OpenSSL 0.9.4 merge

12 files changed, 209 insertions, 188 deletions

diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl
index dfa7e4525d..37e388d1b4 100644
--- a/src/lib/libcrypto/dh/Makefile.ssl
+++ b/src/lib/libcrypto/dh/Makefile.ssl
@@ -7,23 +7,23 @@ TOP=	../..
 CC=     cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPEND=     $(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=dh
-ERRC=dh_err
 GENERAL=Makefile
 TEST= dhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c $(ERRC).c
-LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o $(ERRC).o
+LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +39,23 @@ all:	lib
 
 lib:    $(LIBOBJ)
         $(AR) $(LIB) $(LIBOBJ)
-        sh $(TOP)/util/ranlib.sh $(LIB)
+        $(RANLIB) $(LIB)
         @touch lib
 
 files:
-        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-        /bin/rm -f Makefile
-        $(TOP)/util/point.sh Makefile.ssl Makefile ;
-        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
-        $(TOP)/util/mklink.sh ../../test $(TEST)
-        $(TOP)/util/mklink.sh ../../apps $(APPS)
+        @$(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
         @for i in $(EXHEADER) ; \
         do  \
-        (cp $$i $(INSTALLTOP)/include/$$i; \
-        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
         done;
 
 tags:
@@ -68,17 +67,42 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+        $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
         mv -f Makefile.new $(MAKEFILE)
 
 clean:
-        /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+dh_check.o: ../cryptlib.h
+dh_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/rand.h ../../include/openssl/stack.h
+dh_key.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/src/lib/libcrypto/dh/dh.err b/src/lib/libcrypto/dh/dh.err
deleted file mode 100644
index a4fe746985..0000000000
--- a/src/lib/libcrypto/dh/dh.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_DHPARAMS_PRINT                              100
-#define DH_F_DHPARAMS_PRINT_FP                           101
-#define DH_F_DH_COMPUTE_KEY                              102
-#define DH_F_DH_GENERATE_KEY                             103
-#define DH_F_DH_GENERATE_PARAMETERS                      104
-#define DH_F_DH_NEW                                      105
-
-/* Reason codes. */
-#define DH_R_NO_PRIVATE_VALUE                            100
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 4cc1df2650..2cc3797a94 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -63,10 +63,14 @@
 extern "C" {
 #endif
 
-#ifndef HEADER_BN_H
-#define BIGNUM          char
+#ifdef NO_DH
+#error DH is disabled.
 #endif
 
+#include <openssl/bn.h>
+        
+#define DH_FLAG_CACHE_MONT_P    0x01
+
 typedef struct dh_st
         {
         /* This first argument is used to pick up errors when
@@ -78,6 +82,9 @@ typedef struct dh_st
         int length; /* optional */
         BIGNUM *pub_key;        /* y */
         BIGNUM *priv_key;       /* x */
+
+        int flags;
+        char *method_mont_p;
         } DH;
 
 #define DH_GENERATOR_2          2
@@ -98,15 +105,19 @@ typedef struct dh_st
                 (unsigned char *)(x))
 #define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
                 (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef  __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+                (unsigned char *)(x))
+#else
 #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
                 (unsigned char *)(x))
+#endif
 
-#ifndef NOPROTO
 DH *    DH_new(void);
 void    DH_free(DH *dh);
 int     DH_size(DH *dh);
 DH *    DH_generate_parameters(int prime_len,int generator,
-                void (*callback)(int,int,char *),char *cb_arg);
+                void (*callback)(int,int,void *),void *cb_arg);
 int     DH_check(DH *dh,int *codes);
 int     DH_generate_key(DH *dh);
 int     DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
@@ -122,26 +133,11 @@ int	DHparams_print(char *bp, DH *x);
 #endif
 void    ERR_load_DH_strings(void );
 
-#else
-
-DH *    DH_new();
-void    DH_free();
-int     DH_size();
-DH *    DH_generate_parameters();
-int     DH_check();
-int     DH_generate_key();
-int     DH_compute_key();
-DH *    d2i_DHparams();
-int     i2d_DHparams();
-#ifndef NO_FP_API
-int     DHparams_print_fp();
-#endif
-int     DHparams_print();
-void    ERR_load_DH_strings();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the DH functions. */
 
