4.3.5

Console.rc

@@ -16,7 +16,7 @@ FILETYPE 0x1
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "winscp.com\0"
             VALUE "ProductName", "WinSCP\0"
-            VALUE "ProductVersion", "4.3.4.0\0"
+            VALUE "ProductVersion", "4.3.5.0\0"
             VALUE "ReleaseType", "stable\0"
             VALUE "WWW", "http://winscp.net/\0"
         }

DragExt.rc

@@ -16,7 +16,7 @@ FILETYPE 0x2
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "dragext.dll\0"
             VALUE "ProductName", "WinSCP\0"
-            VALUE "ProductVersion", "4.3.4.0\0"
+            VALUE "ProductVersion", "4.3.5.0\0"
             VALUE "ReleaseType", "stable\0"
             VALUE "WWW", "http://winscp.net/\0"
         }

DragExt64.rc

@@ -16,7 +16,7 @@ FILETYPE 0x2
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "dragext64.dll\0"
             VALUE "ProductName", "WinSCP\0"
-            VALUE "ProductVersion", "4.3.4.0\0"
+            VALUE "ProductVersion", "4.3.5.0\0"
             VALUE "ReleaseType", "stable\0"
             VALUE "WWW", "http://winscp.net/\0"
         }

WinSCP.bpr

@@ -18,7 +18,7 @@
     <RESDEPEN value="$(RESFILES) forms\CustomScpExplorer.dfm forms\NonVisual.dfm
       forms\ScpCommander.dfm forms\ScpExplorer.dfm"/>
     <LIBFILES value="lib\FileZilla.lib lib\Putty.lib lib\RScpComp.lib lib\ScpCore.lib
-      lib\ScpForms.lib lib\ssleay32.lib lib\libeay32.lib"/>
+      lib\ScpForms.lib lib\ssleay32.lib lib\libeay32.lib secur32.lib"/>
     <LIBRARIES value="DragDrop_B5.lib DriveDir_B5.lib Moje_B5.lib
       ThemeManagerC6.lib rtl.lib tb2k_cb6.lib tbx_cb6.lib vcl.lib vclx.lib
       ws2_32.lib"/>
@@ -87,6 +87,7 @@
       <FILE FILENAME="WinSCP.res" FORMNAME="" UNITNAME="WinSCP.res" CONTAINERID="ResTool" DESIGNCLASS="" LOCALCOMMAND=""/>
       <FILE FILENAME="lib\ssleay32.lib" FORMNAME="" UNITNAME="ssleay32.lib" CONTAINERID="LibTool" DESIGNCLASS="" LOCALCOMMAND=""/>
       <FILE FILENAME="lib\libeay32.lib" FORMNAME="" UNITNAME="libeay32.lib" CONTAINERID="LibTool" DESIGNCLASS="" LOCALCOMMAND=""/>
+      <FILE FILENAME="secur32.lib" FORMNAME="" UNITNAME="secur32.lib" CONTAINERID="LibTool" DESIGNCLASS="" LOCALCOMMAND=""/>
   </FILELIST>
   <BUILDTOOLS>
   </BUILDTOOLS>

