summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorbeck <>2001-06-22 00:03:44 +0000
committerbeck <>2001-06-22 00:03:44 +0000
commit38b6ff9e5294811c57541ad47940f8f8f41dc114 (patch)
tree402699541cee3cf3f2943b0384dbda7de534de70 /src
parentafae624d63e4e717c5bae8c7842a4712309f728f (diff)
downloadopenbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.tar.gz
openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.tar.bz2
openbsd-38b6ff9e5294811c57541ad47940f8f8f41dc114.zip
openssl-engine-0.9.6a merge
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/Attic/Makefile10
-rw-r--r--src/lib/libcrypto/Makefile.ssl10
-rw-r--r--src/lib/libcrypto/asn1/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/asn1/a_strnid.c2
-rw-r--r--src/lib/libcrypto/asn1/asn1_lib.c2
-rw-r--r--src/lib/libcrypto/asn1/asn1_mac.h23
-rw-r--r--src/lib/libcrypto/asn1/p7_lib.c2
-rw-r--r--src/lib/libcrypto/asn1/x_crl.c10
-rw-r--r--src/lib/libcrypto/asn1/x_name.c6
-rw-r--r--src/lib/libcrypto/bf/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/bio/Makefile.ssl17
-rw-r--r--src/lib/libcrypto/bio/b_print.c1
-rw-r--r--src/lib/libcrypto/bio/b_sock.c14
-rw-r--r--src/lib/libcrypto/bn/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/bn/asm/mips3.s8
-rw-r--r--src/lib/libcrypto/bn/asm/pa-risc2.s2
-rw-r--r--src/lib/libcrypto/bn/asm/pa-risc2W.s2
-rw-r--r--src/lib/libcrypto/bn/bn.h8
-rw-r--r--src/lib/libcrypto/bn/bn_div.c7
-rw-r--r--src/lib/libcrypto/bn/bn_err.c3
-rw-r--r--src/lib/libcrypto/bn/bn_lib.c7
-rw-r--r--src/lib/libcrypto/bn/bn_rand.c107
-rw-r--r--src/lib/libcrypto/bn/bn_shift.c5
-rw-r--r--src/lib/libcrypto/bn/bntest.c64
-rw-r--r--src/lib/libcrypto/buffer/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/cast/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/comp/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/conf/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/conf/conf.h2
-rw-r--r--src/lib/libcrypto/conf/conf_err.c2
-rw-r--r--src/lib/libcrypto/conf/conf_lib.c84
-rw-r--r--src/lib/libcrypto/crypto-lib.com2
-rw-r--r--src/lib/libcrypto/crypto.h2
-rw-r--r--src/lib/libcrypto/des/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/des/asm/des-586.pl4
-rw-r--r--src/lib/libcrypto/des/asm/des686.pl2
-rw-r--r--src/lib/libcrypto/des/asm/readme2
-rw-r--r--src/lib/libcrypto/des/cbc_cksm.c2
-rw-r--r--src/lib/libcrypto/des/cfb64enc.c4
-rw-r--r--src/lib/libcrypto/des/cfb_enc.c4
-rw-r--r--src/lib/libcrypto/des/des.h8
-rw-r--r--src/lib/libcrypto/des/des_enc.c2
-rw-r--r--src/lib/libcrypto/des/des_opts.c48
-rw-r--r--src/lib/libcrypto/des/dess.cpp18
-rw-r--r--src/lib/libcrypto/des/ecb_enc.c2
-rw-r--r--src/lib/libcrypto/des/ede_cbcm_enc.c16
-rw-r--r--src/lib/libcrypto/des/ncbc_enc.c8
-rw-r--r--src/lib/libcrypto/des/ofb64enc.c2
-rw-r--r--src/lib/libcrypto/des/ofb_enc.c2
-rw-r--r--src/lib/libcrypto/des/pcbc_enc.c4
-rw-r--r--src/lib/libcrypto/des/speed.c4
-rw-r--r--src/lib/libcrypto/des/xcbc_enc.c8
-rw-r--r--src/lib/libcrypto/dh/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/dh/dh_key.c11
-rw-r--r--src/lib/libcrypto/dh/dh_lib.c8
-rw-r--r--src/lib/libcrypto/doc/RAND_load_file.pod2
-rw-r--r--src/lib/libcrypto/doc/bn.pod1
-rw-r--r--src/lib/libcrypto/doc/evp.pod2
-rw-r--r--src/lib/libcrypto/dsa/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/dso/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/dso/dso_dl.c23
-rw-r--r--src/lib/libcrypto/dso/dso_vms.c4
-rw-r--r--src/lib/libcrypto/ebcdic.c2
-rw-r--r--src/lib/libcrypto/engine/engine_lib.c11
-rw-r--r--src/lib/libcrypto/err/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/err/err.c20
-rw-r--r--src/lib/libcrypto/evp/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/evp/evp.h36
-rw-r--r--src/lib/libcrypto/ex_data.c2
-rw-r--r--src/lib/libcrypto/hmac/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/idea/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/lhash/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/md2/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/md4/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/md5/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/mdc2/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/mem_dbg.c98
-rw-r--r--src/lib/libcrypto/objects/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/opensslv.h4
-rw-r--r--src/lib/libcrypto/pem/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/pem/pem_info.c2
-rw-r--r--src/lib/libcrypto/pkcs12/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/pkcs12/p12_attr.c2
-rw-r--r--src/lib/libcrypto/pkcs12/p12_key.c13
-rw-r--r--src/lib/libcrypto/pkcs12/p12_kiss.c1
-rw-r--r--src/lib/libcrypto/pkcs12/p12_utl.c18
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h2
-rw-r--r--src/lib/libcrypto/pkcs7/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c13
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c6
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c13
-rw-r--r--src/lib/libcrypto/rand/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/rand/md_rand.c4
-rw-r--r--src/lib/libcrypto/rand/rand.h4
-rw-r--r--src/lib/libcrypto/rand/rand_egd.c7
-rw-r--r--src/lib/libcrypto/rand/rand_win.c8
-rw-r--r--src/lib/libcrypto/rand/randfile.c10
-rw-r--r--src/lib/libcrypto/rc2/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/rc4/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/rc5/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/ripemd/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/rsa/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c97
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c10
-rw-r--r--src/lib/libcrypto/sha/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-586.pl12
-rw-r--r--src/lib/libcrypto/stack/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/txt_db/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/uid.c88
-rw-r--r--src/lib/libcrypto/util/clean-depend.pl4
-rw-r--r--src/lib/libcrypto/util/libeay.num127
-rw-r--r--src/lib/libcrypto/util/mkdef.pl26
-rw-r--r--src/lib/libcrypto/util/mklink.pl7
-rw-r--r--src/lib/libcrypto/util/pod2man.pl2
-rw-r--r--src/lib/libcrypto/x509/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/x509/by_dir.c2
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c18
-rw-r--r--src/lib/libcrypto/x509v3/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c26
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c6
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/crypto/Makefile2
-rw-r--r--src/lib/libssl/crypto/shlib_version4
-rw-r--r--src/lib/libssl/s23_lib.c38
-rw-r--r--src/lib/libssl/s3_both.c4
-rw-r--r--src/lib/libssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/s3_lib.c88
-rw-r--r--src/lib/libssl/s3_pkt.c24
-rw-r--r--src/lib/libssl/shlib_version4
-rw-r--r--src/lib/libssl/src/CHANGES285
-rw-r--r--src/lib/libssl/src/Configure152
-rw-r--r--src/lib/libssl/src/FAQ419
-rw-r--r--src/lib/libssl/src/LICENSE2
-rw-r--r--src/lib/libssl/src/Makefile.org173
-rw-r--r--src/lib/libssl/src/NEWS25
-rw-r--r--src/lib/libssl/src/README3
-rw-r--r--src/lib/libssl/src/apps/Makefile.ssl5
-rw-r--r--src/lib/libssl/src/apps/app_rand.c6
-rw-r--r--src/lib/libssl/src/apps/ca-cert.srl2
-rw-r--r--src/lib/libssl/src/apps/dsaparam.c2
-rw-r--r--src/lib/libssl/src/apps/md5.c127
-rw-r--r--src/lib/libssl/src/apps/passwd.c3
-rw-r--r--src/lib/libssl/src/apps/pca-cert.srl2
-rw-r--r--src/lib/libssl/src/apps/req.c9
-rw-r--r--src/lib/libssl/src/apps/rmd160.c127
-rw-r--r--src/lib/libssl/src/apps/rsautl.c4
-rw-r--r--src/lib/libssl/src/apps/s_client.c18
-rw-r--r--src/lib/libssl/src/apps/s_server.c55
-rw-r--r--src/lib/libssl/src/apps/server.pem16
-rw-r--r--src/lib/libssl/src/apps/speed.c4
-rw-r--r--src/lib/libssl/src/apps/x509.c2
-rw-r--r--src/lib/libssl/src/certs/rsa-ssca.pem19
-rw-r--r--src/lib/libssl/src/config50
-rw-r--r--src/lib/libssl/src/crypto/Makefile10
-rw-r--r--src/lib/libssl/src/crypto/Makefile.ssl10
-rw-r--r--src/lib/libssl/src/crypto/asn1/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_strnid.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_lib.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_mac.h23
-rw-r--r--src/lib/libssl/src/crypto/asn1/p7_lib.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/x_crl.c10
-rw-r--r--src/lib/libssl/src/crypto/asn1/x_name.c6
-rw-r--r--src/lib/libssl/src/crypto/bf/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/bio/Makefile.ssl17
-rw-r--r--src/lib/libssl/src/crypto/bio/b_print.c1
-rw-r--r--src/lib/libssl/src/crypto/bio/b_sock.c14
-rw-r--r--src/lib/libssl/src/crypto/bn/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/mips3.s8
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/pa-risc2.s2
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s2
-rw-r--r--src/lib/libssl/src/crypto/bn/bn.h8
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_div.c7
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_err.c3
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_lib.c7
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_rand.c107
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_shift.c5
-rw-r--r--src/lib/libssl/src/crypto/bn/bntest.c64
-rw-r--r--src/lib/libssl/src/crypto/buffer/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/cast/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/comp/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/conf/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/conf/conf.h2
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_err.c2
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_lib.c84
-rw-r--r--src/lib/libssl/src/crypto/crypto-lib.com2
-rw-r--r--src/lib/libssl/src/crypto/crypto.h2
-rw-r--r--src/lib/libssl/src/crypto/des/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/des/asm/des-586.pl4
-rw-r--r--src/lib/libssl/src/crypto/des/asm/des686.pl2
-rw-r--r--src/lib/libssl/src/crypto/des/asm/readme2
-rw-r--r--src/lib/libssl/src/crypto/des/cbc_cksm.c2
-rw-r--r--src/lib/libssl/src/crypto/des/cfb64enc.c4
-rw-r--r--src/lib/libssl/src/crypto/des/cfb_enc.c4
-rw-r--r--src/lib/libssl/src/crypto/des/des.h8
-rw-r--r--src/lib/libssl/src/crypto/des/des_enc.c2
-rw-r--r--src/lib/libssl/src/crypto/des/des_opts.c48
-rw-r--r--src/lib/libssl/src/crypto/des/dess.cpp18
-rw-r--r--src/lib/libssl/src/crypto/des/ecb_enc.c2
-rw-r--r--src/lib/libssl/src/crypto/des/ede_cbcm_enc.c16
-rw-r--r--src/lib/libssl/src/crypto/des/ncbc_enc.c8
-rw-r--r--src/lib/libssl/src/crypto/des/ofb64enc.c2
-rw-r--r--src/lib/libssl/src/crypto/des/ofb_enc.c2
-rw-r--r--src/lib/libssl/src/crypto/des/pcbc_enc.c4
-rw-r--r--src/lib/libssl/src/crypto/des/speed.c4
-rw-r--r--src/lib/libssl/src/crypto/des/xcbc_enc.c8
-rw-r--r--src/lib/libssl/src/crypto/dh/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_key.c11
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_lib.c8
-rw-r--r--src/lib/libssl/src/crypto/dsa/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/dso/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_dl.c23
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_vms.c4
-rw-r--r--src/lib/libssl/src/crypto/ebcdic.c2
-rw-r--r--src/lib/libssl/src/crypto/engine/engine_lib.c11
-rw-r--r--src/lib/libssl/src/crypto/err/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/err/err.c20
-rw-r--r--src/lib/libssl/src/crypto/evp/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/evp/evp.h36
-rw-r--r--src/lib/libssl/src/crypto/ex_data.c2
-rw-r--r--src/lib/libssl/src/crypto/hmac/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/idea/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/lhash/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/md2/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/md4/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/md5/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/mdc2/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/mem_dbg.c98
-rw-r--r--src/lib/libssl/src/crypto/objects/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/opensslv.h4
-rw-r--r--src/lib/libssl/src/crypto/pem/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_info.c2
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_attr.c2
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_key.c13
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_kiss.c1
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_utl.c18
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/pkcs12.h2
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_doit.c13
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_mime.c6
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_smime.c13
-rw-r--r--src/lib/libssl/src/crypto/rand/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/rand/md_rand.c4
-rw-r--r--src/lib/libssl/src/crypto/rand/rand.h4
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_egd.c7
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_win.c8
-rw-r--r--src/lib/libssl/src/crypto/rand/randfile.c10
-rw-r--r--src/lib/libssl/src/crypto/rc2/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/rc4/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/rc5/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/ripemd/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/rsa/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_eay.c97
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_lib.c10
-rw-r--r--src/lib/libssl/src/crypto/sha/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/sha/asm/sha1-586.pl12
-rw-r--r--src/lib/libssl/src/crypto/stack/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/txt_db/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/uid.c88
-rw-r--r--src/lib/libssl/src/crypto/x509/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/x509/by_dir.c2
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_cmp.c18
-rw-r--r--src/lib/libssl/src/crypto/x509v3/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_alt.c2
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_prn.c26
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_purp.c6
-rw-r--r--src/lib/libssl/src/doc/apps/pkcs12.pod20
-rw-r--r--src/lib/libssl/src/doc/apps/s_client.pod9
-rw-r--r--src/lib/libssl/src/doc/apps/s_server.pod11
-rw-r--r--src/lib/libssl/src/doc/crypto/BN_rand.pod22
-rw-r--r--src/lib/libssl/src/doc/crypto/RAND_egd.pod35
-rw-r--r--src/lib/libssl/src/doc/crypto/RAND_load_file.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/bn.pod1
-rw-r--r--src/lib/libssl/src/doc/crypto/evp.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/rand.pod12
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod67
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_add_extra_chain_cert.pod38
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod65
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod49
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod53
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod50
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod124
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod15
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_sess_number.pod76
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod51
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod81
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_sessions.pod34
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod4
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod90
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_default_passwd_cb.pod70
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod78
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod183
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod107
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod82
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod13
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_timeout.pod55
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod284
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod154
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod61
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod63
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_accept.pod11
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_clear.pod16
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_connect.pod11
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_free.pod13
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod52
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_error.pod30
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod61
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod59
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_session.pod21
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod4
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_version.pod46
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod62
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_new.pod1
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_pending.pod13
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_read.pod25
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod47
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_set_session.pod3
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod68
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_shutdown.pod18
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_write.pod31
-rw-r--r--src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod56
-rw-r--r--src/lib/libssl/src/doc/ssl/ssl.pod150
-rw-r--r--src/lib/libssl/src/doc/ssleay.txt2
-rw-r--r--src/lib/libssl/src/e_os.h2
-rw-r--r--src/lib/libssl/src/ms/16all.bat3
-rw-r--r--src/lib/libssl/src/ms/32all.bat3
-rw-r--r--src/lib/libssl/src/ms/test.bat2
-rw-r--r--src/lib/libssl/src/openssl.spec36
-rw-r--r--src/lib/libssl/src/rsaref/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/ssl/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/ssl/s23_lib.c38
-rw-r--r--src/lib/libssl/src/ssl/s23_meth.c2
-rw-r--r--src/lib/libssl/src/ssl/s2_clnt.c1
-rw-r--r--src/lib/libssl/src/ssl/s2_lib.c10
-rw-r--r--src/lib/libssl/src/ssl/s2_pkt.c169
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c5
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c88
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c24
-rw-r--r--src/lib/libssl/src/ssl/ssl.h16
-rw-r--r--src/lib/libssl/src/ssl/ssl2.h6
-rw-r--r--src/lib/libssl/src/ssl/ssl_algs.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c2
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c19
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h59
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c1
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c5
-rw-r--r--src/lib/libssl/src/test/Makefile.ssl4
-rw-r--r--src/lib/libssl/src/tools/c_rehash.in14
-rw-r--r--src/lib/libssl/src/util/clean-depend.pl4
-rw-r--r--src/lib/libssl/src/util/libeay.num127
-rw-r--r--src/lib/libssl/src/util/mkdef.pl26
-rw-r--r--src/lib/libssl/src/util/mklink.pl7
-rw-r--r--src/lib/libssl/src/util/pod2man.pl2
-rw-r--r--src/lib/libssl/ssl.h16
-rw-r--r--src/lib/libssl/ssl/shlib_version4
-rw-r--r--src/lib/libssl/ssl2.h6
-rw-r--r--src/lib/libssl/ssl_algs.c4
-rw-r--r--src/lib/libssl/ssl_cert.c2
-rw-r--r--src/lib/libssl/ssl_err.c4
-rw-r--r--src/lib/libssl/ssl_lib.c19
-rw-r--r--src/lib/libssl/ssl_locl.h59
-rw-r--r--src/lib/libssl/ssl_sess.c1
-rw-r--r--src/lib/libssl/t1_enc.c5
-rw-r--r--src/lib/libssl/test/Makefile.ssl4
371 files changed, 6399 insertions, 1594 deletions
diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
index 05e3bb701e..6759b2e4d0 100644
--- a/src/lib/libcrypto/Attic/Makefile
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \
34GENERAL=Makefile README crypto-lib.com install.com 34GENERAL=Makefile README crypto-lib.com install.com
35 35
36LIB= $(TOP)/libcrypto.a 36LIB= $(TOP)/libcrypto.a
37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c 37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o 38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
39 39
40SRC= $(LIBSRC) 40SRC= $(LIBSRC)
41 41
@@ -90,7 +90,8 @@ links:
90 90
91lib: $(LIBOBJ) 91lib: $(LIBOBJ)
92 $(AR) $(LIB) $(LIBOBJ) 92 $(AR) $(LIB) $(LIBOBJ)
93 $(RANLIB) $(LIB) 93 @echo You may get an error following this line. Please ignore.
94 - $(RANLIB) $(LIB)
94 @touch lib 95 @touch lib
95 96
96libs: 97libs:
@@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
197tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h 198tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
198tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 199tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
199tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h 200tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
201uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
202uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
203uid.o: ../include/openssl/symhacks.h
diff --git a/src/lib/libcrypto/Makefile.ssl b/src/lib/libcrypto/Makefile.ssl
index 05e3bb701e..6759b2e4d0 100644
--- a/src/lib/libcrypto/Makefile.ssl
+++ b/src/lib/libcrypto/Makefile.ssl
@@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \
34GENERAL=Makefile README crypto-lib.com install.com 34GENERAL=Makefile README crypto-lib.com install.com
35 35
36LIB= $(TOP)/libcrypto.a 36LIB= $(TOP)/libcrypto.a
37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c 37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o 38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
39 39
40SRC= $(LIBSRC) 40SRC= $(LIBSRC)
41 41
@@ -90,7 +90,8 @@ links:
90 90
91lib: $(LIBOBJ) 91lib: $(LIBOBJ)
92 $(AR) $(LIB) $(LIBOBJ) 92 $(AR) $(LIB) $(LIBOBJ)
93 $(RANLIB) $(LIB) 93 @echo You may get an error following this line. Please ignore.
94 - $(RANLIB) $(LIB)
94 @touch lib 95 @touch lib
95 96
96libs: 97libs:
@@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
197tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h 198tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
198tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 199tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
199tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h 200tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
201uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
202uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
203uid.o: ../include/openssl/symhacks.h
diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
index b8059ddffe..dace5be2bc 100644
--- a/src/lib/libcrypto/asn1/Makefile.ssl
+++ b/src/lib/libcrypto/asn1/Makefile.ssl
@@ -75,7 +75,8 @@ all: lib
75 75
76lib: $(LIBOBJ) 76lib: $(LIBOBJ)
77 $(AR) $(LIB) $(LIBOBJ) 77 $(AR) $(LIB) $(LIBOBJ)
78 $(RANLIB) $(LIB) 78 @echo You may get an error following this line. Please ignore.
79 - $(RANLIB) $(LIB)
79 @touch lib 80 @touch lib
80 81
81files: 82files:
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 6b10cff994..732e68fe46 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
133 if(tbl) { 133 if(tbl) {
134 mask = tbl->mask; 134 mask = tbl->mask;
135 if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; 135 if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
136 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, 136 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
137 tbl->minsize, tbl->maxsize); 137 tbl->minsize, tbl->maxsize);
138 } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); 138 } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
139 if(ret <= 0) return NULL; 139 if(ret <= 0) return NULL;
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 77447a5240..a8b651e54e 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
301 return(0); 301 return(0);
302 } 302 }
303 if (c->inf == (1|V_ASN1_CONSTRUCTED)) 303 if (c->inf == (1|V_ASN1_CONSTRUCTED))
304 c->slen= *length+ *(c->pp)-c->p; 304 c->slen= *length;
305 c->eos=0; 305 c->eos=0;
306 return(1); 306 return(1);
307 } 307 }
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
index 4512ba6cc6..af0e664b2d 100644
--- a/src/lib/libcrypto/asn1/asn1_mac.h
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -196,6 +196,9 @@ err:\
196 if ((a != NULL) && (sk_##type##_num(a) != 0)) \ 196 if ((a != NULL) && (sk_##type##_num(a) != 0)) \
197 M_ASN1_I2D_put_SEQUENCE_type(type,a,f); 197 M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
198 198
199#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
200 if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
201
199#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ 202#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
200 if ((c.slen != 0) && \ 203 if ((c.slen != 0) && \
201 (M_ASN1_next == \ 204 (M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
389 if ((a != NULL) && (sk_##type##_num(a) != 0)) \ 392 if ((a != NULL) && (sk_##type##_num(a) != 0)) \
390 M_ASN1_I2D_len_SEQUENCE_type(type,a,f); 393 M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
391 394
395#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
396 if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
397
392#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ 398#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
393 ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); 399 ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
394 400
@@ -452,6 +458,15 @@ err:\
452 ret+=ASN1_object_size(1,v,mtag); \ 458 ret+=ASN1_object_size(1,v,mtag); \
453 } 459 }
454 460
461#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
462 if (a)\
463 { \
464 v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
465 V_ASN1_UNIVERSAL, \
466 IS_SEQUENCE); \
467 ret+=ASN1_object_size(1,v,mtag); \
468 }
469
455/* Put Macros */ 470/* Put Macros */
456#define M_ASN1_I2D_put(a,f) f(a,&p) 471#define M_ASN1_I2D_put(a,f) f(a,&p)
457 472
@@ -536,6 +551,14 @@ err:\
536 IS_SEQUENCE); \ 551 IS_SEQUENCE); \
537 } 552 }
538 553
554#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
555 if (a) \
556 { \
557 ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
558 i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
559 IS_SEQUENCE); \
560 }
561
539#define M_ASN1_I2D_seq_total() \ 562#define M_ASN1_I2D_seq_total() \
540 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ 563 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
541 if (pp == NULL) return(r); \ 564 if (pp == NULL) return(r); \
diff --git a/src/lib/libcrypto/asn1/p7_lib.c b/src/lib/libcrypto/asn1/p7_lib.c
index b1196ef581..8a340b0119 100644
--- a/src/lib/libcrypto/asn1/p7_lib.c
+++ b/src/lib/libcrypto/asn1/p7_lib.c
@@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
307 } 307 }
308 if (Tinf == (1|V_ASN1_CONSTRUCTED)) 308 if (Tinf == (1|V_ASN1_CONSTRUCTED))
309 { 309 {
310 c.q=c.p;
310 if (!ASN1_check_infinite_end(&c.p,c.slen)) 311 if (!ASN1_check_infinite_end(&c.p,c.slen))
311 { 312 {
312 c.error=ERR_R_MISSING_ASN1_EOS; 313 c.error=ERR_R_MISSING_ASN1_EOS;
313 c.line=__LINE__; 314 c.line=__LINE__;
314 goto err; 315 goto err;
315 } 316 }
317 c.slen-=(c.p-c.q);
316 } 318 }
317 } 319 }
318 else 320 else
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 1f302d0e01..51518cdf35 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
71 71
72 M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); 72 M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
73 M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); 73 M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
74 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 74 M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
75 i2d_X509_EXTENSION); 75 i2d_X509_EXTENSION);
76 76
77 M_ASN1_I2D_seq_total(); 77 M_ASN1_I2D_seq_total();
78 78
79 M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); 79 M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
80 M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); 80 M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
81 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 81 M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
82 i2d_X509_EXTENSION); 82 i2d_X509_EXTENSION);
83 83
84 M_ASN1_I2D_finish(); 84 M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
121 { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } 121 { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
122 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked, 122 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
123 i2d_X509_REVOKED); 123 i2d_X509_REVOKED);
124 M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 124 M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
125 i2d_X509_EXTENSION,0, 125 i2d_X509_EXTENSION,0,
126 V_ASN1_SEQUENCE,v1); 126 V_ASN1_SEQUENCE,v1);
127 127
@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
138 { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); } 138 { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
139 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked, 139 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
140 i2d_X509_REVOKED); 140 i2d_X509_REVOKED);
141 M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 141 M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
142 i2d_X509_EXTENSION,0, 142 i2d_X509_EXTENSION,0,
143 V_ASN1_SEQUENCE,v1); 143 V_ASN1_SEQUENCE,v1);
144 144
@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
260 M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new); 260 M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
261 ret->nextUpdate=NULL; 261 ret->nextUpdate=NULL;
262 M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null); 262 M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
263 M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null); 263 ret->extensions = NULL;
264 sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp); 264 sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
265 return(ret); 265 return(ret);
266 M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW); 266 M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index b832deb928..1885d699ef 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -141,10 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
141 } 141 }
142 size+=i2d_X509_NAME_ENTRY(ne,NULL); 142 size+=i2d_X509_NAME_ENTRY(ne,NULL);
143 } 143 }
144
145 ret+=ASN1_object_size(1,size,V_ASN1_SET);
146 if (fe != NULL) 144 if (fe != NULL)
145 {
146 /* SET OF needed only if entries is non empty */
147 ret+=ASN1_object_size(1,size,V_ASN1_SET);
147 fe->size=size; 148 fe->size=size;
149 }
148 150
149 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); 151 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
150 152
diff --git a/src/lib/libcrypto/bf/Makefile.ssl b/src/lib/libcrypto/bf/Makefile.ssl
index f4eb90f13f..9205ee7901 100644
--- a/src/lib/libcrypto/bf/Makefile.ssl
+++ b/src/lib/libcrypto/bf/Makefile.ssl
@@ -44,7 +44,8 @@ all: lib
44 44
45lib: $(LIBOBJ) 45lib: $(LIBOBJ)
46 $(AR) $(LIB) $(LIBOBJ) 46 $(AR) $(LIB) $(LIBOBJ)
47 $(RANLIB) $(LIB) 47 @echo You may get an error following this line. Please ignore.
48 - $(RANLIB) $(LIB)
48 @touch lib 49 @touch lib
49 50
50# elf 51# elf
diff --git a/src/lib/libcrypto/bio/Makefile.ssl b/src/lib/libcrypto/bio/Makefile.ssl
index 916d651d47..567d3fb870 100644
--- a/src/lib/libcrypto/bio/Makefile.ssl
+++ b/src/lib/libcrypto/bio/Makefile.ssl
@@ -49,7 +49,8 @@ all: lib
49 49
50lib: $(LIBOBJ) 50lib: $(LIBOBJ)
51 $(AR) $(LIB) $(LIBOBJ) 51 $(AR) $(LIB) $(LIBOBJ)
52 $(RANLIB) $(LIB) 52 @echo You may get an error following this line. Please ignore.
53 - $(RANLIB) $(LIB)
53 @touch lib 54 @touch lib
54 55
55files: 56files:
@@ -95,13 +96,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
95b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 96b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
96b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 97b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
97b_dump.o: ../cryptlib.h 98b_dump.o: ../cryptlib.h
98b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 99b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
99b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h 100b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
100b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 101b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
101b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 102b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
102b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 103b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
103b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 104b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
104b_print.o: ../cryptlib.h 105b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
105b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 106b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
106b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h 107b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
107b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 108b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index a62f551635..b4f7a85f2e 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -69,6 +69,7 @@
69#ifndef NO_SYS_TYPES_H 69#ifndef NO_SYS_TYPES_H
70#include <sys/types.h> 70#include <sys/types.h>
71#endif 71#endif
72#include <openssl/bn.h> /* To get BN_LLONG properly defined */
72#include <openssl/bio.h> 73#include <openssl/bio.h>
73 74
74#ifdef BN_LLONG 75#ifdef BN_LLONG
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index 64310058b4..62cc3f1a0c 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
113 113
114 /* At this point, we have something that is most probably correct 114 /* At this point, we have something that is most probably correct
115 in some way, so let's init the socket. */ 115 in some way, so let's init the socket. */
116 if (!BIO_sock_init()) 116 if (BIO_sock_init() != 1)
117 return(0); /* don't generate another error code here */ 117 return 0; /* don't generate another error code here */
118 118
119 /* If the string actually contained an IP address, we need not do 119 /* If the string actually contained an IP address, we need not do
120 anything more */ 120 anything more */
@@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
519 { 519 {
520 int ret=0; 520 int ret=0;
521 struct sockaddr_in server,client; 521 struct sockaddr_in server,client;
522 int s= -1,cs; 522 int s=INVALID_SOCKET,cs;
523 unsigned char ip[4]; 523 unsigned char ip[4];
524 unsigned short port; 524 unsigned short port;
525 char *str,*e; 525 char *str=NULL,*e;
526 const char *h,*p; 526 const char *h,*p;
527 unsigned long l; 527 unsigned long l;
528 int err_num; 528 int err_num;
529 529
530 if (!BIO_sock_init()) return(INVALID_SOCKET); 530 if (BIO_sock_init() != 1) return(INVALID_SOCKET);
531 531
532 if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); 532 if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
533 533
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
553 h="*"; 553 h="*";
554 } 554 }
555 555
556 if (!BIO_get_port(p,&port)) return(INVALID_SOCKET); 556 if (!BIO_get_port(p,&port)) goto err;
557 557
558 memset((char *)&server,0,sizeof(server)); 558 memset((char *)&server,0,sizeof(server));
559 server.sin_family=AF_INET; 559 server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
563 server.sin_addr.s_addr=INADDR_ANY; 563 server.sin_addr.s_addr=INADDR_ANY;
564 else 564 else
565 { 565 {
566 if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET); 566 if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
567 l=(unsigned long) 567 l=(unsigned long)
568 ((unsigned long)ip[0]<<24L)| 568 ((unsigned long)ip[0]<<24L)|
569 ((unsigned long)ip[1]<<16L)| 569 ((unsigned long)ip[1]<<16L)|
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
index 17b72d577f..526d7adb5c 100644
--- a/src/lib/libcrypto/bn/Makefile.ssl
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top
68 68
69lib: $(LIBOBJ) 69lib: $(LIBOBJ)
70 $(AR) $(LIB) $(LIBOBJ) 70 $(AR) $(LIB) $(LIBOBJ)
71 $(RANLIB) $(LIB) 71 @echo You may get an error following this line. Please ignore.
72 - $(RANLIB) $(LIB)
72 @touch lib 73 @touch lib
73 74
74# elf 75# elf
diff --git a/src/lib/libcrypto/bn/asm/mips3.s b/src/lib/libcrypto/bn/asm/mips3.s
index 2df4dcd4b0..45786c00a5 100644
--- a/src/lib/libcrypto/bn/asm/mips3.s
+++ b/src/lib/libcrypto/bn/asm/mips3.s
@@ -586,13 +586,13 @@ LEAF(bn_div_3_words)
586 ld a0,(a3) 586 ld a0,(a3)
587 move ta2,a1 587 move ta2,a1
588 ld a1,-8(a3) 588 ld a1,-8(a3)
589 move ta3,ra 589 bne a0,a2,.L_bn_div_3_words_proceed
590 move v1,zero
591 li v0,-1 590 li v0,-1
592 beq a0,a2,.L_bn_div_3_words_skip_div 591 jr ra
592.L_bn_div_3_words_proceed:
593 move ta3,ra
593 bal bn_div_words 594 bal bn_div_words
594 move ra,ta3 595 move ra,ta3
595.L_bn_div_3_words_skip_div:
596 dmultu ta2,v0 596 dmultu ta2,v0
597 ld t2,-16(a3) 597 ld t2,-16(a3)
598 move ta0,zero 598 move ta0,zero
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2.s b/src/lib/libcrypto/bn/asm/pa-risc2.s
index 7239aa2c76..af9730d062 100644
--- a/src/lib/libcrypto/bn/asm/pa-risc2.s
+++ b/src/lib/libcrypto/bn/asm/pa-risc2.s
@@ -1611,7 +1611,7 @@ bn_mul_comba4
1611 .IMPORT $global$,DATA 1611 .IMPORT $global$,DATA
1612 .SPACE $TEXT$ 1612 .SPACE $TEXT$
1613 .SUBSPA $CODE$ 1613 .SUBSPA $CODE$
1614 .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 1614 .SUBSPA $LIT$,ACCESS=0x2c
1615C$7 1615C$7
1616 .ALIGN 8 1616 .ALIGN 8
1617 .STRINGZ "Division would overflow (%d)\n" 1617 .STRINGZ "Division would overflow (%d)\n"
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2W.s b/src/lib/libcrypto/bn/asm/pa-risc2W.s
index 54b6606252..a99545754d 100644
--- a/src/lib/libcrypto/bn/asm/pa-risc2W.s
+++ b/src/lib/libcrypto/bn/asm/pa-risc2W.s
@@ -1598,7 +1598,7 @@ bn_mul_comba4
1598 .IMPORT $global$,DATA 1598 .IMPORT $global$,DATA
1599 .SPACE $TEXT$ 1599 .SPACE $TEXT$
1600 .SUBSPA $CODE$ 1600 .SUBSPA $CODE$
1601 .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 1601 .SUBSPA $LIT$,ACCESS=0x2c
1602C$4 1602C$4
1603 .ALIGN 8 1603 .ALIGN 8
1604 .STRINGZ "Division would overflow (%d)\n" 1604 .STRINGZ "Division would overflow (%d)\n"
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 1eb8395b25..b232c2ceae 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -239,7 +239,7 @@ typedef struct bignum_st
239 } BIGNUM; 239 } BIGNUM;
240 240
241/* Used for temp variables */ 241/* Used for temp variables */
242#define BN_CTX_NUM 12 242#define BN_CTX_NUM 16
243#define BN_CTX_NUM_POS 12 243#define BN_CTX_NUM_POS 12
244typedef struct bignum_ctx 244typedef struct bignum_ctx
245 { 245 {
@@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
328void BN_CTX_end(BN_CTX *ctx); 328void BN_CTX_end(BN_CTX *ctx);
329int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); 329int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
330int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); 330int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
331int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
331int BN_num_bits(const BIGNUM *a); 332int BN_num_bits(const BIGNUM *a);
332int BN_num_bits_word(BN_ULONG); 333int BN_num_bits_word(BN_ULONG);
333BIGNUM *BN_new(void); 334BIGNUM *BN_new(void);
@@ -467,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
467# define bn_dump(a,b) 468# define bn_dump(a,b)
468#endif 469#endif
469 470
471int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
472
470/* BEGIN ERROR CODES */ 473/* BEGIN ERROR CODES */
471/* The following lines are auto generated by the script mkerr.pl. Any changes 474/* The following lines are auto generated by the script mkerr.pl. Any changes
472 * made after this point may be overwritten when the script is next run. 475 * made after this point may be overwritten when the script is next run.
@@ -493,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
493#define BN_F_BN_MPI2BN 112 496#define BN_F_BN_MPI2BN 112
494#define BN_F_BN_NEW 113 497#define BN_F_BN_NEW 113
495#define BN_F_BN_RAND 114 498#define BN_F_BN_RAND 114
499#define BN_F_BN_RAND_RANGE 122
496#define BN_F_BN_USUB 115 500#define BN_F_BN_USUB 115
497 501
498/* Reason codes. */ 502/* Reason codes. */
499#define BN_R_ARG2_LT_ARG3 100 503#define BN_R_ARG2_LT_ARG3 100
500#define BN_R_BAD_RECIPROCAL 101 504#define BN_R_BAD_RECIPROCAL 101
505#define BN_R_BIGNUM_TOO_LONG 114
501#define BN_R_CALLED_WITH_EVEN_MODULUS 102 506#define BN_R_CALLED_WITH_EVEN_MODULUS 102
502#define BN_R_DIV_BY_ZERO 103 507#define BN_R_DIV_BY_ZERO 103
503#define BN_R_ENCODING_ERROR 104 508#define BN_R_ENCODING_ERROR 104
504#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 509#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
505#define BN_R_INVALID_LENGTH 106 510#define BN_R_INVALID_LENGTH 106
511#define BN_R_INVALID_RANGE 115
506#define BN_R_NOT_INITIALIZED 107 512#define BN_R_NOT_INITIALIZED 107
507#define BN_R_NO_INVERSE 108 513#define BN_R_NO_INVERSE 108
508#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 514#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index c3772c243b..c328b5b411 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
180 180
181 BN_CTX_start(ctx); 181 BN_CTX_start(ctx);
182 tmp=BN_CTX_get(ctx); 182 tmp=BN_CTX_get(ctx);
183 tmp->neg=0;
184 snum=BN_CTX_get(ctx); 183 snum=BN_CTX_get(ctx);
185 sdiv=BN_CTX_get(ctx); 184 sdiv=BN_CTX_get(ctx);
186 if (dv == NULL) 185 if (dv == NULL)
187 res=BN_CTX_get(ctx); 186 res=BN_CTX_get(ctx);
188 else res=dv; 187 else res=dv;
189 if (res == NULL) goto err; 188 if (sdiv==NULL || res == NULL) goto err;
189 tmp->neg=0;
190 190
191 /* First we normalise the numbers */ 191 /* First we normalise the numbers */
192 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); 192 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,7 +237,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
237 for (i=0; i<loop-1; i++) 237 for (i=0; i<loop-1; i++)
238 { 238 {
239 BN_ULONG q,l0; 239 BN_ULONG q,l0;
240#ifdef BN_DIV3W 240#if defined(BN_DIV3W) && !defined(NO_ASM)
241 BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
241 q=bn_div_3_words(wnump,d1,d0); 242 q=bn_div_3_words(wnump,d1,d0);
242#else 243#else
243 BN_ULONG n0,n1,rem=0; 244 BN_ULONG n0,n1,rem=0;
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
index 86550c4c21..adc6a214fc 100644
--- a/src/lib/libcrypto/bn/bn_err.c
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
84{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, 84{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
85{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, 85{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
86{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, 86{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
87{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
87{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, 88{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
88{0,NULL} 89{0,NULL}
89 }; 90 };
@@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
92 { 93 {
93{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, 94{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"},
94{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, 95{BN_R_BAD_RECIPROCAL ,"bad reciprocal"},
96{BN_R_BIGNUM_TOO_LONG ,"bignum too long"},
95{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, 97{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"},
96{BN_R_DIV_BY_ZERO ,"div by zero"}, 98{BN_R_DIV_BY_ZERO ,"div by zero"},
97{BN_R_ENCODING_ERROR ,"encoding error"}, 99{BN_R_ENCODING_ERROR ,"encoding error"},
98{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, 100{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
99{BN_R_INVALID_LENGTH ,"invalid length"}, 101{BN_R_INVALID_LENGTH ,"invalid length"},
102{BN_R_INVALID_RANGE ,"invalid range"},
100{BN_R_NOT_INITIALIZED ,"not initialized"}, 103{BN_R_NOT_INITIALIZED ,"not initialized"},
101{BN_R_NO_INVERSE ,"no inverse"}, 104{BN_R_NO_INVERSE ,"no inverse"},
102{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, 105{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index b6b0ce4b3c..7767d65170 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -62,6 +62,7 @@
62#endif 62#endif
63 63
64#include <assert.h> 64#include <assert.h>
65#include <limits.h>
65#include <stdio.h> 66#include <stdio.h>
66#include "cryptlib.h" 67#include "cryptlib.h"
67#include "bn_lcl.h" 68#include "bn_lcl.h"
@@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
319 320
320 if (words > b->dmax) 321 if (words > b->dmax)
321 { 322 {
323 if (words > (INT_MAX/(4*BN_BITS2)))
324 {
325 BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
326 return NULL;
327 }
328
322 bn_check_top(b); 329 bn_check_top(b);
323 if (BN_get_flags(b,BN_FLG_STATIC_DATA)) 330 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
324 { 331 {
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index 21ecbc04ed..acd0619921 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
76 76
77 bytes=(bits+7)/8; 77 bytes=(bits+7)/8;
78 bit=(bits-1)%8; 78 bit=(bits-1)%8;
79 mask=0xff<<bit; 79 mask=0xff<<(bit+1);
80 80
81 buf=(unsigned char *)OPENSSL_malloc(bytes); 81 buf=(unsigned char *)OPENSSL_malloc(bytes);
82 if (buf == NULL) 82 if (buf == NULL)
@@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
100 goto err; 100 goto err;
101 } 101 }
102 102
103 if (top) 103#if 1
104 if (pseudorand == 2)
104 { 105 {
105 if (bit == 0) 106 /* generate patterns that are more likely to trigger BN
107 library bugs */
108 int i;
109 unsigned char c;
110
111 for (i = 0; i < bytes; i++)
112 {
113 RAND_pseudo_bytes(&c, 1);
114 if (c >= 128 && i > 0)
115 buf[i] = buf[i-1];
116 else if (c < 42)
117 buf[i] = 0;
118 else if (c < 84)
119 buf[i] = 255;
120 }
121 }
122#endif
123
124 if (top != -1)
125 {
126 if (top)
106 { 127 {
107 buf[0]=1; 128 if (bit == 0)
108 buf[1]|=0x80; 129 {
130 buf[0]=1;
131 buf[1]|=0x80;
132 }
133 else
134 {
135 buf[0]|=(3<<(bit-1));
136 }
109 } 137 }
110 else 138 else
111 { 139 {
112 buf[0]|=(3<<(bit-1)); 140 buf[0]|=(1<<bit);
113 buf[0]&= ~(mask<<1);
114 } 141 }
115 } 142 }
116 else 143 buf[0] &= ~mask;
117 { 144 if (bottom) /* set bottom bit if requested */
118 buf[0]|=(1<<bit);
119 buf[0]&= ~(mask<<1);
120 }
121 if (bottom) /* set bottom bits to whatever odd is */
122 buf[bytes-1]|=1; 145 buf[bytes-1]|=1;
123 if (!BN_bin2bn(buf,bytes,rnd)) goto err; 146 if (!BN_bin2bn(buf,bytes,rnd)) goto err;
124 ret=1; 147 ret=1;
@@ -140,3 +163,61 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
140 { 163 {
141 return bnrand(1, rnd, bits, top, bottom); 164 return bnrand(1, rnd, bits, top, bottom);
142 } 165 }
166
167#if 1
168int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
169 {
170 return bnrand(2, rnd, bits, top, bottom);
171 }
172#endif
173
174/* random number r: 0 <= r < range */
175int BN_rand_range(BIGNUM *r, BIGNUM *range)
176 {
177 int n;
178
179 if (range->neg || BN_is_zero(range))
180 {
181 BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
182 return 0;
183 }
184
185 n = BN_num_bits(range); /* n > 0 */
186
187 if (n == 1)
188 {
189 if (!BN_zero(r)) return 0;
190 }
191 else if (BN_is_bit_set(range, n - 2))
192 {
193 do
194 {
195 /* range = 11..._2, so each iteration succeeds with probability >= .75 */
196 if (!BN_rand(r, n, -1, 0)) return 0;
197 }
198 while (BN_cmp(r, range) >= 0);
199 }
200 else
201 {
202 /* range = 10..._2,
203 * so 3*range (= 11..._2) is exactly one bit longer than range */
204 do
205 {
206 if (!BN_rand(r, n + 1, -1, 0)) return 0;
207 /* If r < 3*range, use r := r MOD range
208 * (which is either r, r - range, or r - 2*range).
209 * Otherwise, iterate once more.
