[openssl-commits] [openssl] master update

[Ben Laurie]

The branch master has been updated
       via  b8ce6dda36e0c9a647ed7c5b00795bc835d747ef (commit)
       via  9730043fac645a036cc7f24a2a1d576c3e0fbc4d (commit)
       via  f100b0317eea8df3510b4b6ccf46837872c288cf (commit)
       via  3fd4d211aec1f9d1890c870f55517ff0bd89ee56 (commit)
      from  04f6b0fd9110c85c3c0d6d1172005d1c6755ac86 (commit)


- Log -----------------------------------------------------------------
commit b8ce6dda36e0c9a647ed7c5b00795bc835d747ef
Author: Ben Laurie <ben at links.org>
Date:   Tue Mar 22 10:40:13 2016 +0000

    Fix enable-zlib no-comp.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 9730043fac645a036cc7f24a2a1d576c3e0fbc4d
Author: Ben Laurie <ben at links.org>
Date:   Tue Mar 22 02:39:36 2016 +0000

    Fix no-rc4.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit f100b0317eea8df3510b4b6ccf46837872c288cf
Author: Ben Laurie <ben at links.org>
Date:   Thu Mar 17 18:17:27 2016 +0000

    Move declaration of i into blocks where it is used.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 3fd4d211aec1f9d1890c870f55517ff0bd89ee56
Author: Ben Laurie <ben at links.org>
Date:   Thu Mar 17 18:17:03 2016 +0000

    sctp requires dgram.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 Configure                |  3 ++-
 apps/dsa.c               |  5 ++++-
 ssl/statem/statem_srvr.c | 10 +++++++---
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/Configure b/Configure
index e1ede8c..d303a14 100755
--- a/Configure
+++ b/Configure
@@ -358,7 +358,7 @@ my @disable_cascades = (
     "des"		=> [ "mdc2" ],
     "ec"		=> [ "ecdsa", "ecdh" ],
 
-    "dgram"		=> [ "dtls" ],
+    "dgram"		=> [ "dtls", "sctp" ],
     "dtls"		=> [ @dtls ],
 
     # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
@@ -393,6 +393,7 @@ my @disable_cascades = (
     "pic"               => [ "shared" ],
     "shared"            => [ "dynamic-engine" ],
     "engine"            => [ "afalgeng" ],
+    "comp"		=> [ "zlib" ],
     );
 
 # Avoid protocol support holes.  Also disable all versions below N, if version
diff --git a/apps/dsa.c b/apps/dsa.c
index 79c6fb2..ed5bf01 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -116,7 +116,10 @@ int dsa_main(int argc, char **argv)
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
-    int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1;
+    int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+# ifndef OPENSSL_NO_RC4
+    int pvk_encr = 2;
+# endif
     int private = 0;
 
     prog = opt_init(argc, argv, dsa_options);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 2f2f457..983b821 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -212,7 +212,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
             if (mt == SSL3_MT_CERTIFICATE) {
                 st->hand_state = TLS_ST_SR_CERT;
                 return 1;
-            } 
+            }
         }
         break;
 
@@ -1280,7 +1280,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
         goto f_err;
     }
-    
+
     /* TLS extensions */
     if (s->version >= SSL3_VERSION) {
         if (!ssl_parse_clienthello_tlsext(s, &extensions)) {
@@ -2073,7 +2073,6 @@ int tls_construct_certificate_request(SSL *s)
 MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 {
     int al;
-    unsigned int i;
     unsigned long alg_k;
 #ifndef OPENSSL_NO_RSA
     RSA *rsa = NULL;
@@ -2302,6 +2301,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
     if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
         EVP_PKEY *skey = NULL;
         DH *cdh;
+        unsigned int i;
 
         if (!PACKET_get_net_2(pkt, &i)) {
             if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
@@ -2375,6 +2375,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
                    SSL_R_MISSING_TMP_ECDH_KEY);
             goto f_err;
         } else {
+            unsigned int i;
+
             /*
              * Get client's public key from encoded point in the
              * ClientKeyExchange message.
@@ -2420,6 +2422,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 #endif
 #ifndef OPENSSL_NO_SRP
     if (alg_k & SSL_kSRP) {
+        unsigned int i;
+
         if (!PACKET_get_net_2(pkt, &i)
                 || !PACKET_get_bytes(pkt, &data, i)) {
             al = SSL_AD_DECODE_ERROR;