WinSCP.drc

@@ -292,54 +292,54 @@
 #define Rtlconsts_SDuplicateString 65485
 #define Rtlconsts_SFCreateError 65486
 #define Rtlconsts_SFixedColTooBig 65487
-#define Customdirview_SErrorInvalidName 65488
-#define Customdirview_STextFileExt 65489
-#define Customdirview_STextFiles 65490
-#define Customdirview_STextDirectories 65491
-#define Customdirview_SParentDir 65492
-#define Customdirview_SIconUpdateThreadTerminationError 65493
-#define Customdirview_SDragDropError 65494
-#define Customdirview_SDriveNotReady 65495
-#define Customdirview_SDirNotExists 65496
-#define Customunixdirview_SUnixDefaultRootName 65497
-#define Unixdirviewcolproperties_SUnixDirViewRightsCol 65498
-#define Unixdirviewcolproperties_SUnixDirViewOwnerCol 65499
-#define Unixdirviewcolproperties_SUnixDirViewGroupCol 65500
-#define Unixdirviewcolproperties_SUnixDirViewLinkTargetCol 65501
-#define Unixdirviewcolproperties_SUnixDirViewTypeCol 65502
-#define Customdriveview_SDragDropError 65503
-#define Driveview_coInvalidDosChars 65504
-#define Driveview_Space 65505
-#define DriveView_16407 65506
-#define Fileoperator_SFileOperation 65507
-#define Baseutils_SNoValidPath 65508
-#define Baseutils_SUcpPathsNotSupported 65509
-#define Iedriveinfo_ErrorInvalidDrive 65510
-#define Dirviewcolproperties_SDirViewNameCol 65511
-#define Dirviewcolproperties_SDirViewSizeCol 65512
-#define Dirviewcolproperties_SDirViewTypeCol 65513
-#define Dirviewcolproperties_SDirViewChangedCol 65514
-#define Dirviewcolproperties_SDirViewAttrCol 65515
-#define Dirviewcolproperties_SDirViewExtCol 65516
-#define Customdirview_SErrorOpenFile 65517
-#define Customdirview_SErrorRenameFile 65518
-#define Customdirview_SErrorRenameFileExists 65519
+#define Customdirview_SDirNotExists 65488
+#define Customunixdirview_SUnixDefaultRootName 65489
+#define Unixdirviewcolproperties_SUnixDirViewRightsCol 65490
+#define Unixdirviewcolproperties_SUnixDirViewOwnerCol 65491
+#define Unixdirviewcolproperties_SUnixDirViewGroupCol 65492
+#define Unixdirviewcolproperties_SUnixDirViewLinkTargetCol 65493
+#define Unixdirviewcolproperties_SUnixDirViewTypeCol 65494
+#define Customdriveview_SDragDropError 65495
+#define Comboedit_SBrowse 65496
+#define Comboedit_SDefaultFilter 65497
+#define Comboedit_SInvalidFileName 65498
+#define Tcpip_SSocketError2 65499
+#define Tcpip_STimeout 65500
+#define Tcpip_SUnknownSockError 65501
+#define Tcpip_SHttpError 65502
+#define Tcpip_SRedirectLimitError 65503
+#define Dirviewcolproperties_SDirViewSizeCol 65504
+#define Dirviewcolproperties_SDirViewTypeCol 65505
+#define Dirviewcolproperties_SDirViewChangedCol 65506
+#define Dirviewcolproperties_SDirViewAttrCol 65507
+#define Dirviewcolproperties_SDirViewExtCol 65508
+#define Customdirview_SErrorOpenFile 65509
+#define Customdirview_SErrorRenameFile 65510
+#define Customdirview_SErrorRenameFileExists 65511
+#define Customdirview_SErrorInvalidName 65512
+#define Customdirview_STextFileExt 65513
+#define Customdirview_STextFiles 65514
+#define Customdirview_STextDirectories 65515
+#define Customdirview_SParentDir 65516
+#define Customdirview_SIconUpdateThreadTerminationError 65517
+#define Customdirview_SDragDropError 65518
+#define Customdirview_SDriveNotReady 65519
 #define Dragdrop_MICopyStr 65520
 #define Dragdrop_MIMoveStr 65521
 #define Dragdrop_MILinkStr 65522
 #define Dragdrop_MIAbortStr 65523
-#define Comboedit_SBrowse 65524
-#define Comboedit_SDefaultFilter 65525
-#define Comboedit_SInvalidFileName 65526
-#define Tcpip_SSocketError2 65527
-#define Tcpip_STimeout 65528
-#define Tcpip_SUnknownSockError 65529
-#define Tcpip_SHttpError 65530
-#define Tcpip_SRedirectLimitError 65531
-#define Dirview_coFileOperatorTitle 65532
-#define Dirview_coInvalidDosChars 65533
-#define Dirview_Space 65534
-#define Driveview_coFileOperatorTitle 65535
+#define Dirview_coFileOperatorTitle 65524
+#define Dirview_coInvalidDosChars 65525
+#define Dirview_Space 65526
+#define Driveview_coFileOperatorTitle 65527
+#define Driveview_coInvalidDosChars 65528
+#define Driveview_Space 65529
+#define DriveView_16407 65530
+#define Fileoperator_SFileOperation 65531
+#define Baseutils_SNoValidPath 65532
+#define Baseutils_SUcpPathsNotSupported 65533
+#define Iedriveinfo_ErrorInvalidDrive 65534
+#define Dirviewcolproperties_SDirViewNameCol 65535
 STRINGTABLE
 BEGIN
 	Consts_SDuplicateMenus,	"Menu '%s' is already being used by another form"
@@ -627,14 +627,6 @@ BEGIN
 	Rtlconsts_SDuplicateString,	"String list does not allow duplicates"
 	Rtlconsts_SFCreateError,	"Cannot create file %s"
 	Rtlconsts_SFixedColTooBig,	"Fixed column count must be less than column count"
-	Customdirview_SErrorInvalidName,	"Filename contains invalid characters:"
-	Customdirview_STextFileExt,	"File %s"
-	Customdirview_STextFiles,	"%u Files"
-	Customdirview_STextDirectories,	"%u Directories"
-	Customdirview_SParentDir,	"Parent directory"
-	Customdirview_SIconUpdateThreadTerminationError,	"Can't terminate icon update thread."
-	Customdirview_SDragDropError,	"DragDrop Error: %d"
-	Customdirview_SDriveNotReady,	"Drive '%s:' is not ready."
 	Customdirview_SDirNotExists,	"Directory '%s' doesn't exist."
 	Customunixdirview_SUnixDefaultRootName,	"/ <root>"
 	Unixdirviewcolproperties_SUnixDirViewRightsCol,	"Rights"
@@ -643,14 +635,14 @@ BEGIN
 	Unixdirviewcolproperties_SUnixDirViewLinkTargetCol,	"Link target"
 	Unixdirviewcolproperties_SUnixDirViewTypeCol,	"Type"
 	Customdriveview_SDragDropError,	"Drag&drop error: %d"
-	Driveview_coInvalidDosChars,	"\\/:*?\"<>|"
-	Driveview_Space,	" "
-	DriveView_16407,	"New name contains invalid characters %s"
-	Fileoperator_SFileOperation,	"File Operation"
-	Baseutils_SNoValidPath,	"Can't find any valid path."
-	Baseutils_SUcpPathsNotSupported,	"UNC paths are not supported."
-	Iedriveinfo_ErrorInvalidDrive,	"%s is a invalid drive letter."
-	Dirviewcolproperties_SDirViewNameCol,	"Name"
+	Comboedit_SBrowse,	"Browse"
+	Comboedit_SDefaultFilter,	"All files (*.*)|*.*"
+	Comboedit_SInvalidFileName,	"Invalid file name - %s"
+	Tcpip_SSocketError2,	"Socket error (%s)"
+	Tcpip_STimeout,	"Timeout"
+	Tcpip_SUnknownSockError,	"Unknown error"
+	Tcpip_SHttpError,	"Received response %d %s from %s"
+	Tcpip_SRedirectLimitError,	"Exceeded maximal redirect limie %d"
 	Dirviewcolproperties_SDirViewSizeCol,	"Size"
 	Dirviewcolproperties_SDirViewTypeCol,	"Type"
 	Dirviewcolproperties_SDirViewChangedCol,	"Changed"
@@ -659,21 +651,29 @@ BEGIN
 	Customdirview_SErrorOpenFile,	"Can't open file: "
 	Customdirview_SErrorRenameFile,	"Can't rename file or directory: "
 	Customdirview_SErrorRenameFileExists,	"File already exists: "
+	Customdirview_SErrorInvalidName,	"Filename contains invalid characters:"
+	Customdirview_STextFileExt,	"File %s"
+	Customdirview_STextFiles,	"%u Files"
+	Customdirview_STextDirectories,	"%u Directories"
+	Customdirview_SParentDir,	"Parent directory"
+	Customdirview_SIconUpdateThreadTerminationError,	"Can't terminate icon update thread."
+	Customdirview_SDragDropError,	"DragDrop Error: %d"
+	Customdirview_SDriveNotReady,	"Drive '%s:' is not ready."
 	Dragdrop_MICopyStr,	"&Copy Here"
 	Dragdrop_MIMoveStr,	"&Move Here"
 	Dragdrop_MILinkStr,	"&Shortcut(s) Create Here"
 	Dragdrop_MIAbortStr,	"&Abort"
-	Comboedit_SBrowse,	"Browse"
-	Comboedit_SDefaultFilter,	"All files (*.*)|*.*"
-	Comboedit_SInvalidFileName,	"Invalid file name - %s"
-	Tcpip_SSocketError2,	"Socket error (%s)"
-	Tcpip_STimeout,	"Timeout"
-	Tcpip_SUnknownSockError,	"Unknown error"
-	Tcpip_SHttpError,	"Received response %d %s from %s"
-	Tcpip_SRedirectLimitError,	"Exceeded maximal redirect limie %d"
 	Dirview_coFileOperatorTitle,	"Filesystem Operation"
 	Dirview_coInvalidDosChars,	"\\/:*?\"<>|"
 	Dirview_Space,	" "
 	Driveview_coFileOperatorTitle,	"Filesystem Operation"
+	Driveview_coInvalidDosChars,	"\\/:*?\"<>|"
+	Driveview_Space,	" "
+	DriveView_16407,	"New name contains invalid characters %s"
+	Fileoperator_SFileOperation,	"File Operation"
+	Baseutils_SNoValidPath,	"Can't find any valid path."
+	Baseutils_SUcpPathsNotSupported,	"UNC paths are not supported."
+	Iedriveinfo_ErrorInvalidDrive,	"%s is a invalid drive letter."
+	Dirviewcolproperties_SDirViewNameCol,	"Name"
 END
 

WinSCP.rc

@@ -1,6 +1,6 @@
 1 VERSIONINFO
-FILEVERSION 4,3,4,1428
-PRODUCTVERSION 4,3,4,1428
+FILEVERSION 4,3,5,1463
+PRODUCTVERSION 4,3,5,1463
 FILEOS 0x4
 FILETYPE 0x1
 {
@@ -10,13 +10,13 @@ FILETYPE 0x1
         {
             VALUE "CompanyName", "Martin Prikryl\0"
             VALUE "FileDescription", "WinSCP: SFTP, FTP and SCP client\0"
-            VALUE "FileVersion", "4.3.4.1428\0"
+            VALUE "FileVersion", "4.3.5.1463\0"
             VALUE "InternalName", "winscp\0"
             VALUE "LegalCopyright", "(c) 2000-2011 Martin Prikryl\0"
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "winscp.exe\0"
             VALUE "ProductName", "WinSCP\0"
-            VALUE "ProductVersion", "4.3.4.0\0"
+            VALUE "ProductVersion", "4.3.5.0\0"
             VALUE "ReleaseType", "stable\0"
             VALUE "WWW", "http://winscp.net/\0"
         }

core/FtpFileSystem.cpp

@@ -2727,6 +2727,11 @@ bool __fastcall TFTPFileSystem::HandleStatus(const char * AStatus, int Type)
       LogType = llMessage;
       break;
 
+    case TFileZillaIntf::LOG_DEBUG:
+      // used for directory listing only
+      LogType = llMessage;
+      break;
+
     default:
       assert(false);
       break;

core/SessionInfo.cpp

@@ -3,6 +3,10 @@
 #pragma hdrstop
 
 #include <stdio.h>
+#include <lmcons.h>
+#define SECURITY_WIN32
+#include <sspi.h>
+#include <secext.h>
 