210 * Since 3*range = 11..._2, each iteration succeeds with
211 * probability >= .75. */
212 if (BN_cmp(r ,range) >= 0)
213 {
214 if (!BN_sub(r, r, range)) return 0;
215 if (BN_cmp(r, range) >= 0)
216 if (!BN_sub(r, r, range)) return 0;
217 }
218 }
219 while (BN_cmp(r, range) >= 0);
220 }
221
222 return 1;
223 }
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c
index 0883247384..c2608f9f4a 100644
--- a/src/lib/libcrypto/bn/bn_shift.c
+++ b/src/lib/libcrypto/bn/bn_shift.c
@@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
172 r->neg=a->neg; 172 r->neg=a->neg;
173 if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); 173 if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
174 } 174 }
175 else
176 {
177 if (n == 0)
178 return 1; /* or the copying loop will go berserk */
179 }
175 180
176 f= &(a->d[nw]); 181 f= &(a->d[nw]);
177 t=r->d; 182 t=r->d;
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index 0a97af69c5..af0c2629e8 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
107static void message(BIO *out, char *m) 107static void message(BIO *out, char *m)
108 { 108 {
109 fprintf(stderr, "test %s\n", m); 109 fprintf(stderr, "test %s\n", m);
110#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
111 BIO_puts(out, "print \"test "); 110 BIO_puts(out, "print \"test ");
112 BIO_puts(out, m); 111 BIO_puts(out, m);
113 BIO_puts(out, "\\n\"\n"); 112 BIO_puts(out, "\\n\"\n");
114#endif
115 } 113 }
116 114
117int main(int argc, char *argv[]) 115int main(int argc, char *argv[])
@@ -122,9 +120,7 @@ int main(int argc, char *argv[])
122 120
123 results = 0; 121 results = 0;
124 122
125 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't 123 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
126 * even check its return value
127 * (which we should) */
128 124
129 argc--; 125 argc--;
130 argv++; 126 argv++;
@@ -253,10 +249,10 @@ int test_add(BIO *bp)
253 BN_init(&b); 249 BN_init(&b);
254 BN_init(&c); 250 BN_init(&c);
255 251
256 BN_rand(&a,512,0,0); 252 BN_bntest_rand(&a,512,0,0);
257 for (i=0; i<num0; i++) 253 for (i=0; i<num0; i++)
258 { 254 {
259 BN_rand(&b,450+i,0,0); 255 BN_bntest_rand(&b,450+i,0,0);
260 a.neg=rand_neg(); 256 a.neg=rand_neg();
261 b.neg=rand_neg(); 257 b.neg=rand_neg();
262 if (bp == NULL) 258 if (bp == NULL)
@@ -305,14 +301,14 @@ int test_sub(BIO *bp)
305 { 301 {
306 if (i < num1) 302 if (i < num1)
307 { 303 {
308 BN_rand(&a,512,0,0); 304 BN_bntest_rand(&a,512,0,0);
309 BN_copy(&b,&a); 305 BN_copy(&b,&a);
310 if (BN_set_bit(&a,i)==0) return(0); 306 if (BN_set_bit(&a,i)==0) return(0);
311 BN_add_word(&b,i); 307 BN_add_word(&b,i);
312 } 308 }
313 else 309 else
314 { 310 {
315 BN_rand(&b,400+i-num1,0,0); 311 BN_bntest_rand(&b,400+i-num1,0,0);
316 a.neg=rand_neg(); 312 a.neg=rand_neg();
317 b.neg=rand_neg(); 313 b.neg=rand_neg();
318 } 314 }
@@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
362 { 358 {
363 if (i < num1) 359 if (i < num1)
364 { 360 {
365 BN_rand(&a,400,0,0); 361 BN_bntest_rand(&a,400,0,0);
366 BN_copy(&b,&a); 362 BN_copy(&b,&a);
367 BN_lshift(&a,&a,i); 363 BN_lshift(&a,&a,i);
368 BN_add_word(&a,i); 364 BN_add_word(&a,i);
369 } 365 }
370 else 366 else
371 BN_rand(&b,50+3*(i-num1),0,0); 367 BN_bntest_rand(&b,50+3*(i-num1),0,0);
372 a.neg=rand_neg(); 368 a.neg=rand_neg();
373 b.neg=rand_neg(); 369 b.neg=rand_neg();
374 if (bp == NULL) 370 if (bp == NULL)
@@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
432 { 428 {
433 if (i < num1) 429 if (i < num1)
434 { 430 {
435 BN_rand(&a,400,0,0); 431 BN_bntest_rand(&a,400,0,0);
436 BN_copy(&b,&a); 432 BN_copy(&b,&a);
437 BN_lshift(&a,&a,i); 433 BN_lshift(&a,&a,i);
438 BN_add_word(&a,i); 434 BN_add_word(&a,i);
439 } 435 }
440 else 436 else
441 BN_rand(&b,50+3*(i-num1),0,0); 437 BN_bntest_rand(&b,50+3*(i-num1),0,0);
442 a.neg=rand_neg(); 438 a.neg=rand_neg();
443 b.neg=rand_neg(); 439 b.neg=rand_neg();
444 BN_RECP_CTX_set(&recp,&b,ctx); 440 BN_RECP_CTX_set(&recp,&b,ctx);
@@ -509,11 +505,11 @@ int test_mul(BIO *bp)
509 { 505 {
510 if (i <= num1) 506 if (i <= num1)
511 { 507 {
512 BN_rand(&a,100,0,0); 508 BN_bntest_rand(&a,100,0,0);
513 BN_rand(&b,100,0,0); 509 BN_bntest_rand(&b,100,0,0);
514 } 510 }
515 else 511 else
516 BN_rand(&b,i-num1,0,0); 512 BN_bntest_rand(&b,i-num1,0,0);
517 a.neg=rand_neg(); 513 a.neg=rand_neg();
518 b.neg=rand_neg(); 514 b.neg=rand_neg();
519 if (bp == NULL) 515 if (bp == NULL)
@@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
562 558
563 for (i=0; i<num0; i++) 559 for (i=0; i<num0; i++)
564 { 560 {
565 BN_rand(&a,40+i*10,0,0); 561 BN_bntest_rand(&a,40+i*10,0,0);
566 a.neg=rand_neg(); 562 a.neg=rand_neg();
567 if (bp == NULL) 563 if (bp == NULL)
568 for (j=0; j<100; j++) 564 for (j=0; j<100; j++)
@@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)
613 609
614 mont=BN_MONT_CTX_new(); 610 mont=BN_MONT_CTX_new();
615 611
616 BN_rand(&a,100,0,0); /**/ 612 BN_bntest_rand(&a,100,0,0); /**/
617 BN_rand(&b,100,0,0); /**/ 613 BN_bntest_rand(&b,100,0,0); /**/
618 for (i=0; i<num2; i++) 614 for (i=0; i<num2; i++)
619 { 615 {
620 int bits = (200*(i+1))/num2; 616 int bits = (200*(i+1))/num2;
621 617
622 if (bits == 0) 618 if (bits == 0)
623 continue; 619 continue;
624 BN_rand(&n,bits,0,1); 620 BN_bntest_rand(&n,bits,0,1);
625 BN_MONT_CTX_set(mont,&n,ctx); 621 BN_MONT_CTX_set(mont,&n,ctx);
626 622
627 BN_to_montgomery(&A,&a,mont,ctx); 623 BN_to_montgomery(&A,&a,mont,ctx);
@@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
683 d=BN_new(); 679 d=BN_new();
684 e=BN_new(); 680 e=BN_new();
685 681
686 BN_rand(a,1024,0,0); /**/ 682 BN_bntest_rand(a,1024,0,0); /**/
687 for (i=0; i<num0; i++) 683 for (i=0; i<num0; i++)
688 { 684 {
689 BN_rand(b,450+i*10,0,0); /**/ 685 BN_bntest_rand(b,450+i*10,0,0); /**/
690 a->neg=rand_neg(); 686 a->neg=rand_neg();
691 b->neg=rand_neg(); 687 b->neg=rand_neg();
692 if (bp == NULL) 688 if (bp == NULL)
@@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
732 d=BN_new(); 728 d=BN_new();
733 e=BN_new(); 729 e=BN_new();
734 730
735 BN_rand(c,1024,0,0); /**/ 731 BN_bntest_rand(c,1024,0,0); /**/
736 for (i=0; i<num0; i++) 732 for (i=0; i<num0; i++)
737 { 733 {
738 BN_rand(a,475+i*10,0,0); /**/ 734 BN_bntest_rand(a,475+i*10,0,0); /**/
739 BN_rand(b,425+i*11,0,0); /**/ 735 BN_bntest_rand(b,425+i*11,0,0); /**/
740 a->neg=rand_neg(); 736 a->neg=rand_neg();
741 b->neg=rand_neg(); 737 b->neg=rand_neg();
742 /* if (bp == NULL) 738 /* if (bp == NULL)
@@ -794,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
794 d=BN_new(); 790 d=BN_new();
795 e=BN_new(); 791 e=BN_new();
796 792
797 BN_rand(c,30,0,1); /* must be odd for montgomery */ 793 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
798 for (i=0; i<num2; i++) 794 for (i=0; i<num2; i++)
799 { 795 {
800 BN_rand(a,20+i*5,0,0); /**/ 796 BN_bntest_rand(a,20+i*5,0,0); /**/
801 BN_rand(b,2+i,0,0); /**/ 797 BN_bntest_rand(b,2+i,0,0); /**/
802 798
803 if (!BN_mod_exp(d,a,b,c,ctx)) 799 if (!BN_mod_exp(d,a,b,c,ctx))
804 return(00); 800 return(00);
@@ -848,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)
848 844
849 for (i=0; i<num2; i++) 845 for (i=0; i<num2; i++)
850 { 846 {
851 BN_rand(a,20+i*5,0,0); /**/ 847 BN_bntest_rand(a,20+i*5,0,0); /**/
852 BN_rand(b,2+i,0,0); /**/ 848 BN_bntest_rand(b,2+i,0,0); /**/
853 849
854 if (!BN_exp(d,a,b,ctx)) 850 if (!BN_exp(d,a,b,ctx))
855 return(00); 851 return(00);
@@ -899,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
899 else 895 else
900 { 896 {
901 a=BN_new(); 897 a=BN_new();
902 BN_rand(a,200,0,0); /**/ 898 BN_bntest_rand(a,200,0,0); /**/
903 a->neg=rand_neg(); 899 a->neg=rand_neg();
904 } 900 }
905 for (i=0; i<num0; i++) 901 for (i=0; i<num0; i++)
@@ -951,7 +947,7 @@ int test_lshift1(BIO *bp)
951 b=BN_new(); 947 b=BN_new();
952 c=BN_new(); 948 c=BN_new();
953 949
954 BN_rand(a,200,0,0); /**/ 950 BN_bntest_rand(a,200,0,0); /**/
955 a->neg=rand_neg(); 951 a->neg=rand_neg();
956 for (i=0; i<num0; i++) 952 for (i=0; i<num0; i++)
957 { 953 {
@@ -995,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
995 e=BN_new(); 991 e=BN_new();
996 BN_one(c); 992 BN_one(c);
997 993
998 BN_rand(a,200,0,0); /**/ 994 BN_bntest_rand(a,200,0,0); /**/
999 a->neg=rand_neg(); 995 a->neg=rand_neg();
1000 for (i=0; i<num0; i++) 996 for (i=0; i<num0; i++)
1001 { 997 {
@@ -1038,7 +1034,7 @@ int test_rshift1(BIO *bp)
1038 b=BN_new(); 1034 b=BN_new();
1039 c=BN_new(); 1035 c=BN_new();
1040 1036
1041 BN_rand(a,200,0,0); /**/ 1037 BN_bntest_rand(a,200,0,0); /**/
1042 a->neg=rand_neg(); 1038 a->neg=rand_neg();
1043 for (i=0; i<num0; i++) 1039 for (i=0; i<num0; i++)
1044 { 1040 {
diff --git a/src/lib/libcrypto/buffer/Makefile.ssl b/src/lib/libcrypto/buffer/Makefile.ssl
index f473d1ab4b..a64681fd22 100644
--- a/src/lib/libcrypto/buffer/Makefile.ssl
+++ b/src/lib/libcrypto/buffer/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/cast/Makefile.ssl b/src/lib/libcrypto/cast/Makefile.ssl
index 4c70d1e3e8..1f8b898f7c 100644
--- a/src/lib/libcrypto/cast/Makefile.ssl
+++ b/src/lib/libcrypto/cast/Makefile.ssl
@@ -47,7 +47,8 @@ all: lib
47 47
48lib: $(LIBOBJ) 48lib: $(LIBOBJ)
49 $(AR) $(LIB) $(LIBOBJ) 49 $(AR) $(LIB) $(LIBOBJ)
50 $(RANLIB) $(LIB) 50 @echo You may get an error following this line. Please ignore.
51 - $(RANLIB) $(LIB)
51 @touch lib 52 @touch lib
52 53
53# elf 54# elf
diff --git a/src/lib/libcrypto/comp/Makefile.ssl b/src/lib/libcrypto/comp/Makefile.ssl
index 39e7993416..b696ac75fe 100644
--- a/src/lib/libcrypto/comp/Makefile.ssl
+++ b/src/lib/libcrypto/comp/Makefile.ssl
@@ -42,7 +42,8 @@ all: lib
42 42
43lib: $(LIBOBJ) 43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ) 44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) 45 @echo You may get an error following this line. Please ignore.
46 - $(RANLIB) $(LIB)
46 @touch lib 47 @touch lib
47 48
48files: 49files:
diff --git a/src/lib/libcrypto/conf/Makefile.ssl b/src/lib/libcrypto/conf/Makefile.ssl
index efbb578981..9df4fca877 100644
--- a/src/lib/libcrypto/conf/Makefile.ssl
+++ b/src/lib/libcrypto/conf/Makefile.ssl
@@ -40,7 +40,8 @@ all: lib
40 40
41lib: $(LIBOBJ) 41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ) 42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) 43 @echo You may get an error following this line. Please ignore.
44 - $(RANLIB) $(LIB)
44 @touch lib 45 @touch lib
45 46
46files: 47files:
diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h
index 2f70634455..cd40a0db21 100644
--- a/src/lib/libcrypto/conf/conf.h
+++ b/src/lib/libcrypto/conf/conf.h
@@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
167#define CONF_R_MISSING_EQUAL_SIGN 101 167#define CONF_R_MISSING_EQUAL_SIGN 101
168#define CONF_R_NO_CLOSE_BRACE 102 168#define CONF_R_NO_CLOSE_BRACE 102
169#define CONF_R_NO_CONF 105 169#define CONF_R_NO_CONF 105
170#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
171#define CONF_R_NO_SECTION 107
170#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 172#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
171#define CONF_R_VARIABLE_HAS_NO_VALUE 104 173#define CONF_R_VARIABLE_HAS_NO_VALUE 104
172 174
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
index 06d3163573..8c2bc6f1c4 100644
--- a/src/lib/libcrypto/conf/conf_err.c
+++ b/src/lib/libcrypto/conf/conf_err.c
@@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]=
87{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, 87{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"},
88{CONF_R_NO_CLOSE_BRACE ,"no close brace"}, 88{CONF_R_NO_CLOSE_BRACE ,"no close brace"},
89{CONF_R_NO_CONF ,"no conf"}, 89{CONF_R_NO_CONF ,"no conf"},
90{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"},
91{CONF_R_NO_SECTION ,"no section"},
90{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, 92{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"},
91{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, 93{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"},
92{0,NULL} 94{0,NULL}
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c
index 4c8ca9e9ae..11ec639732 100644
--- a/src/lib/libcrypto/conf/conf_lib.c
+++ b/src/lib/libcrypto/conf/conf_lib.c
@@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
131 131
132STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section) 132STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
133 { 133 {
134 CONF ctmp; 134 if (conf == NULL)
135 {
136 return NULL;
137 }
138 else
139 {
140 CONF ctmp;
135 141
136 if (default_CONF_method == NULL) 142 if (default_CONF_method == NULL)
137 default_CONF_method = NCONF_default(); 143 default_CONF_method = NCONF_default();
138 144
139 default_CONF_method->init(&ctmp); 145 default_CONF_method->init(&ctmp);
140 ctmp.data = conf; 146 ctmp.data = conf;
141 return NCONF_get_section(&ctmp, section); 147 return NCONF_get_section(&ctmp, section);
148 }
142 } 149 }
143 150
144char *CONF_get_string(LHASH *conf,char *group,char *name) 151char *CONF_get_string(LHASH *conf,char *group,char *name)
145 { 152 {
146 CONF ctmp; 153 if (conf == NULL)
154 {
155 return NCONF_get_string(NULL, group, name);
156 }
157 else
158 {
159 CONF ctmp;
147 160
148 if (default_CONF_method == NULL) 161 if (default_CONF_method == NULL)
149 default_CONF_method = NCONF_default(); 162 default_CONF_method = NCONF_default();
150 163
151 default_CONF_method->init(&ctmp); 164 default_CONF_method->init(&ctmp);
152 ctmp.data = conf; 165 ctmp.data = conf;
153 return NCONF_get_string(&ctmp, group, name); 166 return NCONF_get_string(&ctmp, group, name);
167 }
154 } 168 }
155 169
156long CONF_get_number(LHASH *conf,char *group,char *name) 170long CONF_get_number(LHASH *conf,char *group,char *name)
157 { 171 {
158 CONF ctmp; 172 if (conf == NULL)
173 {
174 return NCONF_get_number(NULL, group, name);
175 }
176 else
177 {
178 CONF ctmp;
159 179
160 if (default_CONF_method == NULL) 180 if (default_CONF_method == NULL)
161 default_CONF_method = NCONF_default(); 181 default_CONF_method = NCONF_default();
162 182
163 default_CONF_method->init(&ctmp); 183 default_CONF_method->init(&ctmp);
164 ctmp.data = conf; 184 ctmp.data = conf;
165 return NCONF_get_number(&ctmp, group, name); 185 return NCONF_get_number(&ctmp, group, name);
186 }
166 } 187 }
167 188
168void CONF_free(LHASH *conf) 189void CONF_free(LHASH *conf)
@@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
299 return NULL; 320 return NULL;
300 } 321 }
301 322
323 if (section == NULL)
324 {
325 CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
326 return NULL;
327 }
328
302 return _CONF_get_section_values(conf, section); 329 return _CONF_get_section_values(conf, section);
303 } 330 }
304 331
305char *NCONF_get_string(CONF *conf,char *group,char *name) 332char *NCONF_get_string(CONF *conf,char *group,char *name)
306 { 333 {
334 char *s = _CONF_get_string(conf, group, name);
335
336 /* Since we may get a value from an environment variable even
337 if conf is NULL, let's check the value first */
338 if (s) return s;
339
307 if (conf == NULL) 340 if (conf == NULL)
308 { 341 {
309 CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF); 342 CONFerr(CONF_F_NCONF_GET_STRING,
343 CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
310 return NULL; 344 return NULL;
311 } 345 }
312 346 return NULL;
313 return _CONF_get_string(conf, group, name);
314 } 347 }
315 348
316long NCONF_get_number(CONF *conf,char *group,char *name) 349long NCONF_get_number(CONF *conf,char *group,char *name)
317 { 350 {
351#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
352 an environment variable with a suitable name. Unfortunately, there's
353 no way with the current API to see if we found one or not...
354 The meaning of this is that if a number is not found anywhere, it
355 will always default to 0. */
318 if (conf == NULL) 356 if (conf == NULL)
319 { 357 {
320 CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF); 358 CONFerr(CONF_F_NCONF_GET_NUMBER,
359 CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
321 return 0; 360 return 0;
322 } 361 }
362#endif
323 363
324 return _CONF_get_number(conf, group, name); 364 return _CONF_get_number(conf, group, name);
325 } 365 }
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index 21d56a4b50..482a136177 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -174,7 +174,7 @@ $!
174$ APPS_DES = "DES/DES,CBC3_ENC" 174$ APPS_DES = "DES/DES,CBC3_ENC"
175$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" 175$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
176$ 176$
177$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err" 177$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
178$ LIB_MD2 = "md2_dgst,md2_one" 178$ LIB_MD2 = "md2_dgst,md2_one"
179$ LIB_MD4 = "md4_dgst,md4_one" 179$ LIB_MD4 = "md4_dgst,md4_one"
180$ LIB_MD5 = "md5_dgst,md5_one" 180$ LIB_MD5 = "md5_dgst,md5_one"
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index 52ee97b71a..9257673279 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -278,6 +278,8 @@ int CRYPTO_is_mem_check_on(void);
278const char *SSLeay_version(int type); 278const char *SSLeay_version(int type);
279unsigned long SSLeay(void); 279unsigned long SSLeay(void);
280 280
281int OPENSSL_issetugid(void);
282
281int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, 283int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
282 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 284 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
283int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); 285int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl
index 34a360b7ab..cc5379feb2 100644
--- a/src/lib/libcrypto/des/Makefile.ssl
+++ b/src/lib/libcrypto/des/Makefile.ssl
@@ -57,7 +57,8 @@ all: lib
57 57
58lib: $(LIBOBJ) 58lib: $(LIBOBJ)
59 $(AR) $(LIB) $(LIBOBJ) 59 $(AR) $(LIB) $(LIBOBJ)
60 $(RANLIB) $(LIB) 60 @echo You may get an error following this line. Please ignore.
61 - $(RANLIB) $(LIB)
61 @touch lib 62 @touch lib
62 63
63des: des.o cbc3_enc.o lib 64des: des.o cbc3_enc.o lib
diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl
index f054071077..c890766bc9 100644
--- a/src/lib/libcrypto/des/asm/des-586.pl
+++ b/src/lib/libcrypto/des/asm/des-586.pl
@@ -20,11 +20,11 @@ $L="edi";
20$R="esi"; 20$R="esi";
21 21
22&external_label("des_SPtrans"); 22&external_label("des_SPtrans");
23&des_encrypt("des_encrypt",1); 23&des_encrypt("des_encrypt1",1);
24&des_encrypt("des_encrypt2",0); 24&des_encrypt("des_encrypt2",0);
25&des_encrypt3("des_encrypt3",1); 25&des_encrypt3("des_encrypt3",1);
26&des_encrypt3("des_decrypt3",0); 26&des_encrypt3("des_decrypt3",0);
27&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); 27&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
28&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); 28&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
29 29
30&asm_finish(); 30&asm_finish();
diff --git a/src/lib/libcrypto/des/asm/des686.pl b/src/lib/libcrypto/des/asm/des686.pl
index 77dc5b51cd..84c3e85438 100644
--- a/src/lib/libcrypto/des/asm/des686.pl
+++ b/src/lib/libcrypto/des/asm/des686.pl
@@ -46,7 +46,7 @@ EOF
46$L="edi"; 46$L="edi";
47$R="esi"; 47$R="esi";
48 48
49&des_encrypt("des_encrypt",1); 49&des_encrypt("des_encrypt1",1);
50&des_encrypt("des_encrypt2",0); 50&des_encrypt("des_encrypt2",0);
51 51
52&des_encrypt3("des_encrypt3",1); 52&des_encrypt3("des_encrypt3",1);
diff --git a/src/lib/libcrypto/des/asm/readme b/src/lib/libcrypto/des/asm/readme
index f8529d9307..1beafe253b 100644
--- a/src/lib/libcrypto/des/asm/readme
+++ b/src/lib/libcrypto/des/asm/readme
@@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-).
8 8
9The file to implement in assembler is des_enc.c. Replace the following 9The file to implement in assembler is des_enc.c. Replace the following
104 functions 104 functions
11des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt); 11des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
12des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); 12des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
13des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); 13des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
14des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); 14des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
diff --git a/src/lib/libcrypto/des/cbc_cksm.c b/src/lib/libcrypto/des/cbc_cksm.c
index 1e543cb2a1..b857df0985 100644
--- a/src/lib/libcrypto/des/cbc_cksm.c
+++ b/src/lib/libcrypto/des/cbc_cksm.c
@@ -82,7 +82,7 @@ DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
82 82
83 tin0^=tout0; tin[0]=tin0; 83 tin0^=tout0; tin[0]=tin0;
84 tin1^=tout1; tin[1]=tin1; 84 tin1^=tout1; tin[1]=tin1;
85 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 85 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
86 /* fix 15/10/91 eay - thanks to keithr@sco.COM */ 86 /* fix 15/10/91 eay - thanks to keithr@sco.COM */
87 tout0=tin[0]; 87 tout0=tin[0];
88 tout1=tin[1]; 88 tout1=tin[1];
diff --git a/src/lib/libcrypto/des/cfb64enc.c b/src/lib/libcrypto/des/cfb64enc.c
index 389a232cb3..105530dfa3 100644
--- a/src/lib/libcrypto/des/cfb64enc.c
+++ b/src/lib/libcrypto/des/cfb64enc.c
@@ -82,7 +82,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
82 { 82 {
83 c2l(iv,v0); ti[0]=v0; 83 c2l(iv,v0); ti[0]=v0;
84 c2l(iv,v1); ti[1]=v1; 84 c2l(iv,v1); ti[1]=v1;
85 des_encrypt(ti,schedule,DES_ENCRYPT); 85 des_encrypt1(ti,schedule,DES_ENCRYPT);
86 iv = &(*ivec)[0]; 86 iv = &(*ivec)[0];
87 v0=ti[0]; l2c(v0,iv); 87 v0=ti[0]; l2c(v0,iv);
88 v0=ti[1]; l2c(v0,iv); 88 v0=ti[1]; l2c(v0,iv);
@@ -102,7 +102,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
102 { 102 {
103 c2l(iv,v0); ti[0]=v0; 103 c2l(iv,v0); ti[0]=v0;
104 c2l(iv,v1); ti[1]=v1; 104 c2l(iv,v1); ti[1]=v1;
105 des_encrypt(ti,schedule,DES_ENCRYPT); 105 des_encrypt1(ti,schedule,DES_ENCRYPT);
106 iv = &(*ivec)[0]; 106 iv = &(*ivec)[0];
107 v0=ti[0]; l2c(v0,iv); 107 v0=ti[0]; l2c(v0,iv);
108 v0=ti[1]; l2c(v0,iv); 108 v0=ti[1]; l2c(v0,iv);
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
index cca34dd7c5..ec4fd4ea67 100644
--- a/src/lib/libcrypto/des/cfb_enc.c
+++ b/src/lib/libcrypto/des/cfb_enc.c
@@ -100,7 +100,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
100 l-=n; 100 l-=n;
101 ti[0]=v0; 101 ti[0]=v0;
102 ti[1]=v1; 102 ti[1]=v1;
103 des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); 103 des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
104 c2ln(in,d0,d1,n); 104 c2ln(in,d0,d1,n);
105 in+=n; 105 in+=n;
106 d0=(d0^ti[0])&mask0; 106 d0=(d0^ti[0])&mask0;
@@ -132,7 +132,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
132 l-=n; 132 l-=n;
133 ti[0]=v0; 133 ti[0]=v0;
134 ti[1]=v1; 134 ti[1]=v1;
135 des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); 135 des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
136 c2ln(in,d0,d1,n); 136 c2ln(in,d0,d1,n);
137 in+=n; 137 in+=n;
138 /* 30-08-94 - eay - changed because l>>32 and 138 /* 30-08-94 - eay - changed because l>>32 and
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
index 2db9748cb4..6b8a7ee11b 100644
--- a/src/lib/libcrypto/des/des.h
+++ b/src/lib/libcrypto/des/des.h
@@ -147,14 +147,14 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
147 Data is a pointer to 2 unsigned long's and ks is the 147 Data is a pointer to 2 unsigned long's and ks is the
148 des_key_schedule to use. enc, is non zero specifies encryption, 148 des_key_schedule to use. enc, is non zero specifies encryption,
149 zero if decryption. */ 149 zero if decryption. */
150void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); 150void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);
151 151
152/* This functions is the same as des_encrypt() except that the DES 152/* This functions is the same as des_encrypt1() except that the DES
153 initial permutation (IP) and final permutation (FP) have been left 153 initial permutation (IP) and final permutation (FP) have been left
154 out. As for des_encrypt(), you should not use this function. 154 out. As for des_encrypt1(), you should not use this function.
155 It is used by the routines in the library that implement triple DES. 155 It is used by the routines in the library that implement triple DES.
156 IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same 156 IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
157 as des_encrypt() des_encrypt() des_encrypt() except faster :-). */ 157 as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
158void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); 158void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
159 159
160void des_encrypt3(DES_LONG *data, des_key_schedule ks1, 160void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
index 8311e10628..0bd9fa39bc 100644
--- a/src/lib/libcrypto/des/des_enc.c
+++ b/src/lib/libcrypto/des/des_enc.c
@@ -58,7 +58,7 @@
58 58
59#include "des_locl.h" 59#include "des_locl.h"
60 60
61void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) 61void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
62 { 62 {
63 register DES_LONG l,r,t,u; 63 register DES_LONG l,r,t,u;
64#ifdef DES_PTR 64#ifdef DES_PTR
diff --git a/src/lib/libcrypto/des/des_opts.c b/src/lib/libcrypto/des/des_opts.c
index b2ca7ac31d..138ee1c6b4 100644
--- a/src/lib/libcrypto/des/des_opts.c
+++ b/src/lib/libcrypto/des/des_opts.c
@@ -118,7 +118,7 @@ extern void exit();
118#undef DES_RISC2 118#undef DES_RISC2
119#undef DES_PTR 119#undef DES_PTR
120#undef D_ENCRYPT 120#undef D_ENCRYPT
121#define des_encrypt des_encrypt_u4_cisc_idx 121#define des_encrypt1 des_encrypt_u4_cisc_idx
122#define des_encrypt2 des_encrypt2_u4_cisc_idx 122#define des_encrypt2 des_encrypt2_u4_cisc_idx
123#define des_encrypt3 des_encrypt3_u4_cisc_idx 123#define des_encrypt3 des_encrypt3_u4_cisc_idx
124#define des_decrypt3 des_decrypt3_u4_cisc_idx 124#define des_decrypt3 des_decrypt3_u4_cisc_idx
@@ -130,11 +130,11 @@ extern void exit();
130#undef DES_RISC2 130#undef DES_RISC2
131#undef DES_PTR 131#undef DES_PTR
132#undef D_ENCRYPT 132#undef D_ENCRYPT
133#undef des_encrypt 133#undef des_encrypt1
134#undef des_encrypt2 134#undef des_encrypt2
135#undef des_encrypt3 135#undef des_encrypt3
136#undef des_decrypt3 136#undef des_decrypt3
137#define des_encrypt des_encrypt_u16_cisc_idx 137#define des_encrypt1 des_encrypt_u16_cisc_idx
138#define des_encrypt2 des_encrypt2_u16_cisc_idx 138#define des_encrypt2 des_encrypt2_u16_cisc_idx
139#define des_encrypt3 des_encrypt3_u16_cisc_idx 139#define des_encrypt3 des_encrypt3_u16_cisc_idx
140#define des_decrypt3 des_decrypt3_u16_cisc_idx 140#define des_decrypt3 des_decrypt3_u16_cisc_idx
@@ -146,11 +146,11 @@ extern void exit();
146#undef DES_RISC2 146#undef DES_RISC2
147#undef DES_PTR 147#undef DES_PTR
148#undef D_ENCRYPT 148#undef D_ENCRYPT
149#undef des_encrypt 149#undef des_encrypt1
150#undef des_encrypt2 150#undef des_encrypt2
151#undef des_encrypt3 151#undef des_encrypt3
152#undef des_decrypt3 152#undef des_decrypt3
153#define des_encrypt des_encrypt_u4_risc1_idx 153#define des_encrypt1 des_encrypt_u4_risc1_idx
154#define des_encrypt2 des_encrypt2_u4_risc1_idx 154#define des_encrypt2 des_encrypt2_u4_risc1_idx
155#define des_encrypt3 des_encrypt3_u4_risc1_idx 155#define des_encrypt3 des_encrypt3_u4_risc1_idx
156#define des_decrypt3 des_decrypt3_u4_risc1_idx 156#define des_decrypt3 des_decrypt3_u4_risc1_idx
@@ -166,11 +166,11 @@ extern void exit();
166#define DES_RISC2 166#define DES_RISC2
167#undef DES_PTR 167#undef DES_PTR
168#undef D_ENCRYPT 168#undef D_ENCRYPT
169#undef des_encrypt 169#undef des_encrypt1
170#undef des_encrypt2 170#undef des_encrypt2
171#undef des_encrypt3 171#undef des_encrypt3
172#undef des_decrypt3 172#undef des_decrypt3
173#define des_encrypt des_encrypt_u4_risc2_idx 173#define des_encrypt1 des_encrypt_u4_risc2_idx
174#define des_encrypt2 des_encrypt2_u4_risc2_idx 174#define des_encrypt2 des_encrypt2_u4_risc2_idx
175#define des_encrypt3 des_encrypt3_u4_risc2_idx 175#define des_encrypt3 des_encrypt3_u4_risc2_idx
176#define des_decrypt3 des_decrypt3_u4_risc2_idx 176#define des_decrypt3 des_decrypt3_u4_risc2_idx
@@ -182,11 +182,11 @@ extern void exit();
182#undef DES_RISC2 182#undef DES_RISC2
183#undef DES_PTR 183#undef DES_PTR
184#undef D_ENCRYPT 184#undef D_ENCRYPT
185#undef des_encrypt 185#undef des_encrypt1
186#undef des_encrypt2 186#undef des_encrypt2
187#undef des_encrypt3 187#undef des_encrypt3
188#undef des_decrypt3 188#undef des_decrypt3
189#define des_encrypt des_encrypt_u16_risc1_idx 189#define des_encrypt1 des_encrypt_u16_risc1_idx
190#define des_encrypt2 des_encrypt2_u16_risc1_idx 190#define des_encrypt2 des_encrypt2_u16_risc1_idx
191#define des_encrypt3 des_encrypt3_u16_risc1_idx 191#define des_encrypt3 des_encrypt3_u16_risc1_idx
192#define des_decrypt3 des_decrypt3_u16_risc1_idx 192#define des_decrypt3 des_decrypt3_u16_risc1_idx
@@ -198,11 +198,11 @@ extern void exit();
198#define DES_RISC2 198#define DES_RISC2
199#undef DES_PTR 199#undef DES_PTR
200#undef D_ENCRYPT 200#undef D_ENCRYPT
201#undef des_encrypt 201#undef des_encrypt1
202#undef des_encrypt2 202#undef des_encrypt2
203#undef des_encrypt3 203#undef des_encrypt3
204#undef des_decrypt3 204#undef des_decrypt3
205#define des_encrypt des_encrypt_u16_risc2_idx 205#define des_encrypt1 des_encrypt_u16_risc2_idx
206#define des_encrypt2 des_encrypt2_u16_risc2_idx 206#define des_encrypt2 des_encrypt2_u16_risc2_idx
207#define des_encrypt3 des_encrypt3_u16_risc2_idx 207#define des_encrypt3 des_encrypt3_u16_risc2_idx
208#define des_decrypt3 des_decrypt3_u16_risc2_idx 208#define des_decrypt3 des_decrypt3_u16_risc2_idx
@@ -218,11 +218,11 @@ extern void exit();
218#undef DES_RISC2 218#undef DES_RISC2
219#define DES_PTR 219#define DES_PTR
220#undef D_ENCRYPT 220#undef D_ENCRYPT
221#undef des_encrypt 221#undef des_encrypt1
222#undef des_encrypt2 222#undef des_encrypt2
223#undef des_encrypt3 223#undef des_encrypt3
224#undef des_decrypt3 224#undef des_decrypt3
225#define des_encrypt des_encrypt_u4_cisc_ptr 225#define des_encrypt1 des_encrypt_u4_cisc_ptr
226#define des_encrypt2 des_encrypt2_u4_cisc_ptr 226#define des_encrypt2 des_encrypt2_u4_cisc_ptr
227#define des_encrypt3 des_encrypt3_u4_cisc_ptr 227#define des_encrypt3 des_encrypt3_u4_cisc_ptr
228#define des_decrypt3 des_decrypt3_u4_cisc_ptr 228#define des_decrypt3 des_decrypt3_u4_cisc_ptr
@@ -234,11 +234,11 @@ extern void exit();
234#undef DES_RISC2 234#undef DES_RISC2
235#define DES_PTR 235#define DES_PTR
236#undef D_ENCRYPT 236#undef D_ENCRYPT
237#undef des_encrypt 237#undef des_encrypt1
238#undef des_encrypt2 238#undef des_encrypt2
239#undef des_encrypt3 239#undef des_encrypt3
240#undef des_decrypt3 240#undef des_decrypt3
241#define des_encrypt des_encrypt_u16_cisc_ptr 241#define des_encrypt1 des_encrypt_u16_cisc_ptr
242#define des_encrypt2 des_encrypt2_u16_cisc_ptr 242#define des_encrypt2 des_encrypt2_u16_cisc_ptr
243#define des_encrypt3 des_encrypt3_u16_cisc_ptr 243#define des_encrypt3 des_encrypt3_u16_cisc_ptr
244#define des_decrypt3 des_decrypt3_u16_cisc_ptr 244#define des_decrypt3 des_decrypt3_u16_cisc_ptr
@@ -250,11 +250,11 @@ extern void exit();
250#undef DES_RISC2 250#undef DES_RISC2
251#define DES_PTR 251#define DES_PTR
252#undef D_ENCRYPT 252#undef D_ENCRYPT
253#undef des_encrypt 253#undef des_encrypt1
254#undef des_encrypt2 254#undef des_encrypt2
255#undef des_encrypt3 255#undef des_encrypt3
256#undef des_decrypt3 256#undef des_decrypt3
257#define des_encrypt des_encrypt_u4_risc1_ptr 257#define des_encrypt1 des_encrypt_u4_risc1_ptr
258#define des_encrypt2 des_encrypt2_u4_risc1_ptr 258#define des_encrypt2 des_encrypt2_u4_risc1_ptr
259#define des_encrypt3 des_encrypt3_u4_risc1_ptr 259#define des_encrypt3 des_encrypt3_u4_risc1_ptr
260#define des_decrypt3 des_decrypt3_u4_risc1_ptr 260#define des_decrypt3 des_decrypt3_u4_risc1_ptr
@@ -270,11 +270,11 @@ extern void exit();
270#define DES_RISC2 270#define DES_RISC2
271#define DES_PTR 271#define DES_PTR
272#undef D_ENCRYPT 272#undef D_ENCRYPT
273#undef des_encrypt 273#undef des_encrypt1
274#undef des_encrypt2 274#undef des_encrypt2
275#undef des_encrypt3 275#undef des_encrypt3
276#undef des_decrypt3 276#undef des_decrypt3
277#define des_encrypt des_encrypt_u4_risc2_ptr 277#define des_encrypt1 des_encrypt_u4_risc2_ptr
278#define des_encrypt2 des_encrypt2_u4_risc2_ptr 278#define des_encrypt2 des_encrypt2_u4_risc2_ptr
279#define des_encrypt3 des_encrypt3_u4_risc2_ptr 279#define des_encrypt3 des_encrypt3_u4_risc2_ptr
280#define des_decrypt3 des_decrypt3_u4_risc2_ptr 280#define des_decrypt3 des_decrypt3_u4_risc2_ptr
@@ -286,11 +286,11 @@ extern void exit();
286#undef DES_RISC2 286#undef DES_RISC2
287#define DES_PTR 287#define DES_PTR
288#undef D_ENCRYPT 288#undef D_ENCRYPT
289#undef des_encrypt 289#undef des_encrypt1
290#undef des_encrypt2 290#undef des_encrypt2
291#undef des_encrypt3 291#undef des_encrypt3
292#undef des_decrypt3 292#undef des_decrypt3
293#define des_encrypt des_encrypt_u16_risc1_ptr 293#define des_encrypt1 des_encrypt_u16_risc1_ptr
294#define des_encrypt2 des_encrypt2_u16_risc1_ptr 294#define des_encrypt2 des_encrypt2_u16_risc1_ptr
295#define des_encrypt3 des_encrypt3_u16_risc1_ptr 295#define des_encrypt3 des_encrypt3_u16_risc1_ptr
296#define des_decrypt3 des_decrypt3_u16_risc1_ptr 296#define des_decrypt3 des_decrypt3_u16_risc1_ptr
@@ -302,11 +302,11 @@ extern void exit();
302#define DES_RISC2 302#define DES_RISC2
303#define DES_PTR 303#define DES_PTR
304#undef D_ENCRYPT 304#undef D_ENCRYPT
305#undef des_encrypt 305#undef des_encrypt1
306#undef des_encrypt2 306#undef des_encrypt2
307#undef des_encrypt3 307#undef des_encrypt3
308#undef des_decrypt3 308#undef des_decrypt3
309#define des_encrypt des_encrypt_u16_risc2_ptr 309#define des_encrypt1 des_encrypt_u16_risc2_ptr
310#define des_encrypt2 des_encrypt2_u16_risc2_ptr 310#define des_encrypt2 des_encrypt2_u16_risc2_ptr
311#define des_encrypt3 des_encrypt3_u16_risc2_ptr 311#define des_encrypt3 des_encrypt3_u16_risc2_ptr
312#define des_decrypt3 des_decrypt3_u16_risc2_ptr 312#define des_decrypt3 des_decrypt3_u16_risc2_ptr
@@ -453,7 +453,7 @@ int main(int argc, char **argv)
453 count*=2; 453 count*=2;
454 Time_F(START); 454 Time_F(START);
455 for (i=count; i; i--) 455 for (i=count; i; i--)
456 des_encrypt(data,&(sch[0]),DES_ENCRYPT); 456 des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
457 d=Time_F(STOP); 457 d=Time_F(STOP);
458 } while (d < 3.0); 458 } while (d < 3.0);
459 ca=count; 459 ca=count;
diff --git a/src/lib/libcrypto/des/dess.cpp b/src/lib/libcrypto/des/dess.cpp
index 753e67ad9b..5549bab90a 100644
--- a/src/lib/libcrypto/des/dess.cpp
+++ b/src/lib/libcrypto/des/dess.cpp
@@ -45,19 +45,19 @@ void main(int argc,char *argv[])
45 { 45 {
46 for (i=0; i<1000; i++) /**/ 46 for (i=0; i<1000; i++) /**/
47 { 47 {
48 des_encrypt(&data[0],key,1); 48 des_encrypt1(&data[0],key,1);
49 GetTSC(s1); 49 GetTSC(s1);
50 des_encrypt(&data[0],key,1); 50 des_encrypt1(&data[0],key,1);
51 des_encrypt(&data[0],key,1); 51 des_encrypt1(&data[0],key,1);
52 des_encrypt(&data[0],key,1); 52 des_encrypt1(&data[0],key,1);
53 GetTSC(e1); 53 GetTSC(e1);
54 GetTSC(s2); 54 GetTSC(s2);
55 des_encrypt(&data[0],key,1); 55 des_encrypt1(&data[0],key,1);
56 des_encrypt(&data[0],key,1); 56 des_encrypt1(&data[0],key,1);
57 des_encrypt(&data[0],key,1); 57 des_encrypt1(&data[0],key,1);
58 des_encrypt(&data[0],key,1); 58 des_encrypt1(&data[0],key,1);
59 GetTSC(e2); 59 GetTSC(e2);
60 des_encrypt(&data[0],key,1); 60 des_encrypt1(&data[0],key,1);
61 } 61 }
62 62
63 printf("des %d %d (%d)\n", 63 printf("des %d %d (%d)\n",
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
index b261a8aad9..d481327ef3 100644
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -114,7 +114,7 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
114 114
115 c2l(in,l); ll[0]=l; 115 c2l(in,l); ll[0]=l;
116 c2l(in,l); ll[1]=l; 116 c2l(in,l); ll[1]=l;
117 des_encrypt(ll,ks,enc); 117 des_encrypt1(ll,ks,enc);
118 l=ll[0]; l2c(l,out); 118 l=ll[0]; l2c(l,out);
119 l=ll[1]; l2c(l,out); 119 l=ll[1]; l2c(l,out);
120 l=ll[0]=ll[1]=0; 120 l=ll[0]=ll[1]=0;
diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c
index c53062481d..b98f7e17af 100644
--- a/src/lib/libcrypto/des/ede_cbcm_enc.c
+++ b/src/lib/libcrypto/des/ede_cbcm_enc.c
@@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
95 { 95 {
96 tin[0]=m0; 96 tin[0]=m0;
97 tin[1]=m1; 97 tin[1]=m1;
98 des_encrypt(tin,ks3,1); 98 des_encrypt1(tin,ks3,1);
99 m0=tin[0]; 99 m0=tin[0];
100 m1=tin[1]; 100 m1=tin[1];
101 101
@@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
113 113
114 tin[0]=tin0; 114 tin[0]=tin0;
115 tin[1]=tin1; 115 tin[1]=tin1;
116 des_encrypt(tin,ks1,1); 116 des_encrypt1(tin,ks1,1);
117 tin[0]^=m0; 117 tin[0]^=m0;
118 tin[1]^=m1; 118 tin[1]^=m1;
119 des_encrypt(tin,ks2,0); 119 des_encrypt1(tin,ks2,0);
120 tin[0]^=m0; 120 tin[0]^=m0;
121 tin[1]^=m1; 121 tin[1]^=m1;
122 des_encrypt(tin,ks1,1); 122 des_encrypt1(tin,ks1,1);
123 tout0=tin[0]; 123 tout0=tin[0];
124 tout1=tin[1]; 124 tout1=tin[1];
125 125
@@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
146 { 146 {
147 tin[0]=m0; 147 tin[0]=m0;
148 tin[1]=m1; 148 tin[1]=m1;
149 des_encrypt(tin,ks3,1); 149 des_encrypt1(tin,ks3,1);
150 m0=tin[0]; 150 m0=tin[0];
151 m1=tin[1]; 151 m1=tin[1];
152 152
@@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
158 158
159 tin[0]=tin0; 159 tin[0]=tin0;
160 tin[1]=tin1; 160 tin[1]=tin1;
161 des_encrypt(tin,ks1,0); 161 des_encrypt1(tin,ks1,0);
162 tin[0]^=m0; 162 tin[0]^=m0;
163 tin[1]^=m1; 163 tin[1]^=m1;
164 des_encrypt(tin,ks2,1); 164 des_encrypt1(tin,ks2,1);
165 tin[0]^=m0; 165 tin[0]^=m0;
166 tin[1]^=m1; 166 tin[1]^=m1;
167 des_encrypt(tin,ks1,0); 167 des_encrypt1(tin,ks1,0);
168 tout0=tin[0]; 168 tout0=tin[0];
169 tout1=tin[1]; 169 tout1=tin[1];
170 170
diff --git a/src/lib/libcrypto/des/ncbc_enc.c b/src/lib/libcrypto/des/ncbc_enc.c
index 3b681691a9..b8db07b199 100644
--- a/src/lib/libcrypto/des/ncbc_enc.c
+++ b/src/lib/libcrypto/des/ncbc_enc.c
@@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
89 c2l(in,tin1); 89 c2l(in,tin1);
90 tin0^=tout0; tin[0]=tin0; 90 tin0^=tout0; tin[0]=tin0;
91 tin1^=tout1; tin[1]=tin1; 91 tin1^=tout1; tin[1]=tin1;
92 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 92 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
93 tout0=tin[0]; l2c(tout0,out); 93 tout0=tin[0]; l2c(tout0,out);
94 tout1=tin[1]; l2c(tout1,out); 94 tout1=tin[1]; l2c(tout1,out);
95 } 95 }
@@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
98 c2ln(in,tin0,tin1,l+8); 98 c2ln(in,tin0,tin1,l+8);
99 tin0^=tout0; tin[0]=tin0; 99 tin0^=tout0; tin[0]=tin0;
100 tin1^=tout1; tin[1]=tin1; 100 tin1^=tout1; tin[1]=tin1;
101 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 101 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
102 tout0=tin[0]; l2c(tout0,out); 102 tout0=tin[0]; l2c(tout0,out);
103 tout1=tin[1]; l2c(tout1,out); 103 tout1=tin[1]; l2c(tout1,out);
104 } 104 }
@@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
116 { 116 {
117 c2l(in,tin0); tin[0]=tin0; 117 c2l(in,tin0); tin[0]=tin0;
118 c2l(in,tin1); tin[1]=tin1; 118 c2l(in,tin1); tin[1]=tin1;
119 des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); 119 des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
120 tout0=tin[0]^xor0; 120 tout0=tin[0]^xor0;
121 tout1=tin[1]^xor1; 121 tout1=tin[1]^xor1;
122 l2c(tout0,out); 122 l2c(tout0,out);
@@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
128 { 128 {
129 c2l(in,tin0); tin[0]=tin0; 129 c2l(in,tin0); tin[0]=tin0;
130 c2l(in,tin1); tin[1]=tin1; 130 c2l(in,tin1); tin[1]=tin1;
131 des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); 131 des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
132 tout0=tin[0]^xor0; 132 tout0=tin[0]^xor0;
133 tout1=tin[1]^xor1; 133 tout1=tin[1]^xor1;
134 l2cn(tout0,tout1,out,l+8); 134 l2cn(tout0,tout1,out,l+8);
diff --git a/src/lib/libcrypto/des/ofb64enc.c b/src/lib/libcrypto/des/ofb64enc.c
index 64953959ca..1a1d1f1ac4 100644
--- a/src/lib/libcrypto/des/ofb64enc.c
+++ b/src/lib/libcrypto/des/ofb64enc.c
@@ -87,7 +87,7 @@ void des_ofb64_encrypt(register const unsigned char *in,
87 { 87 {
88 if (n == 0) 88 if (n == 0)
89 { 89 {
90 des_encrypt(ti,schedule,DES_ENCRYPT); 90 des_encrypt1(ti,schedule,DES_ENCRYPT);
91 dp=d; 91 dp=d;
92 t=ti[0]; l2c(t,dp); 92 t=ti[0]; l2c(t,dp);
93 t=ti[1]; l2c(t,dp); 93 t=ti[1]; l2c(t,dp);
diff --git a/src/lib/libcrypto/des/ofb_enc.c b/src/lib/libcrypto/des/ofb_enc.c
index a8f425a575..70493e632c 100644
--- a/src/lib/libcrypto/des/ofb_enc.c
+++ b/src/lib/libcrypto/des/ofb_enc.c
@@ -101,7 +101,7 @@ void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
101 { 101 {
102 ti[0]=v0; 102 ti[0]=v0;
103 ti[1]=v1; 103 ti[1]=v1;
104 des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); 104 des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
105 vv0=ti[0]; 105 vv0=ti[0];
106 vv1=ti[1]; 106 vv1=ti[1];
107 c2ln(in,d0,d1,n); 107 c2ln(in,d0,d1,n);
diff --git a/src/lib/libcrypto/des/pcbc_enc.c b/src/lib/libcrypto/des/pcbc_enc.c
index dd69a26d4a..5b987f074d 100644
--- a/src/lib/libcrypto/des/pcbc_enc.c
+++ b/src/lib/libcrypto/des/pcbc_enc.c
@@ -85,7 +85,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
85 c2ln(in,sin0,sin1,length); 85 c2ln(in,sin0,sin1,length);
86 tin[0]=sin0^xor0; 86 tin[0]=sin0^xor0;
87 tin[1]=sin1^xor1; 87 tin[1]=sin1^xor1;
88 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 88 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
89 tout0=tin[0]; 89 tout0=tin[0];
90 tout1=tin[1]; 90 tout1=tin[1];
91 xor0=sin0^tout0; 91 xor0=sin0^tout0;
@@ -103,7 +103,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
103 c2l(in,sin1); 103 c2l(in,sin1);
104 tin[0]=sin0; 104 tin[0]=sin0;
105 tin[1]=sin1; 105 tin[1]=sin1;
106 des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); 106 des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
107 tout0=tin[0]^xor0; 107 tout0=tin[0]^xor0;
108 tout1=tin[1]^xor1; 108 tout1=tin[1]^xor1;
109 if (length >= 8) 109 if (length >= 8)
diff --git a/src/lib/libcrypto/des/speed.c b/src/lib/libcrypto/des/speed.c
index 814b86f4ae..1223edf290 100644
--- a/src/lib/libcrypto/des/speed.c
+++ b/src/lib/libcrypto/des/speed.c
@@ -204,7 +204,7 @@ int main(int argc, char **argv)
204 count*=2; 204 count*=2;
205 Time_F(START); 205 Time_F(START);
206 for (i=count; i; i--) 206 for (i=count; i; i--)
207 des_encrypt(data,&(sch[0]),DES_ENCRYPT); 207 des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
208 d=Time_F(STOP); 208 d=Time_F(STOP);
209 } while (d < 3.0); 209 } while (d < 3.0);
210 ca=count; 210 ca=count;
@@ -241,7 +241,7 @@ int main(int argc, char **argv)
241 { 241 {
242 DES_LONG data[2]; 242 DES_LONG data[2];
243 243
244 des_encrypt(data,&(sch[0]),DES_ENCRYPT); 244 des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
245 } 245 }
246 d=Time_F(STOP); 246 d=Time_F(STOP);
247 printf("%ld des_encrypt's in %.2f second\n",count,d); 247 printf("%ld des_encrypt's in %.2f second\n",count,d);
diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c
index 51e17e6b8a..ccfede13ac 100644
--- a/src/lib/libcrypto/des/xcbc_enc.c
+++ b/src/lib/libcrypto/des/xcbc_enc.c
@@ -138,7 +138,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
138 c2l(in,tin1); 138 c2l(in,tin1);
139 tin0^=tout0^inW0; tin[0]=tin0; 139 tin0^=tout0^inW0; tin[0]=tin0;
140 tin1^=tout1^inW1; tin[1]=tin1; 140 tin1^=tout1^inW1; tin[1]=tin1;
141 des_encrypt(tin,schedule,DES_ENCRYPT); 141 des_encrypt1(tin,schedule,DES_ENCRYPT);
142 tout0=tin[0]^outW0; l2c(tout0,out); 142 tout0=tin[0]^outW0; l2c(tout0,out);
143 tout1=tin[1]^outW1; l2c(tout1,out); 143 tout1=tin[1]^outW1; l2c(tout1,out);
144 } 144 }
@@ -147,7 +147,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
147 c2ln(in,tin0,tin1,l+8); 147 c2ln(in,tin0,tin1,l+8);
148 tin0^=tout0^inW0; tin[0]=tin0; 148 tin0^=tout0^inW0; tin[0]=tin0;
149 tin1^=tout1^inW1; tin[1]=tin1; 149 tin1^=tout1^inW1; tin[1]=tin1;
150 des_encrypt(tin,schedule,DES_ENCRYPT); 150 des_encrypt1(tin,schedule,DES_ENCRYPT);
151 tout0=tin[0]^outW0; l2c(tout0,out); 151 tout0=tin[0]^outW0; l2c(tout0,out);
152 tout1=tin[1]^outW1; l2c(tout1,out); 152 tout1=tin[1]^outW1; l2c(tout1,out);
153 } 153 }
@@ -163,7 +163,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
163 { 163 {
164 c2l(in,tin0); tin[0]=tin0^outW0; 164 c2l(in,tin0); tin[0]=tin0^outW0;
165 c2l(in,tin1); tin[1]=tin1^outW1; 165 c2l(in,tin1); tin[1]=tin1^outW1;
166 des_encrypt(tin,schedule,DES_DECRYPT); 166 des_encrypt1(tin,schedule,DES_DECRYPT);
167 tout0=tin[0]^xor0^inW0; 167 tout0=tin[0]^xor0^inW0;
168 tout1=tin[1]^xor1^inW1; 168 tout1=tin[1]^xor1^inW1;
169 l2c(tout0,out); 169 l2c(tout0,out);
@@ -175,7 +175,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
175 { 175 {
176 c2l(in,tin0); tin[0]=tin0^outW0; 176 c2l(in,tin0); tin[0]=tin0^outW0;
177 c2l(in,tin1); tin[1]=tin1^outW1; 177 c2l(in,tin1); tin[1]=tin1^outW1;
178 des_encrypt(tin,schedule,DES_DECRYPT); 178 des_encrypt1(tin,schedule,DES_DECRYPT);
179 tout0=tin[0]^xor0^inW0; 179 tout0=tin[0]^xor0^inW0;
180 tout1=tin[1]^xor1^inW1; 180 tout1=tin[1]^xor1^inW1;
181 l2cn(tout0,tout1,out,l+8); 181 l2cn(tout0,tout1,out,l+8);
diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl
index 88d0d1748b..bf4b47ca9a 100644
--- a/src/lib/libcrypto/dh/Makefile.ssl
+++ b/src/lib/libcrypto/dh/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 6915d79dcc..22b087b778 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void)
100static int generate_key(DH *dh) 100static int generate_key(DH *dh)
101 { 101 {
102 int ok=0; 102 int ok=0;
103 unsigned int i;
104 BN_CTX ctx; 103 BN_CTX ctx;
105 BN_MONT_CTX *mont; 104 BN_MONT_CTX *mont;
106 BIGNUM *pub_key=NULL,*priv_key=NULL; 105 BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -109,15 +108,11 @@ static int generate_key(DH *dh)
109 108
110 if (dh->priv_key == NULL) 109 if (dh->priv_key == NULL)
111 { 110 {
112 i=dh->length;
113 if (i == 0)
114 {
115 /* Make the number p-1 bits long */
116 i=BN_num_bits(dh->p)-1;
117 }
118 priv_key=BN_new(); 111 priv_key=BN_new();
119 if (priv_key == NULL) goto err; 112 if (priv_key == NULL) goto err;
120 if (!BN_rand(priv_key,i,0,0)) goto err; 113 do
114 if (!BN_rand_range(priv_key, dh->p)) goto err;
115 while (BN_is_zero(priv_key));
121 } 116 }
122 else 117 else
123 priv_key=dh->priv_key; 118 priv_key=dh->priv_key;
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 66803b5565..96f118c153 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine)
168 ret->method_mont_p=NULL; 168 ret->method_mont_p=NULL;
169 ret->references = 1; 169 ret->references = 1;
170 ret->flags=meth->flags; 170 ret->flags=meth->flags;
171 CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
171 if ((meth->init != NULL) && !meth->init(ret)) 172 if ((meth->init != NULL) && !meth->init(ret))
172 { 173 {
174 CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
173 OPENSSL_free(ret); 175 OPENSSL_free(ret);
174 ret=NULL; 176 ret=NULL;
175 } 177 }
176 else
177 CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
178 return(ret); 178 return(ret);
179 } 179 }
180 180
@@ -196,12 +196,12 @@ void DH_free(DH *r)
196 } 196 }
197#endif 197#endif
198 198
199 CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
200
201 meth = ENGINE_get_DH(r->engine); 199 meth = ENGINE_get_DH(r->engine);
202 if(meth->finish) meth->finish(r); 200 if(meth->finish) meth->finish(r);
203 ENGINE_finish(r->engine); 201 ENGINE_finish(r->engine);
204 202
203 CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
204
205 if (r->p != NULL) BN_clear_free(r->p); 205 if (r->p != NULL) BN_clear_free(r->p);
206 if (r->g != NULL) BN_clear_free(r->g); 206 if (r->g != NULL) BN_clear_free(r->g);
207 if (r->q != NULL) BN_clear_free(r->q); 207 if (r->q != NULL) BN_clear_free(r->q);
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod
index 8dd700ca3d..d8c134e621 100644
--- a/src/lib/libcrypto/doc/RAND_load_file.pod
+++ b/src/lib/libcrypto/doc/RAND_load_file.pod
@@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
8 8
9 #include <openssl/rand.h> 9 #include <openssl/rand.h>
10 10
11 const char *RAND_file_name(char *buf, int num); 11 const char *RAND_file_name(char *buf, size_t num);
12 12
13 int RAND_load_file(const char *filename, long max_bytes); 13 int RAND_load_file(const char *filename, long max_bytes);
14 14
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod
index 1504a1c92d..d183028d61 100644
--- a/src/lib/libcrypto/doc/bn.pod
+++ b/src/lib/libcrypto/doc/bn.pod
@@ -60,6 +60,7 @@ bn - multiprecision integer arithmetics
60 60
61 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); 61 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
62 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); 62 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
63 int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
63 64
64 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, 65 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
65 BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); 66 BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
index f089dd49a2..edf47dbde6 100644
--- a/src/lib/libcrypto/doc/evp.pod
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -10,7 +10,7 @@ evp - high-level cryptographic functions
10 10
11=head1 DESCRIPTION 11=head1 DESCRIPTION
12 12
13The EVP library provided a high-level interface to cryptographic 13The EVP library provides a high-level interface to cryptographic
14functions. 14functions.
