspended > 0) ? FSuspended : FTimeout;
+
+    if (Timeout > Interval)
+    {
+      Timeout -= Interval;
+    }
+    else
+    {
+      Timeout = 0;
+    }
     UpdateButton();
   }
 }
@@ -379,7 +391,7 @@ static void __fastcall MessageDialogMouseMove(void * Data, TObject * /*Sender*/,
 {
   assert(Data != NULL);
   TMessageTimeout * Timeout = static_cast<TMessageTimeout *>(Data);
-  Timeout->Reset();
+  Timeout->Suspend();
 }
 //---------------------------------------------------------------------------
 static void __fastcall MessageDialogMouseDown(void * Data, TObject * /*Sender*/,

source/windows/WinInterface.h

@@ -242,7 +242,8 @@ bool __fastcall DoCustomCommandDialog(TCustomCommandType & Command,
 class TCopyParamList;
 enum TCopyParamPresetMode { cpmAdd, cpmEdit, cpmDuplicate };
 bool __fastcall DoCopyParamPresetDialog(TCopyParamList * CopyParamList,
-  int & Index, TCopyParamPresetMode Mode, TCopyParamRuleData * CurrentRuleData);
+  int & Index, TCopyParamPresetMode Mode, TCopyParamRuleData * CurrentRuleData,
+  const TCopyParamType & DefaultCopyParams);
 
 // forms\CopyParamCsutom.cpp
 bool __fastcall DoCopyParamCustomDialog(TCopyParamType & CopyParam,
@@ -420,7 +421,21 @@ void __fastcall SetShortCutCombo(TComboBox * ComboBox, TShortCut Value);
 TShortCut __fastcall GetShortCutCombo(TComboBox * ComboBox);
 bool __fastcall IsCustomShortCut(TShortCut ShortCut);
 //---------------------------------------------------------------------------
-#define HIDDEN_WINDOW_NAME L"WinSCPHiddenWindow"
+#define HIDDEN_WINDOW_NAME L"WinSCPHiddenWindow2"
+//---------------------------------------------------------------------------
+struct TCopyDataMessage
+{
+  enum { CommandCanCommandLine, CommandCommandLine };
+  static const unsigned int Version1 = 1;
+
+  unsigned int Version;
+  unsigned int Command;
+
+  union
+  {
+    wchar_t CommandLine[10240];
+  };
+};
 //---------------------------------------------------------------------------
 class TWinInteractiveCustomCommand : public TInteractiveCustomCommand
 {

source/windows/WinMain.cpp

@@ -322,6 +322,12 @@ void __fastcall UpdateStaticUsage()
   bool InProgramFiles = AnsiSameText(ExeName.SubString(1, ProgramsFolder.Length()), ProgramsFolder);
   Configuration->Usage->Set(L"InProgramFiles", InProgramFiles);
 
+  HMODULE NtDll = GetModuleHandle(L"ntdll.dll");
+  bool Wine =
+    ALWAYS_TRUE(NtDll != NULL) &&
+    (GetProcAddress(NtDll, "wine_get_version") != NULL);
+  Configuration->Usage->Set(L"Wine", Wine);
+
   WinConfiguration->UpdateStaticUsage();
 
 }
@@ -331,20 +337,94 @@ void __fastcall MaintenanceTask()
   CoreMaintenanceTask();
 }
 //---------------------------------------------------------------------------
+struct TFindProcessMainWindowParam
+{
+  unsigned long ProcessId;
+  HWND HiddenWindow;
+  HWND MainWindow;
+};
+//---------------------------------------------------------------------------
+BOOL __stdcall FindProcessMainWindow(HWND Handle, LPARAM AParam)
+{
+  TFindProcessMainWindowParam & Param = *reinterpret_cast<TFindProcessMainWindowParam *>(AParam);
+
+  unsigned long ProcessId;
+  if ((Handle != Param.HiddenWindow) &&
+      (Param.MainWindow == 0) && // optimization
+      (GetWindowThreadProcessId(Handle, &ProcessId) != 0) &&
+      (ProcessId == Param.ProcessId))
+  {
+    TCopyDataMessage Message;
+    Message.Version = TCopyDataMessage::Version1;
+
+    COPYDATASTRUCT CopyData;
+    CopyData.cbData = sizeof(Message);
+    CopyData.lpData = &Message;
+
+    Message.Command = TCopyDataMessage::CommandCanCommandLine;
+
+    LRESULT SendResult =
+      SendMessage(Handle, WM_COPYDATA, reinterpret_cast<WPARAM>(HInstance),
+        reinterpret_cast<LPARAM>(&CopyData));
+
+    if (SendResult > 0)
+    {
+      Param.MainWindow = Handle;
+    }
+  }
+
+  return TRUE;
+}
+//---------------------------------------------------------------------------
 bool __fastcall SendToAnotherInstance()
 {
   HWND HiddenWindow = FindWindow(HIDDEN_WINDOW_NAME, NULL);
   bool Result = (HiddenWindow != NULL);
   if (Result)
   {
+    TCopyDataMessage Message;
+    Message.Version = TCopyDataMessage::Version1;
+
     COPYDATASTRUCT CopyData;
-    CopyData.cbData = wcslen(CmdLine) * sizeof(*CmdLine);
-    CopyData.lpData = CmdLine;
+    CopyData.cbData = sizeof(Message);
+    CopyData.lpData = &Message;
 
+    // this test is actually redundant, it just a kind of optimization to avoid expensive
+    // EnumWindows, we can achieve the same by testing FindProcessMainWindowParam.MainWindow,
+    // before sending CommandCommandLine
+    Message.Command = TCopyDataMessage::CommandCanCommandLine;
     LRESULT SendResult =
       SendMessage(HiddenWindow, WM_COPYDATA, reinterpret_cast<WPARAM>(HInstance),
         reinterpret_cast<LPARAM>(&CopyData));
     Result = (SendResult > 0);
+
+    if (Result)
+    {
+      TFindProcessMainWindowParam FindProcessMainWindowParam;
+      if (GetWindowThreadProcessId(HiddenWindow, &FindProcessMainWindowParam.ProcessId) != 0)
+      {
+        FindProcessMainWindowParam.HiddenWindow = HiddenWindow;
+        FindProcessMainWindowParam.MainWindow = 0;
+        if (EnumWindows(FindProcessMainWindow, reinterpret_cast<LPARAM>(&FindProcessMainWindowParam)) &&
+            (FindProcessMainWindowParam.MainWindow != 0))
+        {
+          // Restore window, if minimized
+          ShowWindow(FindProcessMainWindowParam.MainWindow, SW_RESTORE);
+          // bring it to foreground
+          SetForegroundWindow(FindProcessMainWindowParam.MainWindow);
+        }
+      }
+
+      Message.Command = TCopyDataMessage::CommandCommandLine;
+      wcsncpy(Message.CommandLine, CmdLine, LENOF(Message.CommandLine));
+      NULL_TERMINATE(Message.CommandLine);
+
+
+      LRESULT SendResult =
+        SendMessage(HiddenWindow, WM_COPYDATA,
+          reinterpret_cast<WPARAM>(HInstance), reinterpret_cast<LPARAM>(&CopyData));
+      Result = (SendResult > 0);
+    }
   }
   return Result;
 }