 #include "Common.h"
 #include "SessionInfo.h"
@@ -908,6 +912,13 @@ void __fastcall TSessionLog::DoAddStartupInfo(TSessionData * Data)
     {
       delete Storage;
     }
+    char UserName[UNLEN + 1];
+    unsigned long UserNameSize = sizeof(UserName);
+    if (!GetUserNameEx(NameSamCompatible, UserName, &UserNameSize))
+    {
+      strcpy(UserName, "<Failed to retrieve username>");
+    }
+    ADF("Local account: %s", (UserName));
     ADF("Login time: %s", (FormatDateTime("dddddd tt", Now())));
     AddSeparator();
     ADF("Session name: %s (%s)", (Data->SessionName, Data->Source));

core/SftpFileSystem.cpp

@@ -3048,31 +3048,47 @@ void __fastcall TSFTPFileSystem::ReadDirectory(TRemoteFileList * FileList)
 
     if (Total == 0)
     {
-      // Empty file list -> probably "permision denied", we
-      // at least get link to parent directory ("..")
-      try
+      bool Failure = false;
+      // no point reading parent of root directory,
+      // moreover CompleteFTP terminates session upon attempt to do so
+      if (IsUnixRootPath(FileList->Directory))
+      {
+        File = NULL;
+      }
+      else
       {
-        FTerminal->ExceptionOnFail = true;
+        // Empty file list -> probably "permision denied", we
+        // at least get link to parent directory ("..")
         try
         {
-          File = NULL;
-          FTerminal->ReadFile(
-            UnixIncludeTrailingBackslash(FileList->Directory) + PARENTDIRECTORY, File);
+          FTerminal->ExceptionOnFail = true;
+          try
+          {
+            File = NULL;
+            FTerminal->ReadFile(
+              UnixIncludeTrailingBackslash(FileList->Directory) + PARENTDIRECTORY, File);
+          }
+          __finally
+          {
+            FTerminal->ExceptionOnFail = false;
+          }
         }
-        __finally
+        catch(Exception &E)
         {
-          FTerminal->ExceptionOnFail = false;
+          if (E.InheritsFrom(__classid(EFatal)))
+          {
+            throw;
+          }
+          else
+          {
+            File = NULL;
+            Failure = true;
+          }
         }
       }
-      catch(Exception &E)
-      {
-        if (E.InheritsFrom(__classid(EFatal))) throw;
-          else File = NULL;
-      }
 
       // on some systems even getting ".." fails, we create dummy ".." instead
-      bool Failure = (File == NULL);
-      if (Failure)
+      if (File == NULL)
       {
         File = new TRemoteParentDirectory(FTerminal);
       }

dragext/DragExt.cpp

@@ -419,8 +419,8 @@ bool UnregisterServer(bool AllUsers)
     }
   }
 
-  if ((RegOpenKeyEx(RootKey, DRAG_EXT_REG_KEY, 0, KEY_WRITE, &HKey) ==
-        ERROR_SUCCESS))
+  if (RegOpenKeyEx(RootKey, DRAG_EXT_REG_KEY, 0, KEY_WRITE, &HKey) ==
+        ERROR_SUCCESS)
   {
     unsigned long Value = 0;
     RegSetValueEx(HKey, "Enable", 0, REG_DWORD,

filezilla/FtpListResult.cpp

@@ -658,7 +658,7 @@ void CFtpListResult::SendToMessageLog(HWND hWnd, UINT nMsg)
 		t_ffam_statusmessage *pStatus = new t_ffam_statusmessage;
 		pStatus->post = TRUE;
 		pStatus->status = _T("<Empty directory listing>");
-		pStatus->type = 5;
+		pStatus->type = FZ_LOG_DEBUG;
 		PostMessage(hWnd, nMsg, FZ_MSG_MAKEMSG(FZ_MSG_STATUS, 0), (LPARAM)pStatus);
 	}
 	while (line)
@@ -670,7 +670,7 @@ void CFtpListResult::SendToMessageLog(HWND hWnd, UINT nMsg)
 		t_ffam_statusmessage *pStatus = new t_ffam_statusmessage;
 		pStatus->post = TRUE;
 		pStatus->status = status;
-		pStatus->type = 5;
+		pStatus->type = FZ_LOG_DEBUG;
 		if (!PostMessage(hWnd, nMsg, FZ_MSG_MAKEMSG(FZ_MSG_STATUS, 0), (LPARAM)pStatus))
 			delete pStatus;
 	

forms/CustomScpExplorer.cpp

@@ -2163,7 +2163,14 @@ void __fastcall TCustomScpExplorerForm::ExecuteFile(TOperationSide Side,
       if (Token != NULL)
       {
         TForm * Form = dynamic_cast<TForm *>(Token);
-        Form->SetFocus();
+        if (Form->WindowState == wsMinimized)
+        {
+          ShowWindow(Form->Handle, SW_RESTORE);
+        }
+        else
+        {
+          Form->SetFocus();
+        }
         Abort();
       }
       else

forms/Editor.dfm

@@ -204,6 +204,8 @@ object EditorForm: TEditorForm
       Hint = 'Close editor|Save file if necessary and close editor'
       ImageIndex = 8
       ShortCut = 27
+      SecondaryShortCuts.Strings = (
+        'F10')
     end
     object FindAction: TAction
       Caption = '&Find...'

forms/Login.cpp

@@ -37,23 +37,34 @@ bool __fastcall DoLoginDialog(TStoredSessionList *SessionList,
   TLoginDialog * LoginDialog = SafeFormCreate<TLoginDialog>();
   TSessionData * Data2;
   bool Result;
+  bool Owned;
   try
   {
-    LoginDialog->Init(SessionList, Options);
-    Data2 = Data;
-    Result = LoginDialog->Execute(Data2);
+    try
+    {
+      LoginDialog->Init(SessionList, Options);
+      Data2 = Data;
+      Result = LoginDialog->Execute(Data2, Owned);
+    }
+    __finally
+    {
+      delete LoginDialog;
+    }
+    if (Result)
+    {
+      // this may popup master pasword dialog,
+      // if it happens before login dialog is destroyed
+      // (from within try ...finally block above)
+      // the next window will appear in background for some reason
+      Data->Assign(Data2);
+    }
   }
   __finally
   {
-    delete LoginDialog;
-  }
-  if (Result)
-  {
-    // this may popup master pasword dialog,
-    // if it happens before login dialog is destroyed
-    // (from within try ...finally block above)
-    // the next window will appear in background for some reason
-    Data->Assign(Data2);
+    if (Result && Owned)
+    {
+      delete Data2;
+    }
   }
   return Result;
 }
@@ -1529,7 +1540,7 @@ void __fastcall TLoginDialog::ActionListUpdate(TBasicAction *Action,
   }
 }
 //---------------------------------------------------------------------------
-bool __fastcall TLoginDialog::Execute(TSessionData *& Data)
+bool __fastcall TLoginDialog::Execute(TSessionData *& Data, bool & Owned)
 {
   SetSessionData(Data);
   LoadConfiguration();
@@ -1543,9 +1554,14 @@ bool __fastcall TLoginDialog::Execute(TSessionData *& Data)
     // FSessionData ceases to exist with the dialog
     if (Data == FSessionData)
     {
+      Owned = true;
       Data = new TSessionData("");
       Data->Assign(FSessionData);
     }
+    else
+    {
+      Owned = false;
+    }
   }
   return Result;
 }