15 15
16B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption 16B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
index dac582be00..d88f596364 100644
--- a/src/lib/libcrypto/dsa/Makefile.ssl
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -41,7 +41,8 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 $(RANLIB) $(LIB) 44 @echo You may get an error following this line. Please ignore.
45 - $(RANLIB) $(LIB)
45 @touch lib 46 @touch lib
46 47
47files: 48files:
diff --git a/src/lib/libcrypto/dso/Makefile.ssl b/src/lib/libcrypto/dso/Makefile.ssl
index a37f547482..48b36c8330 100644
--- a/src/lib/libcrypto/dso/Makefile.ssl
+++ b/src/lib/libcrypto/dso/Makefile.ssl
@@ -41,7 +41,8 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 $(RANLIB) $(LIB) 44 @echo You may get an error following this line. Please ignore.
45 - $(RANLIB) $(LIB)
45 @touch lib 46 @touch lib
46 47
47files: 48files:
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
index 69810fc3bb..455bd66ecf 100644
--- a/src/lib/libcrypto/dso/dso_dl.c
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -82,7 +82,7 @@ static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
82static int dl_init(DSO *dso); 82static int dl_init(DSO *dso);
83static int dl_finish(DSO *dso); 83static int dl_finish(DSO *dso);
84#endif 84#endif
85static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); 85static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
86 86
87static DSO_METHOD dso_meth_dl = { 87static DSO_METHOD dso_meth_dl = {
88 "OpenSSL 'dl' shared library method", 88 "OpenSSL 'dl' shared library method",
@@ -111,6 +111,11 @@ DSO_METHOD *DSO_METHOD_dl(void)
111 * type so the cast is safe. 111 * type so the cast is safe.
112 */ 112 */
113 113
114#if defined(__hpux)
115static const char extension[] = ".sl";
116#else
117static const char extension[] = ".so";
118#endif
114static int dl_load(DSO *dso, const char *filename) 119static int dl_load(DSO *dso, const char *filename)
115 { 120 {
116 shl_t ptr; 121 shl_t ptr;
@@ -118,12 +123,12 @@ static int dl_load(DSO *dso, const char *filename)
118 int len; 123 int len;
119 124
120 /* The same comment as in dlfcn_load applies here. bleurgh. */ 125 /* The same comment as in dlfcn_load applies here. bleurgh. */
121 len = strlen(filename); 126 len = strlen(filename) + strlen(extension);
122 if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && 127 if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
123 (len + 6 < DSO_MAX_TRANSLATED_SIZE) && 128 (len + 3 < DSO_MAX_TRANSLATED_SIZE) &&
124 (strstr(filename, "/") == NULL)) 129 (strstr(filename, "/") == NULL))
125 { 130 {
126 sprintf(translated, "lib%s.so", filename); 131 sprintf(translated, "lib%s%s", filename, extension);
127 ptr = shl_load(translated, BIND_IMMEDIATE, NULL); 132 ptr = shl_load(translated, BIND_IMMEDIATE, NULL);
128 } 133 }
129 else 134 else
@@ -187,7 +192,7 @@ static void *dl_bind_var(DSO *dso, const char *symname)
187 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); 192 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
188 return(NULL); 193 return(NULL);
189 } 194 }
190 if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) 195 if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
191 { 196 {
192 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); 197 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
193 return(NULL); 198 return(NULL);
@@ -216,7 +221,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
216 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); 221 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
217 return(NULL); 222 return(NULL);
218 } 223 }
219 if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) 224 if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
220 { 225 {
221 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); 226 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
222 return(NULL); 227 return(NULL);
@@ -224,7 +229,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
224 return((DSO_FUNC_TYPE)sym); 229 return((DSO_FUNC_TYPE)sym);
225 } 230 }
226 231
227static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg) 232static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
228 { 233 {
229 if(dso == NULL) 234 if(dso == NULL)
230 { 235 {
@@ -236,10 +241,10 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
236 case DSO_CTRL_GET_FLAGS: 241 case DSO_CTRL_GET_FLAGS:
237 return dso->flags; 242 return dso->flags;
238 case DSO_CTRL_SET_FLAGS: 243 case DSO_CTRL_SET_FLAGS:
239 dso->flags = (int)larg; 244 dso->flags = larg;
240 return(0); 245 return(0);
241 case DSO_CTRL_OR_FLAGS: 246 case DSO_CTRL_OR_FLAGS:
242 dso->flags |= (int)larg; 247 dso->flags |= larg;
243 return(0); 248 return(0);
244 default: 249 default:
245 break; 250 break;
diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c
index 8ff7090129..ab48b63eb7 100644
--- a/src/lib/libcrypto/dso/dso_vms.c
+++ b/src/lib/libcrypto/dso/dso_vms.c
@@ -62,7 +62,6 @@
62#ifdef VMS 62#ifdef VMS
63#pragma message disable DOLLARID 63#pragma message disable DOLLARID
64#include <lib$routines.h> 64#include <lib$routines.h>
65#include <libfisdef.h>
66#include <stsdef.h> 65#include <stsdef.h>
67#include <descrip.h> 66#include <descrip.h>
68#include <starlet.h> 67#include <starlet.h>
@@ -260,7 +259,8 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
260 { 259 {
261 DSO_VMS_INTERNAL *ptr; 260 DSO_VMS_INTERNAL *ptr;
262 int status; 261 int status;
263 int flags = LIB$M_FIS_MIXEDCASE; 262 int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
263 defined in VMS older than 7.0 or so */
264 struct dsc$descriptor_s symname_dsc; 264 struct dsc$descriptor_s symname_dsc;
265 *sym = NULL; 265 *sym = NULL;
266 266
diff --git a/src/lib/libcrypto/ebcdic.c b/src/lib/libcrypto/ebcdic.c
index 31397b2add..91a7a8bcb4 100644
--- a/src/lib/libcrypto/ebcdic.c
+++ b/src/lib/libcrypto/ebcdic.c
@@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
211} 211}
212 212
213#else /*CHARSET_EBCDIC*/ 213#else /*CHARSET_EBCDIC*/
214#ifdef PEDANTIC 214#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
215static void *dummy=&dummy; 215static void *dummy=&dummy;
216#endif 216#endif
217#endif 217#endif
diff --git a/src/lib/libcrypto/engine/engine_lib.c b/src/lib/libcrypto/engine/engine_lib.c
index 1df07af03a..d6e9109f6e 100644
--- a/src/lib/libcrypto/engine/engine_lib.c
+++ b/src/lib/libcrypto/engine/engine_lib.c
@@ -230,17 +230,18 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
230 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 230 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
231 if(e->funct_ref == 0) 231 if(e->funct_ref == 0)
232 { 232 {
233 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
233 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 234 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
234 ENGINE_R_NOT_INITIALISED); 235 ENGINE_R_NOT_INITIALISED);
235 return 0; 236 return 0;
236 } 237 }
238 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
237 if (!e->load_privkey) 239 if (!e->load_privkey)
238 { 240 {
239 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 241 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
240 ENGINE_R_NO_LOAD_FUNCTION); 242 ENGINE_R_NO_LOAD_FUNCTION);
241 return 0; 243 return 0;
242 } 244 }
243 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
244 pkey = e->load_privkey(key_id, passphrase); 245 pkey = e->load_privkey(key_id, passphrase);
245 if (!pkey) 246 if (!pkey)
246 { 247 {
@@ -265,17 +266,18 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
265 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 266 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
266 if(e->funct_ref == 0) 267 if(e->funct_ref == 0)
267 { 268 {
269 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
268 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 270 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
269 ENGINE_R_NOT_INITIALISED); 271 ENGINE_R_NOT_INITIALISED);
270 return 0; 272 return 0;
271 } 273 }
274 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
272 if (!e->load_pubkey) 275 if (!e->load_pubkey)
273 { 276 {
274 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 277 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
275 ENGINE_R_NO_LOAD_FUNCTION); 278 ENGINE_R_NO_LOAD_FUNCTION);
276 return 0; 279 return 0;
277 } 280 }
278 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
279 pkey = e->load_pubkey(key_id, passphrase); 281 pkey = e->load_pubkey(key_id, passphrase);
280 if (!pkey) 282 if (!pkey)
281 { 283 {
@@ -286,8 +288,6 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
286 return pkey; 288 return pkey;
287 } 289 }
288 290
289/* Initialise a engine type for use (or up its functional reference count
290 * if it's already in use). */
291int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) 291int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
292 { 292 {
293 if(e == NULL) 293 if(e == NULL)
@@ -298,15 +298,16 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
298 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 298 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
299 if(e->struct_ref == 0) 299 if(e->struct_ref == 0)
300 { 300 {
301 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
301 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); 302 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
302 return 0; 303 return 0;
303 } 304 }
305 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
304 if (!e->ctrl) 306 if (!e->ctrl)
305 { 307 {
306 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); 308 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
307 return 0; 309 return 0;
308 } 310 }
309 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
310 return e->ctrl(cmd, i, p, f); 311 return e->ctrl(cmd, i, p, f);
311 } 312 }
312 313
diff --git a/src/lib/libcrypto/err/Makefile.ssl b/src/lib/libcrypto/err/Makefile.ssl
index cf94f406e4..58218d1cea 100644
--- a/src/lib/libcrypto/err/Makefile.ssl
+++ b/src/lib/libcrypto/err/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index 99272e437c..839f4ab81a 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -389,20 +389,18 @@ void ERR_put_error(int lib, int func, int reason, const char *file,
389 389
390void ERR_clear_error(void) 390void ERR_clear_error(void)
391 { 391 {
392 int i;
392 ERR_STATE *es; 393 ERR_STATE *es;
393 394
394 es=ERR_get_state(); 395 es=ERR_get_state();
395 396
396#if 0
397 /* hmm... is this needed */
398 for (i=0; i<ERR_NUM_ERRORS; i++) 397 for (i=0; i<ERR_NUM_ERRORS; i++)
399 { 398 {
400 es->err_buffer[i]=0; 399 es->err_buffer[i]=0;
400 err_clear_data(es,i);
401 es->err_file[i]=NULL; 401 es->err_file[i]=NULL;
402 es->err_line[i]= -1; 402 es->err_line[i]= -1;
403 err_clear_data(es,i);
404 } 403 }
405#endif
406 es->top=es->bottom=0; 404 es->top=es->bottom=0;
407 } 405 }
408 406
@@ -464,7 +462,14 @@ static unsigned long get_error_values(int inc, const char **file, int *line,
464 } 462 }
465 } 463 }
466 464
467 if (data != NULL) 465 if (data == NULL)
466 {
467 if (inc)
468 {
469 err_clear_data(es, i);
470 }
471 }
472 else
468 { 473 {
469 if (es->err_data[i] == NULL) 474 if (es->err_data[i] == NULL)
470 { 475 {
@@ -749,8 +754,9 @@ void ERR_set_error_data(char *data, int flags)
749 if (i == 0) 754 if (i == 0)
750 i=ERR_NUM_ERRORS-1; 755 i=ERR_NUM_ERRORS-1;
751 756
757 err_clear_data(es,i);
752 es->err_data[i]=data; 758 es->err_data[i]=data;
753 es->err_data_flags[es->top]=flags; 759 es->err_data_flags[i]=flags;
754 } 760 }
755 761
756void ERR_add_error_data(int num, ...) 762void ERR_add_error_data(int num, ...)
@@ -759,7 +765,7 @@ void ERR_add_error_data(int num, ...)
759 int i,n,s; 765 int i,n,s;
760 char *str,*p,*a; 766 char *str,*p,*a;
761 767
762 s=64; 768 s=80;
763 str=OPENSSL_malloc(s+1); 769 str=OPENSSL_malloc(s+1);
764 if (str == NULL) return; 770 if (str == NULL) return;
765 str[0]='\0'; 771 str[0]='\0';
diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
index ad39fcc9e7..624168031d 100644
--- a/src/lib/libcrypto/evp/Makefile.ssl
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -58,7 +58,8 @@ all: lib
58 58
59lib: $(LIBOBJ) 59lib: $(LIBOBJ)
60 $(AR) $(LIB) $(LIBOBJ) 60 $(AR) $(LIB) $(LIBOBJ)
61 $(RANLIB) $(LIB) 61 @echo You may get an error following this line. Please ignore.
62 - $(RANLIB) $(LIB)
62 @touch lib 63 @touch lib
63 64
64files: 65files:
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 62350dfd69..76d417b44a 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -462,12 +462,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
462 ASN1_TYPE *param, EVP_CIPHER *cipher, 462 ASN1_TYPE *param, EVP_CIPHER *cipher,
463 EVP_MD *md, int en_de); 463 EVP_MD *md, int en_de);
464 464
465#ifndef NO_RSA
465#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ 466#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
466 (char *)(rsa)) 467 (char *)(rsa))
468#endif
469
470#ifndef NO_DSA
467#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ 471#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
468 (char *)(dsa)) 472 (char *)(dsa))
473#endif
474
475#ifndef NO_DH
469#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ 476#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
470 (char *)(dh)) 477 (char *)(dh))
478#endif
471 479
472/* Add some extra combinations */ 480/* Add some extra combinations */
473#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) 481#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -611,17 +619,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
611#endif 619#endif
612 620
613EVP_MD *EVP_md_null(void); 621EVP_MD *EVP_md_null(void);
622#ifndef NO_MD2
614EVP_MD *EVP_md2(void); 623EVP_MD *EVP_md2(void);
624#endif
625#ifndef NO_MD4
615EVP_MD *EVP_md4(void); 626EVP_MD *EVP_md4(void);
627#endif
628#ifndef NO_MD5
616EVP_MD *EVP_md5(void); 629EVP_MD *EVP_md5(void);
630#endif
631#ifndef NO_SHA
617EVP_MD *EVP_sha(void); 632EVP_MD *EVP_sha(void);
618EVP_MD *EVP_sha1(void); 633EVP_MD *EVP_sha1(void);
619EVP_MD *EVP_dss(void); 634EVP_MD *EVP_dss(void);
620EVP_MD *EVP_dss1(void); 635EVP_MD *EVP_dss1(void);
636#endif
637#ifndef NO_MDC2
621EVP_MD *EVP_mdc2(void); 638EVP_MD *EVP_mdc2(void);
639#endif
640#ifndef NO_RIPEMD
622EVP_MD *EVP_ripemd160(void); 641EVP_MD *EVP_ripemd160(void);
623 642#endif
624EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ 643EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
644#ifndef NO_DES
625EVP_CIPHER *EVP_des_ecb(void); 645EVP_CIPHER *EVP_des_ecb(void);
626EVP_CIPHER *EVP_des_ede(void); 646EVP_CIPHER *EVP_des_ede(void);
627EVP_CIPHER *EVP_des_ede3(void); 647EVP_CIPHER *EVP_des_ede3(void);
@@ -635,31 +655,43 @@ EVP_CIPHER *EVP_des_cbc(void);
635EVP_CIPHER *EVP_des_ede_cbc(void); 655EVP_CIPHER *EVP_des_ede_cbc(void);
636EVP_CIPHER *EVP_des_ede3_cbc(void); 656EVP_CIPHER *EVP_des_ede3_cbc(void);
637EVP_CIPHER *EVP_desx_cbc(void); 657EVP_CIPHER *EVP_desx_cbc(void);
658#endif
659#ifndef NO_RC4
638EVP_CIPHER *EVP_rc4(void); 660EVP_CIPHER *EVP_rc4(void);
639EVP_CIPHER *EVP_rc4_40(void); 661EVP_CIPHER *EVP_rc4_40(void);
662#endif
663#ifndef NO_IDEA
640EVP_CIPHER *EVP_idea_ecb(void); 664EVP_CIPHER *EVP_idea_ecb(void);
641EVP_CIPHER *EVP_idea_cfb(void); 665EVP_CIPHER *EVP_idea_cfb(void);
642EVP_CIPHER *EVP_idea_ofb(void); 666EVP_CIPHER *EVP_idea_ofb(void);
643EVP_CIPHER *EVP_idea_cbc(void); 667EVP_CIPHER *EVP_idea_cbc(void);
668#endif
669#ifndef NO_RC2
644EVP_CIPHER *EVP_rc2_ecb(void); 670EVP_CIPHER *EVP_rc2_ecb(void);
645EVP_CIPHER *EVP_rc2_cbc(void); 671EVP_CIPHER *EVP_rc2_cbc(void);
646EVP_CIPHER *EVP_rc2_40_cbc(void); 672EVP_CIPHER *EVP_rc2_40_cbc(void);
647EVP_CIPHER *EVP_rc2_64_cbc(void); 673EVP_CIPHER *EVP_rc2_64_cbc(void);
648EVP_CIPHER *EVP_rc2_cfb(void); 674EVP_CIPHER *EVP_rc2_cfb(void);
649EVP_CIPHER *EVP_rc2_ofb(void); 675EVP_CIPHER *EVP_rc2_ofb(void);
676#endif
677#ifndef NO_BF
650EVP_CIPHER *EVP_bf_ecb(void); 678EVP_CIPHER *EVP_bf_ecb(void);
651EVP_CIPHER *EVP_bf_cbc(void); 679EVP_CIPHER *EVP_bf_cbc(void);
652EVP_CIPHER *EVP_bf_cfb(void); 680EVP_CIPHER *EVP_bf_cfb(void);
653EVP_CIPHER *EVP_bf_ofb(void); 681EVP_CIPHER *EVP_bf_ofb(void);
682#endif
683#ifndef NO_CAST
654EVP_CIPHER *EVP_cast5_ecb(void); 684EVP_CIPHER *EVP_cast5_ecb(void);
655EVP_CIPHER *EVP_cast5_cbc(void); 685EVP_CIPHER *EVP_cast5_cbc(void);
656EVP_CIPHER *EVP_cast5_cfb(void); 686EVP_CIPHER *EVP_cast5_cfb(void);
657EVP_CIPHER *EVP_cast5_ofb(void); 687EVP_CIPHER *EVP_cast5_ofb(void);
688#endif
689#ifndef NO_RC5
658EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); 690EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
659EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); 691EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
660EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); 692EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
661EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); 693EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
662 694#endif
663void OpenSSL_add_all_algorithms(void); 695void OpenSSL_add_all_algorithms(void);
664void OpenSSL_add_all_ciphers(void); 696void OpenSSL_add_all_ciphers(void);
665void OpenSSL_add_all_digests(void); 697void OpenSSL_add_all_digests(void);
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
index 1ee88da2a8..739e543d78 100644
--- a/src/lib/libcrypto/ex_data.c
+++ b/src/lib/libcrypto/ex_data.c
@@ -101,7 +101,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long
101 ret=idx; 101 ret=idx;
102err: 102err:
103 MemCheck_on(); 103 MemCheck_on();
104 return(idx); 104 return(ret);
105 } 105 }
106 106
107int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) 107int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
diff --git a/src/lib/libcrypto/hmac/Makefile.ssl b/src/lib/libcrypto/hmac/Makefile.ssl
index cf57311973..326339a90d 100644
--- a/src/lib/libcrypto/hmac/Makefile.ssl
+++ b/src/lib/libcrypto/hmac/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/idea/Makefile.ssl b/src/lib/libcrypto/idea/Makefile.ssl
index 5b334ce921..30302e0b9f 100644
--- a/src/lib/libcrypto/idea/Makefile.ssl
+++ b/src/lib/libcrypto/idea/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/lhash/Makefile.ssl b/src/lib/libcrypto/lhash/Makefile.ssl
index 6c3d442e22..79849d7d6e 100644
--- a/src/lib/libcrypto/lhash/Makefile.ssl
+++ b/src/lib/libcrypto/lhash/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/md2/Makefile.ssl b/src/lib/libcrypto/md2/Makefile.ssl
index d46c73a9b9..269628d739 100644
--- a/src/lib/libcrypto/md2/Makefile.ssl
+++ b/src/lib/libcrypto/md2/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/md4/Makefile.ssl b/src/lib/libcrypto/md4/Makefile.ssl
index 6ee3ca88ed..646607274e 100644
--- a/src/lib/libcrypto/md4/Makefile.ssl
+++ b/src/lib/libcrypto/md4/Makefile.ssl
@@ -40,7 +40,8 @@ all: lib
40 40
41lib: $(LIBOBJ) 41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ) 42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) 43 @echo You may get an error following this line. Please ignore.
44 - $(RANLIB) $(LIB)
44 @touch lib 45 @touch lib
45 46
46files: 47files:
diff --git a/src/lib/libcrypto/md5/Makefile.ssl b/src/lib/libcrypto/md5/Makefile.ssl
index e8d0cced7f..784215579b 100644
--- a/src/lib/libcrypto/md5/Makefile.ssl
+++ b/src/lib/libcrypto/md5/Makefile.ssl
@@ -50,7 +50,8 @@ all: lib
50 50
51lib: $(LIBOBJ) 51lib: $(LIBOBJ)
52 $(AR) $(LIB) $(LIBOBJ) 52 $(AR) $(LIB) $(LIBOBJ)
53 $(RANLIB) $(LIB) 53 @echo You may get an error following this line. Please ignore.
54 - $(RANLIB) $(LIB)
54 @touch lib 55 @touch lib
55 56
56# elf 57# elf
diff --git a/src/lib/libcrypto/mdc2/Makefile.ssl b/src/lib/libcrypto/mdc2/Makefile.ssl
index da11c4edea..a9b06b02bd 100644
--- a/src/lib/libcrypto/mdc2/Makefile.ssl
+++ b/src/lib/libcrypto/mdc2/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index 866c53e73a..ef19d8f844 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -81,7 +81,8 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF;
81 */ 81 */
82 82
83static unsigned long order = 0; /* number of memory requests */ 83static unsigned long order = 0; /* number of memory requests */
84static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ 84static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
85 * access requires MALLOC2 lock */
85 86
86 87
87typedef struct app_mem_info_st 88typedef struct app_mem_info_st
@@ -103,7 +104,8 @@ typedef struct app_mem_info_st
103 104
104static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's 105static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
105 * that are at the top of their thread's stack 106 * that are at the top of their thread's stack
106 * (with `thread' as key) */ 107 * (with `thread' as key);
108 * access requires MALLOC2 lock */
107 109
108typedef struct mem_st 110typedef struct mem_st
109/* memory-block description */ 111/* memory-block description */
@@ -128,7 +130,15 @@ static long options = /* extra information to be recorded */
128 0; 130 0;
129 131
130 132
131static unsigned long disabling_thread = 0; 133static unsigned int num_disable = 0; /* num_disable > 0
134 * iff
135 * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
136 */
137static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
138 * CRYPTO_LOCK_MALLOC2 is locked
139 * exactly in this case (by the
140 * thread named in disabling_thread).
141 */
132 142
133int CRYPTO_mem_ctrl(int mode) 143int CRYPTO_mem_ctrl(int mode)
134 { 144 {
@@ -137,22 +147,23 @@ int CRYPTO_mem_ctrl(int mode)
137 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 147 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
138 switch (mode) 148 switch (mode)
139 { 149 {
140 /* for applications: */ 150 /* for applications (not to be called while multiple threads
151 * use the library): */
141 case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ 152 case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
142 mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; 153 mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
143 disabling_thread = 0; 154 num_disable = 0;
144 break; 155 break;
145 case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ 156 case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
146 mh_mode = 0; 157 mh_mode = 0;
147 disabling_thread = 0; 158 num_disable = 0; /* should be true *before* MemCheck_stop is used,
159 or there'll be a lot of confusion */
148 break; 160 break;
149 161
150 /* switch off temporarily (for library-internal use): */ 162 /* switch off temporarily (for library-internal use): */
151 case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ 163 case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
152 if (mh_mode & CRYPTO_MEM_CHECK_ON) 164 if (mh_mode & CRYPTO_MEM_CHECK_ON)
153 { 165 {
154 mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE; 166 if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
155 if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */
156 { 167 {
157 /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while 168 /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
158 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if 169 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
@@ -169,18 +180,23 @@ int CRYPTO_mem_ctrl(int mode)
169 * OpenSSL threads. */ 180 * OpenSSL threads. */
170 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); 181 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
171 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 182 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
183 mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
172 disabling_thread=CRYPTO_thread_id(); 184 disabling_thread=CRYPTO_thread_id();
173 } 185 }
186 num_disable++;
174 } 187 }
175 break; 188 break;
176 case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ 189 case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
177 if (mh_mode & CRYPTO_MEM_CHECK_ON) 190 if (mh_mode & CRYPTO_MEM_CHECK_ON)
178 { 191 {
179 mh_mode|=CRYPTO_MEM_CHECK_ENABLE; 192 if (num_disable) /* always true, or something is going wrong */
180 if (disabling_thread != 0)
181 { 193 {
182 disabling_thread=0; 194 num_disable--;
183 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); 195 if (num_disable == 0)
196 {
197 mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
198 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
199 }
184 } 200 }
185 } 201 }
186 break; 202 break;
@@ -198,12 +214,12 @@ int CRYPTO_is_mem_check_on(void)
198 214
199 if (mh_mode & CRYPTO_MEM_CHECK_ON) 215 if (mh_mode & CRYPTO_MEM_CHECK_ON)
200 { 216 {
201 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 217 CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
202 218
203 ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) 219 ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
204 && disabling_thread != CRYPTO_thread_id(); 220 || (disabling_thread != CRYPTO_thread_id());
205 221
206 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); 222 CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
207 } 223 }
208 return(ret); 224 return(ret);
209 } 225 }
@@ -293,7 +309,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
293 309
294 if (is_MemCheck_on()) 310 if (is_MemCheck_on())
295 { 311 {
296 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 312 MemCheck_off(); /* obtain MALLOC2 lock */
297 313
298 if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) 314 if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
299 { 315 {
@@ -330,7 +346,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
330 ami->next=amim; 346 ami->next=amim;
331 } 347 }
332 err: 348 err:
333 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 349 MemCheck_on(); /* release MALLOC2 lock */
334 } 350 }
335 351
336 return(ret); 352 return(ret);
@@ -342,11 +358,11 @@ int CRYPTO_pop_info(void)
342 358
343 if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ 359 if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
344 { 360 {
345 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 361 MemCheck_off(); /* obtain MALLOC2 lock */
346 362
347 ret=(pop_info() != NULL); 363 ret=(pop_info() != NULL);
348 364
349 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 365 MemCheck_on(); /* release MALLOC2 lock */
350 } 366 }
351 return(ret); 367 return(ret);
352 } 368 }
@@ -357,12 +373,12 @@ int CRYPTO_remove_all_info(void)
357 373
358 if (is_MemCheck_on()) /* _must_ be true */ 374 if (is_MemCheck_on()) /* _must_ be true */
359 { 375 {
360 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 376 MemCheck_off(); /* obtain MALLOC2 lock */
361 377
362 while(pop_info() != NULL) 378 while(pop_info() != NULL)
363 ret++; 379 ret++;
364 380
365 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 381 MemCheck_on(); /* release MALLOC2 lock */
366 } 382 }
367 return(ret); 383 return(ret);
368 } 384 }
@@ -385,11 +401,12 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
385 401
386 if (is_MemCheck_on()) 402 if (is_MemCheck_on())
387 { 403 {
388 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 404 MemCheck_off(); /* make sure we hold MALLOC2 lock */
389 if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) 405 if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
390 { 406 {
391 OPENSSL_free(addr); 407 OPENSSL_free(addr);
392 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 408 MemCheck_on(); /* release MALLOC2 lock
409 * if num_disabled drops to 0 */
393 return; 410 return;
394 } 411 }
395 if (mh == NULL) 412 if (mh == NULL)
@@ -448,7 +465,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
448 OPENSSL_free(mm); 465 OPENSSL_free(mm);
449 } 466 }
450 err: 467 err:
451 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 468 MemCheck_on(); /* release MALLOC2 lock
469 * if num_disabled drops to 0 */
452 } 470 }
453 break; 471 break;
454 } 472 }
@@ -467,7 +485,7 @@ void CRYPTO_dbg_free(void *addr, int before_p)
467 485
468 if (is_MemCheck_on() && (mh != NULL)) 486 if (is_MemCheck_on() && (mh != NULL))
469 { 487 {
470 MemCheck_off(); 488 MemCheck_off(); /* make sure we hold MALLOC2 lock */
471 489
472 m.addr=addr; 490 m.addr=addr;
473 mp=(MEM *)lh_delete(mh,(char *)&m); 491 mp=(MEM *)lh_delete(mh,(char *)&m);
@@ -484,7 +502,8 @@ void CRYPTO_dbg_free(void *addr, int before_p)
484 OPENSSL_free(mp); 502 OPENSSL_free(mp);
485 } 503 }
486 504
487 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 505 MemCheck_on(); /* release MALLOC2 lock
506 * if num_disabled drops to 0 */
488 } 507 }
489 break; 508 break;
490 case 1: 509 case 1:
@@ -518,7 +537,7 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
518 537
519 if (is_MemCheck_on()) 538 if (is_MemCheck_on())
520 { 539 {
521 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 540 MemCheck_off(); /* make sure we hold MALLOC2 lock */
522 541
523 m.addr=addr1; 542 m.addr=addr1;
524 mp=(MEM *)lh_delete(mh,(char *)&m); 543 mp=(MEM *)lh_delete(mh,(char *)&m);
@@ -535,7 +554,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
535 lh_insert(mh,(char *)mp); 554 lh_insert(mh,(char *)mp);
536 } 555 }
537 556
538 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 557 MemCheck_on(); /* release MALLOC2 lock
558 * if num_disabled drops to 0 */
539 } 559 }
540 break; 560 break;
541 } 561 }
@@ -642,10 +662,12 @@ void CRYPTO_mem_leaks(BIO *b)
642 662
643 if (mh == NULL && amih == NULL) 663 if (mh == NULL && amih == NULL)
644 return; 664 return;
665
666 MemCheck_off(); /* obtain MALLOC2 lock */
667
645 ml.bio=b; 668 ml.bio=b;
646 ml.bytes=0; 669 ml.bytes=0;
647 ml.chunks=0; 670 ml.chunks=0;
648 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
649 if (mh != NULL) 671 if (mh != NULL)
650 lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); 672 lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
651 if (ml.chunks != 0) 673 if (ml.chunks != 0)
@@ -671,7 +693,15 @@ void CRYPTO_mem_leaks(BIO *b)
671 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. 693 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
672 * Otherwise the code police will come and get us.) 694 * Otherwise the code police will come and get us.)
673 */ 695 */
696 int old_mh_mode;
697
674 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 698 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
699
700 /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
701 * which uses CRYPTO_is_mem_check_on */
702 old_mh_mode = mh_mode;
703 mh_mode = CRYPTO_MEM_CHECK_OFF;
704
675 if (mh != NULL) 705 if (mh != NULL)
676 { 706 {
677 lh_free(mh); 707 lh_free(mh);
@@ -685,15 +715,11 @@ void CRYPTO_mem_leaks(BIO *b)
685 amih = NULL; 715 amih = NULL;
686 } 716 }
687 } 717 }
718
719 mh_mode = old_mh_mode;
688 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); 720 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
689 } 721 }
690 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 722 MemCheck_on(); /* release MALLOC2 lock */
691
692#if 0
693 lh_stats_bio(mh,b);
694 lh_node_stats_bio(mh,b);
695 lh_node_usage_stats_bio(mh,b);
696#endif
697 } 723 }
698 724
699#ifndef NO_FP_API 725#ifndef NO_FP_API
diff --git a/src/lib/libcrypto/objects/Makefile.ssl b/src/lib/libcrypto/objects/Makefile.ssl
index bdb7aa94dc..6746ad21e7 100644
--- a/src/lib/libcrypto/objects/Makefile.ssl
+++ b/src/lib/libcrypto/objects/Makefile.ssl
@@ -39,7 +39,8 @@ all: obj_dat.h lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 6b5aedeea6..dc50f6d7da 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090600fL 28#define OPENSSL_VERSION_NUMBER 0x0090601fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 [engine] 24 Sep 2000" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl
index 97af8255a3..31db6b65a1 100644
--- a/src/lib/libcrypto/pem/Makefile.ssl
+++ b/src/lib/libcrypto/pem/Makefile.ssl
@@ -40,7 +40,8 @@ all: lib
40 40
41lib: $(LIBOBJ) 41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ) 42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) 43 @echo You may get an error following this line. Please ignore.
44 - $(RANLIB) $(LIB)
44 @touch lib 45 @touch lib
45 46
46files: 47files:
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 1c5c6dea00..f1694f1125 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -305,7 +305,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
305 { 305 {
306 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) 306 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
307 { 307 {
308 /* copy from wierdo names into more normal things */ 308 /* copy from weirdo names into more normal things */
309 iv=xi->enc_cipher.iv; 309 iv=xi->enc_cipher.iv;
310 data=(unsigned char *)xi->enc_data; 310 data=(unsigned char *)xi->enc_data;
311 i=xi->enc_len; 311 i=xi->enc_len;
diff --git a/src/lib/libcrypto/pkcs12/Makefile.ssl b/src/lib/libcrypto/pkcs12/Makefile.ssl
index 67869f204f..d745c53621 100644
--- a/src/lib/libcrypto/pkcs12/Makefile.ssl
+++ b/src/lib/libcrypto/pkcs12/Makefile.ssl
@@ -45,7 +45,8 @@ all: lib
45 45
46lib: $(LIBOBJ) 46lib: $(LIBOBJ)
47 $(AR) $(LIB) $(LIBOBJ) 47 $(AR) $(LIB) $(LIBOBJ)
48 $(RANLIB) $(LIB) 48 @echo You may get an error following this line. Please ignore.
49 - $(RANLIB) $(LIB)
49 @touch lib 50 @touch lib
50 51
51files: 52files:
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
index f1a210b5d2..a16a97d03d 100644
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
151{ 151{
152 unsigned char *uniname; 152 unsigned char *uniname;
153 int ret, unilen; 153 int ret, unilen;
154 if (!asc2uni(name, &uniname, &unilen)) { 154 if (!asc2uni(name, namelen, &uniname, &unilen)) {
155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC, 155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
156 ERR_R_MALLOC_FAILURE); 156 ERR_R_MALLOC_FAILURE);
157 return 0; 157 return 0;
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index b042dcf05c..a4fd5b98ec 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
84 if(!pass) { 84 if(!pass) {
85 unipass = NULL; 85 unipass = NULL;
86 uniplen = 0; 86 uniplen = 0;
87 } else if (!asc2uni(pass, &unipass, &uniplen)) { 87 } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); 88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
89 return 0; 89 return 0;
90 } 90 }
@@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
102 const EVP_MD *md_type) 102 const EVP_MD *md_type)
103{ 103{
104 unsigned char *B, *D, *I, *p, *Ai; 104 unsigned char *B, *D, *I, *p, *Ai;
105 int Slen, Plen, Ilen; 105 int Slen, Plen, Ilen, Ijlen;
106 int i, j, u, v; 106 int i, j, u, v;
107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ 107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
108 EVP_MD_CTX ctx; 108 EVP_MD_CTX ctx;
@@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
180 BN_bin2bn (I + j, v, Ij); 180 BN_bin2bn (I + j, v, Ij);
181 BN_add (Ij, Ij, Bpl1); 181 BN_add (Ij, Ij, Bpl1);
182 BN_bn2bin (Ij, B); 182 BN_bn2bin (Ij, B);
183 Ijlen = BN_num_bytes (Ij);
183 /* If more than 2^(v*8) - 1 cut off MSB */ 184 /* If more than 2^(v*8) - 1 cut off MSB */
184 if (BN_num_bytes (Ij) > v) { 185 if (Ijlen > v) {
185 BN_bn2bin (Ij, B); 186 BN_bn2bin (Ij, B);
186 memcpy (I + j, B + 1, v); 187 memcpy (I + j, B + 1, v);
188#ifndef PKCS12_BROKEN_KEYGEN
189 /* If less than v bytes pad with zeroes */
190 } else if (Ijlen < v) {
191 memset(I + j, 0, v - Ijlen);
192 BN_bn2bin(Ij, I + j + v - Ijlen);
193#endif
187 } else BN_bn2bin (Ij, I + j); 194 } else BN_bn2bin (Ij, I + j);
188 } 195 }
189 } 196 }
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 1fbbd6c99f..5d67f19b45 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -264,6 +264,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
264 if (lkey) { 264 if (lkey) {
265 *keymatch |= MATCH_CERT; 265 *keymatch |= MATCH_CERT;
266 if (cert) *cert = x509; 266 if (cert) *cert = x509;
267 else X509_free(x509);
267 } else { 268 } else {
268 if(ca) sk_X509_push (*ca, x509); 269 if(ca) sk_X509_push (*ca, x509);
269 else X509_free(x509); 270 else X509_free(x509);
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
index 17f41b4549..2f1d1e534f 100644
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -62,30 +62,34 @@
62 62
63/* Cheap and nasty Unicode stuff */ 63/* Cheap and nasty Unicode stuff */
64 64
65unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen) 65unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
66{ 66{
67 int ulen, i; 67 int ulen, i;
68 unsigned char *unitmp; 68 unsigned char *unitmp;
69 ulen = strlen(asc)*2 + 2; 69 if (asclen == -1) asclen = strlen(asc);
70 if (!(unitmp = OPENSSL_malloc (ulen))) return NULL; 70 ulen = asclen*2 + 2;
71 for (i = 0; i < ulen; i+=2) { 71 if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
72 for (i = 0; i < ulen - 2; i+=2) {
72 unitmp[i] = 0; 73 unitmp[i] = 0;
73 unitmp[i + 1] = asc[i>>1]; 74 unitmp[i + 1] = asc[i>>1];
74 } 75 }
76 /* Make result double null terminated */
77 unitmp[ulen - 2] = 0;
78 unitmp[ulen - 1] = 0;
75 if (unilen) *unilen = ulen; 79 if (unilen) *unilen = ulen;
76 if (uni) *uni = unitmp; 80 if (uni) *uni = unitmp;
77 return unitmp; 81 return unitmp;
78} 82}
79 83
80char *uni2asc (unsigned char *uni, int unilen) 84char *uni2asc(unsigned char *uni, int unilen)
81{ 85{
82 int asclen, i; 86 int asclen, i;
83 char *asctmp; 87 char *asctmp;
84 asclen = unilen / 2; 88 asclen = unilen / 2;
85 /* If no terminating zero allow for one */ 89 /* If no terminating zero allow for one */
86 if (uni[unilen - 1]) asclen++; 90 if (!unilen || uni[unilen - 1]) asclen++;
87 uni++; 91 uni++;
88 if (!(asctmp = OPENSSL_malloc (asclen))) return NULL; 92 if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
89 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; 93 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
90 asctmp[asclen - 1] = 0; 94 asctmp[asclen - 1] = 0;
91 return asctmp; 95 return asctmp;
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 502fceff95..e529154f26 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
247 EVP_MD *md_type); 247 EVP_MD *md_type);
248int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 248int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
249 int saltlen, EVP_MD *md_type); 249 int saltlen, EVP_MD *md_type);
250unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen); 250unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
251char *uni2asc(unsigned char *uni, int unilen); 251char *uni2asc(unsigned char *uni, int unilen);
252int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp); 252int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
253PKCS12_BAGS *PKCS12_BAGS_new(void); 253PKCS12_BAGS *PKCS12_BAGS_new(void);
diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl
index 6cd18b671e..37b72f0890 100644
--- a/src/lib/libcrypto/pkcs7/Makefile.ssl
+++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -58,7 +58,8 @@ verify: verify.o example.o lib
58 58
59lib: $(LIBOBJ) 59lib: $(LIBOBJ)
60 $(AR) $(LIB) $(LIBOBJ) 60 $(AR) $(LIB) $(LIBOBJ)
61 $(RANLIB) $(LIB) 61 @echo You may get an error following this line. Please ignore.