 /* Function codes. */
@@ -154,7 +150,7 @@ void	ERR_load_DH_strings();
 
 /* Reason codes. */
 #define DH_R_NO_PRIVATE_VALUE                            100
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 65602e494f..95ce9cfad0 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
 /* Check that p is a strong prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
@@ -70,9 +70,7 @@
  * should hold.
  */
 
-int DH_check(dh,ret)
-DH *dh;
-int *ret;
+int DH_check(DH *dh, int *ret)
         {
         int ok=0;
         BN_CTX *ctx=NULL;
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index 9d5c06ac24..0348bd24a2 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -1,63 +1,65 @@
-/* lib/dh/dh_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "dh.h"
+#include <openssl/err.h>
+#include <openssl/dh.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -69,23 +71,23 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),    "DH_generate_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),     "DH_generate_parameters"},
 {ERR_PACK(0,DH_F_DH_NEW,0),     "DH_new"},
-{0,NULL},
+{0,NULL}
         };
 
 static ERR_STRING_DATA DH_str_reasons[]=
         {
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
-{0,NULL},
+{0,NULL}
         };
 
 #endif
 
-void ERR_load_DH_strings()
+void ERR_load_DH_strings(void)
         {
         static int init=1;
 
-        if (init);
-                {;
+        if (init)
+                {
                 init=0;
 #ifndef NO_ERR
                 ERR_load_strings(ERR_LIB_DH,DH_str_functs);
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 04c7046a7b..b7bcd2c7a4 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
@@ -83,11 +83,8 @@
  * this generator function can take a very very long time to run.
  */
 
-DH *DH_generate_parameters(prime_len,generator,callback,cb_arg)
-int prime_len;
-int generator;
-void (*callback)(P_I_I_P);
-char *cb_arg;
+DH *DH_generate_parameters(int prime_len, int generator,
+             void (*callback)(int,int,void *), void *cb_arg)
         {
         BIGNUM *p=NULL,*t1,*t2;
         DH *ret=NULL;
@@ -95,10 +92,11 @@ char *cb_arg;
         BN_CTX *ctx=NULL;
 
         ret=DH_new();
+        if (ret == NULL) goto err;
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
-        t1=ctx->bn[0];
-        t2=ctx->bn[1];
+        t1= &(ctx->bn[0]);
+        t2= &(ctx->bn[1]);
         ctx->tos=2;
         
         if (generator == DH_GENERATOR_2)
@@ -126,7 +124,7 @@ char *cb_arg;
         else
                 g=generator;
         
-        p=BN_generate_prime(prime_len,1,t1,t2,callback,cb_arg);
+        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
         if (p == NULL) goto err;
         if (callback != NULL) callback(3,0,cb_arg);
         ret->p=p;
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 7576772bcd..cede53bfc1 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -58,20 +58,19 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rand.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
 
-int DH_generate_key(dh)
-DH *dh;
+int DH_generate_key(DH *dh)
         {
         int ok=0;
         unsigned int i;
-        BN_CTX *ctx=NULL;
+        BN_CTX ctx;
+        BN_MONT_CTX *mont;
         BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
+        BN_CTX_init(&ctx);
 
         if (dh->priv_key == NULL)
                 {
@@ -96,7 +95,15 @@ DH *dh;
         else
                 pub_key=dh->pub_key;
 
-        if (!BN_mod_exp(pub_key,dh->g,priv_key,dh->p,ctx)) goto err;
+        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+                {
+                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+                                dh->p,&ctx)) goto err;
+                }
+        mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+        if (!BN_mod_exp_mont(pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
                 
         dh->pub_key=pub_key;
         dh->priv_key=priv_key;
@@ -107,29 +114,34 @@ err:
 
         if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
         if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_CTX_free(&ctx);
         return(ok);
         }
 
-int DH_compute_key(key,pub_key,dh)
-unsigned char *key;
-BIGNUM *pub_key;
-DH *dh;
+int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
         {
-        BN_CTX *ctx;
+        BN_CTX ctx;
+        BN_MONT_CTX *mont;
         BIGNUM *tmp;
         int ret= -1;
 