forms/Login.h

@@ -440,7 +440,7 @@ public:
   virtual __fastcall TLoginDialog(TComponent* AOwner);
   __fastcall ~TLoginDialog();
   void __fastcall Init(TStoredSessionList *SessionList, int Options);
-  bool __fastcall Execute(TSessionData *& Data);
+  bool __fastcall Execute(TSessionData *& Data, bool & Owned);
 };
 //----------------------------------------------------------------------------
 #endif

forms/OpenDirectory.dfm

@@ -121,7 +121,7 @@ object OpenDirectoryDialog: TOpenDirectoryDialog
         Width = 83
         Height = 25
         Anchors = [akTop, akRight]
-        Caption = '&Remove'
+        Caption = 'Remo&ve'
         TabOrder = 2
         OnClick = RemoveBookmarkButtonClick
       end

openssl/crypto/asn1/a_object.c

@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
 				goto err;
 				}
-			if (!use_bn && l > (ULONG_MAX / 10L))
+			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
 				{
 				use_bn = 1;
 				if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	/* Sanity check OID encoding: can't have leading 0x80 in
 	 * subidentifiers, see: X.690 8.19.2
 	 */
-	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+	for (i = 0, p = *pp; i < len; i++, p++)
 		{
 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{

openssl/crypto/asn1/x_name.c

@@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
 	*val = nm.a;
 	*in = p;
 	return ret;
-	err:
+err:
+        if (nm.x != NULL)
+		X509_NAME_free(nm.x);
 	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
 	return 0;
 }
@@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 			}
 		else
 			{
-			*to++ = tolower(*from++);
+			*to++ = tolower(*from);
+			from++;
 			i++;
 			}
 		}

openssl/crypto/bio/b_sock.c

@@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 #ifdef __DJGPP__
 	i=ioctlsocket(fd,type,(char *)arg);
 #else
-	i=ioctlsocket(fd,type,arg);
+# if defined(OPENSSL_SYS_VMS)
+	/* 2011-02-18 SMS.
+	 * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+	 * observe that all the consumers pass in an "unsigned long *",
+	 * so we arrange a local copy with a short pointer, and use
+	 * that, instead.
+	 */
+#  if __INITIAL_POINTER_SIZE == 64
+#   define ARG arg_32p
+#   pragma pointer_size save
+#   pragma pointer_size 32
+	unsigned long arg_32;
+	unsigned long *arg_32p;
+#   pragma pointer_size restore
+	arg_32p = &arg_32;
+	arg_32 = *((unsigned long *) arg);
+#  else /* __INITIAL_POINTER_SIZE == 64 */
+#   define ARG arg
+#  endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+# else /* defined(OPENSSL_SYS_VMS) */
+#  define ARG arg
+# endif /* defined(OPENSSL_SYS_VMS) [else] */
+
+	i=ioctlsocket(fd,type,ARG);
 #endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
@@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	 * note that commonly IPv6 wildchard socket can service
 	 * IPv4 connections just as well...  */
 	memset(&hint,0,sizeof(hint));
+	hint.ai_flags = AI_PASSIVE;
 	if (h)
 		{
 		if (strchr(h,':'))
@@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 #endif
 			}
 	    	else if (h[0]=='*' && h[1]=='\0')
+			{
+			hint.ai_family = AF_INET;
 			h=NULL;
+			}
 		}
 
 	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;

openssl/crypto/bio/bss_log.c

@@ -75,6 +75,15 @@
 #  include <descrip.h>
 #  include <lib$routines.h>
 #  include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+#  if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#    if __INITIAL_POINTER_SIZE == 64
+#      pragma pointer_size save
+#      pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#      pragma pointer_size restore
+#    endif /* __INITIAL_POINTER_SIZE == 64 */
+#  endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
 #elif defined(OPENSSL_SYS_NETWARE)
@@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level)
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
 	struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+# define OPCDEF_TYPE __char_ptr32
+# define OPCDEF_MALLOC _malloc32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define OPCDEF_TYPE char *
+# define OPCDEF_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 	struct opcdef *opcdef_p;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 	char buf[10240];
 	unsigned int len;
         struct dsc$descriptor_s buf_dsc;
@@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
 	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
 
-	/* we know there's an 8 byte header.  That's documented */
-	opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+	/* We know there's an 8-byte header.  That's documented. */
+	opcdef_p = OPCDEF_MALLOC( 8+ len);
 	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
 	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
 	opcdef_p->opc$l_ms_rqstid = 0;
@@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
 	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
 	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+	opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
 	opc_dsc.dsc$w_length = len + 8;
 
 	sys$sndopr(opc_dsc, 0);

openssl/crypto/bn/bn.h

@@ -253,6 +253,24 @@ extern "C" {
 #define BN_HEX_FMT2	"%08X"
 #endif
 
+/* 2011-02-22 SMS.
+ * In various places, a size_t variable or a type cast to size_t was
+ * used to perform integer-only operations on pointers.  This failed on
+ * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
+ * still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. 
+ * The only fix here is VMS-specific.
+ */
+#if defined(OPENSSL_SYS_VMS)
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_SIZE_INT long long
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_SIZE_INT int
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+#else /* defined(OPENSSL_SYS_VMS) */
+# define PTR_SIZE_INT size_t
+#endif /* defined(OPENSSL_SYS_VMS) [else] */
+
 #define BN_DEFAULT_BITS	1280
 
 #define BN_FLG_MALLOCED		0x01

openssl/crypto/bn/bn_gf2m.c

@@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 		{
 		while (!BN_is_odd(u))
 			{
+			if (BN_is_zero(u)) goto err;
 			if (!BN_rshift1(u, u)) goto err;
 			if (BN_is_odd(b))
 				{

openssl/crypto/bn/bn_mont.c

@@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 	m1|=m2;			/* (al!=ri) */
 	m1|=(0-(size_t)v);	/* (al!=ri || v) */
 	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+	nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1));
 	}
 
 	/* 'i<ri' is chosen to eliminate dependency on input data, even

openssl/crypto/bn/bn_nist.c

@@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_192_TOP],
 		 c_d[BN_NIST_192_TOP],
 		*res;
-	size_t   mask;
+	PTR_SIZE_INT mask;
 	static const BIGNUM _bignum_nist_p_192_sqr = {
 		(BN_ULONG *)_nist_p_192_sqr,
 		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
@@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
 	 * this is what happens below, but without explicit if:-) a.
 	 */
-	mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)
+	 (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
 	r->top = BN_NIST_192_TOP;
 	bn_correct_top(r);
@@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_224_TOP],
 		 c_d[BN_NIST_224_TOP],
 		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_224_sqr = {
 		(BN_ULONG *)_nist_p_224_sqr,
 		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
@@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 		 * to be compared to the modulus and conditionally
 		 * adjusted by *subtracting* the latter. */
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
 	/* otherwise it's effectively same as in BN_nist_mod_192... */
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
 	r->top = BN_NIST_224_TOP;
 	bn_correct_top(r);
@@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_256_TOP],
 		 c_d[BN_NIST_256_TOP],
 		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_256_sqr = {
 		(BN_ULONG *)_nist_p_256_sqr,
 		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
@@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	else if (carry < 0)
 		{
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_256_TOP);
 	r->top = BN_NIST_256_TOP;
 	bn_correct_top(r);
@@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_384_TOP],
 		 c_d[BN_NIST_384_TOP],
 		*res;
-	size_t	 mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_384_sqr = {
 		(BN_ULONG *)_nist_p_384_sqr,
 		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
@@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	else if (carry < 0)
 		{
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
 	r->top = BN_NIST_384_TOP;
 	bn_correct_top(r);
@@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_ULONG *r_d, *a_d = a->d,
 		 t_d[BN_NIST_521_TOP],
 		 val,tmp,*res;
-	size_t	mask;
+	PTR_SIZE_INT mask;
 	static const BIGNUM _bignum_nist_p_521_sqr = {
 		(BN_ULONG *)_nist_p_521_sqr,
 		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
@@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	r_d[i] &= BN_NIST_521_TOP_MASK;
 