62 - $(RANLIB) $(LIB)
62 @touch lib 63 @touch lib
63 64
64files: 65files:
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 099e9651c1..bf43d030ad 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -370,7 +370,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
370 if (ri == NULL) { 370 if (ri == NULL) {
371 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 371 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
372 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 372 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
373 return(NULL); 373 goto err;
374 } 374 }
375 375
376 jj=EVP_PKEY_size(pkey); 376 jj=EVP_PKEY_size(pkey);
@@ -393,7 +393,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
393 BIO_get_cipher_ctx(etmp,&evp_ctx); 393 BIO_get_cipher_ctx(etmp,&evp_ctx);
394 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0); 394 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
395 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 395 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
396 return(NULL); 396 goto err;
397 397
398 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { 398 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
399 /* Some S/MIME clients don't use the same key 399 /* Some S/MIME clients don't use the same key
@@ -588,8 +588,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
588 pp=NULL; 588 pp=NULL;
589 } 589 }
590 590
591#ifndef NO_DSA
591 if (si->pkey->type == EVP_PKEY_DSA) 592 if (si->pkey->type == EVP_PKEY_DSA)
592 ctx_tmp.digest=EVP_dss1(); 593 ctx_tmp.digest=EVP_dss1();
594#endif
593 595
594 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, 596 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
595 (unsigned int *)&buf->length,si->pkey)) 597 (unsigned int *)&buf->length,si->pkey))
@@ -783,7 +785,14 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
783 785
784 os=si->enc_digest; 786 os=si->enc_digest;
785 pkey = X509_get_pubkey(x509); 787 pkey = X509_get_pubkey(x509);
788 if (!pkey)
789 {
790 ret = -1;
791 goto err;
792 }
793#ifndef NO_DSA
786 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); 794 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
795#endif
787 796
788 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 797 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
789 EVP_PKEY_free(pkey); 798 EVP_PKEY_free(pkey);
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 994473c0bd..086d394270 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -165,9 +165,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
165 } 165 }
166 bound[32] = 0; 166 bound[32] = 0;
167 BIO_printf(bio, "MIME-Version: 1.0\n"); 167 BIO_printf(bio, "MIME-Version: 1.0\n");
168 BIO_printf(bio, "Content-Type: multipart/signed ; "); 168 BIO_printf(bio, "Content-Type: multipart/signed;");
169 BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); 169 BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
170 BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); 170 BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
171 BIO_printf(bio, "This is an S/MIME signed message\n\n"); 171 BIO_printf(bio, "This is an S/MIME signed message\n\n");
172 /* Now write out the first part */ 172 /* Now write out the first part */
173 BIO_printf(bio, "------%s\n", bound); 173 BIO_printf(bio, "------%s\n", bound);
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index d716f9faeb..3d3214f5ee 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
153 PKCS7_SIGNER_INFO *si; 153 PKCS7_SIGNER_INFO *si;
154 X509_STORE_CTX cert_ctx; 154 X509_STORE_CTX cert_ctx;
155 char buf[4096]; 155 char buf[4096];
156 int i, j=0, k; 156 int i, j=0, k, ret = 0;
157 BIO *p7bio; 157 BIO *p7bio;
158 BIO *tmpout; 158 BIO *tmpout;
159 159
@@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
258 } 258 }
259 } 259 }
260 260
261 sk_X509_free(signers); 261 ret = 1;
262 if(indata) BIO_pop(p7bio);
263 BIO_free_all(p7bio);
264
265 return 1;
266 262
267 err: 263 err:
268 264
265 if(indata) BIO_pop(p7bio);
266 BIO_free_all(p7bio);
269 sk_X509_free(signers); 267 sk_X509_free(signers);
270 BIO_free(p7bio);
271 268
272 return 0; 269 return ret;
273} 270}
274 271
275STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) 272STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl
index 5f6199a35f..707eaac678 100644
--- a/src/lib/libcrypto/rand/Makefile.ssl
+++ b/src/lib/libcrypto/rand/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index d167dea77d..567838f6c3 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -482,12 +482,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
482 unpredictable */ 482 unpredictable */
483static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 483static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
484 { 484 {
485 int ret, err; 485 int ret;
486 486
487 ret = RAND_bytes(buf, num); 487 ret = RAND_bytes(buf, num);
488 if (ret == 0) 488 if (ret == 0)
489 { 489 {
490 err = ERR_peek_error(); 490 long err = ERR_peek_error();
491 if (ERR_GET_LIB(err) == ERR_LIB_RAND && 491 if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
492 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) 492 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
493 (void)ERR_get_error(); 493 (void)ERR_get_error();
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index eb9c8c034d..9c6052733e 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -59,6 +59,8 @@
59#ifndef HEADER_RAND_H 59#ifndef HEADER_RAND_H
60#define HEADER_RAND_H 60#define HEADER_RAND_H
61 61
62#include <stdlib.h>
63
62#ifdef __cplusplus 64#ifdef __cplusplus
63extern "C" { 65extern "C" {
64#endif 66#endif
@@ -89,7 +91,7 @@ void RAND_seed(const void *buf,int num);
89void RAND_add(const void *buf,int num,double entropy); 91void RAND_add(const void *buf,int num,double entropy);
90int RAND_load_file(const char *file,long max_bytes); 92int RAND_load_file(const char *file,long max_bytes);
91int RAND_write_file(const char *file); 93int RAND_write_file(const char *file);
92const char *RAND_file_name(char *file,int num); 94const char *RAND_file_name(char *file,size_t num);
93int RAND_status(void); 95int RAND_status(void);
94int RAND_egd(const char *path); 96int RAND_egd(const char *path);
95int RAND_egd_bytes(const char *path,int bytes); 97int RAND_egd_bytes(const char *path,int bytes);
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index 02a0d86fa3..79b5e6fa57 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -74,7 +74,14 @@ int RAND_egd_bytes(const char *path,int bytes)
74#include OPENSSL_UNISTD 74#include OPENSSL_UNISTD
75#include <sys/types.h> 75#include <sys/types.h>
76#include <sys/socket.h> 76#include <sys/socket.h>
77#ifndef NO_SYS_UN_H
77#include <sys/un.h> 78#include <sys/un.h>
79#else
80struct sockaddr_un {
81 short sun_family; /* AF_UNIX */
82 char sun_path[108]; /* path name (gag) */
83};
84#endif /* NO_SYS_UN_H */
78#include <string.h> 85#include <string.h>
79 86
80#ifndef offsetof 87#ifndef offsetof
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 9f2dcff9a9..3d137badd0 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -570,14 +570,15 @@ static void readtimer(void)
570 DWORD w; 570 DWORD w;
571 LARGE_INTEGER l; 571 LARGE_INTEGER l;
572 static int have_perfc = 1; 572 static int have_perfc = 1;
573#ifndef __GNUC__ 573#ifdef _MSC_VER
574 static int have_tsc = 1; 574 static int have_tsc = 1;
575 DWORD cyclecount; 575 DWORD cyclecount;
576 576
577 if (have_tsc) { 577 if (have_tsc) {
578 __try { 578 __try {
579 __asm { 579 __asm {
580 rdtsc 580 _emit 0x0f
581 _emit 0x31
581 mov cyclecount, eax 582 mov cyclecount, eax
582 } 583 }
583 RAND_add(&cyclecount, sizeof(cyclecount), 1); 584 RAND_add(&cyclecount, sizeof(cyclecount), 1);
@@ -725,8 +726,9 @@ int RAND_poll(void)
725 726
726#ifdef DEVRANDOM 727#ifdef DEVRANDOM
727 return 1; 728 return 1;
728#endif 729#else
729 return 0; 730 return 0;
731#endif
730} 732}
731 733
732#endif 734#endif
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 663a36cb70..f4376cf8cc 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -73,7 +73,7 @@
73# include <sys/stat.h> 73# include <sys/stat.h>
74#endif 74#endif
75 75
76#include <openssl/e_os.h> 76#include "openssl/e_os.h"
77#include <openssl/crypto.h> 77#include <openssl/crypto.h>
78#include <openssl/rand.h> 78#include <openssl/rand.h>
79 79
@@ -83,6 +83,9 @@
83 83
84/* #define RFILE ".rnd" - defined in ../../e_os.h */ 84/* #define RFILE ".rnd" - defined in ../../e_os.h */
85 85
86/* Note that these functions are intended for seed files only.
87 * Entropy devices and EGD sockets are handled in rand_unix.c */
88
86int RAND_load_file(const char *file, long bytes) 89int RAND_load_file(const char *file, long bytes)
87 { 90 {
88 /* If bytes >= 0, read up to 'bytes' bytes. 91 /* If bytes >= 0, read up to 'bytes' bytes.
@@ -213,7 +216,7 @@ err:
213 return (rand_err ? -1 : ret); 216 return (rand_err ? -1 : ret);
214 } 217 }
215 218
216const char *RAND_file_name(char *buf, int size) 219const char *RAND_file_name(char *buf, size_t size)
217 { 220 {
218 char *s = NULL; 221 char *s = NULL;
219 char *ret=NULL; 222 char *ret=NULL;
@@ -239,6 +242,8 @@ const char *RAND_file_name(char *buf, int size)
239 strlcat(buf,RFILE,size); 242 strlcat(buf,RFILE,size);
240 ret=buf; 243 ret=buf;
241 } 244 }
245 else
246 buf[0] = '\0'; /* no file name */
242 } 247 }
243 248
244#ifdef DEVRANDOM 249#ifdef DEVRANDOM
@@ -257,3 +262,4 @@ const char *RAND_file_name(char *buf, int size)
257#endif 262#endif
258 return(ret); 263 return(ret);
259 } 264 }
265
diff --git a/src/lib/libcrypto/rc2/Makefile.ssl b/src/lib/libcrypto/rc2/Makefile.ssl
index 9e94051cd7..39813d68be 100644
--- a/src/lib/libcrypto/rc2/Makefile.ssl
+++ b/src/lib/libcrypto/rc2/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl
index 8d2a795c22..e75858d3b9 100644
--- a/src/lib/libcrypto/rc4/Makefile.ssl
+++ b/src/lib/libcrypto/rc4/Makefile.ssl
@@ -47,7 +47,8 @@ all: lib
47 47
48lib: $(LIBOBJ) 48lib: $(LIBOBJ)
49 $(AR) $(LIB) $(LIBOBJ) 49 $(AR) $(LIB) $(LIBOBJ)
50 $(RANLIB) $(LIB) 50 @echo You may get an error following this line. Please ignore.
51 - $(RANLIB) $(LIB)
51 @touch lib 52 @touch lib
52 53
53# elf 54# elf
diff --git a/src/lib/libcrypto/rc5/Makefile.ssl b/src/lib/libcrypto/rc5/Makefile.ssl
index 5a54a162ba..c8ee124776 100644
--- a/src/lib/libcrypto/rc5/Makefile.ssl
+++ b/src/lib/libcrypto/rc5/Makefile.ssl
@@ -44,7 +44,8 @@ all: lib
44 44
45lib: $(LIBOBJ) 45lib: $(LIBOBJ)
46 $(AR) $(LIB) $(LIBOBJ) 46 $(AR) $(LIB) $(LIBOBJ)
47 $(RANLIB) $(LIB) 47 @echo You may get an error following this line. Please ignore.
48 - $(RANLIB) $(LIB)
48 @touch lib 49 @touch lib
49 50
50# elf 51# elf
diff --git a/src/lib/libcrypto/ripemd/Makefile.ssl b/src/lib/libcrypto/ripemd/Makefile.ssl
index de01a953ec..1550c32ca1 100644
--- a/src/lib/libcrypto/ripemd/Makefile.ssl
+++ b/src/lib/libcrypto/ripemd/Makefile.ssl
@@ -42,7 +42,8 @@ all: lib
42 42
43lib: $(LIBOBJ) 43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ) 44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) 45 @echo You may get an error following this line. Please ignore.
46 - $(RANLIB) $(LIB)
46 @touch lib 47 @touch lib
47 48
48# elf 49# elf
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
index c159eedafe..2bee181d4e 100644
--- a/src/lib/libcrypto/rsa/Makefile.ssl
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -41,7 +41,8 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 $(RANLIB) $(LIB) 44 @echo You may get an error following this line. Please ignore.
45 - $(RANLIB) $(LIB)
45 @touch lib 46 @touch lib
46 47
47files: 48files:
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index ccaa62b239..cde5ca27d5 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -141,9 +141,26 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
141 141
142 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 142 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
143 { 143 {
144 if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) 144 BN_MONT_CTX* bn_mont_ctx;
145 if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) 145 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
146 goto err; 146 goto err;
147 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
148 {
149 BN_MONT_CTX_free(bn_mont_ctx);
150 goto err;
151 }
152 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
153 {
154 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
155 if (rsa->_method_mod_n == NULL)
156 {
157 rsa->_method_mod_n = bn_mont_ctx;
158 bn_mont_ctx = NULL;
159 }
160 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
161 }
162 if (bn_mont_ctx)
163 BN_MONT_CTX_free(bn_mont_ctx);
147 } 164 }
148 165
149 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 166 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -378,9 +395,26 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
378 /* do the decrypt */ 395 /* do the decrypt */
379 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 396 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
380 { 397 {
381 if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) 398 BN_MONT_CTX* bn_mont_ctx;
382 if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) 399 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
383 goto err; 400 goto err;
401 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
402 {
403 BN_MONT_CTX_free(bn_mont_ctx);
404 goto err;
405 }
406 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
407 {
408 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
409 if (rsa->_method_mod_n == NULL)
410 {
411 rsa->_method_mod_n = bn_mont_ctx;
412 bn_mont_ctx = NULL;
413 }
414 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
415 }
416 if (bn_mont_ctx)
417 BN_MONT_CTX_free(bn_mont_ctx);
384 } 418 }
385 419
386 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 420 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -433,20 +467,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
433 { 467 {
434 if (rsa->_method_mod_p == NULL) 468 if (rsa->_method_mod_p == NULL)
435 { 469 {
436 if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL) 470 BN_MONT_CTX* bn_mont_ctx;
437 if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p, 471 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
438 ctx)) 472 goto err;
439 goto err; 473 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
474 {
475 BN_MONT_CTX_free(bn_mont_ctx);
476 goto err;
477 }
478 if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
479 {
480 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
481 if (rsa->_method_mod_p == NULL)
482 {
483 rsa->_method_mod_p = bn_mont_ctx;
484 bn_mont_ctx = NULL;
485 }
486 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
487 }
488 if (bn_mont_ctx)
489 BN_MONT_CTX_free(bn_mont_ctx);
440 } 490 }
491
441 if (rsa->_method_mod_q == NULL) 492 if (rsa->_method_mod_q == NULL)
442 { 493 {
443 if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL) 494 BN_MONT_CTX* bn_mont_ctx;
444 if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q, 495 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
445 ctx)) 496 goto err;
446 goto err; 497 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
498 {
499 BN_MONT_CTX_free(bn_mont_ctx);
500 goto err;
501 }
502 if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
503 {
504 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
505 if (rsa->_method_mod_q == NULL)
506 {
507 rsa->_method_mod_q = bn_mont_ctx;
508 bn_mont_ctx = NULL;
509 }
510 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
511 }
512 if (bn_mont_ctx)
513 BN_MONT_CTX_free(bn_mont_ctx);
447 } 514 }
448 } 515 }
449 516
450 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; 517 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
451 if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, 518 if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
452 rsa->_method_mod_q)) goto err; 519 rsa->_method_mod_q)) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 5e1e8fcdf3..94395cc22c 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -191,13 +191,13 @@ RSA *RSA_new_method(ENGINE *engine)
191 ret->blinding=NULL; 191 ret->blinding=NULL;
192 ret->bignum_data=NULL; 192 ret->bignum_data=NULL;
193 ret->flags=meth->flags; 193 ret->flags=meth->flags;
194 CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
194 if ((meth->init != NULL) && !meth->init(ret)) 195 if ((meth->init != NULL) && !meth->init(ret))
195 { 196 {
197 CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data);
196 OPENSSL_free(ret); 198 OPENSSL_free(ret);
197 ret=NULL; 199 ret=NULL;
198 } 200 }
199 else
200 CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
201 return(ret); 201 return(ret);
202 } 202 }
203 203
@@ -221,13 +221,13 @@ void RSA_free(RSA *r)
221 } 221 }
222#endif 222#endif
223 223
224 CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
225
226 meth = ENGINE_get_RSA(r->engine); 224 meth = ENGINE_get_RSA(r->engine);
227 if (meth->finish != NULL) 225 if (meth->finish != NULL)
228 meth->finish(r); 226 meth->finish(r);
229 ENGINE_finish(r->engine); 227 ENGINE_finish(r->engine);
230 228
229 CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
230
231 if (r->n != NULL) BN_clear_free(r->n); 231 if (r->n != NULL) BN_clear_free(r->n);
232 if (r->e != NULL) BN_clear_free(r->e); 232 if (r->e != NULL) BN_clear_free(r->e);
233 if (r->d != NULL) BN_clear_free(r->d); 233 if (r->d != NULL) BN_clear_free(r->d);
@@ -325,7 +325,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
325 325
326 BN_CTX_start(ctx); 326 BN_CTX_start(ctx);
327 A = BN_CTX_get(ctx); 327 A = BN_CTX_get(ctx);
328 if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; 328 if (!BN_rand_range(A,rsa->n)) goto err;
329 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; 329 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
330 330
331 if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A, 331 if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
diff --git a/src/lib/libcrypto/sha/Makefile.ssl b/src/lib/libcrypto/sha/Makefile.ssl
index 72acd8f046..790e572fa2 100644
--- a/src/lib/libcrypto/sha/Makefile.ssl
+++ b/src/lib/libcrypto/sha/Makefile.ssl
@@ -42,7 +42,8 @@ all: lib
42 42
43lib: $(LIBOBJ) 43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ) 44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) 45 @echo You may get an error following this line. Please ignore.
46 - $(RANLIB) $(LIB)
46 @touch lib 47 @touch lib
47 48
48# elf 49# elf
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
index 09df993ecd..fe51fd0794 100644
--- a/src/lib/libcrypto/sha/asm/sha1-586.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -317,7 +317,7 @@ sub BODY_60_79
317 317
318sub sha1_block_host 318sub sha1_block_host
319 { 319 {
320 local($name)=@_; 320 local($name, $sclabel)=@_;
321 321
322 &function_begin_B($name,""); 322 &function_begin_B($name,"");
323 323
@@ -352,7 +352,7 @@ sub sha1_block_host
352 &mov(&swtmp($i+0),$A); 352 &mov(&swtmp($i+0),$A);
353 &mov(&swtmp($i+1),$B); 353 &mov(&swtmp($i+1),$B);
354 } 354 }
355 &jmp(&label("shortcut")); 355 &jmp($sclabel);
356 &function_end_B($name); 356 &function_end_B($name);
357 } 357 }
358 358
@@ -529,10 +529,12 @@ sub sha1_block_data
529 &pop("esi"); 529 &pop("esi");
530 &ret(); 530 &ret();
531 531
532 # it has to reside within sha1_block_asm_host_order body 532 # keep a note of shortcut label so it can be used outside
533 # because it calls &jmp(&label("shortcut")); 533 # block.
534 &sha1_block_host("sha1_block_asm_host_order"); 534 my $sclabel = &label("shortcut");
535 535
536 &function_end_B($name); 536 &function_end_B($name);
537 # Putting this here avoids problems with MASM in debugging mode
538 &sha1_block_host("sha1_block_asm_host_order", $sclabel);
537 } 539 }
538 540
diff --git a/src/lib/libcrypto/stack/Makefile.ssl b/src/lib/libcrypto/stack/Makefile.ssl
index 86ed928750..c916fd5451 100644
--- a/src/lib/libcrypto/stack/Makefile.ssl
+++ b/src/lib/libcrypto/stack/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/txt_db/Makefile.ssl b/src/lib/libcrypto/txt_db/Makefile.ssl
index cb54d53323..ee054e91f2 100644
--- a/src/lib/libcrypto/txt_db/Makefile.ssl
+++ b/src/lib/libcrypto/txt_db/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c
new file mode 100644
index 0000000000..b5b61b76d4
--- /dev/null
+++ b/src/lib/libcrypto/uid.c
@@ -0,0 +1,88 @@
1/* crypto/uid.c */
2/* ====================================================================
3 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/crypto.h>
57
58#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
59
60#include <unistd.h>
61
62int OPENSSL_issetugid(void)
63 {
64 return issetugid();
65 }
66
67#elif defined(WIN32)
68
69int OPENSSL_issetugid(void)
70 {
71 return 0;
72 }
73
74#else
75
76#include <unistd.h>
77#include <sys/types.h>
78
79int OPENSSL_issetugid(void)
80 {
81 if (getuid() != geteuid()) return 1;
82 if (getgid() != getegid()) return 1;
83 return 0;
84 }
85#endif
86
87
88
diff --git a/src/lib/libcrypto/util/clean-depend.pl b/src/lib/libcrypto/util/clean-depend.pl
index af676af751..0193e726fe 100644
--- a/src/lib/libcrypto/util/clean-depend.pl
+++ b/src/lib/libcrypto/util/clean-depend.pl
@@ -15,8 +15,8 @@ while(<STDIN>) {
15 my ($file,$deps)=/^(.*): (.*)$/; 15 my ($file,$deps)=/^(.*): (.*)$/;
16 next if !defined $deps; 16 next if !defined $deps;
17 my @deps=split ' ',$deps; 17 my @deps=split ' ',$deps;
18 @deps=grep(!/^\/usr\/include/,@deps); 18 @deps=grep(!/^\//,@deps);
19 @deps=grep(!/^\/usr\/lib\/gcc-lib/,@deps); 19 @deps=grep(!/^\\$/,@deps);
20 push @{$files{$file}},@deps; 20 push @{$files{$file}},@deps;
21} 21}
22 22
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index e8eebbf50c..84ae840804 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -301,8 +301,8 @@ EVP_des_ede_cfb 308 EXIST::FUNCTION:DES
301EVP_des_ede_ofb 309 EXIST::FUNCTION:DES 301EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
302EVP_des_ofb 310 EXIST::FUNCTION:DES 302EVP_des_ofb 310 EXIST::FUNCTION:DES
303EVP_desx_cbc 311 EXIST::FUNCTION:DES 303EVP_desx_cbc 311 EXIST::FUNCTION:DES
304EVP_dss 312 EXIST::FUNCTION:DSA 304EVP_dss 312 EXIST::FUNCTION:DSA,SHA
305EVP_dss1 313 EXIST::FUNCTION:DSA 305EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
306EVP_enc_null 314 EXIST::FUNCTION: 306EVP_enc_null 314 EXIST::FUNCTION:
307EVP_get_cipherbyname 315 EXIST::FUNCTION: 307EVP_get_cipherbyname 315 EXIST::FUNCTION:
308EVP_get_digestbyname 316 EXIST::FUNCTION: 308EVP_get_digestbyname 316 EXIST::FUNCTION:
@@ -779,7 +779,7 @@ des_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES
779des_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES 779des_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES
780des_enc_read 788 EXIST::FUNCTION:DES 780des_enc_read 788 EXIST::FUNCTION:DES
781des_enc_write 789 EXIST::FUNCTION:DES 781des_enc_write 789 EXIST::FUNCTION:DES
782des_encrypt 790 EXIST::FUNCTION:DES 782des_encrypt1 790 EXIST::FUNCTION:DES
783des_encrypt2 791 EXIST::FUNCTION:DES 783des_encrypt2 791 EXIST::FUNCTION:DES
784des_encrypt3 792 EXIST::FUNCTION:DES 784des_encrypt3 792 EXIST::FUNCTION:DES
785des_fcrypt 793 EXIST::FUNCTION:DES 785des_fcrypt 793 EXIST::FUNCTION:DES
@@ -926,7 +926,7 @@ PKCS7_add_signature 938 EXIST::FUNCTION:
926PKCS7_cert_from_signer_info 939 EXIST::FUNCTION: 926PKCS7_cert_from_signer_info 939 EXIST::FUNCTION:
927PKCS7_get_signer_info 940 EXIST::FUNCTION: 927PKCS7_get_signer_info 940 EXIST::FUNCTION:
928EVP_delete_alias 941 NOEXIST::FUNCTION: 928EVP_delete_alias 941 NOEXIST::FUNCTION:
929EVP_mdc2 942 EXIST::FUNCTION: 929EVP_mdc2 942 EXIST::FUNCTION:MDC2
930PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA 930PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA
931PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA 931PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA
932d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA 932d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA
@@ -1870,61 +1870,64 @@ X509_keyid_set1 2460 EXIST::FUNCTION:
1870BIO_next 2461 EXIST::FUNCTION: 1870BIO_next 2461 EXIST::FUNCTION:
1871DSO_METHOD_vms 2462 EXIST::FUNCTION: 1871DSO_METHOD_vms 2462 EXIST::FUNCTION:
1872BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: 1872BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION:
1873ERR_load_ENGINE_strings 2464 EXIST::FUNCTION: 1873BN_bntest_rand 2464 EXIST::FUNCTION:
1874ENGINE_set_DSA 2465 EXIST::FUNCTION: 1874OPENSSL_issetugid 2465 EXIST::FUNCTION:
1875ENGINE_get_finish_function 2466 EXIST::FUNCTION: 1875BN_rand_range 2466 EXIST::FUNCTION:
1876ENGINE_get_default_RSA 2467 EXIST::FUNCTION: 1876ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:
1877ENGINE_get_BN_mod_exp 2468 EXIST::FUNCTION: 1877ENGINE_set_DSA 2468 EXIST::FUNCTION:
1878DSA_get_default_openssl_method 2469 EXIST::FUNCTION:DSA 1878ENGINE_get_finish_function 2469 EXIST::FUNCTION:
1879ENGINE_set_DH 2470 EXIST::FUNCTION: 1879ENGINE_get_default_RSA 2470 EXIST::FUNCTION:
1880ENGINE_set_default_BN_mod_exp_crt 2471 EXIST:!VMS:FUNCTION: 1880ENGINE_get_BN_mod_exp 2471 EXIST::FUNCTION:
1881ENGINE_set_def_BN_mod_exp_crt 2471 EXIST:VMS:FUNCTION: 1881DSA_get_default_openssl_method 2472 EXIST::FUNCTION:DSA
1882ENGINE_init 2472 EXIST::FUNCTION: 1882ENGINE_set_DH 2473 EXIST::FUNCTION:
1883DH_get_default_openssl_method 2473 EXIST::FUNCTION:DH 1883ENGINE_set_default_BN_mod_exp_crt 2474 EXIST:!VMS:FUNCTION:
1884RSA_set_default_openssl_method 2474 EXIST::FUNCTION:RSA 1884ENGINE_set_def_BN_mod_exp_crt 2474 EXIST:VMS:FUNCTION:
1885ENGINE_finish 2475 EXIST::FUNCTION: 1885ENGINE_init 2475 EXIST::FUNCTION:
1886ENGINE_load_public_key 2476 EXIST::FUNCTION: 1886DH_get_default_openssl_method 2476 EXIST::FUNCTION:DH
1887ENGINE_get_DH 2477 EXIST::FUNCTION: 1887RSA_set_default_openssl_method 2477 EXIST::FUNCTION:RSA
1888ENGINE_ctrl 2478 EXIST::FUNCTION: 1888ENGINE_finish 2478 EXIST::FUNCTION:
1889ENGINE_get_init_function 2479 EXIST::FUNCTION: 1889ENGINE_load_public_key 2479 EXIST::FUNCTION:
1890ENGINE_set_init_function 2480 EXIST::FUNCTION: 1890ENGINE_get_DH 2480 EXIST::FUNCTION:
1891ENGINE_set_default_DSA 2481 EXIST::FUNCTION: 1891ENGINE_ctrl 2481 EXIST::FUNCTION:
1892ENGINE_get_name 2482 EXIST::FUNCTION: 1892ENGINE_get_init_function 2482 EXIST::FUNCTION:
1893ENGINE_get_last 2483 EXIST::FUNCTION: 1893ENGINE_set_init_function 2483 EXIST::FUNCTION:
1894ENGINE_get_prev 2484 EXIST::FUNCTION: 1894ENGINE_set_default_DSA 2484 EXIST::FUNCTION:
1895ENGINE_get_default_DH 2485 EXIST::FUNCTION: 1895ENGINE_get_name 2485 EXIST::FUNCTION:
1896ENGINE_get_RSA 2486 EXIST::FUNCTION: 1896ENGINE_get_last 2486 EXIST::FUNCTION:
1897ENGINE_set_default 2487 EXIST::FUNCTION: 1897ENGINE_get_prev 2487 EXIST::FUNCTION:
1898ENGINE_get_RAND 2488 EXIST::FUNCTION: 1898ENGINE_get_default_DH 2488 EXIST::FUNCTION:
1899ENGINE_get_first 2489 EXIST::FUNCTION: 1899ENGINE_get_RSA 2489 EXIST::FUNCTION:
1900ENGINE_by_id 2490 EXIST::FUNCTION: 1900ENGINE_set_default 2490 EXIST::FUNCTION:
1901ENGINE_set_finish_function 2491 EXIST::FUNCTION: 1901ENGINE_get_RAND 2491 EXIST::FUNCTION:
1902ENGINE_get_default_BN_mod_exp_crt 2492 EXIST:!VMS:FUNCTION: 1902ENGINE_get_first 2492 EXIST::FUNCTION:
1903ENGINE_get_def_BN_mod_exp_crt 2492 EXIST:VMS:FUNCTION: 1903ENGINE_by_id 2493 EXIST::FUNCTION:
1904RSA_get_default_openssl_method 2493 EXIST::FUNCTION:RSA 1904ENGINE_set_finish_function 2494 EXIST::FUNCTION:
1905ENGINE_set_RSA 2494 EXIST::FUNCTION: 1905ENGINE_get_default_BN_mod_exp_crt 2495 EXIST:!VMS:FUNCTION:
1906ENGINE_load_private_key 2495 EXIST::FUNCTION: 1906ENGINE_get_def_BN_mod_exp_crt 2495 EXIST:VMS:FUNCTION:
1907ENGINE_set_default_RAND 2496 EXIST::FUNCTION: 1907RSA_get_default_openssl_method 2496 EXIST::FUNCTION:RSA
1908ENGINE_set_BN_mod_exp 2497 EXIST::FUNCTION: 1908ENGINE_set_RSA 2497 EXIST::FUNCTION:
1909ENGINE_remove 2498 EXIST::FUNCTION: 1909ENGINE_load_private_key 2498 EXIST::FUNCTION:
1910ENGINE_free 2499 EXIST::FUNCTION: 1910ENGINE_set_default_RAND 2499 EXIST::FUNCTION:
1911ENGINE_get_BN_mod_exp_crt 2500 EXIST::FUNCTION: 1911ENGINE_set_BN_mod_exp 2500 EXIST::FUNCTION:
1912ENGINE_get_next 2501 EXIST::FUNCTION: 1912ENGINE_remove 2501 EXIST::FUNCTION:
1913ENGINE_set_name 2502 EXIST::FUNCTION: 1913ENGINE_free 2502 EXIST::FUNCTION:
1914ENGINE_get_default_DSA 2503 EXIST::FUNCTION: 1914ENGINE_get_BN_mod_exp_crt 2503 EXIST::FUNCTION:
1915ENGINE_set_default_BN_mod_exp 2504 EXIST::FUNCTION: 1915ENGINE_get_next 2504 EXIST::FUNCTION:
1916ENGINE_set_default_RSA 2505 EXIST::FUNCTION: 1916ENGINE_set_name 2505 EXIST::FUNCTION:
1917ENGINE_get_default_RAND 2506 EXIST::FUNCTION: 1917ENGINE_get_default_DSA 2506 EXIST::FUNCTION:
1918ENGINE_get_default_BN_mod_exp 2507 EXIST::FUNCTION: 1918ENGINE_set_default_BN_mod_exp 2507 EXIST::FUNCTION:
1919ENGINE_set_RAND 2508 EXIST::FUNCTION: 1919ENGINE_set_default_RSA 2508 EXIST::FUNCTION:
1920ENGINE_set_id 2509 EXIST::FUNCTION: 1920ENGINE_get_default_RAND 2509 EXIST::FUNCTION:
1921ENGINE_set_BN_mod_exp_crt 2510 EXIST::FUNCTION: 1921ENGINE_get_default_BN_mod_exp 2510 EXIST::FUNCTION:
1922ENGINE_set_default_DH 2511 EXIST::FUNCTION: 1922ENGINE_set_RAND 2511 EXIST::FUNCTION:
1923ENGINE_new 2512 EXIST::FUNCTION: 1923ENGINE_set_id 2512 EXIST::FUNCTION:
1924ENGINE_get_id 2513 EXIST::FUNCTION: 1924ENGINE_set_BN_mod_exp_crt 2513 EXIST::FUNCTION:
1925DSA_set_default_openssl_method 2514 EXIST::FUNCTION:DSA 1925ENGINE_set_default_DH 2514 EXIST::FUNCTION:
1926ENGINE_add 2515 EXIST::FUNCTION: 1926ENGINE_new 2515 EXIST::FUNCTION:
1927DH_set_default_openssl_method 2516 EXIST::FUNCTION:DH 1927ENGINE_get_id 2516 EXIST::FUNCTION:
1928ENGINE_get_DSA 2517 EXIST::FUNCTION: 1928DSA_set_default_openssl_method 2517 EXIST::FUNCTION:DSA
1929ENGINE_get_ctrl_function 2518 EXIST::FUNCTION: 1929ENGINE_add 2518 EXIST::FUNCTION:
1930ENGINE_set_ctrl_function 2519 EXIST::FUNCTION: 1930DH_set_default_openssl_method 2519 EXIST::FUNCTION:DH
1931ENGINE_get_DSA 2520 EXIST::FUNCTION:
1932ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:
1933ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
index cc41a1813e..ba453358cf 100644
--- a/src/lib/libcrypto/util/mkdef.pl
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -119,7 +119,7 @@ foreach (@ARGV, split(/ /, $options))
119 elsif (/^no-rc4$/) { $no_rc4=1; } 119 elsif (/^no-rc4$/) { $no_rc4=1; }
120 elsif (/^no-rc5$/) { $no_rc5=1; } 120 elsif (/^no-rc5$/) { $no_rc5=1; }
121 elsif (/^no-idea$/) { $no_idea=1; } 121 elsif (/^no-idea$/) { $no_idea=1; }
122 elsif (/^no-des$/) { $no_des=1; } 122 elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; }
123 elsif (/^no-bf$/) { $no_bf=1; } 123 elsif (/^no-bf$/) { $no_bf=1; }
124 elsif (/^no-cast$/) { $no_cast=1; } 124 elsif (/^no-cast$/) { $no_cast=1; }
125 elsif (/^no-md2$/) { $no_md2=1; } 125 elsif (/^no-md2$/) { $no_md2=1; }
@@ -705,7 +705,8 @@ EOF
705 } else { 705 } else {
706 (my $n, my $i) = split /\\/, $nums{$s}; 706 (my $n, my $i) = split /\\/, $nums{$s};
707 my %pf = (); 707 my %pf = ();
708 my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1)); 708 my @p = split(/,/, ($i =~ /^[^:]*:([^:]*):/,$1));
709 my @a = split(/,/, ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1));
709 # @p_purged must contain hardware platforms only 710 # @p_purged must contain hardware platforms only
710 my @p_purged = (); 711 my @p_purged = ();
711 foreach $ptmp (@p) { 712 foreach $ptmp (@p) {
@@ -727,7 +728,26 @@ EOF
727 || (!$negatives 728 || (!$negatives
728 && ($rsaref || !grep(/^RSAREF$/,@p))) 729 && ($rsaref || !grep(/^RSAREF$/,@p)))
729 || ($negatives 730 || ($negatives
730 && (!$rsaref || !grep(/^!RSAREF$/,@p))))) { 731 && (!$rsaref || !grep(/^!RSAREF$/,@p))))
732 && (!@a || (!$no_rc2 || !grep(/^RC2$/,@a)))
733 && (!@a || (!$no_rc4 || !grep(/^RC4$/,@a)))
734 && (!@a || (!$no_rc5 || !grep(/^RC5$/,@a)))
735 && (!@a || (!$no_idea || !grep(/^IDEA$/,@a)))
736 && (!@a || (!$no_des || !grep(/^DES$/,@a)))
737 && (!@a || (!$no_bf || !grep(/^BF$/,@a)))
738 && (!@a || (!$no_cast || !grep(/^CAST$/,@a)))
739 && (!@a || (!$no_md2 || !grep(/^MD2$/,@a)))
740 && (!@a || (!$no_md4 || !grep(/^MD4$/,@a)))
741 && (!@a || (!$no_md5 || !grep(/^MD5$/,@a)))
742 && (!@a || (!$no_sha || !grep(/^SHA$/,@a)))
743 && (!@a || (!$no_ripemd || !grep(/^RIPEMD$/,@a)))
744 && (!@a || (!$no_mdc2 || !grep(/^MDC2$/,@a)))
745 && (!@a || (!$no_rsa || !grep(/^RSA$/,@a)))
746 && (!@a || (!$no_dsa || !grep(/^DSA$/,@a)))
747 && (!@a || (!$no_dh || !grep(/^DH$/,@a)))
748 && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a)))
749 && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a)))
750 ) {
731 printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n; 751 printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n;
732# } else { 752# } else {
733# print STDERR "DEBUG: \"$sym\" (@p):", 753# print STDERR "DEBUG: \"$sym\" (@p):",
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
index d7b997ada7..9e9c9a5146 100644
--- a/src/lib/libcrypto/util/mklink.pl
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -48,8 +48,13 @@ foreach $dirname (@from_path) {
48my $to = join('/', @to_path); 48my $to = join('/', @to_path);
49 49
50my $file; 50my $file;
51$symlink_exists=eval {symlink("",""); 1};
51foreach $file (@files) { 52foreach $file (@files) {
52 my $err = ""; 53 my $err = "";
53 symlink("$to/$file", "$from/$file") or $err = " [$!]"; 54 if ($symlink_exists) {
55 symlink("$to/$file", "$from/$file") or $err = " [$!]";
56 } else {
57 system ("cp", "$file", "$from/$file") and $err = " [$!]";
58 }
54 print $file . " => $from/$file$err\n"; 59 print $file . " => $from/$file$err\n";
55} 60}
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
index f5ec0767ed..c6b64add60 100644
--- a/src/lib/libcrypto/util/pod2man.pl
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -416,6 +416,8 @@ if ($name ne 'something') {
416 warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n" 416 warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
417 } 417 }
418 else { 418 else {
419 $n[0] =~ s/\n/ /;
420 $n[1] =~ s/\n/ /;
419 %namedesc = @n; 421 %namedesc = @n;
420 } 422 }
421 } 423 }
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
index 4619693733..79f09d4f71 100644
--- a/src/lib/libcrypto/x509/Makefile.ssl
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -49,7 +49,8 @@ all: lib
49 49
50lib: $(LIBOBJ) 50lib: $(LIBOBJ)
51 $(AR) $(LIB) $(LIBOBJ) 51 $(AR) $(LIB) $(LIBOBJ)
52 $(RANLIB) $(LIB) 52 @echo You may get an error following this line. Please ignore.
53 - $(RANLIB) $(LIB)
53 @touch lib 54 @touch lib
54 55
55files: 56files:
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index cac64a6f40..448bd7e69c 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -327,7 +327,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
327 * it out again */ 327 * it out again */
328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); 328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
329 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); 329 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
330 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i); 330 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
331 else tmp = NULL; 331 else tmp = NULL;
332 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); 332 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
333 333
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index b147d573d2..3f9f9b3d47 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x)
199 { 199 {
200 unsigned long ret=0; 200 unsigned long ret=0;
201 unsigned char md[16]; 201 unsigned char md[16];
202 unsigned char str[256],*p,*pp;
203 int i;
204
205 i=i2d_X509_NAME(x,NULL);
206 if (i > sizeof(str))
207 p=OPENSSL_malloc(i);
208 else
209 p=str;
210 202
211 pp=p; 203 /* Ensure cached version is up to date */
212 i2d_X509_NAME(x,&pp); 204 i2d_X509_NAME(x,NULL);
213 MD5((unsigned char *)p,i,&(md[0])); 205 /* Use cached encoding directly rather than copying: this should
214 if (p != str) OPENSSL_free(p); 206 * keep libsafe happy.
207 */
208 MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
215 209
216 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 210 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
217 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 211 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
index f7c3a6ca13..236e13af4e 100644
--- a/src/lib/libcrypto/x509v3/Makefile.ssl
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -43,7 +43,8 @@ all: lib
43 43
44lib: $(LIBOBJ) 44lib: $(LIBOBJ)
45 $(AR) $(LIB) $(LIBOBJ) 45 $(AR) $(LIB) $(LIBOBJ)
46 $(RANLIB) $(LIB) 46 @echo You may get an error following this line. Please ignore.