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        tmp=ctx->bn[ctx->tos++];
+        BN_CTX_init(&ctx);
+        tmp= &(ctx.bn[ctx.tos++]);
         
         if (dh->priv_key == NULL)
                 {
                 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
                 goto err;
                 }
-        if (!BN_mod_exp(tmp,pub_key,dh->priv_key,dh->p,ctx))
+        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+                {
+                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+                                dh->p,&ctx)) goto err;
+                }
+
+        mont=(BN_MONT_CTX *)dh->method_mont_p;
+        if (!BN_mod_exp_mont(tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
                 {
                 DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                 goto err;
@@ -137,6 +149,6 @@ DH *dh;
 
         ret=BN_bn2bin(tmp,key);
 err:
-        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_CTX_free(&ctx);
         return(ret);
         }
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index a300b38396..61e0720e8a 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -58,12 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
-char *DH_version="Diffie-Hellman part of SSLeay 0.9.0b 29-Jun-1998";
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
-DH *DH_new()
+DH *DH_new(void)
         {
         DH *ret;
 
@@ -80,21 +80,24 @@ DH *DH_new()
         ret->length=0;
         ret->pub_key=NULL;
         ret->priv_key=NULL;
+        ret->flags=DH_FLAG_CACHE_MONT_P;
+        ret->method_mont_p=NULL;
         return(ret);
         }
 
-void DH_free(r)
-DH *r;
+void DH_free(DH *r)
         {
+        if(r == NULL) return;
         if (r->p != NULL) BN_clear_free(r->p);
         if (r->g != NULL) BN_clear_free(r->g);
         if (r->pub_key != NULL) BN_clear_free(r->pub_key);
         if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        if (r->method_mont_p != NULL)
+                BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
         Free(r);
         }
 
-int DH_size(dh)
-DH *dh;
+int DH_size(DH *dh)
         {
         return(BN_num_bytes(dh->p));
         }
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
index 488f10fd41..770331971f 100644
--- a/src/lib/libcrypto/dh/dhtest.c
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -62,10 +62,18 @@
 #ifdef WINDOWS
 #include "../bio/bss_file.c" 
 #endif
-#include "crypto.h"
-#include "bio.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+
+#ifdef NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include <openssl/dh.h>
 
 #ifdef WIN16
 #define MS_CALLBACK     _far _loadds
@@ -73,12 +81,7 @@
 #define MS_CALLBACK
 #endif
 
-#ifndef NOPROTO
-static void MS_CALLBACK cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK cb();
-#endif
-
+static void MS_CALLBACK cb(int p, int n, void *arg);
 #ifdef NO_STDIO
 #define APPS_WIN16
 #include "bss_file.c"
@@ -86,9 +89,7 @@ static void MS_CALLBACK cb();
 
 BIO *out=NULL;
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
         {
         DH *a,*b;
         char buf[12];
@@ -103,7 +104,7 @@ char *argv[];
         if (out == NULL) exit(1);
         BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
-        a=DH_generate_parameters(64,DH_GENERATOR_5,cb,(char *)out);
+        a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
         if (a == NULL) goto err;
 
         BIO_puts(out,"\np    =");
@@ -170,10 +171,7 @@ err:
         return(ret);
         }
 
-static void MS_CALLBACK cb(p, n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK cb(int p, int n, void *arg)
         {
         char c='*';
 
@@ -182,7 +180,9 @@ char *arg;
         if (p == 2) c='*';
         if (p == 3) c='\n';
         BIO_write((BIO *)arg,&c,1);
+        (void)BIO_flush((BIO *)arg);
 #ifdef LINT
         p=n;
 #endif
         }
+#endif
diff --git a/src/lib/libcrypto/dh/p1024.c b/src/lib/libcrypto/dh/p1024.c
index 0c50c24cfb..368ceca4eb 100644
--- a/src/lib/libcrypto/dh/p1024.c
+++ b/src/lib/libcrypto/dh/p1024.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
         0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
diff --git a/src/lib/libcrypto/dh/p192.c b/src/lib/libcrypto/dh/p192.c
index 881908169a..7bdf40410e 100644
--- a/src/lib/libcrypto/dh/p192.c
+++ b/src/lib/libcrypto/dh/p192.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={
 0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
diff --git a/src/lib/libcrypto/dh/p512.c b/src/lib/libcrypto/dh/p512.c
index cc84e8e50e..a9b6aa83f0 100644
--- a/src/lib/libcrypto/dh/p512.c
+++ b/src/lib/libcrypto/dh/p512.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={
 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,