 	bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-	mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-	res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+	mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+	res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d,res,BN_NIST_521_TOP);
 	r->top = BN_NIST_521_TOP;
 	bn_correct_top(r);

openssl/crypto/buildinf.h

@@ -9,11 +9,11 @@
   /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
   #define CFLAGS "cl  /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS  -DDSO_WIN32  -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE    "
   #define PLATFORM "VC-WIN32"
-  #define DATE "Sun Feb 13 07:14:22 2011"
+  #define DATE "Wed Sep  7 07:56:24 2011"
 #endif
 #ifdef MK1MF_PLATFORM_BC_NT
   /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
   #define CFLAGS "bcc32 -DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -O2 -ff -fp -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE    "
   #define PLATFORM "BC-NT"
-  #define DATE "Sun Feb 13 07:14:23 2011"
+  #define DATE "Wed Sep  7 07:56:24 2011"
 #endif

openssl/crypto/cast/asm/c_win32.asm

@@ -814,7 +814,6 @@ L$006PIC_point:
 	xor	edx,edx
 	jmp	ebp
 L$008ej7:
-	xor	edx,edx
 	mov	dh,BYTE [6+esi]
 	shl	edx,8
 L$009ej6:
@@ -826,7 +825,6 @@ L$011ej4:
 	jmp	NEAR L$012ejend
 L$013ej3:
 	mov	ch,BYTE [2+esi]
-	xor	ecx,ecx
 	shl	ecx,8
 L$014ej2:
 	mov	ch,BYTE [1+esi]

openssl/crypto/conf/conf_api.c

@@ -64,6 +64,7 @@
 #endif
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>

openssl/crypto/cryptlib.c

@@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 	case DLL_THREAD_ATTACH:
 		break;
 	case DLL_THREAD_DETACH:
-		ERR_remove_state(0);
 		break;
 	case DLL_PROCESS_DETACH:
 		break;

openssl/crypto/dsa/dsa_pmeth.c

@@ -187,6 +187,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		case EVP_PKEY_CTRL_MD:
 		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
 			{

openssl/crypto/dso/dso_dlfcn.c

@@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # define HAVE_DLINFO 1
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
      (defined(__OpenBSD__) && !defined(RTLD_SELF))
 #  undef HAVE_DLINFO
 # endif

openssl/crypto/hmac/hm_pmeth.c

@@ -147,6 +147,8 @@ static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
 
 static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 	{
+	HMAC_PKEY_CTX *hctx = ctx->data;
+	HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
 	EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
 	mctx->update = int_update;
 	return 1;

openssl/crypto/o_time.c

@@ -64,12 +64,18 @@
 #include "o_time.h"
 
 #ifdef OPENSSL_SYS_VMS
-# include <libdtdef.h>
-# include <lib$routines.h>
-# include <lnmdef.h>
-# include <starlet.h>
-# include <descrip.h>
-# include <stdlib.h>
+# if __CRTL_VER >= 70000000 && \
+     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
+#  define VMS_GMTIME_OK
+# endif
+# ifndef VMS_GMTIME_OK
+#  include <libdtdef.h>
+#  include <lib$routines.h>
+#  include <lnmdef.h>
+#  include <starlet.h>
+#  include <descrip.h>
+#  include <stdlib.h>
+# endif /* ndef VMS_GMTIME_OK */
 #endif
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
@@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	   so we don't even look at the return value */
 	gmtime_r(timer,result);
 	ts = result;
-#elif !defined(OPENSSL_SYS_VMS)
+#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
 	ts = gmtime(timer);
 	if (ts == NULL)
 		return NULL;
@@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	memcpy(result, ts, sizeof(struct tm));
 	ts = result;
 #endif
-#ifdef OPENSSL_SYS_VMS
+#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
 	if (ts == NULL)
 		{
 		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");

openssl/crypto/ocsp/ocsp_lib.c

@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
 
 	char *host, *port;
 
-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
 	*phost = NULL;
 	*pport = NULL;
 	*ppath = NULL;
 
+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
 	/* Check for initial colon */
 	p = strchr(buf, ':');
 

openssl/crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000004fL
+#define OPENSSL_VERSION_NUMBER	0x1000005fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0d-fips 8 Feb 2011"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0e-fips 6 Sep 2011"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0d 8 Feb 2011"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0e 6 Sep 2011"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

openssl/crypto/rsa/rsa_oaep.c

@@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len,
 	EVP_MD_CTX c;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	int mdlen;
+	int rv = -1;
 
 	EVP_MD_CTX_init(&c);
 	mdlen = EVP_MD_size(dgst);
 	if (mdlen < 0)
-		return -1;
+		goto err;
 	for (i = 0; outlen < len; i++)
 		{
 		cnt[0] = (unsigned char)((i >> 24) & 255);
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit_ex(&c,dgst, NULL);
-		EVP_DigestUpdate(&c, seed, seedlen);
-		EVP_DigestUpdate(&c, cnt, 4);
+		if (!EVP_DigestInit_ex(&c,dgst, NULL)
+			|| !EVP_DigestUpdate(&c, seed, seedlen)
+			|| !EVP_DigestUpdate(&c, cnt, 4))
+			goto err;
 		if (outlen + mdlen <= len)
 			{
-			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+			if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+				goto err;
 			outlen += mdlen;
 			}
 		else
 			{
-			EVP_DigestFinal_ex(&c, md, NULL);
+			if (!EVP_DigestFinal_ex(&c, md, NULL))
+				goto err;
 			memcpy(mask + outlen, md, len - outlen);
 			outlen = len;
 			}
 		}
+	rv = 0;
+	err:
 	EVP_MD_CTX_cleanup(&c);
-	return 0;
+	return rv;
 	}
 
 static int MGF1(unsigned char *mask, long len, const unsigned char *seed,

openssl/crypto/stack/safestack.h

@@ -2056,31 +2056,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 
 
-#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
-#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
-#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
-#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-	((int (*)(const void * const *,const void * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
-#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
-
 #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
 #define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
@@ -2106,6 +2081,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
 
 
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
+	((int (*)(const void * const *,const void * const *)) \
+	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
+
+
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

openssl/crypto/x509/x509_vfy.c

@@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
 	x = sk_X509_value(ctx->chain, cnum);
 	ctx->current_cert = x;
 	ctx->current_issuer = NULL;
+	ctx->current_crl_score = 0;
 	ctx->current_reasons = 0;
 	while (ctx->current_reasons != CRLDP_ALL_REASONS)
 		{
@@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	ctx->error_depth=0;
 	ctx->current_cert=NULL;
 	ctx->current_issuer=NULL;
+	ctx->current_crl=NULL;
+	ctx->current_crl_score=0;
+	ctx->current_reasons=0;
 	ctx->tree = NULL;
 	ctx->parent = NULL;
 

openssl/ssl/bio_ssl.c

@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_SET_SSL:
 		if (ssl != NULL)
+			{
 			ssl_free(b);
+			if (!ssl_new(b))
+				return 0;
+			}
 		b->shutdown=(int)num;
 		ssl=(SSL *)ptr;
 		((BIO_SSL *)b->ptr)->ssl=ssl;

openssl/ssl/d1_both.c

@@ -153,7 +153,7 @@
 #endif
 
 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
 
 	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-	s->d1->handshake_read_seq++;
-	/* we just read a handshake message from the other side:
-	 * this means that we don't need to retransmit of the
-	 * buffered messages.  
-	 * XDTLS: may be able clear out this
-	 * buffer a little sooner (i.e if an out-of-order
-	 * handshake message/record is received at the record
-	 * layer.  
-	 * XDTLS: exception is that the server needs to
-	 * know that change cipher spec and finished messages
-	 * have been received by the client before clearing this
-	 * buffer.  this can simply be done by waiting for the
-	 * first data  segment, but is there a better way?  */
-	dtls1_clear_record_buffer(s);
+	/* Don't change sequence numbers while listening */
+	if (!s->d1->listen)
+		s->d1->handshake_read_seq++;
 