47 - $(RANLIB) $(LIB)
47 @touch lib 48 @touch lib
48 49
49files: 50files:
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 733919f250..94bebcd448 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -270,7 +270,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
270 /* Now add any email address(es) to STACK */ 270 /* Now add any email address(es) to STACK */
271 i = -1; 271 i = -1;
272 while((i = X509_NAME_get_index_by_NID(nm, 272 while((i = X509_NAME_get_index_by_NID(nm,
273 NID_pkcs9_emailAddress, i)) > 0) { 273 NID_pkcs9_emailAddress, i)) >= 0) {
274 ne = X509_NAME_get_entry(nm, i); 274 ne = X509_NAME_get_entry(nm, i);
275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); 275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
276 if(!email || !(gen = GENERAL_NAME_new())) { 276 if(!email || !(gen = GENERAL_NAME_new())) {
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index dbc4fb1f16..14b804c4ad 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
85 else BIO_printf(out, "%s:%s", nval->name, nval->value); 85 else BIO_printf(out, "%s:%s", nval->name, nval->value);
86#else 86#else
87 else { 87 else {
88 char tmp[10240]; /* 10k is BIO_printf's limit anyway */ 88 int len;
89 ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); 89 char *tmp;
90 BIO_printf(out, "%s:%s", nval->name, tmp); 90 len = strlen(nval->value)+1;
91 tmp = OPENSSL_malloc(len);
92 if (tmp)
93 {
94 ascii2ebcdic(tmp, nval->value, len);
95 BIO_printf(out, "%s:%s", nval->name, tmp);
96 OPENSSL_free(tmp);
97 }
91 } 98 }
92#endif 99#endif
93 if(ml) BIO_puts(out, "\n"); 100 if(ml) BIO_puts(out, "\n");
@@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
115 BIO_printf(out, "%*s%s", indent, "", value); 122 BIO_printf(out, "%*s%s", indent, "", value);
116#else 123#else
117 { 124 {
118 char tmp[10240]; /* 10k is BIO_printf's limit anyway */ 125 int len;
119 ascii2ebcdic(tmp, value, strlen(value)+1); 126 char *tmp;
120 BIO_printf(out, "%*s%s", indent, "", tmp); 127 len = strlen(value)+1;
128 tmp = OPENSSL_malloc(len);
129 if (tmp)
130 {
131 ascii2ebcdic(tmp, value, len);
132 BIO_printf(out, "%*s%s", indent, "", tmp);
133 OPENSSL_free(tmp);
134 }
121 } 135 }
122#endif 136#endif
123 } else if(method->i2v) { 137 } else if(method->i2v) {
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 867699b26f..8aecd00e63 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -362,6 +362,8 @@ static int ca_check(const X509 *x)
362 else return 0; 362 else return 0;
363 } else { 363 } else {
364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
365 /* If key usage present it must have certSign so tolerate it */
366 else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
365 else return 2; 367 else return 2;
366 } 368 }
367} 369}
@@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x)
380 if(ca_ret != 2) return ca_ret; 382 if(ca_ret != 2) return ca_ret;
381 else return 0; 383 else return 0;
382} 384}
383 385
384 386
385static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) 387static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
386{ 388{
@@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
446 int ret; 448 int ret;
447 ret = purpose_smime(x, ca); 449 ret = purpose_smime(x, ca);
448 if(!ret || ca) return ret; 450 if(!ret || ca) return ret;
449 if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; 451 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
450 return ret; 452 return ret;
451} 453}
452 454
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index bdd5f7bdd0..3fd259ac32 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/crypto/Makefile b/src/lib/libssl/crypto/Makefile
index a44392a9bd..a05ac78e0e 100644
--- a/src/lib/libssl/crypto/Makefile
+++ b/src/lib/libssl/crypto/Makefile
@@ -29,7 +29,7 @@ CFLAGS+= -DNO_RC5
29CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} 29CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}
30CFLAGS+= -I${LCRYPTO_SRC} 30CFLAGS+= -I${LCRYPTO_SRC}
31CFLAGS+= -I${LCRYPTO_INC} 31CFLAGS+= -I${LCRYPTO_INC}
32SRCS+= cryptlib.c ex_data.c cpt_err.c mem.c mem_dbg.c tmdiff.c cversion.c 32SRCS+= cryptlib.c ex_data.c cpt_err.c mem.c mem_dbg.c tmdiff.c cversion.c uid.c
33CFLAGS+= -I${LCRYPTO_SRC}/md2 33CFLAGS+= -I${LCRYPTO_SRC}/md2
34SRCS+= md2_dgst.c md2_one.c 34SRCS+= md2_dgst.c md2_one.c
35CFLAGS+= -I${LCRYPTO_SRC}/md5 35CFLAGS+= -I${LCRYPTO_SRC}/md5
diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version
index 890c57389b..3066b9771e 100644
--- a/src/lib/libssl/crypto/shlib_version
+++ b/src/lib/libssl/crypto/shlib_version
@@ -1,2 +1,2 @@
1major=4 1major=5
2minor=1 2minor=0
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
index dded7a19c5..ad2d8dadf7 100644
--- a/src/lib/libssl/s23_lib.c
+++ b/src/lib/libssl/s23_lib.c
@@ -63,6 +63,7 @@
63static int ssl23_num_ciphers(void ); 63static int ssl23_num_ciphers(void );
64static SSL_CIPHER *ssl23_get_cipher(unsigned int u); 64static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
65static int ssl23_read(SSL *s, void *buf, int len); 65static int ssl23_read(SSL *s, void *buf, int len);
66static int ssl23_peek(SSL *s, void *buf, int len);
66static int ssl23_write(SSL *s, const void *buf, int len); 67static int ssl23_write(SSL *s, const void *buf, int len);
67static long ssl23_default_timeout(void ); 68static long ssl23_default_timeout(void );
68static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 69static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
@@ -77,7 +78,7 @@ static SSL_METHOD SSLv23_data= {
77 ssl_undefined_function, 78 ssl_undefined_function,
78 ssl_undefined_function, 79 ssl_undefined_function,
79 ssl23_read, 80 ssl23_read,
80 (int (*)(struct ssl_st *, char *, int))ssl_undefined_function, 81 ssl23_peek,
81 ssl23_write, 82 ssl23_write,
82 ssl_undefined_function, 83 ssl_undefined_function,
83 ssl_undefined_function, 84 ssl_undefined_function,
@@ -169,13 +170,6 @@ static int ssl23_read(SSL *s, void *buf, int len)
169 { 170 {
170 int n; 171 int n;
171 172
172#if 0
173 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
174 {
175 s->rwstate=SSL_NOTHING;
176 return(0);
177 }
178#endif
179 clear_sys_error(); 173 clear_sys_error();
180 if (SSL_in_init(s) && (!s->in_handshake)) 174 if (SSL_in_init(s) && (!s->in_handshake))
181 { 175 {
@@ -195,17 +189,33 @@ static int ssl23_read(SSL *s, void *buf, int len)
195 } 189 }
196 } 190 }
197 191
198static int ssl23_write(SSL *s, const void *buf, int len) 192static int ssl23_peek(SSL *s, void *buf, int len)
199 { 193 {
200 int n; 194 int n;
201 195
202#if 0 196 clear_sys_error();
203 if (s->shutdown & SSL_SENT_SHUTDOWN) 197 if (SSL_in_init(s) && (!s->in_handshake))
198 {
199 n=s->handshake_func(s);
200 if (n < 0) return(n);
201 if (n == 0)
202 {
203 SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
204 return(-1);
205 }
206 return(SSL_peek(s,buf,len));
207 }
208 else
204 { 209 {
205 s->rwstate=SSL_NOTHING; 210 ssl_undefined_function(s);
206 return(0); 211 return(-1);
207 } 212 }
208#endif 213 }
214
215static int ssl23_write(SSL *s, const void *buf, int len)
216 {
217 int n;
218
209 clear_sys_error(); 219 clear_sys_error();
210 if (SSL_in_init(s) && (!s->in_handshake)) 220 if (SSL_in_init(s) && (!s->in_handshake))
211 { 221 {
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index d92c164b0f..10d8d3b15a 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -365,7 +365,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
365 while (s->init_num < 4) 365 while (s->init_num < 4)
366 { 366 {
367 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], 367 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
368 4 - s->init_num); 368 4 - s->init_num, 0);
369 if (i <= 0) 369 if (i <= 0)
370 { 370 {
371 s->rwstate=SSL_READING; 371 s->rwstate=SSL_READING;
@@ -434,7 +434,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
434 n=s->s3->tmp.message_size; 434 n=s->s3->tmp.message_size;
435 while (n > 0) 435 while (n > 0)
436 { 436 {
437 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n); 437 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
438 if (i <= 0) 438 if (i <= 0)
439 { 439 {
440 s->rwstate=SSL_READING; 440 s->rwstate=SSL_READING;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 62040f9f1d..eec45cfa48 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -815,6 +815,7 @@ static int ssl3_get_server_certificate(SSL *s)
815 X509_free(s->session->peer); 815 X509_free(s->session->peer);
816 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 816 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
817 s->session->peer=x; 817 s->session->peer=x;
818 s->session->verify_result = s->verify_result;
818 819
819 x=NULL; 820 x=NULL;
820 ret=1; 821 ret=1;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index cee2021b6b..c32c06de32 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include <openssl/md5.h> 113#include <openssl/md5.h>
@@ -638,10 +691,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
638 return(NULL); 691 return(NULL);
639 } 692 }
640 693
641/* The problem is that it may not be the correct record type */
642int ssl3_pending(SSL *s) 694int ssl3_pending(SSL *s)
643 { 695 {
644 return(s->s3->rrec.length); 696 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
645 } 697 }
646 698
647int ssl3_new(SSL *s) 699int ssl3_new(SSL *s)
@@ -1189,7 +1241,7 @@ int ssl3_shutdown(SSL *s)
1189 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 1241 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1190 { 1242 {
1191 /* If we are waiting for a close from our peer, we are closed */ 1243 /* If we are waiting for a close from our peer, we are closed */
1192 ssl3_read_bytes(s,0,NULL,0); 1244 ssl3_read_bytes(s,0,NULL,0,0);
1193 } 1245 }
1194 1246
1195 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 1247 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -1252,14 +1304,14 @@ int ssl3_write(SSL *s, const void *buf, int len)
1252 return(ret); 1304 return(ret);
1253 } 1305 }
1254 1306
1255int ssl3_read(SSL *s, void *buf, int len) 1307static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
1256 { 1308 {
1257 int ret; 1309 int ret;
1258 1310
1259 clear_sys_error(); 1311 clear_sys_error();
1260 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 1312 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1261 s->s3->in_read_app_data=1; 1313 s->s3->in_read_app_data=1;
1262 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1314 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1263 if ((ret == -1) && (s->s3->in_read_app_data == 0)) 1315 if ((ret == -1) && (s->s3->in_read_app_data == 0))
1264 { 1316 {
1265 /* ssl3_read_bytes decided to call s->handshake_func, which 1317 /* ssl3_read_bytes decided to call s->handshake_func, which
@@ -1269,7 +1321,7 @@ int ssl3_read(SSL *s, void *buf, int len)
1269 * by resetting 'in_read_app_data', strangely); so disable 1321 * by resetting 'in_read_app_data', strangely); so disable
1270 * handshake processing and try to read application data again. */ 1322 * handshake processing and try to read application data again. */
1271 s->in_handshake++; 1323 s->in_handshake++;
1272 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1324 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1273 s->in_handshake--; 1325 s->in_handshake--;
1274 } 1326 }
1275 else 1327 else
@@ -1278,26 +1330,14 @@ int ssl3_read(SSL *s, void *buf, int len)
1278 return(ret); 1330 return(ret);
1279 } 1331 }
1280 1332
1281int ssl3_peek(SSL *s, char *buf, int len) 1333int ssl3_read(SSL *s, void *buf, int len)
1282 { 1334 {
1283 SSL3_RECORD *rr; 1335 return ssl3_read_internal(s, buf, len, 0);
1284 int n; 1336 }
1285
1286 rr= &(s->s3->rrec);
1287 if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
1288 {
1289 n=ssl3_read(s,buf,1);
1290 if (n <= 0) return(n);
1291 rr->length++;
1292 rr->off--;
1293 }
1294 1337
1295 if ((unsigned int)len > rr->length) 1338int ssl3_peek(SSL *s, void *buf, int len)
1296 n=rr->length; 1339 {
1297 else 1340 return ssl3_read_internal(s, buf, len, 1);
1298 n=len;
1299 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
1300 return(n);
1301 } 1341 }
1302 1342
1303int ssl3_renegotiate(SSL *s) 1343int ssl3_renegotiate(SSL *s)
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 1414079853..9ab76604a6 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -704,7 +704,7 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
704 * Application data protocol 704 * Application data protocol
705 * none of our business 705 * none of our business
706 */ 706 */
707int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) 707int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
708 { 708 {
709 int al,i,j,ret; 709 int al,i,j,ret;
710 unsigned int n; 710 unsigned int n;
@@ -715,7 +715,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
715 if (!ssl3_setup_buffers(s)) 715 if (!ssl3_setup_buffers(s))
716 return(-1); 716 return(-1);
717 717
718 if ((type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) 718 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
719 (peek && (type != SSL3_RT_APPLICATION_DATA)))
719 { 720 {
720 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR); 721 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
721 return -1; 722 return -1;
@@ -728,6 +729,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
728 unsigned char *dst = buf; 729 unsigned char *dst = buf;
729 unsigned int k; 730 unsigned int k;
730 731
732 /* peek == 0 */
731 n = 0; 733 n = 0;
732 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) 734 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
733 { 735 {
@@ -763,7 +765,7 @@ start:
763 * s->s3->rrec.length, - number of bytes. */ 765 * s->s3->rrec.length, - number of bytes. */
764 rr = &(s->s3->rrec); 766 rr = &(s->s3->rrec);
765 767
766 /* get new packet */ 768 /* get new packet if necessary */
767 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 769 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
768 { 770 {
769 ret=ssl3_get_record(s); 771 ret=ssl3_get_record(s);
@@ -781,7 +783,8 @@ start:
781 goto err; 783 goto err;
782 } 784 }
783 785
784 /* If the other end has shutdown, throw anything we read away */ 786 /* If the other end has shut down, throw anything we read away
787 * (even in 'peek' mode) */
785 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 788 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
786 { 789 {
787 rr->length=0; 790 rr->length=0;
@@ -810,12 +813,15 @@ start:
810 n = (unsigned int)len; 813 n = (unsigned int)len;
811 814
812 memcpy(buf,&(rr->data[rr->off]),n); 815 memcpy(buf,&(rr->data[rr->off]),n);
813 rr->length-=n; 816 if (!peek)
814 rr->off+=n;
815 if (rr->length == 0)
816 { 817 {
817 s->rstate=SSL_ST_READ_HEADER; 818 rr->length-=n;
818 rr->off=0; 819 rr->off+=n;
820 if (rr->length == 0)
821 {
822 s->rstate=SSL_ST_READ_HEADER;
823 rr->off=0;
824 }
819 } 825 }
820 return(n); 826 return(n);
821 } 827 }
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
index 890c57389b..3066b9771e 100644
--- a/src/lib/libssl/shlib_version
+++ b/src/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
1major=4 1major=5
2minor=1 2minor=0
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 87853c3b29..08ef8508d8 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,291 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
6
7 *) Fix a couple of memory leaks in PKCS7_dataDecode()
8 [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
9
10 *) Change Configure and Makefiles to provide EXE_EXT, which will contain
11 the default extension for executables, if any. Also, make the perl
12 scripts that use symlink() to test if it really exists and use "cp"
13 if it doesn't. All this made OpenSSL compilable and installable in
14 CygWin.
15 [Richard Levitte]
16
17 *) Fix for asn1_GetSequence() for indefinite length constructed data.
18 If SEQUENCE is length is indefinite just set c->slen to the total
19 amount of data available.
20 [Steve Henson, reported by shige@FreeBSD.org]
21 [This change does not apply to 0.9.7.]
22
23 *) Change bctest to avoid here-documents inside command substitution
24 (workaround for FreeBSD /bin/sh bug).
25 For compatibility with Ultrix, avoid shell functions (introduced
26 in the bctest version that searches along $PATH).
27 [Bodo Moeller]
28
29 *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
30 with des_encrypt() defined on some operating systems, like Solaris
31 and UnixWare.
32 [Richard Levitte]
33
34 *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
35 On the Importance of Eliminating Errors in Cryptographic
36 Computations, J. Cryptology 14 (2001) 2, 101-119,
37 http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
38 [Ulf Moeller]
39
40 *) MIPS assembler BIGNUM division bug fix.
41 [Andy Polyakov]
42
43 *) Disabled incorrect Alpha assembler code.
44 [Richard Levitte]
45
46 *) Fix PKCS#7 decode routines so they correctly update the length
47 after reading an EOC for the EXPLICIT tag.
48 [Steve Henson]
49 [This change does not apply to 0.9.7.]
50
51 *) Fix bug in PKCS#12 key generation routines. This was triggered
52 if a 3DES key was generated with a 0 initial byte. Include
53 PKCS12_BROKEN_KEYGEN compilation option to retain the old
54 (but broken) behaviour.
55 [Steve Henson]
56
57 *) Enhance bctest to search for a working bc along $PATH and print
58 it when found.
59 [Tim Rice <tim@multitalents.net> via Richard Levitte]
60
61 *) Fix memory leaks in err.c: free err_data string if necessary;
62 don't write to the wrong index in ERR_set_error_data.
63 [Bodo Moeller]
64
65 *) Implement ssl23_peek (analogous to ssl23_read), which previously
66 did not exist.
67 [Bodo Moeller]
68
69 *) Replace rdtsc with _emit statements for VC++ version 5.
70 [Jeremy Cooper <jeremy@baymoo.org>]
71
72 *) Make it possible to reuse SSLv2 sessions.
73 [Richard Levitte]
74
75 *) In copy_email() check for >= 0 as a return value for
76 X509_NAME_get_index_by_NID() since 0 is a valid index.
77 [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
78
79 *) Avoid coredump with unsupported or invalid public keys by checking if
80 X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
81 PKCS7_verify() fails with non detached data.
82 [Steve Henson]
83
84 *) Don't use getenv in library functions when run as setuid/setgid.
85 New function OPENSSL_issetugid().
86 [Ulf Moeller]
87
88 *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
89 due to incorrect handling of multi-threading:
90
91 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
92
93 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
94
95 3. Count how many times MemCheck_off() has been called so that
96 nested use can be treated correctly. This also avoids
97 inband-signalling in the previous code (which relied on the
98 assumption that thread ID 0 is impossible).
99 [Bodo Moeller]
100
101 *) Add "-rand" option also to s_client and s_server.
102 [Lutz Jaenicke]
103
104 *) Fix CPU detection on Irix 6.x.
105 [Kurt Hockenbury <khockenb@stevens-tech.edu> and
106 "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
107
108 *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
109 was empty.
110 [Steve Henson]
111 [This change does not apply to 0.9.7.]
112
113 *) Use the cached encoding of an X509_NAME structure rather than
114 copying it. This is apparently the reason for the libsafe "errors"
115 but the code is actually correct.
116 [Steve Henson]
117
118 *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
119 Bleichenbacher's DSA attack.
120 Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
121 to be set and top=0 forces the highest bit to be set; top=-1 is new
122 and leaves the highest bit random.
123 [Ulf Moeller, Bodo Moeller]
124
125 *) In the NCONF_...-based implementations for CONF_... queries
126 (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
127 a temporary CONF structure with the data component set to NULL
128 (which gives segmentation faults in lh_retrieve).
129 Instead, use NULL for the CONF pointer in CONF_get_string and
130 CONF_get_number (which may use environment variables) and directly
131 return NULL from CONF_get_section.
132 [Bodo Moeller]
133
134 *) Fix potential buffer overrun for EBCDIC.
135 [Ulf Moeller]
136
137 *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
138 keyUsage if basicConstraints absent for a CA.
139 [Steve Henson]
140
141 *) Make SMIME_write_PKCS7() write mail header values with a format that
142 is more generally accepted (no spaces before the semicolon), since
143 some programs can't parse those values properly otherwise. Also make
144 sure BIO's that break lines after each write do not create invalid
145 headers.
146 [Richard Levitte]
147
148 *) Make the CRL encoding routines work with empty SEQUENCE OF. The
149 macros previously used would not encode an empty SEQUENCE OF
150 and break the signature.
151 [Steve Henson]
152 [This change does not apply to 0.9.7.]
153
154 *) Zero the premaster secret after deriving the master secret in
155 DH ciphersuites.
156 [Steve Henson]
157
158 *) Add some EVP_add_digest_alias registrations (as found in
159 OpenSSL_add_all_digests()) to SSL_library_init()
160 aka OpenSSL_add_ssl_algorithms(). This provides improved
161 compatibility with peers using X.509 certificates
162 with unconventional AlgorithmIdentifier OIDs.
163 [Bodo Moeller]
164
165 *) Fix for Irix with NO_ASM.
166 ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
167
168 *) ./config script fixes.
169 [Ulf Moeller, Richard Levitte]
170
171 *) Fix 'openssl passwd -1'.
172 [Bodo Moeller]
173
174 *) Change PKCS12_key_gen_asc() so it can cope with non null
175 terminated strings whose length is passed in the passlen
176 parameter, for example from PEM callbacks. This was done
177 by adding an extra length parameter to asc2uni().
178 [Steve Henson, reported by <oddissey@samsung.co.kr>]
179
180 *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
181 call failed, free the DSA structure.
182 [Bodo Moeller]
183
184 *) Fix to uni2asc() to cope with zero length Unicode strings.
185 These are present in some PKCS#12 files.
186 [Steve Henson]
187
188 *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
189 Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
190 when writing a 32767 byte record.
191 [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
192
193 *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
194 obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
195
196 (RSA objects have a reference count access to which is protected
197 by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
198 so they are meant to be shared between threads.)
199 [Bodo Moeller, Geoff Thorpe; original patch submitted by
200 "Reddie, Steven" <Steven.Reddie@ca.com>]
201
202 *) Fix a deadlock in CRYPTO_mem_leaks().
203 [Bodo Moeller]
204
205 *) Use better test patterns in bntest.
206 [Ulf Möller]
207
208 *) rand_win.c fix for Borland C.
209 [Ulf Möller]
210
211 *) BN_rshift bugfix for n == 0.
212 [Bodo Moeller]
213
214 *) Add a 'bctest' script that checks for some known 'bc' bugs
215 so that 'make test' does not abort just because 'bc' is broken.
216 [Bodo Moeller]
217
218 *) Store verify_result within SSL_SESSION also for client side to
219 avoid potential security hole. (Re-used sessions on the client side
220 always resulted in verify_result==X509_V_OK, not using the original
221 result of the server certificate verification.)
222 [Lutz Jaenicke]
223
224 *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
225 SSL3_RT_APPLICATION_DATA, return 0.
226 Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
227 [Bodo Moeller]
228
229 *) Fix SSL_peek:
230 Both ssl2_peek and ssl3_peek, which were totally broken in earlier
231 releases, have been re-implemented by renaming the previous
232 implementations of ssl2_read and ssl3_read to ssl2_read_internal
233 and ssl3_read_internal, respectively, and adding 'peek' parameters
234 to them. The new ssl[23]_{read,peek} functions are calls to
235 ssl[23]_read_internal with the 'peek' flag set appropriately.
236 A 'peek' parameter has also been added to ssl3_read_bytes, which
237 does the actual work for ssl3_read_internal.
238 [Bodo Moeller]
239
240 *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
241 the method-specific "init()" handler. Also clean up ex_data after
242 calling the method-specific "finish()" handler. Previously, this was
243 happening the other way round.
244 [Geoff Thorpe]
245
246 *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
247 The previous value, 12, was not always sufficient for BN_mod_exp().
248 [Bodo Moeller]
249
250 *) Make sure that shared libraries get the internal name engine with
251 the full version number and not just 0. This should mark the
252 shared libraries as not backward compatible. Of course, this should
253 be changed again when we can guarantee backward binary compatibility.
254 [Richard Levitte]
255
256 *) Fix typo in get_cert_by_subject() in by_dir.c
257 [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
258
259 *) Rework the system to generate shared libraries:
260
261 - Make note of the expected extension for the shared libraries and
262 if there is a need for symbolic links from for example libcrypto.so.0
263 to libcrypto.so.0.9.7. There is extended info in Configure for
264 that.
265
266 - Make as few rebuilds of the shared libraries as possible.
267
268 - Still avoid linking the OpenSSL programs with the shared libraries.
269
270 - When installing, install the shared libraries separately from the
271 static ones.
272 [Richard Levitte]
273
274 *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
275
276 Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
277 and not in SSL_clear because the latter is also used by the
278 accept/connect functions; previously, the settings made by
279 SSL_set_read_ahead would be lost during the handshake.
280 [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
281
282 *) Correct util/mkdef.pl to be selective about disabled algorithms.
283 Previously, it would create entries for disableed algorithms no
284 matter what.
285 [Richard Levitte]
286
287 *) Added several new manual pages for SSL_* function.
288 [Lutz Jaenicke]
289
5 Changes between 0.9.5a and 0.9.6 [24 Sep 2000] 290 Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
6 291
7 *) In ssl23_get_client_hello, generate an error message when faced 292 *) In ssl23_get_client_hello, generate an error message when faced
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index eed48cfd3c..98bc46bf87 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -98,6 +98,11 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
98my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; 98my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
99my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; 99my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
100 100
101my $mips3_irix_asm="asm/mips3.o::::::::";
102# There seems to be boundary faults in asm/alpha.s.
103#my $alpha_asm="asm/alpha.o::::::::";
104my $alpha_asm="::::::::";
105
101# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. 106# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
102# So the md5_locl.h file has an undef B_ENDIAN if sun is defined 107# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
103 108
@@ -136,32 +141,32 @@ my %table=(
136# surrounds it with #APP #NO_APP comment pair which (at least Solaris 141# surrounds it with #APP #NO_APP comment pair which (at least Solaris
137# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" 142# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
138# error message. 143# error message.
139"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC", 144"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
140 145
141#### SPARC Solaris with GNU C setups 146#### SPARC Solaris with GNU C setups
142"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC", 147"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
143"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC", 148"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
144"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC", 149"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
145# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 150# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
146# but keep the assembler modules. 151# but keep the assembler modules.
147"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC", 152"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
148#### 153####
149"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC", 154"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
150"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC", 155"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
151 156
152#### SPARC Solaris with Sun C setups 157#### SPARC Solaris with Sun C setups
153# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests 158# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
154"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC", 159"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
155# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. 160# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
156# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 161# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
157# SC5.0 note: Compiler common patch 107357-01 or later is required! 162# SC5.0 note: Compiler common patch 107357-01 or later is required!
158"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC", 163"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
159"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC", 164"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
160"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC", 165"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
161"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC", 166"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
162#### 167####
163"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC", 168"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
164"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC", 169"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
165 170
166#### SPARC Linux setups 171#### SPARC Linux setups
167"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", 172"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -187,11 +192,11 @@ my %table=(
187# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke 192# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
188# './Configure irix-[g]cc' manually. 193# './Configure irix-[g]cc' manually.
189# -mips4 flag is added by ./config when appropriate. 194# -mips4 flag is added by ./config when appropriate.
190"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", 195"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
191"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", 196"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
192# N64 ABI builds. 197# N64 ABI builds.
193"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", 198"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
194"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", 199"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
195 200
196#### Unified HP-UX ANSI C configs. 201#### Unified HP-UX ANSI C configs.
197# Special notes: 202# Special notes:
@@ -271,10 +276,10 @@ my %table=(
271# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with 276# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
272# the new compiler 277# the new compiler
273# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version 278# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
274"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared", 279"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
275"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", 280"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
276"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", 281"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
277"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::", 282"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
278 283
279#### Alpha Linux with GNU C and Compaq C setups 284#### Alpha Linux with GNU C and Compaq C setups
280# Special notes: 285# Special notes:
@@ -289,31 +294,32 @@ my %table=(
289# 294#
290# <appro@fy.chalmers.se> 295# <appro@fy.chalmers.se>
291# 296#
292"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", 297"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
293"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", 298"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
294"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", 299"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
295"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", 300"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
296 301
297# assembler versions -- currently defunct: 302# assembler versions -- currently defunct:
298##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::", 303##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
299 304
300# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the 305# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
301# bn86-elf.o file file since it is hand tweaked assembler. 306# bn86-elf.o file file since it is hand tweaked assembler.
302"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", 307"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
303"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 308"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
304"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 309"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
305"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", 310"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
306"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", 311"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
307"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", 312"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
308"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", 313"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
314"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
309"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::", 315"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
310"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", 316"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
311"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", 317"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
312"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:", 318"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
313"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", 319"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
314"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", 320"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
315"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", 321"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
316"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", 322"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
317"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", 323"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
318"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", 324"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
319# NCR MP-RAS UNIX ver 02.03.01 325# NCR MP-RAS UNIX ver 02.03.01
@@ -323,18 +329,27 @@ my %table=(
323"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:", 329"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
324 330
325# Linux on ARM 331# Linux on ARM
326"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC", 332"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
333
334# UnixWare 2.0x fails destest with -O
335"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
336"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
327 337
328# UnixWare 2.0 338# UnixWare 2.1
329"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", 339"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
330"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", 340"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
341"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
331 342
332# UnixWare 7 343# UnixWare 7
333"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", 344"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
345"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
346"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
334 347
335# IBM's AIX. 348# IBM's AIX.
336"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::", 349"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
337"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", 350"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
351"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
352"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
338 353
339# 354#
340# Cray T90 (SDSC) 355# Cray T90 (SDSC)
@@ -361,12 +376,16 @@ my %table=(
361 376
362# DGUX, 88100. 377# DGUX, 88100.
363"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::", 378"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
364"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::", 379"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
365"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", 380"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
366 381
382# SCO 3 - Tim Rice <tim@multitalents.net>
383"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
384
367# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the 385# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
368# SCO cc. 386# SCO cc.
369"sco5-cc", "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options? 387"sco5-cc", "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
388"sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
370"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... 389"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
371 390
372# Sinix/ReliantUNIX RM400 391# Sinix/ReliantUNIX RM400
@@ -406,12 +425,12 @@ my %table=(
406##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::", 425##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
407 426
408# Some OpenBSD from Bob Beck <beck@obtuse.com> 427# Some OpenBSD from Bob Beck <beck@obtuse.com>
409"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", 428"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
410"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O2 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::", 429"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O2 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
411"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn", 430"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
412"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::RC2_CHAR RC4_INDEX DES_UNROLL:::", 431"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::RC2_CHAR RC4_INDEX DES_UNROLL:::",
413"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::", 432"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
414"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::", 433"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
415 434
416##### MacOS X (a.k.a. Rhapsody) setup 435##### MacOS X (a.k.a. Rhapsody) setup
417"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", 436"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -426,6 +445,7 @@ my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
426 445
427my $prefix=""; 446my $prefix="";
428my $openssldir=""; 447my $openssldir="";
448my $exe_ext="";
429my $install_prefix=""; 449my $install_prefix="";
430my $no_threads=0; 450my $no_threads=0;
431my $no_shared=1; 451my $no_shared=1;
@@ -453,10 +473,10 @@ my $md5_obj="";
453my $sha1_obj=""; 473my $sha1_obj="";
454my $rmd160_obj=""; 474my $rmd160_obj="";
455my $processor=""; 475my $processor="";
456my $ranlib; 476my $default_ranlib;
457my $perl; 477my $perl;
458 478
459$ranlib=&which("ranlib") or $ranlib="true"; 479$default_ranlib= &which("ranlib") or $default_ranlib="true";
460$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") 480$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
461 or $perl="perl"; 481 or $perl="perl";
462 482
@@ -642,6 +662,7 @@ print "Configuring for $target\n";
642 662
643my $IsWindows=scalar grep /^$target$/,@WinTargets; 663my $IsWindows=scalar grep /^$target$/,@WinTargets;
644 664
665$exe_ext=".exe" if ($target eq "CygWin32");
645$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); 666$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
646$prefix=$openssldir if $prefix eq ""; 667$prefix=$openssldir if $prefix eq "";
647 668
@@ -655,8 +676,8 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
655print "IsWindows=$IsWindows\n"; 676print "IsWindows=$IsWindows\n";
656 677
657(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, 678(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
658 $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)= 679 $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
659 split(/\s*:\s*/,$table{$target} . ":" x 22 , -1); 680 split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
660$cflags="$flags$cflags" if ($flags ne ""); 681$cflags="$flags$cflags" if ($flags ne "");
661 682
662# The DSO code currently always implements all functions so that no 683# The DSO code currently always implements all functions so that no
@@ -731,17 +752,27 @@ if ($threads)
731 } 752 }
732 753
733# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org 754# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
734my $shared_mark1 = ""; 755my $shared_mark = "";
735my $shared_mark2 = ""; 756if ($shared_target ne "")
736if ($shared_cflag ne "")
737 { 757 {
738 $cflags = "$shared_cflag $cflags"; 758 if ($shared_cflag ne "")
759 {
760 $cflags = "$shared_cflag $cflags";
761 }
739 if (!$no_shared) 762 if (!$no_shared)
740 { 763 {
741 $shared_mark1 = ".shlib-clean."; 764 #$shared_mark = "\$(SHARED_LIBS)";
742 $shared_mark2 = ".shlib.";
743 } 765 }
744 } 766 }
767else
768 {
769 $no_shared = 1;
770 }
771
772if ($ranlib eq "")
773 {
774 $ranlib = $default_ranlib;
775 }
745 776
746#my ($bn1)=split(/\s+/,$bn_obj); 777#my ($bn1)=split(/\s+/,$bn_obj);
747#$bn1 = "" unless defined $bn1; 778#$bn1 = "" unless defined $bn1;
@@ -823,6 +854,7 @@ while (<IN>)
823 s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; 854 s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
824 s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; 855 s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
825 s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/; 856 s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
857 s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
826 s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; 858 s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
827 s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; 859 s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
828 s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; 860 s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
@@ -833,6 +865,7 @@ while (<IN>)
833 s/^CFLAG=.*$/CFLAG= $cflags/; 865 s/^CFLAG=.*$/CFLAG= $cflags/;
834 s/^DEPFLAG=.*$/DEPFLAG= $depflags/; 866 s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
835 s/^EX_LIBS=.*$/EX_LIBS= $lflags/; 867 s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
868 s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
836 s/^BN_ASM=.*$/BN_ASM= $bn_obj/; 869 s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
837 s/^DES_ENC=.*$/DES_ENC= $des_obj/; 870 s/^DES_ENC=.*$/DES_ENC= $des_obj/;
838 s/^BF_ENC=.*$/BF_ENC= $bf_obj/; 871 s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -846,9 +879,9 @@ while (<IN>)
846 s/^RANLIB=.*/RANLIB= $ranlib/; 879 s/^RANLIB=.*/RANLIB= $ranlib/;
847 s/^PERL=.*/PERL= $perl/; 880 s/^PERL=.*/PERL= $perl/;
848 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; 881 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
849 s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/; 882 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
850 s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/; 883 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
851 s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared); 884 s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
852 print OUT $_."\n"; 885 print OUT $_."\n";
853 } 886 }
854close(IN); 887close(IN);
@@ -1135,8 +1168,9 @@ sub print_table_entry
1135 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops, 1168 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
1136 my $bn_obj,my $des_obj,my $bf_obj, 1169 my $bn_obj,my $des_obj,my $bf_obj,
1137 my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, 1170 my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
1138 my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)= 1171 my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
1139 split(/\s*:\s*/,$table{$target} . ":" x 22 , -1); 1172 my $shared_extension,my $ranlib)=
1173 split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
1140 1174
1141 print <<EOF 1175 print <<EOF
1142 1176
@@ -1159,5 +1193,7 @@ sub print_table_entry
1159\$dso_scheme = $dso_scheme 1193\$dso_scheme = $dso_scheme
1160\$shared_target= $shared_target 1194\$shared_target= $shared_target
1161\$shared_cflag = $shared_cflag 1195\$shared_cflag = $shared_cflag
1196\$shared_extension = $shared_extension
1197\$ranlib = $ranlib
1162EOF 1198EOF
1163 } 1199 }
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index 29acc8afdf..cd759e0202 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -1,20 +1,22 @@
1OpenSSL - Frequently Asked Questions 1OpenSSL - Frequently Asked Questions
2-------------------------------------- 2--------------------------------------
3 3
4[MISC] Miscellaneous questions
5
4* Which is the current version of OpenSSL? 6* Which is the current version of OpenSSL?
5* Where is the documentation? 7* Where is the documentation?
6* How can I contact the OpenSSL developers? 8* How can I contact the OpenSSL developers?
9* Where can I get a compiled version of OpenSSL?
10* Why aren't tools like 'autoconf' and 'libtool' used?
11
12[LEGAL] Legal questions
13
7* Do I need patent licenses to use OpenSSL? 14* Do I need patent licenses to use OpenSSL?
8* Is OpenSSL thread-safe? 15* Can I use OpenSSL with GPL software?
16
17[USER] Questions on using the OpenSSL applications
18
9* Why do I get a "PRNG not seeded" error message? 19* Why do I get a "PRNG not seeded" error message?
10* Why does the linker complain about undefined symbols?
11* Where can I get a compiled version of OpenSSL?
12* I've compiled a program under Windows and it crashes: why?
13* How do I read or write a DER encoded buffer using the ASN1 functions?
14* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
15* I've called <some function> and it fails, why?
16* I just get a load of numbers for the error output, what do they mean?
17* Why do I get errors about unknown algorithms?
18* How do I create certificates or certificate requests? 20* How do I create certificates or certificate requests?
19* Why can't I create certificate requests? 21* Why can't I create certificate requests?
20* Why does <SSL program> fail with a certificate verify error? 22* Why does <SSL program> fail with a certificate verify error?
@@ -22,17 +24,38 @@ OpenSSL - Frequently Asked Questions
22* How can I create DSA certificates? 24* How can I create DSA certificates?
23* Why can't I make an SSL connection using a DSA certificate? 25* Why can't I make an SSL connection using a DSA certificate?
24* How can I remove the passphrase on a private key? 26* How can I remove the passphrase on a private key?
25* Why can't the OpenSSH configure script detect OpenSSL? 27* Why can't I use OpenSSL certificates with SSL client authentication?
28* Why does my browser give a warning about a mismatched hostname?
29
30[BUILD] Questions about building and testing OpenSSL
31
32* Why does the linker complain about undefined symbols?
26* Why does the OpenSSL test fail with "bc: command not found"? 33* Why does the OpenSSL test fail with "bc: command not found"?
27* Why does the OpenSSL test fail with "bc: 1 no implemented"? 34* Why does the OpenSSL test fail with "bc: 1 no implemented"?
28* Why does the OpenSSL compilation fail on Alpha True64 Unix? 35* Why does the OpenSSL compilation fail on Alpha True64 Unix?
29* Why does the OpenSSL compilation fail with "ar: command not found"? 36* Why does the OpenSSL compilation fail with "ar: command not found"?
37* Why does the OpenSSL compilation fail on Win32 with VC++?
38
39[PROG] Questions about programming with OpenSSL
40
41* Is OpenSSL thread-safe?
42* I've compiled a program under Windows and it crashes: why?
43* How do I read or write a DER encoded buffer using the ASN1 functions?
44* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
45* I've called <some function> and it fails, why?
46* I just get a load of numbers for the error output, what do they mean?
47* Why do I get errors about unknown algorithms?
48* Why can't the OpenSSH configure script detect OpenSSL?
49* Can I use OpenSSL's SSL library with non-blocking I/O?
50
51===============================================================================
30 52
53[MISC] ========================================================================
31 54
32* Which is the current version of OpenSSL? 55* Which is the current version of OpenSSL?
33 56
34The current version is available from <URL: http://www.openssl.org>. 57The current version is available from <URL: http://www.openssl.org>.
35OpenSSL 0.9.6 was released on September 24th, 2000. 58OpenSSL 0.9.6a was released on April 5th, 2001.
36 59
37In addition to the current stable release, you can also access daily 60In addition to the current stable release, you can also access daily
38snapshots of the OpenSSL development version at <URL: 61snapshots of the OpenSSL development version at <URL:
@@ -78,6 +101,27 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
78<URL: http://www.openssl.org>. 101<URL: http://www.openssl.org>.
79 102
80 103
104* Where can I get a compiled version of OpenSSL?
105
106Some applications that use OpenSSL are distributed in binary form.
107When using such an application, you don't need to install OpenSSL
108yourself; the application will include the required parts (e.g. DLLs).
109
110If you want to install OpenSSL on a Windows system and you don't have
111a C compiler, read the "Mingw32" section of INSTALL.W32 for information
112on how to obtain and install the free GNU C compiler.
113
114A number of Linux and *BSD distributions include OpenSSL.
115
116
117* Why aren't tools like 'autoconf' and 'libtool' used?
118
119autoconf will probably be used in future OpenSSL versions. If it was
120less Unix-centric, it might have been used much earlier.
121
122
123[LEGAL] =======================================================================
124
81* Do I need patent licenses to use OpenSSL? 125* Do I need patent licenses to use OpenSSL?
82 126
83The patents section of the README file lists patents that may apply to 127The patents section of the README file lists patents that may apply to
@@ -89,18 +133,26 @@ You can configure OpenSSL so as not to use RC5 and IDEA by using
89 ./config no-rc5 no-idea 133 ./config no-rc5 no-idea
90 134
91 135
92* Is OpenSSL thread-safe? 136* Can I use OpenSSL with GPL software?
93 137
94Yes (with limitations: an SSL connection may not concurrently be used 138On many systems including the major Linux and BSD distributions, yes (the
95by multiple threads). On Windows and many Unix systems, OpenSSL 139GPL does not place restrictions on using libraries that are part of the
96automatically uses the multi-threaded versions of the standard 140normal operating system distribution).
97libraries. If your platform is not one of these, consult the INSTALL
98file.
99 141
100Multi-threaded applications must provide two callback functions to 142On other systems, the situation is less clear. Some GPL software copyright
101OpenSSL. This is described in the threads(3) manpage. 143holders claim that you infringe on their rights if you use OpenSSL with
144their software on operating systems that don't normally include OpenSSL.
145
146If you develop open source software that uses OpenSSL, you may find it
147useful to choose an other license than the GPL, or state explicitely that
148"This program is released under the GPL with the additional exemption that
149compiling, linking, and/or using OpenSSL is allowed." If you are using
150GPL software developed by others, you may want to ask the copyright holder
151for permission to use their software with OpenSSL.
102 152
103 153
154[USER] ========================================================================
155
104* Why do I get a "PRNG not seeded" error message? 156* Why do I get a "PRNG not seeded" error message?
105 157
106Cryptographic software needs a source of unpredictable data to work 158Cryptographic software needs a source of unpredictable data to work
@@ -138,6 +190,101 @@ versions. However, be warned that /dev/random is usually a blocking
138device, which may have some effects on OpenSSL. 190device, which may have some effects on OpenSSL.
139 191
140 192
193* How do I create certificates or certificate requests?
194
195Check out the CA.pl(1) manual page. This provides a simple wrapper round
196the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
197out the manual pages for the individual utilities and the certificate
198extensions documentation (currently in doc/openssl.txt).
199
200
201* Why can't I create certificate requests?
202
203You typically get the error:
204
205 unable to find 'distinguished_name' in config
206 problems making Certificate Request
207
208This is because it can't find the configuration file. Check out the
209DIAGNOSTICS section of req(1) for more information.
210
211
212* Why does <SSL program> fail with a certificate verify error?
213
214This problem is usually indicated by log messages saying something like
215"unable to get local issuer certificate" or "self signed certificate".
216When a certificate is verified its root CA must be "trusted" by OpenSSL
217this typically means that the CA certificate must be placed in a directory
218or file and the relevant program configured to read it. The OpenSSL program
219'verify' behaves in a similar way and issues similar error messages: check
220the verify(1) program manual page for more information.
221
222
223* Why can I only use weak ciphers when I connect to a server using OpenSSL?
224
225This is almost certainly because you are using an old "export grade" browser
226which only supports weak encryption. Upgrade your browser to support 128 bit
227ciphers.
228
229
230* How can I create DSA certificates?
231
232Check the CA.pl(1) manual page for a DSA certificate example.
233
234
235* Why can't I make an SSL connection to a server using a DSA certificate?
236
237Typically you'll see a message saying there are no shared ciphers when
238the same setup works fine with an RSA certificate. There are two possible
239causes. The client may not support connections to DSA servers most web
240browsers (including Netscape and MSIE) only support connections to servers
241supporting RSA cipher suites. The other cause is that a set of DH parameters
242has not been supplied to the server. DH parameters can be created with the
243dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
244check the source to s_server in apps/s_server.c for an example.
245
246
247* How can I remove the passphrase on a private key?
248
249Firstly you should be really *really* sure you want to do this. Leaving
250a private key unencrypted is a major security risk. If you decide that
251you do have to do this check the EXAMPLES sections of the rsa(1) and
252dsa(1) manual pages.
253
254
255* Why can't I use OpenSSL certificates with SSL client authentication?
256
257What will typically happen is that when a server requests authentication
258it will either not include your certificate or tell you that you have
259no client certificates (Netscape) or present you with an empty list box
260(MSIE). The reason for this is that when a server requests a client
261certificate it includes a list of CAs names which it will accept. Browsers
262will only let you select certificates from the list on the grounds that
263there is little point presenting a certificate which the server will
264reject.
265
266The solution is to add the relevant CA certificate to your servers "trusted
267CA list". How you do this depends on the server sofware in uses. You can
268print out the servers list of acceptable CAs using the OpenSSL s_client tool:
269
270openssl s_client -connect www.some.host:443 -prexit
271
272If your server only requests certificates on certain URLs then you may need
273to manually issue an HTTP GET command to get the list when s_client connects:
274
275GET /some/page/needing/a/certificate.html
276
277If your CA does not appear in the list then this confirms the problem.
278
279
280* Why does my browser give a warning about a mismatched hostname?
281
282Browsers expect the server's hostname to match the value in the commonName
283(CN) field of the certificate. If it does not then you get a warning.
284
285
286[BUILD] =======================================================================
287
141* Why does the linker complain about undefined symbols? 288* Why does the linker complain about undefined symbols?
142 289
143Maybe the compilation was interrupted, and make doesn't notice that 290Maybe the compilation was interrupted, and make doesn't notice that
@@ -162,17 +309,99 @@ If none of these helps, you may want to try using the current snapshot.
162If the problem persists, please submit a bug report. 309If the problem persists, please submit a bug report.
163 310
164 311
165* Where can I get a compiled version of OpenSSL? 312* Why does the OpenSSL test fail with "bc: command not found"?
166 313
167Some applications that use OpenSSL are distributed in binary form. 314You didn't install "bc", the Unix calculator. If you want to run the
168When using such an application, you don't need to install OpenSSL 315tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
169yourself; the application will include the required parts (e.g. DLLs).
170 316
171If you want to install OpenSSL on a Windows system and you don't have
172a C compiler, read the "Mingw32" section of INSTALL.W32 for information
173on how to obtain and install the free GNU C compiler.
174 317
175A number of Linux and *BSD distributions include OpenSSL. 318* Why does the OpenSSL test fail with "bc: 1 no implemented"?
319
320On some SCO installations or versions, bc has a bug that gets triggered
321when you run the test suite (using "make test"). The message returned is
322"bc: 1 not implemented".
323
324The best way to deal with this is to find another implementation of bc
325and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
326for download instructions) can be safely used, for example.
327
328
329* Why does the OpenSSL compilation fail on Alpha True64 Unix?
330
331On some Alpha installations running True64 Unix and Compaq C, the compilation
332of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
333memory to continue compilation.' As far as the tests have shown, this may be
334a compiler bug. What happens is that it eats up a lot of resident memory
335to build something, probably a table. The problem is clearly in the
336optimization code, because if one eliminates optimization completely (-O0),
337the compilation goes through (and the compiler consumes about 2MB of resident
338memory instead of 240MB or whatever one's limit is currently).
339
340There are three options to solve this problem:
341
3421. set your current data segment size soft limit higher. Experience shows
343that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
344this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
345kbytes to set the limit to.
346
3472. If you have a hard limit that is lower than what you need and you can't
348get it changed, you can compile all of OpenSSL with -O0 as optimization
349level. This is however not a very nice thing to do for those who expect to
350get the best result from OpenSSL. A bit more complicated solution is the
351following:
352
353----- snip:start -----
354 make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
355 sed -e 's/ -O[0-9] / -O0 /'`"
356 rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
357 make
358----- snip:end -----
359
360This will only compile sha_dgst.c with -O0, the rest with the optimization
361level chosen by the configuration process. When the above is done, do the
362test and installation and you're set.
363
364
365* Why does the OpenSSL compilation fail with "ar: command not found"?
366
367Getting this message is quite usual on Solaris 2, because Sun has hidden
368away 'ar' and other development commands in directories that aren't in
369$PATH by default. One of those directories is '/usr/ccs/bin'. The
370quickest way to fix this is to do the following (it assumes you use sh
371or any sh-compatible shell):
372
373----- snip:start -----
374 PATH=${PATH}:/usr/ccs/bin; export PATH
375----- snip:end -----
376
377and then redo the compilation. What you should really do is make sure
378'/usr/ccs/bin' is permanently in your $PATH, for example through your
379'.profile' (again, assuming you use a sh-compatible shell).
380
381
382* Why does the OpenSSL compilation fail on Win32 with VC++?
383
384Sometimes, you may get reports from VC++ command line (cl) that it
385can't find standard include files like stdio.h and other weirdnesses.
386One possible cause is that the environment isn't correctly set up.
387To solve that problem, one should run VCVARS32.BAT which is found in
388the 'bin' subdirectory of the VC++ installation directory (somewhere
389under 'Program Files'). This needs to be done prior to running NMAKE,
390and the changes are only valid for the current DOS session.
391
392
393[PROG] ========================================================================
394
395* Is OpenSSL thread-safe?
396
397Yes (with limitations: an SSL connection may not concurrently be used
398by multiple threads). On Windows and many Unix systems, OpenSSL
399automatically uses the multi-threaded versions of the standard
400libraries. If your platform is not one of these, consult the INSTALL
401file.
402
403Multi-threaded applications must provide two callback functions to
404OpenSSL. This is described in the threads(3) manpage.
176 405
177 406
178* I've compiled a program under Windows and it crashes: why? 407* I've compiled a program under Windows and it crashes: why?
@@ -259,68 +488,6 @@ is forgetting to load OpenSSL's table of algorithms with
259OpenSSL_add_all_algorithms(). See the manual page for more information. 488OpenSSL_add_all_algorithms(). See the manual page for more information.
260 489
261 490
262* How do I create certificates or certificate requests?
263
264Check out the CA.pl(1) manual page. This provides a simple wrapper round
265the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
266out the manual pages for the individual utilities and the certificate
267extensions documentation (currently in doc/openssl.txt).
268
269
270* Why can't I create certificate requests?
271
272You typically get the error:
273
274 unable to find 'distinguished_name' in config
275 problems making Certificate Request
276
277This is because it can't find the configuration file. Check out the
278DIAGNOSTICS section of req(1) for more information.
279
280
281* Why does <SSL program> fail with a certificate verify error?
282
283This problem is usually indicated by log messages saying something like
284"unable to get local issuer certificate" or "self signed certificate".
285When a certificate is verified its root CA must be "trusted" by OpenSSL
286this typically means that the CA certificate must be placed in a directory
287or file and the relevant program configured to read it. The OpenSSL program
288'verify' behaves in a similar way and issues similar error messages: check
289the verify(1) program manual page for more information.
290
291
292* Why can I only use weak ciphers when I connect to a server using OpenSSL?
293
294This is almost certainly because you are using an old "export grade" browser
295which only supports weak encryption. Upgrade your browser to support 128 bit
296ciphers.
297
298
299* How can I create DSA certificates?
300
301Check the CA.pl(1) manual page for a DSA certificate example.
302
303
304* Why can't I make an SSL connection to a server using a DSA certificate?
305
306Typically you'll see a message saying there are no shared ciphers when
307the same setup works fine with an RSA certificate. There are two possible
308causes. The client may not support connections to DSA servers most web
309browsers (including Netscape and MSIE) only support connections to servers
310supporting RSA cipher suites. The other cause is that a set of DH parameters
311has not been supplied to the server. DH parameters can be created with the
312dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
313check the source to s_server in apps/s_server.c for an example.
314
315
316* How can I remove the passphrase on a private key?
317
318Firstly you should be really *really* sure you want to do this. Leaving
319a private key unencrypted is a major security risk. If you decide that
320you do have to do this check the EXAMPLES sections of the rsa(1) and
321dsa(1) manual pages.
322
323
324* Why can't the OpenSSH configure script detect OpenSSL? 491* Why can't the OpenSSH configure script detect OpenSSL?
325 492
326There is a problem with OpenSSH 1.2.2p1, in that the configure script 493There is a problem with OpenSSH 1.2.2p1, in that the configure script
@@ -362,71 +529,19 @@ applied to the OpenSSH distribution:
362----- snip:end ----- 529----- snip:end -----
363 530
364 531
365* Why does the OpenSSL test fail with "bc: command not found"? 532* Can I use OpenSSL's SSL library with non-blocking I/O?
366 533
367You didn't install "bc", the Unix calculator. If you want to run the 534Yes; make sure to read the SSL_get_error(3) manual page!
368tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
369
370
371* Why does the OpenSSL test fail with "bc: 1 no implemented"?
372 535
373On some SCO installations or versions, bc has a bug that gets triggered when 536A pitfall to avoid: Don't assume that SSL_read() will just read from
374you run the test suite (using "make test"). The message returned is "bc: 537the underlying transport or that SSL_write() will just write to it --
3751 not implemented". The best way to deal with this is to find another 538it is also possible that SSL_write() cannot do any useful work until
376implementation of bc and compile/install it. For example, GNU bc (see 539there is data to read, or that SSL_read() cannot do anything until it
377http://www.gnu.org/software/software.html for download instructions) can 540is possible to send data. One reason for this is that the peer may
378be safely used. 541request a new TLS/SSL handshake at any time during the protocol,
542requiring a bi-directional message exchange; both SSL_read() and
543SSL_write() will try to continue any pending handshake.
379 544
380 545
381* Why does the OpenSSL compilation fail on Alpha True64 Unix? 546===============================================================================
382
383On some Alpha installations running True64 Unix and Compaq C, the compilation
384of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
385memory to continue compilation.' As far as the tests have shown, this may be
386a compiler bug. What happens is that it eats up a lot of resident memory
387to build something, probably a table. The problem is clearly in the
388optimization code, because if one eliminates optimization completely (-O0),
389the compilation goes through (and the compiler consumes about 2MB of resident
390memory instead of 240MB or whatever one's limit is currently).
391
392There are three options to solve this problem:
393
3941. set your current data segment size soft limit higher. Experience shows
395that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
396this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
397kbytes to set the limit to.
398
3992. If you have a hard limit that is lower than what you need and you can't
400get it changed, you can compile all of OpenSSL with -O0 as optimization
401level. This is however not a very nice thing to do for those who expect to
402get the best result from OpenSSL. A bit more complicated solution is the
403following:
404
405----- snip:start -----
406 make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
407 sed -e 's/ -O[0-9] / -O0 /'`"
408 rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
409 make
410----- snip:end -----
411
412This will only compile sha_dgst.c with -O0, the rest with the optimization
413level chosen by the configuration process. When the above is done, do the
414test and installation and you're set.
415
416
417* Why does the OpenSSL compilation fail with "ar: command not found"?
418
419Getting this message is quite usual on Solaris 2, because Sun has hidden
420away 'ar' and other development commands in directories that aren't in
421$PATH by default. One of those directories is '/usr/ccs/bin'. The
422quickest way to fix this is to do the following (it assumes you use sh
423or any sh-compatible shell):
424
425----- snip:start -----
426 PATH=${PATH}:/usr/ccs/bin; export PATH
427----- snip:end -----
428
429and then redo the compilation. What you should really do is make sure
430'/usr/ccs/bin' is permanently in your $PATH, for example through your
431'.profile' (again, assuming you use a sh-compatible shell).
432 547
diff --git a/src/lib/libssl/src/LICENSE b/src/lib/libssl/src/LICENSE
index bdd5f7bdd0..3fd259ac32 100644
--- a/src/lib/libssl/src/LICENSE
+++ b/src/lib/libssl/src/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index 0dd8a4e644..d24a0b5010 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -9,6 +9,7 @@ SHLIB_VERSION_NUMBER=
9SHLIB_VERSION_HISTORY= 9SHLIB_VERSION_HISTORY=
10SHLIB_MAJOR= 10SHLIB_MAJOR=
11SHLIB_MINOR= 11SHLIB_MINOR=
12SHLIB_EXT=
12PLATFORM=dist 13PLATFORM=dist
13OPTIONS= 14OPTIONS=
14CONFIGURE_ARGS= 15CONFIGURE_ARGS=
@@ -58,8 +59,9 @@ CC= gcc
58#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM 59#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
59CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM 60CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
60DEPFLAG= 61DEPFLAG=
61PEX_LIBS= -L. -L.. -L../.. -L../../.. 62PEX_LIBS=
62EX_LIBS= 63EX_LIBS=
64EXE_EXT=
63AR=ar r 65AR=ar r
64RANLIB= ranlib 66RANLIB= ranlib
65PERL= perl 67PERL= perl
@@ -151,14 +153,11 @@ RMD160_ASM_OBJ= asm/rm86-out.o
151#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD 153#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
152#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi 154#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
153 155
154# To do special treatment, use "directory names" starting with a period.
155# When we're prepared to use shared libraries in the programs we link here 156# When we're prepared to use shared libraries in the programs we link here
156# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty, 157# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
157# or have that configurable. 158SHLIB_MARK=
158SHLIB_MARK1=.shlib-clean.
159SHLIB_MARK2=.shlib.
160 159
161DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2) 160DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
162SHLIBDIRS= crypto ssl 161SHLIBDIRS= crypto ssl
163 162
164# dirs in crypto to build 163# dirs in crypto to build
@@ -182,7 +181,10 @@ ONEDIRS=out tmp
182EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS 181EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
183WDIRS= windows 182WDIRS= windows
184LIBS= libcrypto.a libssl.a 183LIBS= libcrypto.a libssl.a
185SHARED_LIBS=libcrypto.so libssl.so 184SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
185SHARED_SSL=libssl$(SHLIB_EXT)
186SHARED_LIBS=
187SHARED_LIBS_LINK_EXTS=
186 188
187GENERAL= Makefile 189GENERAL= Makefile
188BASENAME= openssl 190BASENAME= openssl
@@ -192,108 +194,93 @@ WTARFILE= $(NAME)-win.tar
192EXHEADER= e_os.h e_os2.h 194EXHEADER= e_os.h e_os2.h
193HEADER= e_os.h 195HEADER= e_os.h
194 196
195all: Makefile.ssl 197# When we're prepared to use shared libraries in the programs we link here
196 @need_shlib=true; \ 198# we might remove 'clean-shared' from the targets to perform at this stage
197 for i in $(DIRS) ;\ 199
198 do \ 200all: clean-shared Makefile.ssl sub_all
199 if [ "$$i" = ".shlib-clean." ]; then \
200 if [ "$(SHLIB_TARGET)" != "" ]; then \
201 $(MAKE) clean-shared; \
202 fi; \
203 elif [ "$$i" = ".shlib." ]; then \
204 if [ "$(SHLIB_TARGET)" != "" ]; then \
205 $(MAKE) $(SHARED_LIBS); \
206 fi; \
207 need_shlib=false; \
208 else \
209 (cd $$i && echo "making all in $$i..." && \
210 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
211 fi; \
212 done; \
213 if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
214 $(MAKE) $(SHARED_LIBS); \
215 fi
216 201
217sub_all: 202sub_all:
218 @need_shlib=true; \ 203 @for i in $(DIRS); \
219 for i in $(DIRS) ;\
220 do \ 204 do \
221 if [ "$$i" = ".shlib-clean." ]; then \ 205 if [ -d "$$i" ]; then \
222 if [ "$(SHLIB_TARGET)" != "" ]; then \
223 $(MAKE) clean-shared; \
224 fi; \
225 elif [ "$$i" = ".shlib." ]; then \
226 if [ "$(SHLIB_TARGET)" != "" ]; then \
227 $(MAKE) $(SHARED_LIBS); \
228 fi; \
229 need_shlib=false; \
230 else \
231 (cd $$i && echo "making all in $$i..." && \ 206 (cd $$i && echo "making all in $$i..." && \
232 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ 207 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
208 else \
209 $(MAKE) $$i; \
233 fi; \ 210 fi; \
234 done; \ 211 done; \
235 if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \ 212 if echo "$(DIRS)" | \
213 egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
214 [ -n "$(SHARED_LIBS)" ]; then \
236 $(MAKE) $(SHARED_LIBS); \ 215 $(MAKE) $(SHARED_LIBS); \
237 fi 216 fi
238 217
239libcrypto.so: libcrypto.a 218libcrypto$(SHLIB_EXT): libcrypto.a
240 @if [ "$(SHLIB_TARGET)" != "" ]; then \ 219 @if [ "$(SHLIB_TARGET)" != "" ]; then \
241 $(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \ 220 $(MAKE) SHLIBDIRS=crypto build-shared; \
242 else \ 221 else \
243 echo "There's no support for shared libraries on this platform" >&2; \ 222 echo "There's no support for shared libraries on this platform" >&2; \
244 fi 223 fi
245libssl.so: libcrypto.so libssl.a 224libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
246 @if [ "$(SHLIB_TARGET)" != "" ]; then \ 225 @if [ "$(SHLIB_TARGET)" != "" ]; then \
247 $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \ 226 $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
248 else \ 227 else \
249 echo "There's no support for shared libraries on this platform" >&2; \ 228 echo "There's no support for shared libraries on this platform" >&2; \
250 fi 229 fi
251 230
252clean-shared: 231clean-shared:
253 for i in ${SHLIBDIRS}; do \ 232 @for i in $(SHLIBDIRS); do \
254 rm -f lib$$i.so \ 233 if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
255 lib$$i.so.${SHLIB_MAJOR} \ 234 tmp="$(SHARED_LIBS_LINK_EXTS)"; \
256 lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ 235 for j in $${tmp:-x}; do \
236 ( set -x; rm -f lib$$i$$j ); \
237 done; \
238 fi; \
239 ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
257 done 240 done
258 241
259linux-shared: 242link-shared:
260 libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ 243 @for i in $(SHLIBDIRS); do \
261 rm -f lib$$i.so \ 244 prev=lib$$i$(SHLIB_EXT); \
262 lib$$i.so.${SHLIB_MAJOR} \ 245 if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
263 lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ 246 tmp="$(SHARED_LIBS_LINK_EXTS)"; \
247 for j in $${tmp:-x}; do \
248 ( set -x; ln -f -s $$prev lib$$i$$j ); \
249 prev=lib$$i$$j; \
250 done; \
251 fi; \
252 done
253
254build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
255
256do_bsd-gcc-shared: do_gnu-shared
257do_linux-shared: do_gnu-shared
258do_gnu-shared:
259 libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
264 ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 260 ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
265 -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \ 261 -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
266 -Wl,--whole-archive lib$$i.a \ 262 -Wl,--whole-archive lib$$i.a \
267 -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ 263 -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
268 libs="$$libs -L. -l$$i"; \ 264 libs="$$libs -l$$i"; \
269 ( set -x; \
270 ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
271 lib$$i.so.${SHLIB_MAJOR}; \
272 ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
273 done 265 done
274 266
275# This assumes that GNU utilities are *not* used 267# This assumes that GNU utilities are *not* used
276true64-shared: 268do_tru64-shared:
277 libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ 269 libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
278 ( set -x; ${CC} -shared -no_archive -o lib$$i.so \ 270 ( set -x; ${CC} -shared -no_archive -o lib$$i.so \
279 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ 271 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
280 -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ 272 -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
281 libs="$$libs -L. -l$$i"; \ 273 libs="$$libs -l$$i"; \
282 done 274 done
283 275
284# This assumes that GNU utilities are *not* used 276# This assumes that GNU utilities are *not* used
285solaris-shared: 277do_solaris-shared:
286 libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ 278 libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
287 rm -f lib$$i.so \ 279 ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
288 lib$$i.so.${SHLIB_MAJOR} \ 280 set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
289 lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ 281 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
290 ( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
291 -h lib$$i.so.${SHLIB_MAJOR} \
292 -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ 282 -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
293 libs="$$libs -L. -l$$i"; \ 283 libs="$$libs -l$$i"; \
294 ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
295 lib$$i.so.${SHLIB_MAJOR}; \
296 ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
297 done 284 done
298 285
299Makefile.ssl: Makefile.org 286Makefile.ssl: Makefile.org
@@ -308,7 +295,7 @@ clean:
308 rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c 295 rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
309 @for i in $(DIRS) ;\ 296 @for i in $(DIRS) ;\
310 do \ 297 do \
311 if echo "$$i" | grep -v '^\.'; then \ 298 if [ -d "$$i" ]; then \
312 (cd $$i && echo "making clean in $$i..." && \ 299 (cd $$i && echo "making clean in $$i..." && \
313 $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \ 300 $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
314 rm -f $(LIBS); \ 301 rm -f $(LIBS); \
@@ -329,7 +316,7 @@ files:
329 $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO 316 $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
330 @for i in $(DIRS) ;\ 317 @for i in $(DIRS) ;\
331 do \ 318 do \
332 if echo "$$i" | grep -v '^\.'; then \ 319 if [ -d "$$i" ]; then \
333 (cd $$i && echo "making 'files' in $$i..." && \ 320 (cd $$i && echo "making 'files' in $$i..." && \
334 $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \ 321 $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
335 fi; \ 322 fi; \
@@ -340,7 +327,7 @@ links:
340 @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl 327 @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
341 @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) 328 @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
342 @for i in $(DIRS); do \ 329 @for i in $(DIRS); do \
343 if echo "$$i" | grep -v '^\.'; then \ 330 if [ -d "$$i" ]; then \
344 (cd $$i && echo "making links in $$i..." && \ 331 (cd $$i && echo "making links in $$i..." && \
345 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \ 332 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
346 fi; \ 333 fi; \
@@ -350,7 +337,7 @@ dclean:
350 rm -f *.bak 337 rm -f *.bak
351 @for i in $(DIRS) ;\ 338 @for i in $(DIRS) ;\
352 do \ 339 do \
353 if echo "$$i" | grep -v '^\.'; then \ 340 if [ -d "$$i" ]; then \
354 (cd $$i && echo "making dclean in $$i..." && \ 341 (cd $$i && echo "making dclean in $$i..." && \
355 $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \ 342 $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
356 fi; \ 343 fi; \
@@ -365,7 +352,7 @@ test: tests
365 352
366tests: rehash 353tests: rehash
367 @(cd test && echo "testing..." && \ 354 @(cd test && echo "testing..." && \
368 $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests ); 355 $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
369 @apps/openssl version -a 356 @apps/openssl version -a
370 357
371report: 358report:
@@ -374,7 +361,7 @@ report:
374depend: 361depend:
375 @for i in $(DIRS) ;\ 362 @for i in $(DIRS) ;\
376 do \ 363 do \
377 if echo "$$i" | grep -v '^\.'; then \ 364 if [ -d "$$i" ]; then \
378 (cd $$i && echo "making dependencies $$i..." && \ 365 (cd $$i && echo "making dependencies $$i..." && \
379 $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \ 366 $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
380 fi; \ 367 fi; \
@@ -383,7 +370,7 @@ depend:
383lint: 370lint:
384 @for i in $(DIRS) ;\ 371 @for i in $(DIRS) ;\
385 do \ 372 do \
386 if echo "$$i" | grep -v '^\.'; then \ 373 if [ -d "$$i" ]; then \
387 (cd $$i && echo "making lint $$i..." && \ 374 (cd $$i && echo "making lint $$i..." && \
388 $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \ 375 $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
389 fi; \ 376 fi; \
@@ -392,7 +379,7 @@ lint:
392tags: 379tags:
393 @for i in $(DIRS) ;\ 380 @for i in $(DIRS) ;\
394 do \ 381 do \
395 if echo "$$i" | grep -v '^\.'; then \ 382 if [ -d "$$i" ]; then \
396 (cd $$i && echo "making tags $$i..." && \ 383 (cd $$i && echo "making tags $$i..." && \
397 $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \ 384 $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
398 fi; \ 385 fi; \
@@ -454,9 +441,9 @@ install: all install_docs
454 done; 441 done;
455 @for i in $(DIRS) ;\ 442 @for i in $(DIRS) ;\
456 do \ 443 do \
457 if echo "$$i" | grep -v '^\.'; then \ 444 if [ -d "$$i" ]; then \
458 (cd $$i; echo "installing $$i..."; \ 445 (cd $$i; echo "installing $$i..."; \
459 $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \ 446 $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
460 fi; \ 447 fi; \
461 done 448 done
462 @for i in $(LIBS) ;\ 449 @for i in $(LIBS) ;\
@@ -468,6 +455,20 @@ install: all install_docs
468 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ 455 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
469 fi \ 456 fi \
470 done 457 done
458 @if [ -n "$(SHARED_LIBS)" ]; then \
459 tmp="$(SHARED_LIBS)"; \
460 for i in $${tmp:-x}; \
461 do \
462 if [ -f "$$i" ]; then \
463 ( echo installing $$i; \
464 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
465 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
466 fi \
467 done; \
468 ( here="`pwd`"; \
469 cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
470 make -f $$here/Makefile link-shared ); \
471 fi
471 472
472install_docs: 473install_docs:
473 @$(PERL) $(TOP)/util/mkdir-p.pl \ 474 @$(PERL) $(TOP)/util/mkdir-p.pl \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 7cf95cfb0b..b9ea61239f 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,31 @@
5 This file gives a brief overview of the major changes between each OpenSSL 5 This file gives a brief overview of the major changes between each OpenSSL
6 release. For more details please read the CHANGES file. 6 release. For more details please read the CHANGES file.
7 7
8 Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
9
10 o Security fix: change behavior of OpenSSL to avoid using
11 environment variables when running as root.
12 o Security fix: check the result of RSA-CRT to reduce the
13 possibility of deducing the private key from an incorrectly
14 calculated signature.
15 o Security fix: prevent Bleichenbacher's DSA attack.
16 o Security fix: Zero the premaster secret after deriving the
17 master secret in DH ciphersuites.
18 o Reimplement SSL_peek(), which had various problems.
19 o Compatibility fix: the function des_encrypt() renamed to
20 des_encrypt1() to avoid clashes with some Unixen libc.
21 o Bug fixes for Win32, HP/UX and Irix.
22 o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
23 memory checking routines.
24 o Bug fixes for RSA operations in threaded enviroments.
25 o Bug fixes in misc. openssl applications.
26 o Remove a few potential memory leaks.
27 o Add tighter checks of BIGNUM routines.
28 o Shared library support has been reworked for generality.
29 o More documentation.
30 o New function BN_rand_range().
31 o Add "-rand" option to openssl s_client and s_server.
32
8 Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: 33 Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
9 34
10 o Some documentation for BIO and SSL libraries. 35 o Some documentation for BIO and SSL libraries.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index e8f20f49a6..c500744c6b 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,5 +1,6 @@
1 1
2 OpenSSL 0.9.5 28 Feb 2000 2 OpenSSL 0.9.6a [engine] 5 Apr 2001
3
3 4
4 Copyright (c) 1998-2000 The OpenSSL Project 5 Copyright (c) 1998-2000 The OpenSSL Project
5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 6 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/src/lib/libssl/src/apps/Makefile.ssl b/src/lib/libssl/src/apps/Makefile.ssl
index e8677cbb2d..75aeb56df3 100644
--- a/src/lib/libssl/src/apps/Makefile.ssl
+++ b/src/lib/libssl/src/apps/Makefile.ssl
@@ -18,6 +18,7 @@ RM= rm -f
18 18
19PEX_LIBS= 19PEX_LIBS=
20EX_LIBS= 20EX_LIBS=
21EXE_EXT=
21 22
22CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG) 23CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
23 24
@@ -32,7 +33,7 @@ PROGRAM= openssl
32 33
33SCRIPTS=CA.sh CA.pl der_chop 34SCRIPTS=CA.sh CA.pl der_chop
34 35
35EXE= $(PROGRAM) 36EXE= $(PROGRAM)$(EXE_EXT)
36 37
37E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ 38E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
38 ca crl rsa rsautl dsa dsaparam \ 39 ca crl rsa rsautl dsa dsaparam \
@@ -77,7 +78,7 @@ top:
77 78
78all: exe 79all: exe
79 80
80exe: $(EXE) 81exe: $(PROGRAM)
81 82
82req: sreq.o $(A_OBJ) $(DLIBCRYPTO) 83req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
83 $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) 84 $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
diff --git a/src/lib/libssl/src/apps/app_rand.c b/src/lib/libssl/src/apps/app_rand.c
index 1146f9f7f3..8a78e12eb7 100644
--- a/src/lib/libssl/src/apps/app_rand.c
+++ b/src/lib/libssl/src/apps/app_rand.c
@@ -177,8 +177,10 @@ long app_RAND_load_files(char *name)
177 if (*n == '\0') break; 177 if (*n == '\0') break;
178 178
179 egd=RAND_egd(n); 179 egd=RAND_egd(n);
180 if (egd > 0) tot+=egd; 180 if (egd > 0)
181 tot+=RAND_load_file(n,-1); 181 tot+=egd;
182 else
183 tot+=RAND_load_file(n,-1);
182 if (last) break; 184 if (last) break;
183 } 185 }
184 if (tot > 512) 186 if (tot > 512)
diff --git a/src/lib/libssl/src/apps/ca-cert.srl b/src/lib/libssl/src/apps/ca-cert.srl
index eeee65ec41..2c7456e3eb 100644
--- a/src/lib/libssl/src/apps/ca-cert.srl
+++ b/src/lib/libssl/src/apps/ca-cert.srl
@@ -1 +1 @@
05 07
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index 67f054c645..34230b2cfb 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -313,7 +313,7 @@ bad:
313 printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", 313 printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
314 bits_p,bits_p); 314 bits_p,bits_p);
315 printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); 315 printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
316 printf("\t\treturn(NULL);\n"); 316 printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
317 printf("\treturn(dsa);\n\t}\n"); 317 printf("\treturn(dsa);\n\t}\n");
318 } 318 }
319 319
diff --git a/src/lib/libssl/src/apps/md5.c b/src/lib/libssl/src/apps/md5.c
new file mode 100644
index 0000000000..7ed0024ae1
--- /dev/null
+++ b/src/lib/libssl/src/apps/md5.c
@@ -0,0 +1,127 @@
1/* crypto/md5/md5.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/md5.h>
62
63#define BUFSIZE 1024*16
64
65void do_fp(FILE *f);
66void pt(unsigned char *md);
67#ifndef _OSD_POSIX
68int read(int, void *, unsigned int);
69#endif
70
71int main(int argc, char **argv)
72 {
73 int i,err=0;
74 FILE *IN;
75
76 if (argc == 1)
77 {
78 do_fp(stdin);
79 }
80 else
81 {
82 for (i=1; i<argc; i++)
83 {
84 IN=fopen(argv[i],"r");
85 if (IN == NULL)
86 {
87 perror(argv[i]);
88 err++;
89 continue;
90 }
91 printf("MD5(%s)= ",argv[i]);
92 do_fp(IN);
93 fclose(IN);
94 }
95 }
96 exit(err);
97 }
98
99void do_fp(FILE *f)
100 {
101 MD5_CTX c;
102 unsigned char md[MD5_DIGEST_LENGTH];
103 int fd;
104 int i;
105 static unsigned char buf[BUFSIZE];
106
107 fd=fileno(f);
108 MD5_Init(&c);
109 for (;;)
110 {
111 i=read(fd,buf,BUFSIZE);
112 if (i <= 0) break;
113 MD5_Update(&c,buf,(unsigned long)i);
114 }
115 MD5_Final(&(md[0]),&c);
116 pt(md);
117 }
118
119void pt(unsigned char *md)
120 {
121 int i;
122
123 for (i=0; i<MD5_DIGEST_LENGTH; i++)
124 printf("%02x",md[i]);
125 printf("\n");
126 }
127
diff --git a/src/lib/libssl/src/apps/passwd.c b/src/lib/libssl/src/apps/passwd.c
index 6851a9927d..ea2b089e24 100644
--- a/src/lib/libssl/src/apps/passwd.c
+++ b/src/lib/libssl/src/apps/passwd.c
@@ -272,6 +272,7 @@ int MAIN(int argc, char **argv)
272 } 272 }
273 while (!done); 273 while (!done);
274 } 274 }
275 ret = 0;
275 276
276err: 277err:
277 ERR_print_errors(bio_err); 278 ERR_print_errors(bio_err);
@@ -315,7 +316,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
315 strncat(out_buf, "$", 1); 316 strncat(out_buf, "$", 1);
316 strncat(out_buf, salt, 8); 317 strncat(out_buf, salt, 8);
317 assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ 318 assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
318 salt_out = out_buf + 6; 319 salt_out = out_buf + 2 + strlen(magic);
319 salt_len = strlen(salt_out); 320 salt_len = strlen(salt_out);
320 assert(salt_len <= 8); 321 assert(salt_len <= 8);
321 322
diff --git a/src/lib/libssl/src/apps/pca-cert.srl b/src/lib/libssl/src/apps/pca-cert.srl
index 8a0f05e166..2c7456e3eb 100644
--- a/src/lib/libssl/src/apps/pca-cert.srl
+++ b/src/lib/libssl/src/apps/pca-cert.srl
@@ -1 +1 @@
01 07
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 0751d92201..ca8dc87957 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -725,16 +725,15 @@ loop:
725 725
726 if (newreq || x509) 726 if (newreq || x509)
727 { 727 {
728#ifndef NO_DSA
729 if (pkey->type == EVP_PKEY_DSA)
730 digest=EVP_dss1();
731#endif
732
733 if (pkey == NULL) 728 if (pkey == NULL)
734 { 729 {
735 BIO_printf(bio_err,"you need to specify a private key\n"); 730 BIO_printf(bio_err,"you need to specify a private key\n");
736 goto end; 731 goto end;
737 } 732 }
733#ifndef NO_DSA
734 if (pkey->type == EVP_PKEY_DSA)
735 digest=EVP_dss1();
736#endif
738 if (req == NULL) 737 if (req == NULL)
739 { 738 {
740 req=X509_REQ_new(); 739 req=X509_REQ_new();
diff --git a/src/lib/libssl/src/apps/rmd160.c b/src/lib/libssl/src/apps/rmd160.c
new file mode 100644
index 0000000000..4f8b88a18a
--- /dev/null
+++ b/src/lib/libssl/src/apps/rmd160.c
@@ -0,0 +1,127 @@
1/* crypto/ripemd/rmd160.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/ripemd.h>
62
63#define BUFSIZE 1024*16
64
65void do_fp(FILE *f);
66void pt(unsigned char *md);
67#ifndef _OSD_POSIX
68int read(int, void *, unsigned int);
69#endif
70
71int main(int argc, char **argv)
72 {
73 int i,err=0;
74 FILE *IN;
75
76 if (argc == 1)
77 {
78 do_fp(stdin);
79 }
80 else
81 {
82 for (i=1; i<argc; i++)
83 {
84 IN=fopen(argv[i],"r");
85 if (IN == NULL)
86 {
87 perror(argv[i]);
88 err++;
89 continue;
90 }
91 printf("RIPEMD160(%s)= ",argv[i]);
92 do_fp(IN);
93 fclose(IN);
94 }
95 }
96 exit(err);
97 }
98
99void do_fp(FILE *f)
100 {
101 RIPEMD160_CTX c;
102 unsigned char md[RIPEMD160_DIGEST_LENGTH];
103 int fd;
104 int i;
105 static unsigned char buf[BUFSIZE];
106
107 fd=fileno(f);
108 RIPEMD160_Init(&c);
109 for (;;)
110 {
111 i=read(fd,buf,BUFSIZE);
112 if (i <= 0) break;
113 RIPEMD160_Update(&c,buf,(unsigned long)i);
114 }
115 RIPEMD160_Final(&(md[0]),&c);
116 pt(md);
117 }
118
119void pt(unsigned char *md)
120 {
121 int i;
122
123 for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
124 printf("%02x",md[i]);
125 printf("\n");
126 }
127
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 2ef75649dd..95fce436bb 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -55,6 +55,9 @@
55 * Hudson (tjh@cryptsoft.com). 55 * Hudson (tjh@cryptsoft.com).
56 * 56 *
57 */ 57 */
58
59#ifndef NO_RSA
60
58#include "apps.h" 61#include "apps.h"
59#include <string.h> 62#include <string.h>
60#include <openssl/err.h> 63#include <openssl/err.h>
@@ -313,3 +316,4 @@ static void usage()
313 BIO_printf(bio_err, "-hexdump hex dump output\n"); 316 BIO_printf(bio_err, "-hexdump hex dump output\n");
314} 317}
315 318
319#endif
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 45d627a60a..0e1a61b789 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -79,6 +79,7 @@ typedef unsigned int u_int;
79#include <openssl/ssl.h> 79#include <openssl/ssl.h>
80#include <openssl/err.h> 80#include <openssl/err.h>
81#include <openssl/pem.h> 81#include <openssl/pem.h>
82#include <openssl/rand.h>
82#include <openssl/engine.h> 83#include <openssl/engine.h>
83#include "s_apps.h" 84#include "s_apps.h"
84 85
@@ -153,8 +154,8 @@ static void sc_usage(void)
153 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); 154 BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
154 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); 155 BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
155 BIO_printf(bio_err," command to see what is available\n"); 156 BIO_printf(bio_err," command to see what is available\n");
157 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
156 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 158 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
157
158 } 159 }
159 160
160int MAIN(int, char **); 161int MAIN(int, char **);
@@ -181,6 +182,7 @@ int MAIN(int argc, char **argv)
181 int prexit = 0; 182 int prexit = 0;
182 SSL_METHOD *meth=NULL; 183 SSL_METHOD *meth=NULL;
183 BIO *sbio; 184 BIO *sbio;
185 char *inrand=NULL;
184 char *engine_id=NULL; 186 char *engine_id=NULL;
185 ENGINE *e=NULL; 187 ENGINE *e=NULL;
186#ifdef WINDOWS 188#ifdef WINDOWS
@@ -320,6 +322,11 @@ int MAIN(int argc, char **argv)
320 else if (strcmp(*argv,"-nbio") == 0) 322 else if (strcmp(*argv,"-nbio") == 0)
321 { c_nbio=1; } 323 { c_nbio=1; }
322#endif 324#endif
325 else if (strcmp(*argv,"-rand") == 0)
326 {
327 if (--argc < 1) goto bad;
328 inrand= *(++argv);
329 }
323 else if (strcmp(*argv,"-engine") == 0) 330 else if (strcmp(*argv,"-engine") == 0)
324 { 331 {
325 if (--argc < 1) goto bad; 332 if (--argc < 1) goto bad;
@@ -341,7 +348,14 @@ bad:
341 goto end; 348 goto end;
342 } 349 }
343 350
344 app_RAND_load_file(NULL, bio_err, 0); 351 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
352 && !RAND_status())
353 {
354 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
355 }
356 if (inrand != NULL)
357 BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
358 app_RAND_load_files(inrand));
345 359
346 if (bio_c_out == NULL) 360 if (bio_c_out == NULL)
347 { 361 {
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 61a77dff11..a107b8c14a 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
83#include <openssl/pem.h> 83#include <openssl/pem.h>
84#include <openssl/x509.h> 84#include <openssl/x509.h>
85#include <openssl/ssl.h> 85#include <openssl/ssl.h>
86#include <openssl/rand.h>
86#include <openssl/engine.h> 87#include <openssl/engine.h>
87#include "s_apps.h" 88#include "s_apps.h"
88 89
@@ -245,6 +246,7 @@ static void sv_usage(void)
245 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 246 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
246 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 247 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
247 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 248 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
249 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
248 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 250 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
249 } 251 }
250 252
@@ -415,6 +417,8 @@ int MAIN(int argc, char *argv[])
415 int no_tmp_rsa=0,no_dhe=0,nocert=0; 417 int no_tmp_rsa=0,no_dhe=0,nocert=0;
416 int state=0; 418 int state=0;
417 SSL_METHOD *meth=NULL; 419 SSL_METHOD *meth=NULL;
420 char *inrand=NULL;
421 char *engine_id=NULL;
418 ENGINE *e=NULL; 422 ENGINE *e=NULL;
419#ifndef NO_DH 423#ifndef NO_DH
420 DH *dh=NULL; 424 DH *dh=NULL;
@@ -570,6 +574,11 @@ int MAIN(int argc, char *argv[])
570 else if (strcmp(*argv,"-tls1") == 0) 574 else if (strcmp(*argv,"-tls1") == 0)
571 { meth=TLSv1_server_method(); } 575 { meth=TLSv1_server_method(); }
572#endif 576#endif
577 else if (strcmp(*argv,"-rand") == 0)
578 {
579 if (--argc < 1) goto bad;
580 inrand= *(++argv);
581 }
573 else if (strcmp(*argv,"-engine") == 0) 582 else if (strcmp(*argv,"-engine") == 0)
574 { 583 {
575 if (--argc < 1) goto bad; 584 if (--argc < 1) goto bad;
@@ -591,7 +600,14 @@ bad:
591 goto end; 600 goto end;
592 } 601 }
593 602
594 app_RAND_load_file(NULL, bio_err, 0); 603 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
604 && !RAND_status())
605 {
606 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
607 }
608 if (inrand != NULL)
609 BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
610 app_RAND_load_files(inrand));
595 611
596 if (bio_s_out == NULL) 612 if (bio_s_out == NULL)
597 { 613 {
@@ -709,7 +725,8 @@ bad:
709 725
710#ifndef NO_RSA 726#ifndef NO_RSA
711#if 1 727#if 1
712 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 728 if (!no_tmp_rsa)
729 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
713#else 730#else
714 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) 731 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
715 { 732 {
@@ -1369,15 +1386,29 @@ static int www_body(char *hostname, int s, unsigned char *context)
1369 1386
1370 /* skip the '/' */ 1387 /* skip the '/' */
1371 p= &(buf[5]); 1388 p= &(buf[5]);
1372 dot=0; 1389
1390 dot = 1;
1373 for (e=p; *e != '\0'; e++) 1391 for (e=p; *e != '\0'; e++)
1374 { 1392 {
1375 if (e[0] == ' ') break; 1393 if (e[0] == ' ')
1376 if ( (e[0] == '.') && 1394 break;
1377 (strncmp(&(e[-1]),"/../",4) == 0)) 1395
1378 dot=1; 1396 switch (dot)
1397 {
1398 case 1:
1399 dot = (e[0] == '.') ? 2 : 0;
1400 break;
1401 case 2:
1402 dot = (e[0] == '.') ? 3 : 0;
1403 break;
1404 case 3:
1405 dot = (e[0] == '/') ? -1 : 0;
1406 break;
1407 }
1408 if (dot == 0)
1409 dot = (e[0] == '/') ? 1 : 0;
1379 } 1410 }
1380 1411 dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
1381 1412
1382 if (*e == '\0') 1413 if (*e == '\0')
1383 { 1414 {
@@ -1401,9 +1432,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
1401 break; 1432 break;
1402 } 1433 }
1403 1434
1435#if 0
1404 /* append if a directory lookup */ 1436 /* append if a directory lookup */
1405 if (e[-1] == '/') 1437 if (e[-1] == '/')
1406 strcat(p,"index.html"); 1438 strcat(p,"index.html");
1439#endif
1407 1440
1408 /* if a directory, do the index thang */ 1441 /* if a directory, do the index thang */
1409 if (stat(p,&st_buf) < 0) 1442 if (stat(p,&st_buf) < 0)
@@ -1415,7 +1448,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
1415 } 1448 }
1416 if (S_ISDIR(st_buf.st_mode)) 1449 if (S_ISDIR(st_buf.st_mode))
1417 { 1450 {
1451#if 0 /* must check buffer size */
1418 strcat(p,"/index.html"); 1452 strcat(p,"/index.html");
1453#else
1454 BIO_puts(io,text);
1455 BIO_printf(io,"'%s' is a directory\r\n",p);
1456 break;
1457#endif
1419 } 1458 }
1420 1459
1421 if ((file=BIO_new_file(p,"r")) == NULL) 1460 if ((file=BIO_new_file(p,"r")) == NULL)
diff --git a/src/lib/libssl/src/apps/server.pem b/src/lib/libssl/src/apps/server.pem
index c57b32507d..56248e57a3 100644
--- a/src/lib/libssl/src/apps/server.pem
+++ b/src/lib/libssl/src/apps/server.pem
@@ -1,17 +1,17 @@
1issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) 1issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
2subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) 2subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
3-----BEGIN CERTIFICATE----- 3-----BEGIN CERTIFICATE-----
4MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV 4MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
5BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD 5BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
6VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4 6VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
7MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG 7MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
8A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl 8A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
9cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP 9cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
10Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// 10Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
11Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9 11Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
12JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO 12GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
13IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ 13k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
14FUGcPZf9ND22Etc+AQ== 14itAE+OjGF+PFKbwX8Q==
15-----END CERTIFICATE----- 15-----END CERTIFICATE-----
16-----BEGIN RSA PRIVATE KEY----- 16-----BEGIN RSA PRIVATE KEY-----
17MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD 17MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index ba41916371..3562ea277b 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -865,6 +865,7 @@ int MAIN(int argc, char **argv)
865 } 865 }
866#endif 866#endif
867 867
868#ifndef NO_DSA
868 dsa_c[R_DSA_512][0]=count/1000; 869 dsa_c[R_DSA_512][0]=count/1000;
869 dsa_c[R_DSA_512][1]=count/1000/2; 870 dsa_c[R_DSA_512][1]=count/1000/2;
870 for (i=1; i<DSA_NUM; i++) 871 for (i=1; i<DSA_NUM; i++)
@@ -882,6 +883,7 @@ int MAIN(int argc, char **argv)
882 } 883 }
883 } 884 }
884 } 885 }
886#endif
885 887
886#define COND(d) (count < (d)) 888#define COND(d) (count < (d))
887#define COUNT(d) (d) 889#define COUNT(d) (d)
@@ -1207,7 +1209,7 @@ int MAIN(int argc, char **argv)
1207 { 1209 {
1208 BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n"); 1210 BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
1209 ERR_print_errors(bio_err); 1211 ERR_print_errors(bio_err);
1210 dsa_doit[j] = 0; 1212 rsa_doit[j] = 0;
1211 } 1213 }
1212 else 1214 else
1213 { 1215 {
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 0c0d42a0ac..95f05e580c 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -894,8 +894,10 @@ bad:
894 894
895 BIO_printf(bio_err,"Generating certificate request\n"); 895 BIO_printf(bio_err,"Generating certificate request\n");
896 896
897#ifndef NO_DSA
897 if (pk->type == EVP_PKEY_DSA) 898 if (pk->type == EVP_PKEY_DSA)
898 digest=EVP_dss1(); 899 digest=EVP_dss1();
900#endif
899 901
900 rq=X509_to_X509_REQ(x,pk,digest); 902 rq=X509_to_X509_REQ(x,pk,digest);
901 EVP_PKEY_free(pk); 903 EVP_PKEY_free(pk);
diff --git a/src/lib/libssl/src/certs/rsa-ssca.pem b/src/lib/libssl/src/certs/rsa-ssca.pem
index c9403212d1..e69de29bb2 100644
--- a/src/lib/libssl/src/certs/rsa-ssca.pem
+++ b/src/lib/libssl/src/certs/rsa-ssca.pem
@@ -1,19 +0,0 @@
1subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
2issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
3notBefore=941109235417Z
4notAfter =991231235417Z
5-----BEGIN X509 CERTIFICATE-----
6
7MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
8HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
9IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
10Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
11YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
12Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
13roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
14aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
15HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
16iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
17suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
18cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
19-----END X509 CERTIFICATE-----
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 458838d800..d22836f80f 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -49,10 +49,18 @@ if [ "x$XREL" != "x" ]; then
49 echo "whatever-whatever-sco5"; exit 0 49 echo "whatever-whatever-sco5"; exit 0
50 ;; 50 ;;
51 4.2MP) 51 4.2MP)
52 if [ "x$VERSION" = "x2.1.1" ]; then 52 if [ "x$VERSION" = "x2.01" ]; then
53 echo "${MACHINE}-whatever-unixware201"; exit 0
54 elif [ "x$VERSION" = "x2.02" ]; then
55 echo "${MACHINE}-whatever-unixware202"; exit 0
56 elif [ "x$VERSION" = "x2.03" ]; then
57 echo "${MACHINE}-whatever-unixware203"; exit 0
58 elif [ "x$VERSION" = "x2.1.1" ]; then
53 echo "${MACHINE}-whatever-unixware211"; exit 0 59 echo "${MACHINE}-whatever-unixware211"; exit 0
54 elif [ "x$VERSION" = "x2.1.2" ]; then 60 elif [ "x$VERSION" = "x2.1.2" ]; then
55 echo "${MACHINE}-whatever-unixware212"; exit 0 61 echo "${MACHINE}-whatever-unixware212"; exit 0
62 elif [ "x$VERSION" = "x2.1.3" ]; then
63 echo "${MACHINE}-whatever-unixware213"; exit 0
56 else 64 else
57 echo "${MACHINE}-whatever-unixware2"; exit 0 65 echo "${MACHINE}-whatever-unixware2"; exit 0
58 fi 66 fi
@@ -79,6 +87,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
79 echo "m68k-apple-aux3"; exit 0 87 echo "m68k-apple-aux3"; exit 0
80 ;; 88 ;;
81 89
90 AIX:[3456789]:4:*)
91 echo "${MACHINE}-ibm-aix43"; exit 0
92 ;;
93
94 AIX:*:[56789]:*)
95 echo "${MACHINE}-ibm-aix43"; exit 0
96 ;;
97
82 AIX:*) 98 AIX:*)
83 echo "${MACHINE}-ibm-aix"; exit 0 99 echo "${MACHINE}-ibm-aix"; exit 0
84 ;; 100 ;;
@@ -168,7 +184,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
168 ;; 184 ;;
169 185
170 NetBSD:*:*:*386*) 186 NetBSD:*:*:*386*)
171 echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 187 echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
172 ;; 188 ;;
173 189
174 NetBSD:*) 190 NetBSD:*)
@@ -393,10 +409,16 @@ case "$GUESSOS" in
393 ;; 409 ;;
394 mips4-sgi-irix64) 410 mips4-sgi-irix64)
395 echo "WARNING! If you wish to build 64-bit library, then you have to" 411 echo "WARNING! If you wish to build 64-bit library, then you have to"
396 echo " invoke './Configre irix64-mips4-$CC' *manually*." 412 echo " invoke './Configure irix64-mips4-$CC' *manually*."
397 echo " Type Ctrl-C if you don't want to continue." 413 echo " Type return if you want to continue, Ctrl-C to abort."
398 read waste < /dev/tty 414 read waste < /dev/tty
399 options="$options -mips4" 415 CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
416 CPU=${CPU:-0}
417 if [ $CPU -ge 5000 ]; then
418 options="$options -mips4"
419 else
420 options="$options -mips3"
421 fi
400 OUT="irix-mips3-$CC" 422 OUT="irix-mips3-$CC"
401 ;; 423 ;;
402 alpha-*-linux2) 424 alpha-*-linux2)
@@ -422,11 +444,11 @@ case "$GUESSOS" in
422 #till 64-bit glibc for SPARC is operational:-( 444 #till 64-bit glibc for SPARC is operational:-(
423 #echo "WARNING! If you wish to build 64-bit library, then you have to" 445 #echo "WARNING! If you wish to build 64-bit library, then you have to"
424 #echo " invoke './Configure linux64-sparcv9' *manually*." 446 #echo " invoke './Configure linux64-sparcv9' *manually*."
425 #echo " Type Ctrl-C if you don't want to continue." 447 #echo " Type return if you want to continue, Ctrl-C to abort."
426 #read waste < /dev/tty 448 #read waste < /dev/tty
427 OUT="linux-sparcv9" ;; 449 OUT="linux-sparcv9" ;;
428 sparc-*-linux2) 450 sparc-*-linux2)
429 KARCH=`awk '/type/{print$3}' /proc/cpuinfo` 451 KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
430 case ${KARCH:-sun4} in 452 case ${KARCH:-sun4} in
431 sun4u*) OUT="linux-sparcv9" ;; 453 sun4u*) OUT="linux-sparcv9" ;;
432 sun4m) OUT="linux-sparcv8" ;; 454 sun4m) OUT="linux-sparcv8" ;;
@@ -434,6 +456,7 @@ case "$GUESSOS" in
434 *) OUT="linux-sparcv7" ;; 456 *) OUT="linux-sparcv7" ;;
435 esac ;; 457 esac ;;
436 arm*-*-linux2) OUT="linux-elf-arm" ;; 458 arm*-*-linux2) OUT="linux-elf-arm" ;;
459 s390-*-linux2) OUT="linux-s390" ;;
437 *-*-linux2) OUT="linux-elf" ;; 460 *-*-linux2) OUT="linux-elf" ;;
438 *-*-linux1) OUT="linux-aout" ;; 461 *-*-linux1) OUT="linux-aout" ;;
439 sun4u*-*-solaris2) 462 sun4u*-*-solaris2)
@@ -441,7 +464,7 @@ case "$GUESSOS" in
441 if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then 464 if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
442 echo "WARNING! If you wish to build 64-bit library, then you have to" 465 echo "WARNING! If you wish to build 64-bit library, then you have to"
443 echo " invoke './Configure solaris64-sparcv9-cc' *manually*." 466 echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
444 echo " Type Ctrl-C if you don't want to continue." 467 echo " Type return if you want to continue, Ctrl-C to abort."
445 read waste < /dev/tty 468 read waste < /dev/tty
446 fi 469 fi
447 OUT="solaris-sparcv9-$CC" ;; 470 OUT="solaris-sparcv9-$CC" ;;
@@ -466,9 +489,12 @@ case "$GUESSOS" in
466 *-*-unixware7) OUT="unixware-7" ;; 489 *-*-unixware7) OUT="unixware-7" ;;
467 *-*-UnixWare7) OUT="unixware-7" ;; 490 *-*-UnixWare7) OUT="unixware-7" ;;
468 *-*-Unixware7) OUT="unixware-7" ;; 491 *-*-Unixware7) OUT="unixware-7" ;;
469 *-*-unixware[1-2]*) OUT="unixware-2.0" ;; 492 *-*-unixware20*) OUT="unixware-2.0" ;;
470 *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;; 493 *-*-unixware21*) OUT="unixware-2.1" ;;
471 *-*-Unixware[1-2]*) OUT="unixware-2.0" ;; 494 *-*-UnixWare20*) OUT="unixware-2.0" ;;
495 *-*-UnixWare21*) OUT="unixware-2.1" ;;
496 *-*-Unixware20*) OUT="unixware-2.0" ;;
497 *-*-Unixware21*) OUT="unixware-2.1" ;;
472 BS2000-siemens-sysv4) OUT="BS2000-OSD" ;; 498 BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
473 RM*-siemens-sysv4) OUT="ReliantUNIX" ;; 499 RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
474 *-siemens-sysv4) OUT="SINIX" ;; 500 *-siemens-sysv4) OUT="SINIX" ;;
@@ -563,7 +589,7 @@ OUT="$PREFIX$OUT"
563 589
564$PERL ./Configure LIST | grep "$OUT" > /dev/null 590$PERL ./Configure LIST | grep "$OUT" > /dev/null
565if [ $? = "0" ]; then 591if [ $? = "0" ]; then
566 #echo Configuring for $OUT 592 echo Configuring for $OUT
567 593
568 if [ "$TEST" = "true" ]; then 594 if [ "$TEST" = "true" ]; then
569 echo $PERL ./Configure $OUT $options 595 echo $PERL ./Configure $OUT $options
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
index 05e3bb701e..6759b2e4d0 100644
--- a/src/lib/libssl/src/crypto/Makefile
+++ b/src/lib/libssl/src/crypto/Makefile
@@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \
34GENERAL=Makefile README crypto-lib.com install.com 34GENERAL=Makefile README crypto-lib.com install.com
35 35
36LIB= $(TOP)/libcrypto.a 36LIB= $(TOP)/libcrypto.a
37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c 37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o 38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
39 39
40SRC= $(LIBSRC) 40SRC= $(LIBSRC)
41 41
@@ -90,7 +90,8 @@ links:
90 90
91lib: $(LIBOBJ) 91lib: $(LIBOBJ)
92 $(AR) $(LIB) $(LIBOBJ) 92 $(AR) $(LIB) $(LIBOBJ)
93 $(RANLIB) $(LIB) 93 @echo You may get an error following this line. Please ignore.