 	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
 	return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
 	/* 
 	 * if this is a future (or stale) message it gets buffered
-	 * (or dropped)--no further processing at this time 
+	 * (or dropped)--no further processing at this time
+	 * While listening, we accept seq 1 (ClientHello with cookie)
+	 * although we're still expecting seq 0 (ClientHello)
 	 */
-	if ( msg_hdr.seq != s->d1->handshake_read_seq)
+	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
 	len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
 			unsigned long len, unsigned long frag_off, unsigned long frag_len)
 	{
-	if ( frag_off == 0)
+	/* Don't change sequence numbers while listening */
+	if (frag_off == 0 && !s->d1->listen)
 		{
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
 		s->d1->next_handshake_write_seq++;

openssl/ssl/d1_clnt.c

@@ -407,7 +407,8 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CW_CHANGE_A:
 		case SSL3_ST_CW_CHANGE_B:
-			dtls1_start_timer(s);
+			if (!s->hit)
+				dtls1_start_timer(s);
 			ret=dtls1_send_change_cipher_spec(s,
 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
 			if (ret <= 0) goto end;
@@ -442,7 +443,8 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CW_FINISHED_A:
 		case SSL3_ST_CW_FINISHED_B:
-			dtls1_start_timer(s);
+			if (!s->hit)
+				dtls1_start_timer(s);
 			ret=dtls1_send_finished(s,
 				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
 				s->method->ssl3_enc->client_finished_label,

openssl/ssl/d1_lib.c

@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
 	return(1);
 	}
 
-void dtls1_free(SSL *s)
+static void dtls1_clear_queues(SSL *s)
 	{
     pitem *item = NULL;
     hm_fragment *frag = NULL;
-
-	ssl3_free(s);
+	DTLS1_RECORD_DATA *rdata;
 
     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
         {
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->unprocessed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
         {
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->processed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
         {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-    pqueue_free(s->d1->buffered_messages);
 
     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
         {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-	pqueue_free(s->d1->sent_messages);
 
 	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
 		{
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
 		OPENSSL_free(frag);
 		pitem_free(item);
 		}
+	}
+
+void dtls1_free(SSL *s)
+	{
+	ssl3_free(s);
+
+	dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->unprocessed_rcds.q);
+    pqueue_free(s->d1->processed_rcds.q);
+    pqueue_free(s->d1->buffered_messages);
+	pqueue_free(s->d1->sent_messages);
 	pqueue_free(s->d1->buffered_app_data.q);
 
 	OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
 
 void dtls1_clear(SSL *s)
 	{
+    pqueue unprocessed_rcds;
+    pqueue processed_rcds;
+    pqueue buffered_messages;
+	pqueue sent_messages;
+	pqueue buffered_app_data;
+	
+	if (s->d1)
+		{
+		unprocessed_rcds = s->d1->unprocessed_rcds.q;
+		processed_rcds = s->d1->processed_rcds.q;
+		buffered_messages = s->d1->buffered_messages;
+		sent_messages = s->d1->sent_messages;
+		buffered_app_data = s->d1->buffered_app_data.q;
+
+		dtls1_clear_queues(s);
+
+		memset(s->d1, 0, sizeof(*(s->d1)));
+
+		if (s->server)
+			{
+			s->d1->cookie_len = sizeof(s->d1->cookie);
+			}
+
+		s->d1->unprocessed_rcds.q = unprocessed_rcds;
+		s->d1->processed_rcds.q = processed_rcds;
+		s->d1->buffered_messages = buffered_messages;
+		s->d1->sent_messages = sent_messages;
+		s->d1->buffered_app_data.q = buffered_app_data;
+		}
+
 	ssl3_clear(s);
 	if (s->options & SSL_OP_CISCO_ANYCONNECT)
 		s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
 	s->d1->timeout_duration = 1;
 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+	/* Clear retransmission buffer */
+	dtls1_clear_record_buffer(s);
 	}
 
 int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
 		{
 		/* fail the connection, enough alerts have been sent */
 		SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
-		return 0;
+		return -1;
 		}
 
 	state->timeout.read_timeouts++;

openssl/ssl/d1_pkt.c

@@ -409,13 +409,13 @@ dtls1_process_record(SSL *s)
 	enc_err = s->method->ssl3_enc->enc(s,0);
 	if (enc_err <= 0)
 		{
-		if (enc_err == 0)
-			/* SSLerr() and ssl3_send_alert() have been called */
-			goto err;
-
-		/* otherwise enc_err == -1 */
-		al=SSL_AD_BAD_RECORD_MAC;
-		goto f_err;
+		/* decryption failed, silently discard message */
+		if (enc_err < 0)
+			{
+			rr->length = 0;
+			s->packet_length = 0;
+			}
+		goto err;
 		}
 
 #ifdef TLS_DEBUG
@@ -658,10 +658,12 @@ again:
 
 	/* If this record is from the next epoch (either HM or ALERT),
 	 * and a handshake is currently in progress, buffer it since it
-	 * cannot be processed at this time. */
+	 * cannot be processed at this time. However, do not buffer
+	 * anything while listening.
+	 */
 	if (is_next_epoch)
 		{
-		if (SSL_in_init(s) || s->in_handshake)
+		if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
 			{
 			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
 			}

openssl/ssl/d1_srvr.c

@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
 	unsigned long alg_k;
 	int ret= -1;
 	int new_state,state,skip=0;
+	int listen;
 
 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
 		cb=s->info_callback;
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
+	
+	listen = s->d1->listen;
 
 	/* init things to blank */
 	s->in_handshake++;
 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
+	s->d1->listen = listen;
+
 	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
 
 			s->init_num=0;
 
+			/* Reflect ClientHello sequence to remain stateless while listening */
+			if (listen)
+				{
+				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+				}
+
 			/* If we're just listening, stop here */
-			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
 				{
 				ret = 2;
 				s->d1->listen = 0;
+				/* Set expected sequence numbers
+				 * to continue the handshake.
+				 */
+				s->d1->handshake_read_seq = 2;
+				s->d1->handshake_write_seq = 1;
+				s->d1->next_handshake_write_seq = 1;
 				goto end;
 				}
 			
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
 
-			dtls1_start_timer(s);
 			ret = dtls1_send_hello_verify_request(s);
 			if ( ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
 		/* number of bytes to write */
 		s->init_num=p-buf;
 		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
 		}
 
 	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||

openssl/ssl/s3_clnt.c

@@ -2243,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			if (!DH_generate_key(dh_clnt))
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				DH_free(dh_clnt);
 				goto err;
 				}
 
@@ -2254,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			if (n <= 0)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				DH_free(dh_clnt);
 				goto err;
 				}
 

openssl/ssl/s3_lib.c

@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s)
 		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
+		{
 		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh = NULL;
+		}
 #endif
 #ifndef OPENSSL_NO_ECDH
 	if (s->s3->tmp.ecdh != NULL)
+		{
 		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL;
+		}
 #endif
 
 	rp = s->s3->rbuf.buf;

openssl/ssl/s3_pkt.c

@@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 		if (i <= 0)
 			{
 			rb->left = left;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
 				if (len+left == 0)
 					ssl3_release_read_buffer(s);
 			return(i);
@@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 			{
 			wb->left=0;
 			wb->offset+=i;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
 				ssl3_release_write_buffer(s);
 			s->rwstate=SSL_NOTHING;
 			return(s->s3->wpend_ret);

openssl/ssl/s3_srvr.c

@@ -768,15 +768,20 @@ int ssl3_check_client_hello(SSL *s)
 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
 		{
 		/* Throw away what we have done so far in the current handshake,
-		 * which will now be aborted. (A full SSL_clear would be too much.)
-		 * I hope that tmp.dh is the only thing that may need to be cleared
-		 * when a handshake is not completed ... */
+		 * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
 		if (s->s3->tmp.dh != NULL)
 			{
 			DH_free(s->s3->tmp.dh);
 			s->s3->tmp.dh = NULL;
 			}
+#endif
+#ifndef OPENSSL_NO_ECDH
+		if (s->s3->tmp.ecdh != NULL)
+			{
+			EC_KEY_free(s->s3->tmp.ecdh);
+			s->s3->tmp.ecdh = NULL;
+			}
 #endif
 		return 2;
 		}
@@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 			if (s->s3->tmp.dh != NULL)
 				{
-				DH_free(dh);
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 			if (s->s3->tmp.ecdh != NULL)
 				{
-				EC_KEY_free(s->s3->tmp.ecdh); 
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s)
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 			    (unsigned char *)encodedPoint, 
 			    encodedlen);
 			OPENSSL_free(encodedPoint);
+			encodedPoint = NULL;
 			p += encodedlen;
 			}
 #endif
@@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s)
 			/* Get encoded point length */
 			i = *p; 
 			p += 1;
+			if (n != 1 + i)
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    ERR_R_EC_LIB);
+				goto err;
+				}
 			if (EC_POINT_oct2point(group, 
 			    clnt_ecpoint, p, i, bn_ctx) == 0)
 				{

openssl/ssl/ssl_lib.c

@@ -1833,7 +1833,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #endif
 	X509 *x = NULL;
 	EVP_PKEY *ecc_pkey = NULL;
-	int signature_nid = 0;
+	int signature_nid = 0, pk_nid = 0, md_nid = 0;
 
 	if (c == NULL) return;
 
@@ -1963,18 +1963,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 		    EVP_PKEY_bits(ecc_pkey) : 0;
 		EVP_PKEY_free(ecc_pkey);
 		if ((x->sig_alg) && (x->sig_alg->algorithm))
+			{
 			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+			}
 #ifndef OPENSSL_NO_ECDH
 		if (ecdh_ok)
 			{
-			const char *sig = OBJ_nid2ln(signature_nid);
-			if (sig == NULL)
-				{
-				ERR_clear_error();
-				sig = "unknown";
-				}
-				
-			if (strstr(sig, "WithRSA"))
+
+			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
 				{
 				mask_k|=SSL_kECDHr;
 				mask_a|=SSL_aECDH;
@@ -1985,7 +1982,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 					}
 				}
 
-			if (signature_nid == NID_ecdsa_with_SHA1)
+			if (pk_nid == NID_X9_62_id_ecPublicKey)
 				{
 				mask_k|=SSL_kECDHe;
 				mask_a|=SSL_aECDH;
@@ -2039,7 +2036,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 	unsigned long alg_k, alg_a;
 	EVP_PKEY *pkey = NULL;
 	int keysize = 0;
-	int signature_nid = 0;
+	int signature_nid = 0, md_nid = 0, pk_nid = 0;
 
 	alg_k = cs->algorithm_mkey;
 	alg_a = cs->algorithm_auth;
@@ -2057,7 +2054,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 	/* This call populates the ex_flags field correctly */
 	X509_check_purpose(x, -1, 0);
 	if ((x->sig_alg) && (x->sig_alg->algorithm))
+		{
 		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+		}
 	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
 		{
 		/* key usage, if present, must allow key agreement */
@@ -2069,7 +2069,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 		if (alg_k & SSL_kECDHe)
 			{
 			/* signature alg must be ECDSA */
-			if (signature_nid != NID_ecdsa_with_SHA1)
+			if (pk_nid != NID_X9_62_id_ecPublicKey)
 				{
 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
 				return 0;
@@ -2079,13 +2079,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 			{
 			/* signature alg must be RSA */
 
-			const char *sig = OBJ_nid2ln(signature_nid);
-			if (sig == NULL)
-				{
-				ERR_clear_error();
-				sig = "unknown";
-				}
-			if (strstr(sig, "WithRSA") == NULL)
+			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
 				{
 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
 				return 0;

packages/my/NortonLikeListView.hpp

@@ -59,6 +59,7 @@ private:
 	int FFirstSelected;
 	int FLastSelected;
 	System::TDateTime FFocused;
+	unsigned FIgnoreSetFocusFrom;
 	HIDESBASE MESSAGE void __fastcall WMLButtonDown(Messages::TWMMouse &Message);
 	HIDESBASE MESSAGE void __fastcall WMRButtonDown(Messages::TWMMouse &Message);
 	HIDESBASE MESSAGE void __fastcall WMKeyDown(Messages::TWMKey &Message);
@@ -67,6 +68,7 @@ private:
 	HIDESBASE MESSAGE void __fastcall CNNotify(Messages::TWMNotify &Message);
 	MESSAGE void __fastcall LVMEditLabel(Messages::TMessage &Message);
 	HIDESBASE MESSAGE void __fastcall WMSetFocus(Messages::TWMSetFocus &Message);
+	MESSAGE void __fastcall CMWantSpecialKey(Messages::TWMKey &Message);
 	int __fastcall GetMarkedCount(void);
 	Comctrls::TListItem* __fastcall GetMarkedFile(void);
 	void __fastcall ItemSelected(Comctrls::TListItem* Item, int Index);

packages/my/NortonLikeListView.pas

@@ -27,6 +27,7 @@ type
     FFirstSelected: Integer;
     FLastSelected: Integer;
     FFocused: TDateTime;
+    FIgnoreSetFocusFrom: THandle;
     procedure WMLButtonDown(var Message: TWMLButtonDown); message WM_LBUTTONDOWN;
     procedure WMRButtonDown(var Message: TWMRButtonDown); message WM_RBUTTONDOWN;
     procedure WMKeyDown(var Message: TWMKeyDown); message WM_KEYDOWN;
@@ -35,6 +36,7 @@ type
     procedure CNNotify(var Message: TWMNotify); message CN_NOTIFY;
     procedure LVMEditLabel(var Message: TMessage); message LVM_EDITLABEL;
     procedure WMSetFocus(var Message: TWMSetFocus); message WM_SETFOCUS;
+    procedure CMWantSpecialKey(var Message: TCMWantSpecialKey); message CM_WANTSPECIALKEY;
     function GetMarkedCount: Integer;
     function GetMarkedFile: TListItem;
     procedure ItemSelected(Item: TListItem; Index: Integer);
@@ -201,6 +203,7 @@ begin
   // the bug is present even in compatibility mode
   FManageSelection := IsVista;
   FFocused := 0;
+  FIgnoreSetFocusFrom := INVALID_HANDLE_VALUE;
 end;
 
 destructor TCustomNortonLikeListView.Destroy;
@@ -428,6 +431,11 @@ begin
           end;
           inherited;
         end;
+      LVN_ENDLABELEDIT:
+        begin
+          FIgnoreSetFocusFrom := ListView_GetEditControl(Handle);
+          inherited;
+        end;
       else
         inherited;
     end;
@@ -834,8 +842,18 @@ end;
 
 procedure TCustomNortonLikeListView.WMSetFocus(var Message: TWMSetFocus);
 begin
-  FFocused := Now;
   inherited;
+
+  if Message.FocusedWnd <> FIgnoreSetFocusFrom then
+    FFocused := Now;
+end;
+
+procedure TCustomNortonLikeListView.CMWantSpecialKey(var Message: TCMWantSpecialKey);
+begin
+  inherited;
+
+  if IsEditing and (Message.CharCode = VK_TAB) then
+    Message.Result := 1;
 end;
 
 end.