94 - $(RANLIB) $(LIB)
94 @touch lib 95 @touch lib
95 96
96libs: 97libs:
@@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
197tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h 198tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
198tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 199tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
199tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h 200tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
201uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
202uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
203uid.o: ../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/Makefile.ssl b/src/lib/libssl/src/crypto/Makefile.ssl
index 05e3bb701e..6759b2e4d0 100644
--- a/src/lib/libssl/src/crypto/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/Makefile.ssl
@@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \
34GENERAL=Makefile README crypto-lib.com install.com 34GENERAL=Makefile README crypto-lib.com install.com
35 35
36LIB= $(TOP)/libcrypto.a 36LIB= $(TOP)/libcrypto.a
37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c 37LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o 38LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
39 39
40SRC= $(LIBSRC) 40SRC= $(LIBSRC)
41 41
@@ -90,7 +90,8 @@ links:
90 90
91lib: $(LIBOBJ) 91lib: $(LIBOBJ)
92 $(AR) $(LIB) $(LIBOBJ) 92 $(AR) $(LIB) $(LIBOBJ)
93 $(RANLIB) $(LIB) 93 @echo You may get an error following this line. Please ignore.
94 - $(RANLIB) $(LIB)
94 @touch lib 95 @touch lib
95 96
96libs: 97libs:
@@ -197,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
197tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h 198tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
198tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 199tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
199tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h 200tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
201uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
202uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
203uid.o: ../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile.ssl b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
index b8059ddffe..dace5be2bc 100644
--- a/src/lib/libssl/src/crypto/asn1/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/asn1/Makefile.ssl
@@ -75,7 +75,8 @@ all: lib
75 75
76lib: $(LIBOBJ) 76lib: $(LIBOBJ)
77 $(AR) $(LIB) $(LIBOBJ) 77 $(AR) $(LIB) $(LIBOBJ)
78 $(RANLIB) $(LIB) 78 @echo You may get an error following this line. Please ignore.
79 - $(RANLIB) $(LIB)
79 @touch lib 80 @touch lib
80 81
81files: 82files:
diff --git a/src/lib/libssl/src/crypto/asn1/a_strnid.c b/src/lib/libssl/src/crypto/asn1/a_strnid.c
index 6b10cff994..732e68fe46 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strnid.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strnid.c
@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
133 if(tbl) { 133 if(tbl) {
134 mask = tbl->mask; 134 mask = tbl->mask;
135 if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; 135 if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
136 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, 136 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
137 tbl->minsize, tbl->maxsize); 137 tbl->minsize, tbl->maxsize);
138 } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); 138 } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
139 if(ret <= 0) return NULL; 139 if(ret <= 0) return NULL;
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index 77447a5240..a8b651e54e 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
301 return(0); 301 return(0);
302 } 302 }
303 if (c->inf == (1|V_ASN1_CONSTRUCTED)) 303 if (c->inf == (1|V_ASN1_CONSTRUCTED))
304 c->slen= *length+ *(c->pp)-c->p; 304 c->slen= *length;
305 c->eos=0; 305 c->eos=0;
306 return(1); 306 return(1);
307 } 307 }
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_mac.h b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
index 4512ba6cc6..af0e664b2d 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_mac.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1_mac.h
@@ -196,6 +196,9 @@ err:\
196 if ((a != NULL) && (sk_##type##_num(a) != 0)) \ 196 if ((a != NULL) && (sk_##type##_num(a) != 0)) \
197 M_ASN1_I2D_put_SEQUENCE_type(type,a,f); 197 M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
198 198
199#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
200 if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
201
199#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ 202#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
200 if ((c.slen != 0) && \ 203 if ((c.slen != 0) && \
201 (M_ASN1_next == \ 204 (M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
389 if ((a != NULL) && (sk_##type##_num(a) != 0)) \ 392 if ((a != NULL) && (sk_##type##_num(a) != 0)) \
390 M_ASN1_I2D_len_SEQUENCE_type(type,a,f); 393 M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
391 394
395#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
396 if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
397
392#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ 398#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
393 ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); 399 ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
394 400
@@ -452,6 +458,15 @@ err:\
452 ret+=ASN1_object_size(1,v,mtag); \ 458 ret+=ASN1_object_size(1,v,mtag); \
453 } 459 }
454 460
461#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
462 if (a)\
463 { \
464 v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
465 V_ASN1_UNIVERSAL, \
466 IS_SEQUENCE); \
467 ret+=ASN1_object_size(1,v,mtag); \
468 }
469
455/* Put Macros */ 470/* Put Macros */
456#define M_ASN1_I2D_put(a,f) f(a,&p) 471#define M_ASN1_I2D_put(a,f) f(a,&p)
457 472
@@ -536,6 +551,14 @@ err:\
536 IS_SEQUENCE); \ 551 IS_SEQUENCE); \
537 } 552 }
538 553
554#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
555 if (a) \
556 { \
557 ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
558 i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
559 IS_SEQUENCE); \
560 }
561
539#define M_ASN1_I2D_seq_total() \ 562#define M_ASN1_I2D_seq_total() \
540 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ 563 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
541 if (pp == NULL) return(r); \ 564 if (pp == NULL) return(r); \
diff --git a/src/lib/libssl/src/crypto/asn1/p7_lib.c b/src/lib/libssl/src/crypto/asn1/p7_lib.c
index b1196ef581..8a340b0119 100644
--- a/src/lib/libssl/src/crypto/asn1/p7_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/p7_lib.c
@@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
307 } 307 }
308 if (Tinf == (1|V_ASN1_CONSTRUCTED)) 308 if (Tinf == (1|V_ASN1_CONSTRUCTED))
309 { 309 {
310 c.q=c.p;
310 if (!ASN1_check_infinite_end(&c.p,c.slen)) 311 if (!ASN1_check_infinite_end(&c.p,c.slen))
311 { 312 {
312 c.error=ERR_R_MISSING_ASN1_EOS; 313 c.error=ERR_R_MISSING_ASN1_EOS;
313 c.line=__LINE__; 314 c.line=__LINE__;
314 goto err; 315 goto err;
315 } 316 }
317 c.slen-=(c.p-c.q);
316 } 318 }
317 } 319 }
318 else 320 else
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c
index 1f302d0e01..51518cdf35 100644
--- a/src/lib/libssl/src/crypto/asn1/x_crl.c
+++ b/src/lib/libssl/src/crypto/asn1/x_crl.c
@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
71 71
72 M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); 72 M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
73 M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); 73 M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
74 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 74 M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
75 i2d_X509_EXTENSION); 75 i2d_X509_EXTENSION);
76 76
77 M_ASN1_I2D_seq_total(); 77 M_ASN1_I2D_seq_total();
78 78
79 M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); 79 M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
80 M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); 80 M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
81 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 81 M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
82 i2d_X509_EXTENSION); 82 i2d_X509_EXTENSION);
83 83
84 M_ASN1_I2D_finish(); 84 M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
121 { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } 121 { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
122 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked, 122 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
123 i2d_X509_REVOKED); 123 i2d_X509_REVOKED);
124 M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 124 M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
125 i2d_X509_EXTENSION,0, 125 i2d_X509_EXTENSION,0,
126 V_ASN1_SEQUENCE,v1); 126 V_ASN1_SEQUENCE,v1);
127 127
@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
138 { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); } 138 { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
139 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked, 139 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
140 i2d_X509_REVOKED); 140 i2d_X509_REVOKED);
141 M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, 141 M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
142 i2d_X509_EXTENSION,0, 142 i2d_X509_EXTENSION,0,
143 V_ASN1_SEQUENCE,v1); 143 V_ASN1_SEQUENCE,v1);
144 144
@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
260 M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new); 260 M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
261 ret->nextUpdate=NULL; 261 ret->nextUpdate=NULL;
262 M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null); 262 M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
263 M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null); 263 ret->extensions = NULL;
264 sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp); 264 sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
265 return(ret); 265 return(ret);
266 M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW); 266 M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c
index b832deb928..1885d699ef 100644
--- a/src/lib/libssl/src/crypto/asn1/x_name.c
+++ b/src/lib/libssl/src/crypto/asn1/x_name.c
@@ -141,10 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
141 } 141 }
142 size+=i2d_X509_NAME_ENTRY(ne,NULL); 142 size+=i2d_X509_NAME_ENTRY(ne,NULL);
143 } 143 }
144
145 ret+=ASN1_object_size(1,size,V_ASN1_SET);
146 if (fe != NULL) 144 if (fe != NULL)
145 {
146 /* SET OF needed only if entries is non empty */
147 ret+=ASN1_object_size(1,size,V_ASN1_SET);
147 fe->size=size; 148 fe->size=size;
149 }
148 150
149 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); 151 r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
150 152
diff --git a/src/lib/libssl/src/crypto/bf/Makefile.ssl b/src/lib/libssl/src/crypto/bf/Makefile.ssl
index f4eb90f13f..9205ee7901 100644
--- a/src/lib/libssl/src/crypto/bf/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -44,7 +44,8 @@ all: lib
44 44
45lib: $(LIBOBJ) 45lib: $(LIBOBJ)
46 $(AR) $(LIB) $(LIBOBJ) 46 $(AR) $(LIB) $(LIBOBJ)
47 $(RANLIB) $(LIB) 47 @echo You may get an error following this line. Please ignore.
48 - $(RANLIB) $(LIB)
48 @touch lib 49 @touch lib
49 50
50# elf 51# elf
diff --git a/src/lib/libssl/src/crypto/bio/Makefile.ssl b/src/lib/libssl/src/crypto/bio/Makefile.ssl
index 916d651d47..567d3fb870 100644
--- a/src/lib/libssl/src/crypto/bio/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bio/Makefile.ssl
@@ -49,7 +49,8 @@ all: lib
49 49
50lib: $(LIBOBJ) 50lib: $(LIBOBJ)
51 $(AR) $(LIB) $(LIBOBJ) 51 $(AR) $(LIB) $(LIBOBJ)
52 $(RANLIB) $(LIB) 52 @echo You may get an error following this line. Please ignore.
53 - $(RANLIB) $(LIB)
53 @touch lib 54 @touch lib
54 55
55files: 56files:
@@ -95,13 +96,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
95b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 96b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
96b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 97b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
97b_dump.o: ../cryptlib.h 98b_dump.o: ../cryptlib.h
98b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 99b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
99b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h 100b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
100b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 101b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
101b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 102b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
102b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 103b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
103b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 104b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
104b_print.o: ../cryptlib.h 105b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
105b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 106b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
106b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h 107b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
107b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 108b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index a62f551635..b4f7a85f2e 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -69,6 +69,7 @@
69#ifndef NO_SYS_TYPES_H 69#ifndef NO_SYS_TYPES_H
70#include <sys/types.h> 70#include <sys/types.h>
71#endif 71#endif
72#include <openssl/bn.h> /* To get BN_LLONG properly defined */
72#include <openssl/bio.h> 73#include <openssl/bio.h>
73 74
74#ifdef BN_LLONG 75#ifdef BN_LLONG
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c
index 64310058b4..62cc3f1a0c 100644
--- a/src/lib/libssl/src/crypto/bio/b_sock.c
+++ b/src/lib/libssl/src/crypto/bio/b_sock.c
@@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
113 113
114 /* At this point, we have something that is most probably correct 114 /* At this point, we have something that is most probably correct
115 in some way, so let's init the socket. */ 115 in some way, so let's init the socket. */
116 if (!BIO_sock_init()) 116 if (BIO_sock_init() != 1)
117 return(0); /* don't generate another error code here */ 117 return 0; /* don't generate another error code here */
118 118
119 /* If the string actually contained an IP address, we need not do 119 /* If the string actually contained an IP address, we need not do
120 anything more */ 120 anything more */
@@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
519 { 519 {
520 int ret=0; 520 int ret=0;
521 struct sockaddr_in server,client; 521 struct sockaddr_in server,client;
522 int s= -1,cs; 522 int s=INVALID_SOCKET,cs;
523 unsigned char ip[4]; 523 unsigned char ip[4];
524 unsigned short port; 524 unsigned short port;
525 char *str,*e; 525 char *str=NULL,*e;
526 const char *h,*p; 526 const char *h,*p;
527 unsigned long l; 527 unsigned long l;
528 int err_num; 528 int err_num;
529 529
530 if (!BIO_sock_init()) return(INVALID_SOCKET); 530 if (BIO_sock_init() != 1) return(INVALID_SOCKET);
531 531
532 if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); 532 if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
533 533
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
553 h="*"; 553 h="*";
554 } 554 }
555 555
556 if (!BIO_get_port(p,&port)) return(INVALID_SOCKET); 556 if (!BIO_get_port(p,&port)) goto err;
557 557
558 memset((char *)&server,0,sizeof(server)); 558 memset((char *)&server,0,sizeof(server));
559 server.sin_family=AF_INET; 559 server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
563 server.sin_addr.s_addr=INADDR_ANY; 563 server.sin_addr.s_addr=INADDR_ANY;
564 else 564 else
565 { 565 {
566 if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET); 566 if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
567 l=(unsigned long) 567 l=(unsigned long)
568 ((unsigned long)ip[0]<<24L)| 568 ((unsigned long)ip[0]<<24L)|
569 ((unsigned long)ip[1]<<16L)| 569 ((unsigned long)ip[1]<<16L)|
diff --git a/src/lib/libssl/src/crypto/bn/Makefile.ssl b/src/lib/libssl/src/crypto/bn/Makefile.ssl
index 17b72d577f..526d7adb5c 100644
--- a/src/lib/libssl/src/crypto/bn/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top
68 68
69lib: $(LIBOBJ) 69lib: $(LIBOBJ)
70 $(AR) $(LIB) $(LIBOBJ) 70 $(AR) $(LIB) $(LIBOBJ)
71 $(RANLIB) $(LIB) 71 @echo You may get an error following this line. Please ignore.
72 - $(RANLIB) $(LIB)
72 @touch lib 73 @touch lib
73 74
74# elf 75# elf
diff --git a/src/lib/libssl/src/crypto/bn/asm/mips3.s b/src/lib/libssl/src/crypto/bn/asm/mips3.s
index 2df4dcd4b0..45786c00a5 100644
--- a/src/lib/libssl/src/crypto/bn/asm/mips3.s
+++ b/src/lib/libssl/src/crypto/bn/asm/mips3.s
@@ -586,13 +586,13 @@ LEAF(bn_div_3_words)
586 ld a0,(a3) 586 ld a0,(a3)
587 move ta2,a1 587 move ta2,a1
588 ld a1,-8(a3) 588 ld a1,-8(a3)
589 move ta3,ra 589 bne a0,a2,.L_bn_div_3_words_proceed
590 move v1,zero
591 li v0,-1 590 li v0,-1
592 beq a0,a2,.L_bn_div_3_words_skip_div 591 jr ra
592.L_bn_div_3_words_proceed:
593 move ta3,ra
593 bal bn_div_words 594 bal bn_div_words
594 move ra,ta3 595 move ra,ta3
595.L_bn_div_3_words_skip_div:
596 dmultu ta2,v0 596 dmultu ta2,v0
597 ld t2,-16(a3) 597 ld t2,-16(a3)
598 move ta0,zero 598 move ta0,zero
diff --git a/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s b/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
index 7239aa2c76..af9730d062 100644
--- a/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
+++ b/src/lib/libssl/src/crypto/bn/asm/pa-risc2.s
@@ -1611,7 +1611,7 @@ bn_mul_comba4
1611 .IMPORT $global$,DATA 1611 .IMPORT $global$,DATA
1612 .SPACE $TEXT$ 1612 .SPACE $TEXT$
1613 .SUBSPA $CODE$ 1613 .SUBSPA $CODE$
1614 .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 1614 .SUBSPA $LIT$,ACCESS=0x2c
1615C$7 1615C$7
1616 .ALIGN 8 1616 .ALIGN 8
1617 .STRINGZ "Division would overflow (%d)\n" 1617 .STRINGZ "Division would overflow (%d)\n"
diff --git a/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s b/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s
index 54b6606252..a99545754d 100644
--- a/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s
+++ b/src/lib/libssl/src/crypto/bn/asm/pa-risc2W.s
@@ -1598,7 +1598,7 @@ bn_mul_comba4
1598 .IMPORT $global$,DATA 1598 .IMPORT $global$,DATA
1599 .SPACE $TEXT$ 1599 .SPACE $TEXT$
1600 .SUBSPA $CODE$ 1600 .SUBSPA $CODE$
1601 .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 1601 .SUBSPA $LIT$,ACCESS=0x2c
1602C$4 1602C$4
1603 .ALIGN 8 1603 .ALIGN 8
1604 .STRINGZ "Division would overflow (%d)\n" 1604 .STRINGZ "Division would overflow (%d)\n"
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index 1eb8395b25..b232c2ceae 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -239,7 +239,7 @@ typedef struct bignum_st
239 } BIGNUM; 239 } BIGNUM;
240 240
241/* Used for temp variables */ 241/* Used for temp variables */
242#define BN_CTX_NUM 12 242#define BN_CTX_NUM 16
243#define BN_CTX_NUM_POS 12 243#define BN_CTX_NUM_POS 12
244typedef struct bignum_ctx 244typedef struct bignum_ctx
245 { 245 {
@@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
328void BN_CTX_end(BN_CTX *ctx); 328void BN_CTX_end(BN_CTX *ctx);
329int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); 329int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
330int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); 330int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
331int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
331int BN_num_bits(const BIGNUM *a); 332int BN_num_bits(const BIGNUM *a);
332int BN_num_bits_word(BN_ULONG); 333int BN_num_bits_word(BN_ULONG);
333BIGNUM *BN_new(void); 334BIGNUM *BN_new(void);
@@ -467,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
467# define bn_dump(a,b) 468# define bn_dump(a,b)
468#endif 469#endif
469 470
471int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
472
470/* BEGIN ERROR CODES */ 473/* BEGIN ERROR CODES */
471/* The following lines are auto generated by the script mkerr.pl. Any changes 474/* The following lines are auto generated by the script mkerr.pl. Any changes
472 * made after this point may be overwritten when the script is next run. 475 * made after this point may be overwritten when the script is next run.
@@ -493,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
493#define BN_F_BN_MPI2BN 112 496#define BN_F_BN_MPI2BN 112
494#define BN_F_BN_NEW 113 497#define BN_F_BN_NEW 113
495#define BN_F_BN_RAND 114 498#define BN_F_BN_RAND 114
499#define BN_F_BN_RAND_RANGE 122
496#define BN_F_BN_USUB 115 500#define BN_F_BN_USUB 115
497 501
498/* Reason codes. */ 502/* Reason codes. */
499#define BN_R_ARG2_LT_ARG3 100 503#define BN_R_ARG2_LT_ARG3 100
500#define BN_R_BAD_RECIPROCAL 101 504#define BN_R_BAD_RECIPROCAL 101
505#define BN_R_BIGNUM_TOO_LONG 114
501#define BN_R_CALLED_WITH_EVEN_MODULUS 102 506#define BN_R_CALLED_WITH_EVEN_MODULUS 102
502#define BN_R_DIV_BY_ZERO 103 507#define BN_R_DIV_BY_ZERO 103
503#define BN_R_ENCODING_ERROR 104 508#define BN_R_ENCODING_ERROR 104
504#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 509#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
505#define BN_R_INVALID_LENGTH 106 510#define BN_R_INVALID_LENGTH 106
511#define BN_R_INVALID_RANGE 115
506#define BN_R_NOT_INITIALIZED 107 512#define BN_R_NOT_INITIALIZED 107
507#define BN_R_NO_INVERSE 108 513#define BN_R_NO_INVERSE 108
508#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 514#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
index c3772c243b..c328b5b411 100644
--- a/src/lib/libssl/src/crypto/bn/bn_div.c
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
180 180
181 BN_CTX_start(ctx); 181 BN_CTX_start(ctx);
182 tmp=BN_CTX_get(ctx); 182 tmp=BN_CTX_get(ctx);
183 tmp->neg=0;
184 snum=BN_CTX_get(ctx); 183 snum=BN_CTX_get(ctx);
185 sdiv=BN_CTX_get(ctx); 184 sdiv=BN_CTX_get(ctx);
186 if (dv == NULL) 185 if (dv == NULL)
187 res=BN_CTX_get(ctx); 186 res=BN_CTX_get(ctx);
188 else res=dv; 187 else res=dv;
189 if (res == NULL) goto err; 188 if (sdiv==NULL || res == NULL) goto err;
189 tmp->neg=0;
190 190
191 /* First we normalise the numbers */ 191 /* First we normalise the numbers */
192 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); 192 norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,7 +237,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
237 for (i=0; i<loop-1; i++) 237 for (i=0; i<loop-1; i++)
238 { 238 {
239 BN_ULONG q,l0; 239 BN_ULONG q,l0;
240#ifdef BN_DIV3W 240#if defined(BN_DIV3W) && !defined(NO_ASM)
241 BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
241 q=bn_div_3_words(wnump,d1,d0); 242 q=bn_div_3_words(wnump,d1,d0);
242#else 243#else
243 BN_ULONG n0,n1,rem=0; 244 BN_ULONG n0,n1,rem=0;
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c
index 86550c4c21..adc6a214fc 100644
--- a/src/lib/libssl/src/crypto/bn/bn_err.c
+++ b/src/lib/libssl/src/crypto/bn/bn_err.c
@@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
84{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, 84{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
85{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, 85{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
86{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, 86{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
87{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
87{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, 88{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
88{0,NULL} 89{0,NULL}
89 }; 90 };
@@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
92 { 93 {
93{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, 94{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"},
94{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, 95{BN_R_BAD_RECIPROCAL ,"bad reciprocal"},
96{BN_R_BIGNUM_TOO_LONG ,"bignum too long"},
95{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, 97{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"},
96{BN_R_DIV_BY_ZERO ,"div by zero"}, 98{BN_R_DIV_BY_ZERO ,"div by zero"},
97{BN_R_ENCODING_ERROR ,"encoding error"}, 99{BN_R_ENCODING_ERROR ,"encoding error"},
98{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, 100{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
99{BN_R_INVALID_LENGTH ,"invalid length"}, 101{BN_R_INVALID_LENGTH ,"invalid length"},
102{BN_R_INVALID_RANGE ,"invalid range"},
100{BN_R_NOT_INITIALIZED ,"not initialized"}, 103{BN_R_NOT_INITIALIZED ,"not initialized"},
101{BN_R_NO_INVERSE ,"no inverse"}, 104{BN_R_NO_INVERSE ,"no inverse"},
102{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, 105{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index b6b0ce4b3c..7767d65170 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -62,6 +62,7 @@
62#endif 62#endif
63 63
64#include <assert.h> 64#include <assert.h>
65#include <limits.h>
65#include <stdio.h> 66#include <stdio.h>
66#include "cryptlib.h" 67#include "cryptlib.h"
67#include "bn_lcl.h" 68#include "bn_lcl.h"
@@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
319 320
320 if (words > b->dmax) 321 if (words > b->dmax)
321 { 322 {
323 if (words > (INT_MAX/(4*BN_BITS2)))
324 {
325 BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
326 return NULL;
327 }
328
322 bn_check_top(b); 329 bn_check_top(b);
323 if (BN_get_flags(b,BN_FLG_STATIC_DATA)) 330 if (BN_get_flags(b,BN_FLG_STATIC_DATA))
324 { 331 {
diff --git a/src/lib/libssl/src/crypto/bn/bn_rand.c b/src/lib/libssl/src/crypto/bn/bn_rand.c
index 21ecbc04ed..acd0619921 100644
--- a/src/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/src/lib/libssl/src/crypto/bn/bn_rand.c
@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
76 76
77 bytes=(bits+7)/8; 77 bytes=(bits+7)/8;
78 bit=(bits-1)%8; 78 bit=(bits-1)%8;
79 mask=0xff<<bit; 79 mask=0xff<<(bit+1);
80 80
81 buf=(unsigned char *)OPENSSL_malloc(bytes); 81 buf=(unsigned char *)OPENSSL_malloc(bytes);
82 if (buf == NULL) 82 if (buf == NULL)
@@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
100 goto err; 100 goto err;
101 } 101 }
102 102
103 if (top) 103#if 1
104 if (pseudorand == 2)
104 { 105 {
105 if (bit == 0) 106 /* generate patterns that are more likely to trigger BN
107 library bugs */
108 int i;
109 unsigned char c;
110
111 for (i = 0; i < bytes; i++)
112 {
113 RAND_pseudo_bytes(&c, 1);
114 if (c >= 128 && i > 0)
115 buf[i] = buf[i-1];
116 else if (c < 42)
117 buf[i] = 0;
118 else if (c < 84)
119 buf[i] = 255;
120 }
121 }
122#endif
123
124 if (top != -1)
125 {
126 if (top)
106 { 127 {
107 buf[0]=1; 128 if (bit == 0)
108 buf[1]|=0x80; 129 {
130 buf[0]=1;
131 buf[1]|=0x80;
132 }
133 else
134 {
135 buf[0]|=(3<<(bit-1));
136 }
109 } 137 }
110 else 138 else
111 { 139 {
112 buf[0]|=(3<<(bit-1)); 140 buf[0]|=(1<<bit);
113 buf[0]&= ~(mask<<1);
114 } 141 }
115 } 142 }
116 else 143 buf[0] &= ~mask;
117 { 144 if (bottom) /* set bottom bit if requested */
118 buf[0]|=(1<<bit);
119 buf[0]&= ~(mask<<1);
120 }
121 if (bottom) /* set bottom bits to whatever odd is */
122 buf[bytes-1]|=1; 145 buf[bytes-1]|=1;
123 if (!BN_bin2bn(buf,bytes,rnd)) goto err; 146 if (!BN_bin2bn(buf,bytes,rnd)) goto err;
124 ret=1; 147 ret=1;
@@ -140,3 +163,61 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
140 { 163 {
141 return bnrand(1, rnd, bits, top, bottom); 164 return bnrand(1, rnd, bits, top, bottom);
142 } 165 }
166
167#if 1
168int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
169 {
170 return bnrand(2, rnd, bits, top, bottom);
171 }
172#endif
173
174/* random number r: 0 <= r < range */
175int BN_rand_range(BIGNUM *r, BIGNUM *range)
176 {
177 int n;
178
179 if (range->neg || BN_is_zero(range))
180 {
181 BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
182 return 0;
183 }
184
185 n = BN_num_bits(range); /* n > 0 */
186
187 if (n == 1)
188 {
189 if (!BN_zero(r)) return 0;
190 }
191 else if (BN_is_bit_set(range, n - 2))
192 {
193 do
194 {
195 /* range = 11..._2, so each iteration succeeds with probability >= .75 */
196 if (!BN_rand(r, n, -1, 0)) return 0;
197 }
198 while (BN_cmp(r, range) >= 0);
199 }
200 else
201 {
202 /* range = 10..._2,
203 * so 3*range (= 11..._2) is exactly one bit longer than range */
204 do
205 {
206 if (!BN_rand(r, n + 1, -1, 0)) return 0;
207 /* If r < 3*range, use r := r MOD range
208 * (which is either r, r - range, or r - 2*range).
209 * Otherwise, iterate once more.
210 * Since 3*range = 11..._2, each iteration succeeds with
211 * probability >= .75. */
212 if (BN_cmp(r ,range) >= 0)
213 {
214 if (!BN_sub(r, r, range)) return 0;
215 if (BN_cmp(r, range) >= 0)
216 if (!BN_sub(r, r, range)) return 0;
217 }
218 }
219 while (BN_cmp(r, range) >= 0);
220 }
221
222 return 1;
223 }
diff --git a/src/lib/libssl/src/crypto/bn/bn_shift.c b/src/lib/libssl/src/crypto/bn/bn_shift.c
index 0883247384..c2608f9f4a 100644
--- a/src/lib/libssl/src/crypto/bn/bn_shift.c
+++ b/src/lib/libssl/src/crypto/bn/bn_shift.c
@@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
172 r->neg=a->neg; 172 r->neg=a->neg;
173 if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); 173 if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
174 } 174 }
175 else
176 {
177 if (n == 0)
178 return 1; /* or the copying loop will go berserk */
179 }
175 180
176 f= &(a->d[nw]); 181 f= &(a->d[nw]);
177 t=r->d; 182 t=r->d;
diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c
index 0a97af69c5..af0c2629e8 100644
--- a/src/lib/libssl/src/crypto/bn/bntest.c
+++ b/src/lib/libssl/src/crypto/bn/bntest.c
@@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
107static void message(BIO *out, char *m) 107static void message(BIO *out, char *m)
108 { 108 {
109 fprintf(stderr, "test %s\n", m); 109 fprintf(stderr, "test %s\n", m);
110#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
111 BIO_puts(out, "print \"test "); 110 BIO_puts(out, "print \"test ");
112 BIO_puts(out, m); 111 BIO_puts(out, m);
113 BIO_puts(out, "\\n\"\n"); 112 BIO_puts(out, "\\n\"\n");
114#endif
115 } 113 }
116 114
117int main(int argc, char *argv[]) 115int main(int argc, char *argv[])
@@ -122,9 +120,7 @@ int main(int argc, char *argv[])
122 120
123 results = 0; 121 results = 0;
124 122
125 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't 123 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
126 * even check its return value
127 * (which we should) */
128 124
129 argc--; 125 argc--;
130 argv++; 126 argv++;
@@ -253,10 +249,10 @@ int test_add(BIO *bp)
253 BN_init(&b); 249 BN_init(&b);
254 BN_init(&c); 250 BN_init(&c);
255 251
256 BN_rand(&a,512,0,0); 252 BN_bntest_rand(&a,512,0,0);
257 for (i=0; i<num0; i++) 253 for (i=0; i<num0; i++)
258 { 254 {
259 BN_rand(&b,450+i,0,0); 255 BN_bntest_rand(&b,450+i,0,0);
260 a.neg=rand_neg(); 256 a.neg=rand_neg();
261 b.neg=rand_neg(); 257 b.neg=rand_neg();
262 if (bp == NULL) 258 if (bp == NULL)
@@ -305,14 +301,14 @@ int test_sub(BIO *bp)
305 { 301 {
306 if (i < num1) 302 if (i < num1)
307 { 303 {
308 BN_rand(&a,512,0,0); 304 BN_bntest_rand(&a,512,0,0);
309 BN_copy(&b,&a); 305 BN_copy(&b,&a);
310 if (BN_set_bit(&a,i)==0) return(0); 306 if (BN_set_bit(&a,i)==0) return(0);
311 BN_add_word(&b,i); 307 BN_add_word(&b,i);
312 } 308 }
313 else 309 else
314 { 310 {
315 BN_rand(&b,400+i-num1,0,0); 311 BN_bntest_rand(&b,400+i-num1,0,0);
316 a.neg=rand_neg(); 312 a.neg=rand_neg();
317 b.neg=rand_neg(); 313 b.neg=rand_neg();
318 } 314 }
@@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
362 { 358 {
363 if (i < num1) 359 if (i < num1)
364 { 360 {
365 BN_rand(&a,400,0,0); 361 BN_bntest_rand(&a,400,0,0);
366 BN_copy(&b,&a); 362 BN_copy(&b,&a);
367 BN_lshift(&a,&a,i); 363 BN_lshift(&a,&a,i);
368 BN_add_word(&a,i); 364 BN_add_word(&a,i);
369 } 365 }
370 else 366 else
371 BN_rand(&b,50+3*(i-num1),0,0); 367 BN_bntest_rand(&b,50+3*(i-num1),0,0);
372 a.neg=rand_neg(); 368 a.neg=rand_neg();
373 b.neg=rand_neg(); 369 b.neg=rand_neg();
374 if (bp == NULL) 370 if (bp == NULL)
@@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
432 { 428 {
433 if (i < num1) 429 if (i < num1)
434 { 430 {
435 BN_rand(&a,400,0,0); 431 BN_bntest_rand(&a,400,0,0);
436 BN_copy(&b,&a); 432 BN_copy(&b,&a);
437 BN_lshift(&a,&a,i); 433 BN_lshift(&a,&a,i);
438 BN_add_word(&a,i); 434 BN_add_word(&a,i);
439 } 435 }
440 else 436 else
441 BN_rand(&b,50+3*(i-num1),0,0); 437 BN_bntest_rand(&b,50+3*(i-num1),0,0);
442 a.neg=rand_neg(); 438 a.neg=rand_neg();
443 b.neg=rand_neg(); 439 b.neg=rand_neg();
444 BN_RECP_CTX_set(&recp,&b,ctx); 440 BN_RECP_CTX_set(&recp,&b,ctx);
@@ -509,11 +505,11 @@ int test_mul(BIO *bp)
509 { 505 {
510 if (i <= num1) 506 if (i <= num1)
511 { 507 {
512 BN_rand(&a,100,0,0); 508 BN_bntest_rand(&a,100,0,0);
513 BN_rand(&b,100,0,0); 509 BN_bntest_rand(&b,100,0,0);
514 } 510 }
515 else 511 else
516 BN_rand(&b,i-num1,0,0); 512 BN_bntest_rand(&b,i-num1,0,0);
517 a.neg=rand_neg(); 513 a.neg=rand_neg();
518 b.neg=rand_neg(); 514 b.neg=rand_neg();
519 if (bp == NULL) 515 if (bp == NULL)
@@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
562 558
563 for (i=0; i<num0; i++) 559 for (i=0; i<num0; i++)
564 { 560 {
565 BN_rand(&a,40+i*10,0,0); 561 BN_bntest_rand(&a,40+i*10,0,0);
566 a.neg=rand_neg(); 562 a.neg=rand_neg();
567 if (bp == NULL) 563 if (bp == NULL)
568 for (j=0; j<100; j++) 564 for (j=0; j<100; j++)
@@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)
613 609
614 mont=BN_MONT_CTX_new(); 610 mont=BN_MONT_CTX_new();
615 611
616 BN_rand(&a,100,0,0); /**/ 612 BN_bntest_rand(&a,100,0,0); /**/
617 BN_rand(&b,100,0,0); /**/ 613 BN_bntest_rand(&b,100,0,0); /**/
618 for (i=0; i<num2; i++) 614 for (i=0; i<num2; i++)
619 { 615 {
620 int bits = (200*(i+1))/num2; 616 int bits = (200*(i+1))/num2;
621 617
622 if (bits == 0) 618 if (bits == 0)
623 continue; 619 continue;
624 BN_rand(&n,bits,0,1); 620 BN_bntest_rand(&n,bits,0,1);
625 BN_MONT_CTX_set(mont,&n,ctx); 621 BN_MONT_CTX_set(mont,&n,ctx);
626 622
627 BN_to_montgomery(&A,&a,mont,ctx); 623 BN_to_montgomery(&A,&a,mont,ctx);
@@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
683 d=BN_new(); 679 d=BN_new();
684 e=BN_new(); 680 e=BN_new();
685 681
686 BN_rand(a,1024,0,0); /**/ 682 BN_bntest_rand(a,1024,0,0); /**/
687 for (i=0; i<num0; i++) 683 for (i=0; i<num0; i++)
688 { 684 {
689 BN_rand(b,450+i*10,0,0); /**/ 685 BN_bntest_rand(b,450+i*10,0,0); /**/
690 a->neg=rand_neg(); 686 a->neg=rand_neg();
691 b->neg=rand_neg(); 687 b->neg=rand_neg();
692 if (bp == NULL) 688 if (bp == NULL)
@@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
732 d=BN_new(); 728 d=BN_new();
733 e=BN_new(); 729 e=BN_new();
734 730
735 BN_rand(c,1024,0,0); /**/ 731 BN_bntest_rand(c,1024,0,0); /**/
736 for (i=0; i<num0; i++) 732 for (i=0; i<num0; i++)
737 { 733 {
738 BN_rand(a,475+i*10,0,0); /**/ 734 BN_bntest_rand(a,475+i*10,0,0); /**/
739 BN_rand(b,425+i*11,0,0); /**/ 735 BN_bntest_rand(b,425+i*11,0,0); /**/
740 a->neg=rand_neg(); 736 a->neg=rand_neg();
741 b->neg=rand_neg(); 737 b->neg=rand_neg();
742 /* if (bp == NULL) 738 /* if (bp == NULL)
@@ -794,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
794 d=BN_new(); 790 d=BN_new();
795 e=BN_new(); 791 e=BN_new();
796 792
797 BN_rand(c,30,0,1); /* must be odd for montgomery */ 793 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
798 for (i=0; i<num2; i++) 794 for (i=0; i<num2; i++)
799 { 795 {
800 BN_rand(a,20+i*5,0,0); /**/ 796 BN_bntest_rand(a,20+i*5,0,0); /**/
801 BN_rand(b,2+i,0,0); /**/ 797 BN_bntest_rand(b,2+i,0,0); /**/
802 798
803 if (!BN_mod_exp(d,a,b,c,ctx)) 799 if (!BN_mod_exp(d,a,b,c,ctx))
804 return(00); 800 return(00);
@@ -848,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)
848 844
849 for (i=0; i<num2; i++) 845 for (i=0; i<num2; i++)
850 { 846 {
851 BN_rand(a,20+i*5,0,0); /**/ 847 BN_bntest_rand(a,20+i*5,0,0); /**/
852 BN_rand(b,2+i,0,0); /**/ 848 BN_bntest_rand(b,2+i,0,0); /**/
853 849
854 if (!BN_exp(d,a,b,ctx)) 850 if (!BN_exp(d,a,b,ctx))
855 return(00); 851 return(00);
@@ -899,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
899 else 895 else
900 { 896 {
901 a=BN_new(); 897 a=BN_new();
902 BN_rand(a,200,0,0); /**/ 898 BN_bntest_rand(a,200,0,0); /**/
903 a->neg=rand_neg(); 899 a->neg=rand_neg();
904 } 900 }
905 for (i=0; i<num0; i++) 901 for (i=0; i<num0; i++)
@@ -951,7 +947,7 @@ int test_lshift1(BIO *bp)
951 b=BN_new(); 947 b=BN_new();
952 c=BN_new(); 948 c=BN_new();
953 949
954 BN_rand(a,200,0,0); /**/ 950 BN_bntest_rand(a,200,0,0); /**/
955 a->neg=rand_neg(); 951 a->neg=rand_neg();
956 for (i=0; i<num0; i++) 952 for (i=0; i<num0; i++)
957 { 953 {
@@ -995,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
995 e=BN_new(); 991 e=BN_new();
996 BN_one(c); 992 BN_one(c);
997 993
998 BN_rand(a,200,0,0); /**/ 994 BN_bntest_rand(a,200,0,0); /**/
999 a->neg=rand_neg(); 995 a->neg=rand_neg();
1000 for (i=0; i<num0; i++) 996 for (i=0; i<num0; i++)
1001 { 997 {
@@ -1038,7 +1034,7 @@ int test_rshift1(BIO *bp)
1038 b=BN_new(); 1034 b=BN_new();
1039 c=BN_new(); 1035 c=BN_new();
1040 1036
1041 BN_rand(a,200,0,0); /**/ 1037 BN_bntest_rand(a,200,0,0); /**/
1042 a->neg=rand_neg(); 1038 a->neg=rand_neg();
1043 for (i=0; i<num0; i++) 1039 for (i=0; i<num0; i++)
1044 { 1040 {
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile.ssl b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
index f473d1ab4b..a64681fd22 100644
--- a/src/lib/libssl/src/crypto/buffer/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/buffer/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/cast/Makefile.ssl b/src/lib/libssl/src/crypto/cast/Makefile.ssl
index 4c70d1e3e8..1f8b898f7c 100644
--- a/src/lib/libssl/src/crypto/cast/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/cast/Makefile.ssl
@@ -47,7 +47,8 @@ all: lib
47 47
48lib: $(LIBOBJ) 48lib: $(LIBOBJ)
49 $(AR) $(LIB) $(LIBOBJ) 49 $(AR) $(LIB) $(LIBOBJ)
50 $(RANLIB) $(LIB) 50 @echo You may get an error following this line. Please ignore.
51 - $(RANLIB) $(LIB)
51 @touch lib 52 @touch lib
52 53
53# elf 54# elf
diff --git a/src/lib/libssl/src/crypto/comp/Makefile.ssl b/src/lib/libssl/src/crypto/comp/Makefile.ssl
index 39e7993416..b696ac75fe 100644
--- a/src/lib/libssl/src/crypto/comp/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/comp/Makefile.ssl
@@ -42,7 +42,8 @@ all: lib
42 42
43lib: $(LIBOBJ) 43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ) 44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) 45 @echo You may get an error following this line. Please ignore.
46 - $(RANLIB) $(LIB)
46 @touch lib 47 @touch lib
47 48
48files: 49files:
diff --git a/src/lib/libssl/src/crypto/conf/Makefile.ssl b/src/lib/libssl/src/crypto/conf/Makefile.ssl
index efbb578981..9df4fca877 100644
--- a/src/lib/libssl/src/crypto/conf/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/conf/Makefile.ssl
@@ -40,7 +40,8 @@ all: lib
40 40
41lib: $(LIBOBJ) 41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ) 42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) 43 @echo You may get an error following this line. Please ignore.
44 - $(RANLIB) $(LIB)
44 @touch lib 45 @touch lib
45 46
46files: 47files:
diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h
index 2f70634455..cd40a0db21 100644
--- a/src/lib/libssl/src/crypto/conf/conf.h
+++ b/src/lib/libssl/src/crypto/conf/conf.h
@@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
167#define CONF_R_MISSING_EQUAL_SIGN 101 167#define CONF_R_MISSING_EQUAL_SIGN 101
168#define CONF_R_NO_CLOSE_BRACE 102 168#define CONF_R_NO_CLOSE_BRACE 102
169#define CONF_R_NO_CONF 105 169#define CONF_R_NO_CONF 105
170#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
171#define CONF_R_NO_SECTION 107
170#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 172#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
171#define CONF_R_VARIABLE_HAS_NO_VALUE 104 173#define CONF_R_VARIABLE_HAS_NO_VALUE 104
172 174
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c
index 06d3163573..8c2bc6f1c4 100644
--- a/src/lib/libssl/src/crypto/conf/conf_err.c
+++ b/src/lib/libssl/src/crypto/conf/conf_err.c
@@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]=
87{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, 87{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"},
88{CONF_R_NO_CLOSE_BRACE ,"no close brace"}, 88{CONF_R_NO_CLOSE_BRACE ,"no close brace"},
89{CONF_R_NO_CONF ,"no conf"}, 89{CONF_R_NO_CONF ,"no conf"},
90{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"},
91{CONF_R_NO_SECTION ,"no section"},
90{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, 92{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"},
91{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, 93{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"},
92{0,NULL} 94{0,NULL}
diff --git a/src/lib/libssl/src/crypto/conf/conf_lib.c b/src/lib/libssl/src/crypto/conf/conf_lib.c
index 4c8ca9e9ae..11ec639732 100644
--- a/src/lib/libssl/src/crypto/conf/conf_lib.c
+++ b/src/lib/libssl/src/crypto/conf/conf_lib.c
@@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
131 131
132STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section) 132STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
133 { 133 {
134 CONF ctmp; 134 if (conf == NULL)
135 {
136 return NULL;
137 }
138 else
139 {
140 CONF ctmp;
135 141
136 if (default_CONF_method == NULL) 142 if (default_CONF_method == NULL)
137 default_CONF_method = NCONF_default(); 143 default_CONF_method = NCONF_default();
138 144
139 default_CONF_method->init(&ctmp); 145 default_CONF_method->init(&ctmp);
140 ctmp.data = conf; 146 ctmp.data = conf;
141 return NCONF_get_section(&ctmp, section); 147 return NCONF_get_section(&ctmp, section);
148 }
142 } 149 }
143 150
144char *CONF_get_string(LHASH *conf,char *group,char *name) 151char *CONF_get_string(LHASH *conf,char *group,char *name)
145 { 152 {
146 CONF ctmp; 153 if (conf == NULL)
154 {
155 return NCONF_get_string(NULL, group, name);
156 }
157 else
158 {
159 CONF ctmp;
147 160
148 if (default_CONF_method == NULL) 161 if (default_CONF_method == NULL)
149 default_CONF_method = NCONF_default(); 162 default_CONF_method = NCONF_default();
150 163
151 default_CONF_method->init(&ctmp); 164 default_CONF_method->init(&ctmp);
152 ctmp.data = conf; 165 ctmp.data = conf;
153 return NCONF_get_string(&ctmp, group, name); 166 return NCONF_get_string(&ctmp, group, name);
167 }
154 } 168 }
155 169
156long CONF_get_number(LHASH *conf,char *group,char *name) 170long CONF_get_number(LHASH *conf,char *group,char *name)
157 { 171 {
158 CONF ctmp; 172 if (conf == NULL)
173 {
174 return NCONF_get_number(NULL, group, name);
175 }
176 else
177 {
178 CONF ctmp;
159 179
160 if (default_CONF_method == NULL) 180 if (default_CONF_method == NULL)
161 default_CONF_method = NCONF_default(); 181 default_CONF_method = NCONF_default();
162 182
163 default_CONF_method->init(&ctmp); 183 default_CONF_method->init(&ctmp);
164 ctmp.data = conf; 184 ctmp.data = conf;
165 return NCONF_get_number(&ctmp, group, name); 185 return NCONF_get_number(&ctmp, group, name);
186 }
166 } 187 }
167 188
168void CONF_free(LHASH *conf) 189void CONF_free(LHASH *conf)
@@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
299 return NULL; 320 return NULL;
300 } 321 }
301 322
323 if (section == NULL)
324 {
325 CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
326 return NULL;
327 }
328
302 return _CONF_get_section_values(conf, section); 329 return _CONF_get_section_values(conf, section);
303 } 330 }
304 331
305char *NCONF_get_string(CONF *conf,char *group,char *name) 332char *NCONF_get_string(CONF *conf,char *group,char *name)
306 { 333 {
334 char *s = _CONF_get_string(conf, group, name);
335
336 /* Since we may get a value from an environment variable even
337 if conf is NULL, let's check the value first */
338 if (s) return s;
339
307 if (conf == NULL) 340 if (conf == NULL)
308 { 341 {
309 CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF); 342 CONFerr(CONF_F_NCONF_GET_STRING,
343 CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
310 return NULL; 344 return NULL;
311 } 345 }
312 346 return NULL;
313 return _CONF_get_string(conf, group, name);
314 } 347 }
315 348
316long NCONF_get_number(CONF *conf,char *group,char *name) 349long NCONF_get_number(CONF *conf,char *group,char *name)
317 { 350 {
351#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
352 an environment variable with a suitable name. Unfortunately, there's
353 no way with the current API to see if we found one or not...
354 The meaning of this is that if a number is not found anywhere, it
355 will always default to 0. */
318 if (conf == NULL) 356 if (conf == NULL)
319 { 357 {
320 CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF); 358 CONFerr(CONF_F_NCONF_GET_NUMBER,
359 CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
321 return 0; 360 return 0;
322 } 361 }
362#endif
323 363
324 return _CONF_get_number(conf, group, name); 364 return _CONF_get_number(conf, group, name);
325 } 365 }
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index 21d56a4b50..482a136177 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -174,7 +174,7 @@ $!
174$ APPS_DES = "DES/DES,CBC3_ENC" 174$ APPS_DES = "DES/DES,CBC3_ENC"
175$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" 175$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
176$ 176$
177$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err" 177$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
178$ LIB_MD2 = "md2_dgst,md2_one" 178$ LIB_MD2 = "md2_dgst,md2_one"
179$ LIB_MD4 = "md4_dgst,md4_one" 179$ LIB_MD4 = "md4_dgst,md4_one"
180$ LIB_MD5 = "md5_dgst,md5_one" 180$ LIB_MD5 = "md5_dgst,md5_one"
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 52ee97b71a..9257673279 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -278,6 +278,8 @@ int CRYPTO_is_mem_check_on(void);
278const char *SSLeay_version(int type); 278const char *SSLeay_version(int type);
279unsigned long SSLeay(void); 279unsigned long SSLeay(void);
280 280
281int OPENSSL_issetugid(void);
282
281int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, 283int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
282 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 284 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
283int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); 285int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
diff --git a/src/lib/libssl/src/crypto/des/Makefile.ssl b/src/lib/libssl/src/crypto/des/Makefile.ssl
index 34a360b7ab..cc5379feb2 100644
--- a/src/lib/libssl/src/crypto/des/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/des/Makefile.ssl
@@ -57,7 +57,8 @@ all: lib
57 57
58lib: $(LIBOBJ) 58lib: $(LIBOBJ)
59 $(AR) $(LIB) $(LIBOBJ) 59 $(AR) $(LIB) $(LIBOBJ)
60 $(RANLIB) $(LIB) 60 @echo You may get an error following this line. Please ignore.