release/licence.setup

@@ -1,7 +1,4 @@
-  A. GNU General Public License
-  B. OpenCandy End User License Agreement
-  
-  A. GNU GENERAL PUBLIC LICENSE
+  GNU GENERAL PUBLIC LICENSE
   Version 2, June 1991
 
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
@@ -95,9 +92,3 @@ Each version is given a distinguishing version number. If the Program specifies
 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
 
   END OF TERMS AND CONDITIONS
-
-
-  B. OPENCANDY END USER LICENSE AGREEMENT
-  January 26, 2010
-
-This installer uses the OpenCandy network to recommend other software you may find valuable during the installation of this software. OpenCandy collects NON-personally identifiable information about this installation and the recommendation process. Collection of this information ONLY occurs during this installation and the recommendation process; in accordance with OpenCandy's Privacy Policy, available at www.opencandy.com/privacy-policy

release/licence.setup-sponsored

@@ -0,0 +1,103 @@
+  A. GNU General Public License
+  B. OpenCandy End User License Agreement
+  
+  A. GNU GENERAL PUBLIC LICENSE
+  Version 2, June 1991
+
+Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
+
+  Preamble
+
+The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.
+
+When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. 
+
+To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
+
+For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. 
+
+We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
+
+Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. 
+
+Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. 
+
+The precise terms and conditions for copying, distribution and modification follow.
+
+  GNU GENERAL PUBLIC LICENSE
+
+  TERMS AND CONDITIONS FOR COPYING,
+  DISTRIBUTION AND MODIFICATION
+
+0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 
+
+1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
+
+2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: 
+
+a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
+
+b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
+
+c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
+
+3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
+
+a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, 
+
+b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
+
+c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
+
+If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
+
+4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
+
+5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
+
+6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
+
+7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
+
+This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
+
+8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
+
+9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. 
+
+Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
+
+10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
+
+  NO WARRANTY
+
+11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
+
+  END OF TERMS AND CONDITIONS
+
+
+  B. OPENCANDY END USER LICENSE AGREEMENT
+  January 26, 2010
+
+This installer uses the OpenCandy network to recommend other software you may find valuable during the installation of this software. OpenCandy collects NON-personally identifiable information about this installation and the recommendation process. Collection of this information ONLY occurs during this installation and the recommendation process; in accordance with OpenCandy's Privacy Policy, available at www.opencandy.com/privacy-policy

release/winscpsetup.iss

@@ -57,7 +57,7 @@ VersionInfoCopyright=(c) 2000-{#Year} Martin Prikryl
 DefaultDirName={pf}\WinSCP
 DefaultGroupName=WinSCP
 AllowNoIcons=yes
-LicenseFile=licence.setup
+LicenseFile=licence.setup{#OutputSuffix}
 UninstallDisplayIcon={app}\WinSCP.exe
 OutputDir={#OutputDir}
 DisableStartupPrompt=yes
@@ -83,6 +83,7 @@ Name: {#DefaultLang}; MessagesFile: {#MessagesPathRel(DefaultLang)}
 #define LangI
 #define Complete
 #define DirName
+#define DirNameRel
 
 #sub ProcessTranslationFile
 
@@ -114,7 +115,7 @@ Name: {#Lang}; MessagesFile: {#MessagesPathRel(Lang)}
 
 #sub ProcessTranslationDir
 
-  #if FindHandle = FindFirst(DirName + "\" + TranslationFileMask, 0)
+  #if FindHandle = FindFirst(DirNameRel + "\" + TranslationFileMask, 0)
     #define FResult 1
     #for {0; FResult; FResult = FindNext(FindHandle)} ProcessTranslationFile
     #expr FindClose(FindHandle)
@@ -124,11 +125,13 @@ Name: {#Lang}; MessagesFile: {#MessagesPathRel(Lang)}
 
 #expr Complete = 1
 #expr DirName = TranslationDir
+#expr DirNameRel = TranslationDirRel
 #emit ProcessTranslationDir
 
 #ifdef TranslationIncompleteDir
   #expr Complete = 0
   #expr DirName = TranslationIncompleteDir
+  #expr DirNameRel = TranslationIncompleteDirRel
   #emit ProcessTranslationDir
 #endif
 
@@ -416,12 +419,16 @@ begin
   Result := False;
 end;
 
-procedure OpenHelp;
+procedure OpenBrowser(Url: string);
 var
   ErrorCode: Integer;
 begin
-  ShellExec('open', '{#WebDocumentation}installation', '', '',
-    SW_SHOWNORMAL, ewNoWait, ErrorCode);
+  ShellExec('open', Url, '', '', SW_SHOWNORMAL, ewNoWait, ErrorCode);
+end;
+
+procedure OpenHelp;
+begin
+  OpenBrowser('{#WebDocumentation}installation');
 end;
 
 procedure HelpButtonClick(Sender: TObject);
@@ -728,7 +735,8 @@ begin
 
 #ifdef OpenCandy
   OpenCandyAsyncInit('{#OC_STR_MY_PRODUCT_NAME}', '{#OC_STR_KEY}', '{#OC_STR_SECRET}',
-    ExpandConstant('{cm:LanguageISOCode}'), {#OC_INIT_MODE_NORMAL});
+    ExpandConstant('{cm:LanguageISOCode}'), {#OC_INIT_MODE_NORMAL},
+    wpLicense, wpSelectTasks);
 #endif
 end;
 

resource/TextsCore1.rc

@@ -345,6 +345,6 @@ BEGIN
   FILEZILLA_URL, "http://filezilla-project.org/"
   OPENSSL_BASED_ON, "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit %s."
   OPENSSL_COPYRIGHT, "Copyright © 1998-2011 The OpenSSL Project"
-  OPENSSL_VERSION, "1.0.0d"
+  OPENSSL_VERSION, "1.0.0e"
   OPENSSL_URL, "http://www.openssl.org/"
 END

windows/ConsoleRunner.cpp

@@ -1585,9 +1585,10 @@ int __fastcall TConsoleRunner::Run(const AnsiString Session, TOptions * Options,
 
   try
   {
-    FScript = new TManagementScript(StoredSessions, FConsole->LimitedOutput());
     try
     {
+      FScript = new TManagementScript(StoredSessions, FConsole->LimitedOutput());
+
       FScript->CopyParam = GUIConfiguration->DefaultCopyParam;
       FScript->SynchronizeParams = GUIConfiguration->SynchronizeParams;
       FScript->OnPrint = ScriptPrint;
@@ -1654,17 +1655,20 @@ int __fastcall TConsoleRunner::Run(const AnsiString Session, TOptions * Options,
       }
       while (Result && FScript->Continue && !Aborted());
     }
-    __finally
+    catch(Exception & E)
     {
-      delete FScript;
-      FScript = NULL;
+      if (FScript != NULL)
+      {
+        FScript->Log(llMessage, "Failed");
+      }
+      ShowException(&E);
+      AnyError = true;
     }
   }
-  catch(Exception & E)
+  __finally
   {
-    FScript->Log(llMessage, "Failed");
-    ShowException(&E);
-    AnyError = true;
+    delete FScript;
+    FScript = NULL;
   }
 
   return AnyError ? RESULT_ANY_ERROR : RESULT_SUCCESS;

windows/WinConfiguration.cpp

@@ -503,7 +503,7 @@ void __fastcall TWinConfiguration::Default()
   FScpCommander.LocalPanelWidth = 0.5;
   FScpCommander.SwappedPanels = false;
   FScpCommander.StatusBar = true;
-  FScpCommander.NortonLikeMode = nlOn;
+  FScpCommander.NortonLikeMode = nlKeyboard;
   FScpCommander.PreserveLocalDirectory = false;
   // Toolbar_FloatRightX=1 makes keybar apper initialy "in column" when undocked
   FScpCommander.ToolbarsLayout =