61 - $(RANLIB) $(LIB)
61 @touch lib 62 @touch lib
62 63
63des: des.o cbc3_enc.o lib 64des: des.o cbc3_enc.o lib
diff --git a/src/lib/libssl/src/crypto/des/asm/des-586.pl b/src/lib/libssl/src/crypto/des/asm/des-586.pl
index f054071077..c890766bc9 100644
--- a/src/lib/libssl/src/crypto/des/asm/des-586.pl
+++ b/src/lib/libssl/src/crypto/des/asm/des-586.pl
@@ -20,11 +20,11 @@ $L="edi";
20$R="esi"; 20$R="esi";
21 21
22&external_label("des_SPtrans"); 22&external_label("des_SPtrans");
23&des_encrypt("des_encrypt",1); 23&des_encrypt("des_encrypt1",1);
24&des_encrypt("des_encrypt2",0); 24&des_encrypt("des_encrypt2",0);
25&des_encrypt3("des_encrypt3",1); 25&des_encrypt3("des_encrypt3",1);
26&des_encrypt3("des_decrypt3",0); 26&des_encrypt3("des_decrypt3",0);
27&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); 27&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
28&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); 28&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
29 29
30&asm_finish(); 30&asm_finish();
diff --git a/src/lib/libssl/src/crypto/des/asm/des686.pl b/src/lib/libssl/src/crypto/des/asm/des686.pl
index 77dc5b51cd..84c3e85438 100644
--- a/src/lib/libssl/src/crypto/des/asm/des686.pl
+++ b/src/lib/libssl/src/crypto/des/asm/des686.pl
@@ -46,7 +46,7 @@ EOF
46$L="edi"; 46$L="edi";
47$R="esi"; 47$R="esi";
48 48
49&des_encrypt("des_encrypt",1); 49&des_encrypt("des_encrypt1",1);
50&des_encrypt("des_encrypt2",0); 50&des_encrypt("des_encrypt2",0);
51 51
52&des_encrypt3("des_encrypt3",1); 52&des_encrypt3("des_encrypt3",1);
diff --git a/src/lib/libssl/src/crypto/des/asm/readme b/src/lib/libssl/src/crypto/des/asm/readme
index f8529d9307..1beafe253b 100644
--- a/src/lib/libssl/src/crypto/des/asm/readme
+++ b/src/lib/libssl/src/crypto/des/asm/readme
@@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-).
8 8
9The file to implement in assembler is des_enc.c. Replace the following 9The file to implement in assembler is des_enc.c. Replace the following
104 functions 104 functions
11des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt); 11des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
12des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); 12des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
13des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); 13des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
14des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); 14des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
diff --git a/src/lib/libssl/src/crypto/des/cbc_cksm.c b/src/lib/libssl/src/crypto/des/cbc_cksm.c
index 1e543cb2a1..b857df0985 100644
--- a/src/lib/libssl/src/crypto/des/cbc_cksm.c
+++ b/src/lib/libssl/src/crypto/des/cbc_cksm.c
@@ -82,7 +82,7 @@ DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
82 82
83 tin0^=tout0; tin[0]=tin0; 83 tin0^=tout0; tin[0]=tin0;
84 tin1^=tout1; tin[1]=tin1; 84 tin1^=tout1; tin[1]=tin1;
85 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 85 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
86 /* fix 15/10/91 eay - thanks to keithr@sco.COM */ 86 /* fix 15/10/91 eay - thanks to keithr@sco.COM */
87 tout0=tin[0]; 87 tout0=tin[0];
88 tout1=tin[1]; 88 tout1=tin[1];
diff --git a/src/lib/libssl/src/crypto/des/cfb64enc.c b/src/lib/libssl/src/crypto/des/cfb64enc.c
index 389a232cb3..105530dfa3 100644
--- a/src/lib/libssl/src/crypto/des/cfb64enc.c
+++ b/src/lib/libssl/src/crypto/des/cfb64enc.c
@@ -82,7 +82,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
82 { 82 {
83 c2l(iv,v0); ti[0]=v0; 83 c2l(iv,v0); ti[0]=v0;
84 c2l(iv,v1); ti[1]=v1; 84 c2l(iv,v1); ti[1]=v1;
85 des_encrypt(ti,schedule,DES_ENCRYPT); 85 des_encrypt1(ti,schedule,DES_ENCRYPT);
86 iv = &(*ivec)[0]; 86 iv = &(*ivec)[0];
87 v0=ti[0]; l2c(v0,iv); 87 v0=ti[0]; l2c(v0,iv);
88 v0=ti[1]; l2c(v0,iv); 88 v0=ti[1]; l2c(v0,iv);
@@ -102,7 +102,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
102 { 102 {
103 c2l(iv,v0); ti[0]=v0; 103 c2l(iv,v0); ti[0]=v0;
104 c2l(iv,v1); ti[1]=v1; 104 c2l(iv,v1); ti[1]=v1;
105 des_encrypt(ti,schedule,DES_ENCRYPT); 105 des_encrypt1(ti,schedule,DES_ENCRYPT);
106 iv = &(*ivec)[0]; 106 iv = &(*ivec)[0];
107 v0=ti[0]; l2c(v0,iv); 107 v0=ti[0]; l2c(v0,iv);
108 v0=ti[1]; l2c(v0,iv); 108 v0=ti[1]; l2c(v0,iv);
diff --git a/src/lib/libssl/src/crypto/des/cfb_enc.c b/src/lib/libssl/src/crypto/des/cfb_enc.c
index cca34dd7c5..ec4fd4ea67 100644
--- a/src/lib/libssl/src/crypto/des/cfb_enc.c
+++ b/src/lib/libssl/src/crypto/des/cfb_enc.c
@@ -100,7 +100,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
100 l-=n; 100 l-=n;
101 ti[0]=v0; 101 ti[0]=v0;
102 ti[1]=v1; 102 ti[1]=v1;
103 des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); 103 des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
104 c2ln(in,d0,d1,n); 104 c2ln(in,d0,d1,n);
105 in+=n; 105 in+=n;
106 d0=(d0^ti[0])&mask0; 106 d0=(d0^ti[0])&mask0;
@@ -132,7 +132,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
132 l-=n; 132 l-=n;
133 ti[0]=v0; 133 ti[0]=v0;
134 ti[1]=v1; 134 ti[1]=v1;
135 des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); 135 des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
136 c2ln(in,d0,d1,n); 136 c2ln(in,d0,d1,n);
137 in+=n; 137 in+=n;
138 /* 30-08-94 - eay - changed because l>>32 and 138 /* 30-08-94 - eay - changed because l>>32 and
diff --git a/src/lib/libssl/src/crypto/des/des.h b/src/lib/libssl/src/crypto/des/des.h
index 2db9748cb4..6b8a7ee11b 100644
--- a/src/lib/libssl/src/crypto/des/des.h
+++ b/src/lib/libssl/src/crypto/des/des.h
@@ -147,14 +147,14 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
147 Data is a pointer to 2 unsigned long's and ks is the 147 Data is a pointer to 2 unsigned long's and ks is the
148 des_key_schedule to use. enc, is non zero specifies encryption, 148 des_key_schedule to use. enc, is non zero specifies encryption,
149 zero if decryption. */ 149 zero if decryption. */
150void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); 150void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);
151 151
152/* This functions is the same as des_encrypt() except that the DES 152/* This functions is the same as des_encrypt1() except that the DES
153 initial permutation (IP) and final permutation (FP) have been left 153 initial permutation (IP) and final permutation (FP) have been left
154 out. As for des_encrypt(), you should not use this function. 154 out. As for des_encrypt1(), you should not use this function.
155 It is used by the routines in the library that implement triple DES. 155 It is used by the routines in the library that implement triple DES.
156 IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same 156 IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
157 as des_encrypt() des_encrypt() des_encrypt() except faster :-). */ 157 as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
158void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); 158void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
159 159
160void des_encrypt3(DES_LONG *data, des_key_schedule ks1, 160void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
diff --git a/src/lib/libssl/src/crypto/des/des_enc.c b/src/lib/libssl/src/crypto/des/des_enc.c
index 8311e10628..0bd9fa39bc 100644
--- a/src/lib/libssl/src/crypto/des/des_enc.c
+++ b/src/lib/libssl/src/crypto/des/des_enc.c
@@ -58,7 +58,7 @@
58 58
59#include "des_locl.h" 59#include "des_locl.h"
60 60
61void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) 61void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
62 { 62 {
63 register DES_LONG l,r,t,u; 63 register DES_LONG l,r,t,u;
64#ifdef DES_PTR 64#ifdef DES_PTR
diff --git a/src/lib/libssl/src/crypto/des/des_opts.c b/src/lib/libssl/src/crypto/des/des_opts.c
index b2ca7ac31d..138ee1c6b4 100644
--- a/src/lib/libssl/src/crypto/des/des_opts.c
+++ b/src/lib/libssl/src/crypto/des/des_opts.c
@@ -118,7 +118,7 @@ extern void exit();
118#undef DES_RISC2 118#undef DES_RISC2
119#undef DES_PTR 119#undef DES_PTR
120#undef D_ENCRYPT 120#undef D_ENCRYPT
121#define des_encrypt des_encrypt_u4_cisc_idx 121#define des_encrypt1 des_encrypt_u4_cisc_idx
122#define des_encrypt2 des_encrypt2_u4_cisc_idx 122#define des_encrypt2 des_encrypt2_u4_cisc_idx
123#define des_encrypt3 des_encrypt3_u4_cisc_idx 123#define des_encrypt3 des_encrypt3_u4_cisc_idx
124#define des_decrypt3 des_decrypt3_u4_cisc_idx 124#define des_decrypt3 des_decrypt3_u4_cisc_idx
@@ -130,11 +130,11 @@ extern void exit();
130#undef DES_RISC2 130#undef DES_RISC2
131#undef DES_PTR 131#undef DES_PTR
132#undef D_ENCRYPT 132#undef D_ENCRYPT
133#undef des_encrypt 133#undef des_encrypt1
134#undef des_encrypt2 134#undef des_encrypt2
135#undef des_encrypt3 135#undef des_encrypt3
136#undef des_decrypt3 136#undef des_decrypt3
137#define des_encrypt des_encrypt_u16_cisc_idx 137#define des_encrypt1 des_encrypt_u16_cisc_idx
138#define des_encrypt2 des_encrypt2_u16_cisc_idx 138#define des_encrypt2 des_encrypt2_u16_cisc_idx
139#define des_encrypt3 des_encrypt3_u16_cisc_idx 139#define des_encrypt3 des_encrypt3_u16_cisc_idx
140#define des_decrypt3 des_decrypt3_u16_cisc_idx 140#define des_decrypt3 des_decrypt3_u16_cisc_idx
@@ -146,11 +146,11 @@ extern void exit();
146#undef DES_RISC2 146#undef DES_RISC2
147#undef DES_PTR 147#undef DES_PTR
148#undef D_ENCRYPT 148#undef D_ENCRYPT
149#undef des_encrypt 149#undef des_encrypt1
150#undef des_encrypt2 150#undef des_encrypt2
151#undef des_encrypt3 151#undef des_encrypt3
152#undef des_decrypt3 152#undef des_decrypt3
153#define des_encrypt des_encrypt_u4_risc1_idx 153#define des_encrypt1 des_encrypt_u4_risc1_idx
154#define des_encrypt2 des_encrypt2_u4_risc1_idx 154#define des_encrypt2 des_encrypt2_u4_risc1_idx
155#define des_encrypt3 des_encrypt3_u4_risc1_idx 155#define des_encrypt3 des_encrypt3_u4_risc1_idx
156#define des_decrypt3 des_decrypt3_u4_risc1_idx 156#define des_decrypt3 des_decrypt3_u4_risc1_idx
@@ -166,11 +166,11 @@ extern void exit();
166#define DES_RISC2 166#define DES_RISC2
167#undef DES_PTR 167#undef DES_PTR
168#undef D_ENCRYPT 168#undef D_ENCRYPT
169#undef des_encrypt 169#undef des_encrypt1
170#undef des_encrypt2 170#undef des_encrypt2
171#undef des_encrypt3 171#undef des_encrypt3
172#undef des_decrypt3 172#undef des_decrypt3
173#define des_encrypt des_encrypt_u4_risc2_idx 173#define des_encrypt1 des_encrypt_u4_risc2_idx
174#define des_encrypt2 des_encrypt2_u4_risc2_idx 174#define des_encrypt2 des_encrypt2_u4_risc2_idx
175#define des_encrypt3 des_encrypt3_u4_risc2_idx 175#define des_encrypt3 des_encrypt3_u4_risc2_idx
176#define des_decrypt3 des_decrypt3_u4_risc2_idx 176#define des_decrypt3 des_decrypt3_u4_risc2_idx
@@ -182,11 +182,11 @@ extern void exit();
182#undef DES_RISC2 182#undef DES_RISC2
183#undef DES_PTR 183#undef DES_PTR
184#undef D_ENCRYPT 184#undef D_ENCRYPT
185#undef des_encrypt 185#undef des_encrypt1
186#undef des_encrypt2 186#undef des_encrypt2
187#undef des_encrypt3 187#undef des_encrypt3
188#undef des_decrypt3 188#undef des_decrypt3
189#define des_encrypt des_encrypt_u16_risc1_idx 189#define des_encrypt1 des_encrypt_u16_risc1_idx
190#define des_encrypt2 des_encrypt2_u16_risc1_idx 190#define des_encrypt2 des_encrypt2_u16_risc1_idx
191#define des_encrypt3 des_encrypt3_u16_risc1_idx 191#define des_encrypt3 des_encrypt3_u16_risc1_idx
192#define des_decrypt3 des_decrypt3_u16_risc1_idx 192#define des_decrypt3 des_decrypt3_u16_risc1_idx
@@ -198,11 +198,11 @@ extern void exit();
198#define DES_RISC2 198#define DES_RISC2
199#undef DES_PTR 199#undef DES_PTR
200#undef D_ENCRYPT 200#undef D_ENCRYPT
201#undef des_encrypt 201#undef des_encrypt1
202#undef des_encrypt2 202#undef des_encrypt2
203#undef des_encrypt3 203#undef des_encrypt3
204#undef des_decrypt3 204#undef des_decrypt3
205#define des_encrypt des_encrypt_u16_risc2_idx 205#define des_encrypt1 des_encrypt_u16_risc2_idx
206#define des_encrypt2 des_encrypt2_u16_risc2_idx 206#define des_encrypt2 des_encrypt2_u16_risc2_idx
207#define des_encrypt3 des_encrypt3_u16_risc2_idx 207#define des_encrypt3 des_encrypt3_u16_risc2_idx
208#define des_decrypt3 des_decrypt3_u16_risc2_idx 208#define des_decrypt3 des_decrypt3_u16_risc2_idx
@@ -218,11 +218,11 @@ extern void exit();
218#undef DES_RISC2 218#undef DES_RISC2
219#define DES_PTR 219#define DES_PTR
220#undef D_ENCRYPT 220#undef D_ENCRYPT
221#undef des_encrypt 221#undef des_encrypt1
222#undef des_encrypt2 222#undef des_encrypt2
223#undef des_encrypt3 223#undef des_encrypt3
224#undef des_decrypt3 224#undef des_decrypt3
225#define des_encrypt des_encrypt_u4_cisc_ptr 225#define des_encrypt1 des_encrypt_u4_cisc_ptr
226#define des_encrypt2 des_encrypt2_u4_cisc_ptr 226#define des_encrypt2 des_encrypt2_u4_cisc_ptr
227#define des_encrypt3 des_encrypt3_u4_cisc_ptr 227#define des_encrypt3 des_encrypt3_u4_cisc_ptr
228#define des_decrypt3 des_decrypt3_u4_cisc_ptr 228#define des_decrypt3 des_decrypt3_u4_cisc_ptr
@@ -234,11 +234,11 @@ extern void exit();
234#undef DES_RISC2 234#undef DES_RISC2
235#define DES_PTR 235#define DES_PTR
236#undef D_ENCRYPT 236#undef D_ENCRYPT
237#undef des_encrypt 237#undef des_encrypt1
238#undef des_encrypt2 238#undef des_encrypt2
239#undef des_encrypt3 239#undef des_encrypt3
240#undef des_decrypt3 240#undef des_decrypt3
241#define des_encrypt des_encrypt_u16_cisc_ptr 241#define des_encrypt1 des_encrypt_u16_cisc_ptr
242#define des_encrypt2 des_encrypt2_u16_cisc_ptr 242#define des_encrypt2 des_encrypt2_u16_cisc_ptr
243#define des_encrypt3 des_encrypt3_u16_cisc_ptr 243#define des_encrypt3 des_encrypt3_u16_cisc_ptr
244#define des_decrypt3 des_decrypt3_u16_cisc_ptr 244#define des_decrypt3 des_decrypt3_u16_cisc_ptr
@@ -250,11 +250,11 @@ extern void exit();
250#undef DES_RISC2 250#undef DES_RISC2
251#define DES_PTR 251#define DES_PTR
252#undef D_ENCRYPT 252#undef D_ENCRYPT
253#undef des_encrypt 253#undef des_encrypt1
254#undef des_encrypt2 254#undef des_encrypt2
255#undef des_encrypt3 255#undef des_encrypt3
256#undef des_decrypt3 256#undef des_decrypt3
257#define des_encrypt des_encrypt_u4_risc1_ptr 257#define des_encrypt1 des_encrypt_u4_risc1_ptr
258#define des_encrypt2 des_encrypt2_u4_risc1_ptr 258#define des_encrypt2 des_encrypt2_u4_risc1_ptr
259#define des_encrypt3 des_encrypt3_u4_risc1_ptr 259#define des_encrypt3 des_encrypt3_u4_risc1_ptr
260#define des_decrypt3 des_decrypt3_u4_risc1_ptr 260#define des_decrypt3 des_decrypt3_u4_risc1_ptr
@@ -270,11 +270,11 @@ extern void exit();
270#define DES_RISC2 270#define DES_RISC2
271#define DES_PTR 271#define DES_PTR
272#undef D_ENCRYPT 272#undef D_ENCRYPT
273#undef des_encrypt 273#undef des_encrypt1
274#undef des_encrypt2 274#undef des_encrypt2
275#undef des_encrypt3 275#undef des_encrypt3
276#undef des_decrypt3 276#undef des_decrypt3
277#define des_encrypt des_encrypt_u4_risc2_ptr 277#define des_encrypt1 des_encrypt_u4_risc2_ptr
278#define des_encrypt2 des_encrypt2_u4_risc2_ptr 278#define des_encrypt2 des_encrypt2_u4_risc2_ptr
279#define des_encrypt3 des_encrypt3_u4_risc2_ptr 279#define des_encrypt3 des_encrypt3_u4_risc2_ptr
280#define des_decrypt3 des_decrypt3_u4_risc2_ptr 280#define des_decrypt3 des_decrypt3_u4_risc2_ptr
@@ -286,11 +286,11 @@ extern void exit();
286#undef DES_RISC2 286#undef DES_RISC2
287#define DES_PTR 287#define DES_PTR
288#undef D_ENCRYPT 288#undef D_ENCRYPT
289#undef des_encrypt 289#undef des_encrypt1
290#undef des_encrypt2 290#undef des_encrypt2
291#undef des_encrypt3 291#undef des_encrypt3
292#undef des_decrypt3 292#undef des_decrypt3
293#define des_encrypt des_encrypt_u16_risc1_ptr 293#define des_encrypt1 des_encrypt_u16_risc1_ptr
294#define des_encrypt2 des_encrypt2_u16_risc1_ptr 294#define des_encrypt2 des_encrypt2_u16_risc1_ptr
295#define des_encrypt3 des_encrypt3_u16_risc1_ptr 295#define des_encrypt3 des_encrypt3_u16_risc1_ptr
296#define des_decrypt3 des_decrypt3_u16_risc1_ptr 296#define des_decrypt3 des_decrypt3_u16_risc1_ptr
@@ -302,11 +302,11 @@ extern void exit();
302#define DES_RISC2 302#define DES_RISC2
303#define DES_PTR 303#define DES_PTR
304#undef D_ENCRYPT 304#undef D_ENCRYPT
305#undef des_encrypt 305#undef des_encrypt1
306#undef des_encrypt2 306#undef des_encrypt2
307#undef des_encrypt3 307#undef des_encrypt3
308#undef des_decrypt3 308#undef des_decrypt3
309#define des_encrypt des_encrypt_u16_risc2_ptr 309#define des_encrypt1 des_encrypt_u16_risc2_ptr
310#define des_encrypt2 des_encrypt2_u16_risc2_ptr 310#define des_encrypt2 des_encrypt2_u16_risc2_ptr
311#define des_encrypt3 des_encrypt3_u16_risc2_ptr 311#define des_encrypt3 des_encrypt3_u16_risc2_ptr
312#define des_decrypt3 des_decrypt3_u16_risc2_ptr 312#define des_decrypt3 des_decrypt3_u16_risc2_ptr
@@ -453,7 +453,7 @@ int main(int argc, char **argv)
453 count*=2; 453 count*=2;
454 Time_F(START); 454 Time_F(START);
455 for (i=count; i; i--) 455 for (i=count; i; i--)
456 des_encrypt(data,&(sch[0]),DES_ENCRYPT); 456 des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
457 d=Time_F(STOP); 457 d=Time_F(STOP);
458 } while (d < 3.0); 458 } while (d < 3.0);
459 ca=count; 459 ca=count;
diff --git a/src/lib/libssl/src/crypto/des/dess.cpp b/src/lib/libssl/src/crypto/des/dess.cpp
index 753e67ad9b..5549bab90a 100644
--- a/src/lib/libssl/src/crypto/des/dess.cpp
+++ b/src/lib/libssl/src/crypto/des/dess.cpp
@@ -45,19 +45,19 @@ void main(int argc,char *argv[])
45 { 45 {
46 for (i=0; i<1000; i++) /**/ 46 for (i=0; i<1000; i++) /**/
47 { 47 {
48 des_encrypt(&data[0],key,1); 48 des_encrypt1(&data[0],key,1);
49 GetTSC(s1); 49 GetTSC(s1);
50 des_encrypt(&data[0],key,1); 50 des_encrypt1(&data[0],key,1);
51 des_encrypt(&data[0],key,1); 51 des_encrypt1(&data[0],key,1);
52 des_encrypt(&data[0],key,1); 52 des_encrypt1(&data[0],key,1);
53 GetTSC(e1); 53 GetTSC(e1);
54 GetTSC(s2); 54 GetTSC(s2);
55 des_encrypt(&data[0],key,1); 55 des_encrypt1(&data[0],key,1);
56 des_encrypt(&data[0],key,1); 56 des_encrypt1(&data[0],key,1);
57 des_encrypt(&data[0],key,1); 57 des_encrypt1(&data[0],key,1);
58 des_encrypt(&data[0],key,1); 58 des_encrypt1(&data[0],key,1);
59 GetTSC(e2); 59 GetTSC(e2);
60 des_encrypt(&data[0],key,1); 60 des_encrypt1(&data[0],key,1);
61 } 61 }
62 62
63 printf("des %d %d (%d)\n", 63 printf("des %d %d (%d)\n",
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
index b261a8aad9..d481327ef3 100644
--- a/src/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -114,7 +114,7 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
114 114
115 c2l(in,l); ll[0]=l; 115 c2l(in,l); ll[0]=l;
116 c2l(in,l); ll[1]=l; 116 c2l(in,l); ll[1]=l;
117 des_encrypt(ll,ks,enc); 117 des_encrypt1(ll,ks,enc);
118 l=ll[0]; l2c(l,out); 118 l=ll[0]; l2c(l,out);
119 l=ll[1]; l2c(l,out); 119 l=ll[1]; l2c(l,out);
120 l=ll[0]=ll[1]=0; 120 l=ll[0]=ll[1]=0;
diff --git a/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c b/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c
index c53062481d..b98f7e17af 100644
--- a/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c
+++ b/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c
@@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
95 { 95 {
96 tin[0]=m0; 96 tin[0]=m0;
97 tin[1]=m1; 97 tin[1]=m1;
98 des_encrypt(tin,ks3,1); 98 des_encrypt1(tin,ks3,1);
99 m0=tin[0]; 99 m0=tin[0];
100 m1=tin[1]; 100 m1=tin[1];
101 101
@@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
113 113
114 tin[0]=tin0; 114 tin[0]=tin0;
115 tin[1]=tin1; 115 tin[1]=tin1;
116 des_encrypt(tin,ks1,1); 116 des_encrypt1(tin,ks1,1);
117 tin[0]^=m0; 117 tin[0]^=m0;
118 tin[1]^=m1; 118 tin[1]^=m1;
119 des_encrypt(tin,ks2,0); 119 des_encrypt1(tin,ks2,0);
120 tin[0]^=m0; 120 tin[0]^=m0;
121 tin[1]^=m1; 121 tin[1]^=m1;
122 des_encrypt(tin,ks1,1); 122 des_encrypt1(tin,ks1,1);
123 tout0=tin[0]; 123 tout0=tin[0];
124 tout1=tin[1]; 124 tout1=tin[1];
125 125
@@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
146 { 146 {
147 tin[0]=m0; 147 tin[0]=m0;
148 tin[1]=m1; 148 tin[1]=m1;
149 des_encrypt(tin,ks3,1); 149 des_encrypt1(tin,ks3,1);
150 m0=tin[0]; 150 m0=tin[0];
151 m1=tin[1]; 151 m1=tin[1];
152 152
@@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
158 158
159 tin[0]=tin0; 159 tin[0]=tin0;
160 tin[1]=tin1; 160 tin[1]=tin1;
161 des_encrypt(tin,ks1,0); 161 des_encrypt1(tin,ks1,0);
162 tin[0]^=m0; 162 tin[0]^=m0;
163 tin[1]^=m1; 163 tin[1]^=m1;
164 des_encrypt(tin,ks2,1); 164 des_encrypt1(tin,ks2,1);
165 tin[0]^=m0; 165 tin[0]^=m0;
166 tin[1]^=m1; 166 tin[1]^=m1;
167 des_encrypt(tin,ks1,0); 167 des_encrypt1(tin,ks1,0);
168 tout0=tin[0]; 168 tout0=tin[0];
169 tout1=tin[1]; 169 tout1=tin[1];
170 170
diff --git a/src/lib/libssl/src/crypto/des/ncbc_enc.c b/src/lib/libssl/src/crypto/des/ncbc_enc.c
index 3b681691a9..b8db07b199 100644
--- a/src/lib/libssl/src/crypto/des/ncbc_enc.c
+++ b/src/lib/libssl/src/crypto/des/ncbc_enc.c
@@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
89 c2l(in,tin1); 89 c2l(in,tin1);
90 tin0^=tout0; tin[0]=tin0; 90 tin0^=tout0; tin[0]=tin0;
91 tin1^=tout1; tin[1]=tin1; 91 tin1^=tout1; tin[1]=tin1;
92 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 92 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
93 tout0=tin[0]; l2c(tout0,out); 93 tout0=tin[0]; l2c(tout0,out);
94 tout1=tin[1]; l2c(tout1,out); 94 tout1=tin[1]; l2c(tout1,out);
95 } 95 }
@@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
98 c2ln(in,tin0,tin1,l+8); 98 c2ln(in,tin0,tin1,l+8);
99 tin0^=tout0; tin[0]=tin0; 99 tin0^=tout0; tin[0]=tin0;
100 tin1^=tout1; tin[1]=tin1; 100 tin1^=tout1; tin[1]=tin1;
101 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 101 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
102 tout0=tin[0]; l2c(tout0,out); 102 tout0=tin[0]; l2c(tout0,out);
103 tout1=tin[1]; l2c(tout1,out); 103 tout1=tin[1]; l2c(tout1,out);
104 } 104 }
@@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
116 { 116 {
117 c2l(in,tin0); tin[0]=tin0; 117 c2l(in,tin0); tin[0]=tin0;
118 c2l(in,tin1); tin[1]=tin1; 118 c2l(in,tin1); tin[1]=tin1;
119 des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); 119 des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
120 tout0=tin[0]^xor0; 120 tout0=tin[0]^xor0;
121 tout1=tin[1]^xor1; 121 tout1=tin[1]^xor1;
122 l2c(tout0,out); 122 l2c(tout0,out);
@@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
128 { 128 {
129 c2l(in,tin0); tin[0]=tin0; 129 c2l(in,tin0); tin[0]=tin0;
130 c2l(in,tin1); tin[1]=tin1; 130 c2l(in,tin1); tin[1]=tin1;
131 des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); 131 des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
132 tout0=tin[0]^xor0; 132 tout0=tin[0]^xor0;
133 tout1=tin[1]^xor1; 133 tout1=tin[1]^xor1;
134 l2cn(tout0,tout1,out,l+8); 134 l2cn(tout0,tout1,out,l+8);
diff --git a/src/lib/libssl/src/crypto/des/ofb64enc.c b/src/lib/libssl/src/crypto/des/ofb64enc.c
index 64953959ca..1a1d1f1ac4 100644
--- a/src/lib/libssl/src/crypto/des/ofb64enc.c
+++ b/src/lib/libssl/src/crypto/des/ofb64enc.c
@@ -87,7 +87,7 @@ void des_ofb64_encrypt(register const unsigned char *in,
87 { 87 {
88 if (n == 0) 88 if (n == 0)
89 { 89 {
90 des_encrypt(ti,schedule,DES_ENCRYPT); 90 des_encrypt1(ti,schedule,DES_ENCRYPT);
91 dp=d; 91 dp=d;
92 t=ti[0]; l2c(t,dp); 92 t=ti[0]; l2c(t,dp);
93 t=ti[1]; l2c(t,dp); 93 t=ti[1]; l2c(t,dp);
diff --git a/src/lib/libssl/src/crypto/des/ofb_enc.c b/src/lib/libssl/src/crypto/des/ofb_enc.c
index a8f425a575..70493e632c 100644
--- a/src/lib/libssl/src/crypto/des/ofb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ofb_enc.c
@@ -101,7 +101,7 @@ void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
101 { 101 {
102 ti[0]=v0; 102 ti[0]=v0;
103 ti[1]=v1; 103 ti[1]=v1;
104 des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); 104 des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
105 vv0=ti[0]; 105 vv0=ti[0];
106 vv1=ti[1]; 106 vv1=ti[1];
107 c2ln(in,d0,d1,n); 107 c2ln(in,d0,d1,n);
diff --git a/src/lib/libssl/src/crypto/des/pcbc_enc.c b/src/lib/libssl/src/crypto/des/pcbc_enc.c
index dd69a26d4a..5b987f074d 100644
--- a/src/lib/libssl/src/crypto/des/pcbc_enc.c
+++ b/src/lib/libssl/src/crypto/des/pcbc_enc.c
@@ -85,7 +85,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
85 c2ln(in,sin0,sin1,length); 85 c2ln(in,sin0,sin1,length);
86 tin[0]=sin0^xor0; 86 tin[0]=sin0^xor0;
87 tin[1]=sin1^xor1; 87 tin[1]=sin1^xor1;
88 des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); 88 des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
89 tout0=tin[0]; 89 tout0=tin[0];
90 tout1=tin[1]; 90 tout1=tin[1];
91 xor0=sin0^tout0; 91 xor0=sin0^tout0;
@@ -103,7 +103,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
103 c2l(in,sin1); 103 c2l(in,sin1);
104 tin[0]=sin0; 104 tin[0]=sin0;
105 tin[1]=sin1; 105 tin[1]=sin1;
106 des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); 106 des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
107 tout0=tin[0]^xor0; 107 tout0=tin[0]^xor0;
108 tout1=tin[1]^xor1; 108 tout1=tin[1]^xor1;
109 if (length >= 8) 109 if (length >= 8)
diff --git a/src/lib/libssl/src/crypto/des/speed.c b/src/lib/libssl/src/crypto/des/speed.c
index 814b86f4ae..1223edf290 100644
--- a/src/lib/libssl/src/crypto/des/speed.c
+++ b/src/lib/libssl/src/crypto/des/speed.c
@@ -204,7 +204,7 @@ int main(int argc, char **argv)
204 count*=2; 204 count*=2;
205 Time_F(START); 205 Time_F(START);
206 for (i=count; i; i--) 206 for (i=count; i; i--)
207 des_encrypt(data,&(sch[0]),DES_ENCRYPT); 207 des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
208 d=Time_F(STOP); 208 d=Time_F(STOP);
209 } while (d < 3.0); 209 } while (d < 3.0);
210 ca=count; 210 ca=count;
@@ -241,7 +241,7 @@ int main(int argc, char **argv)
241 { 241 {
242 DES_LONG data[2]; 242 DES_LONG data[2];
243 243
244 des_encrypt(data,&(sch[0]),DES_ENCRYPT); 244 des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
245 } 245 }
246 d=Time_F(STOP); 246 d=Time_F(STOP);
247 printf("%ld des_encrypt's in %.2f second\n",count,d); 247 printf("%ld des_encrypt's in %.2f second\n",count,d);
diff --git a/src/lib/libssl/src/crypto/des/xcbc_enc.c b/src/lib/libssl/src/crypto/des/xcbc_enc.c
index 51e17e6b8a..ccfede13ac 100644
--- a/src/lib/libssl/src/crypto/des/xcbc_enc.c
+++ b/src/lib/libssl/src/crypto/des/xcbc_enc.c
@@ -138,7 +138,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
138 c2l(in,tin1); 138 c2l(in,tin1);
139 tin0^=tout0^inW0; tin[0]=tin0; 139 tin0^=tout0^inW0; tin[0]=tin0;
140 tin1^=tout1^inW1; tin[1]=tin1; 140 tin1^=tout1^inW1; tin[1]=tin1;
141 des_encrypt(tin,schedule,DES_ENCRYPT); 141 des_encrypt1(tin,schedule,DES_ENCRYPT);
142 tout0=tin[0]^outW0; l2c(tout0,out); 142 tout0=tin[0]^outW0; l2c(tout0,out);
143 tout1=tin[1]^outW1; l2c(tout1,out); 143 tout1=tin[1]^outW1; l2c(tout1,out);
144 } 144 }
@@ -147,7 +147,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
147 c2ln(in,tin0,tin1,l+8); 147 c2ln(in,tin0,tin1,l+8);
148 tin0^=tout0^inW0; tin[0]=tin0; 148 tin0^=tout0^inW0; tin[0]=tin0;
149 tin1^=tout1^inW1; tin[1]=tin1; 149 tin1^=tout1^inW1; tin[1]=tin1;
150 des_encrypt(tin,schedule,DES_ENCRYPT); 150 des_encrypt1(tin,schedule,DES_ENCRYPT);
151 tout0=tin[0]^outW0; l2c(tout0,out); 151 tout0=tin[0]^outW0; l2c(tout0,out);
152 tout1=tin[1]^outW1; l2c(tout1,out); 152 tout1=tin[1]^outW1; l2c(tout1,out);
153 } 153 }
@@ -163,7 +163,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
163 { 163 {
164 c2l(in,tin0); tin[0]=tin0^outW0; 164 c2l(in,tin0); tin[0]=tin0^outW0;
165 c2l(in,tin1); tin[1]=tin1^outW1; 165 c2l(in,tin1); tin[1]=tin1^outW1;
166 des_encrypt(tin,schedule,DES_DECRYPT); 166 des_encrypt1(tin,schedule,DES_DECRYPT);
167 tout0=tin[0]^xor0^inW0; 167 tout0=tin[0]^xor0^inW0;
168 tout1=tin[1]^xor1^inW1; 168 tout1=tin[1]^xor1^inW1;
169 l2c(tout0,out); 169 l2c(tout0,out);
@@ -175,7 +175,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
175 { 175 {
176 c2l(in,tin0); tin[0]=tin0^outW0; 176 c2l(in,tin0); tin[0]=tin0^outW0;
177 c2l(in,tin1); tin[1]=tin1^outW1; 177 c2l(in,tin1); tin[1]=tin1^outW1;
178 des_encrypt(tin,schedule,DES_DECRYPT); 178 des_encrypt1(tin,schedule,DES_DECRYPT);
179 tout0=tin[0]^xor0^inW0; 179 tout0=tin[0]^xor0^inW0;
180 tout1=tin[1]^xor1^inW1; 180 tout1=tin[1]^xor1^inW1;
181 l2cn(tout0,tout1,out,l+8); 181 l2cn(tout0,tout1,out,l+8);
diff --git a/src/lib/libssl/src/crypto/dh/Makefile.ssl b/src/lib/libssl/src/crypto/dh/Makefile.ssl
index 88d0d1748b..bf4b47ca9a 100644
--- a/src/lib/libssl/src/crypto/dh/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/dh/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index 6915d79dcc..22b087b778 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void)
100static int generate_key(DH *dh) 100static int generate_key(DH *dh)
101 { 101 {
102 int ok=0; 102 int ok=0;
103 unsigned int i;
104 BN_CTX ctx; 103 BN_CTX ctx;
105 BN_MONT_CTX *mont; 104 BN_MONT_CTX *mont;
106 BIGNUM *pub_key=NULL,*priv_key=NULL; 105 BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -109,15 +108,11 @@ static int generate_key(DH *dh)
109 108
110 if (dh->priv_key == NULL) 109 if (dh->priv_key == NULL)
111 { 110 {
112 i=dh->length;
113 if (i == 0)
114 {
115 /* Make the number p-1 bits long */
116 i=BN_num_bits(dh->p)-1;
117 }
118 priv_key=BN_new(); 111 priv_key=BN_new();
119 if (priv_key == NULL) goto err; 112 if (priv_key == NULL) goto err;
120 if (!BN_rand(priv_key,i,0,0)) goto err; 113 do
114 if (!BN_rand_range(priv_key, dh->p)) goto err;
115 while (BN_is_zero(priv_key));
121 } 116 }
122 else 117 else
123 priv_key=dh->priv_key; 118 priv_key=dh->priv_key;
diff --git a/src/lib/libssl/src/crypto/dh/dh_lib.c b/src/lib/libssl/src/crypto/dh/dh_lib.c
index 66803b5565..96f118c153 100644
--- a/src/lib/libssl/src/crypto/dh/dh_lib.c
+++ b/src/lib/libssl/src/crypto/dh/dh_lib.c
@@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine)
168 ret->method_mont_p=NULL; 168 ret->method_mont_p=NULL;
169 ret->references = 1; 169 ret->references = 1;
170 ret->flags=meth->flags; 170 ret->flags=meth->flags;
171 CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
171 if ((meth->init != NULL) && !meth->init(ret)) 172 if ((meth->init != NULL) && !meth->init(ret))
172 { 173 {
174 CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
173 OPENSSL_free(ret); 175 OPENSSL_free(ret);
174 ret=NULL; 176 ret=NULL;
175 } 177 }
176 else
177 CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
178 return(ret); 178 return(ret);
179 } 179 }
180 180
@@ -196,12 +196,12 @@ void DH_free(DH *r)
196 } 196 }
197#endif 197#endif
198 198
199 CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
200
201 meth = ENGINE_get_DH(r->engine); 199 meth = ENGINE_get_DH(r->engine);
202 if(meth->finish) meth->finish(r); 200 if(meth->finish) meth->finish(r);
203 ENGINE_finish(r->engine); 201 ENGINE_finish(r->engine);
204 202
203 CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
204
205 if (r->p != NULL) BN_clear_free(r->p); 205 if (r->p != NULL) BN_clear_free(r->p);
206 if (r->g != NULL) BN_clear_free(r->g); 206 if (r->g != NULL) BN_clear_free(r->g);
207 if (r->q != NULL) BN_clear_free(r->q); 207 if (r->q != NULL) BN_clear_free(r->q);
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile.ssl b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
index dac582be00..d88f596364 100644
--- a/src/lib/libssl/src/crypto/dsa/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/dsa/Makefile.ssl
@@ -41,7 +41,8 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 $(RANLIB) $(LIB) 44 @echo You may get an error following this line. Please ignore.
45 - $(RANLIB) $(LIB)
45 @touch lib 46 @touch lib
46 47
47files: 48files:
diff --git a/src/lib/libssl/src/crypto/dso/Makefile.ssl b/src/lib/libssl/src/crypto/dso/Makefile.ssl
index a37f547482..48b36c8330 100644
--- a/src/lib/libssl/src/crypto/dso/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/dso/Makefile.ssl
@@ -41,7 +41,8 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 $(RANLIB) $(LIB) 44 @echo You may get an error following this line. Please ignore.
45 - $(RANLIB) $(LIB)
45 @touch lib 46 @touch lib
46 47
47files: 48files:
diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c
index 69810fc3bb..455bd66ecf 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dl.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dl.c
@@ -82,7 +82,7 @@ static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
82static int dl_init(DSO *dso); 82static int dl_init(DSO *dso);
83static int dl_finish(DSO *dso); 83static int dl_finish(DSO *dso);
84#endif 84#endif
85static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); 85static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
86 86
87static DSO_METHOD dso_meth_dl = { 87static DSO_METHOD dso_meth_dl = {
88 "OpenSSL 'dl' shared library method", 88 "OpenSSL 'dl' shared library method",
@@ -111,6 +111,11 @@ DSO_METHOD *DSO_METHOD_dl(void)
111 * type so the cast is safe. 111 * type so the cast is safe.
112 */ 112 */
113 113
114#if defined(__hpux)
115static const char extension[] = ".sl";
116#else
117static const char extension[] = ".so";
118#endif
114static int dl_load(DSO *dso, const char *filename) 119static int dl_load(DSO *dso, const char *filename)
115 { 120 {
116 shl_t ptr; 121 shl_t ptr;
@@ -118,12 +123,12 @@ static int dl_load(DSO *dso, const char *filename)
118 int len; 123 int len;
119 124
120 /* The same comment as in dlfcn_load applies here. bleurgh. */ 125 /* The same comment as in dlfcn_load applies here. bleurgh. */
121 len = strlen(filename); 126 len = strlen(filename) + strlen(extension);
122 if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && 127 if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
123 (len + 6 < DSO_MAX_TRANSLATED_SIZE) && 128 (len + 3 < DSO_MAX_TRANSLATED_SIZE) &&
124 (strstr(filename, "/") == NULL)) 129 (strstr(filename, "/") == NULL))
125 { 130 {
126 sprintf(translated, "lib%s.so", filename); 131 sprintf(translated, "lib%s%s", filename, extension);
127 ptr = shl_load(translated, BIND_IMMEDIATE, NULL); 132 ptr = shl_load(translated, BIND_IMMEDIATE, NULL);
128 } 133 }
129 else 134 else
@@ -187,7 +192,7 @@ static void *dl_bind_var(DSO *dso, const char *symname)
187 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); 192 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
188 return(NULL); 193 return(NULL);
189 } 194 }
190 if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) 195 if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
191 { 196 {
192 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); 197 DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
193 return(NULL); 198 return(NULL);
@@ -216,7 +221,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
216 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); 221 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
217 return(NULL); 222 return(NULL);
218 } 223 }
219 if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) 224 if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
220 { 225 {
221 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); 226 DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
222 return(NULL); 227 return(NULL);
@@ -224,7 +229,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
224 return((DSO_FUNC_TYPE)sym); 229 return((DSO_FUNC_TYPE)sym);
225 } 230 }
226 231
227static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg) 232static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
228 { 233 {
229 if(dso == NULL) 234 if(dso == NULL)
230 { 235 {
@@ -236,10 +241,10 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
236 case DSO_CTRL_GET_FLAGS: 241 case DSO_CTRL_GET_FLAGS:
237 return dso->flags; 242 return dso->flags;
238 case DSO_CTRL_SET_FLAGS: 243 case DSO_CTRL_SET_FLAGS:
239 dso->flags = (int)larg; 244 dso->flags = larg;
240 return(0); 245 return(0);
241 case DSO_CTRL_OR_FLAGS: 246 case DSO_CTRL_OR_FLAGS:
242 dso->flags |= (int)larg; 247 dso->flags |= larg;
243 return(0); 248 return(0);
244 default: 249 default:
245 break; 250 break;
diff --git a/src/lib/libssl/src/crypto/dso/dso_vms.c b/src/lib/libssl/src/crypto/dso/dso_vms.c
index 8ff7090129..ab48b63eb7 100644
--- a/src/lib/libssl/src/crypto/dso/dso_vms.c
+++ b/src/lib/libssl/src/crypto/dso/dso_vms.c
@@ -62,7 +62,6 @@
62#ifdef VMS 62#ifdef VMS
63#pragma message disable DOLLARID 63#pragma message disable DOLLARID
64#include <lib$routines.h> 64#include <lib$routines.h>
65#include <libfisdef.h>
66#include <stsdef.h> 65#include <stsdef.h>
67#include <descrip.h> 66#include <descrip.h>
68#include <starlet.h> 67#include <starlet.h>
@@ -260,7 +259,8 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
260 { 259 {
261 DSO_VMS_INTERNAL *ptr; 260 DSO_VMS_INTERNAL *ptr;
262 int status; 261 int status;
263 int flags = LIB$M_FIS_MIXEDCASE; 262 int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
263 defined in VMS older than 7.0 or so */
264 struct dsc$descriptor_s symname_dsc; 264 struct dsc$descriptor_s symname_dsc;
265 *sym = NULL; 265 *sym = NULL;
266 266
diff --git a/src/lib/libssl/src/crypto/ebcdic.c b/src/lib/libssl/src/crypto/ebcdic.c
index 31397b2add..91a7a8bcb4 100644
--- a/src/lib/libssl/src/crypto/ebcdic.c
+++ b/src/lib/libssl/src/crypto/ebcdic.c
@@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
211} 211}
212 212
213#else /*CHARSET_EBCDIC*/ 213#else /*CHARSET_EBCDIC*/
214#ifdef PEDANTIC 214#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
215static void *dummy=&dummy; 215static void *dummy=&dummy;
216#endif 216#endif
217#endif 217#endif
diff --git a/src/lib/libssl/src/crypto/engine/engine_lib.c b/src/lib/libssl/src/crypto/engine/engine_lib.c
index 1df07af03a..d6e9109f6e 100644
--- a/src/lib/libssl/src/crypto/engine/engine_lib.c
+++ b/src/lib/libssl/src/crypto/engine/engine_lib.c
@@ -230,17 +230,18 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
230 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 230 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
231 if(e->funct_ref == 0) 231 if(e->funct_ref == 0)
232 { 232 {
233 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
233 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 234 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
234 ENGINE_R_NOT_INITIALISED); 235 ENGINE_R_NOT_INITIALISED);
235 return 0; 236 return 0;
236 } 237 }
238 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
237 if (!e->load_privkey) 239 if (!e->load_privkey)
238 { 240 {
239 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 241 ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
240 ENGINE_R_NO_LOAD_FUNCTION); 242 ENGINE_R_NO_LOAD_FUNCTION);
241 return 0; 243 return 0;
242 } 244 }
243 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
244 pkey = e->load_privkey(key_id, passphrase); 245 pkey = e->load_privkey(key_id, passphrase);
245 if (!pkey) 246 if (!pkey)
246 { 247 {
@@ -265,17 +266,18 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
265 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 266 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
266 if(e->funct_ref == 0) 267 if(e->funct_ref == 0)
267 { 268 {
269 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
268 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 270 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
269 ENGINE_R_NOT_INITIALISED); 271 ENGINE_R_NOT_INITIALISED);
270 return 0; 272 return 0;
271 } 273 }
274 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
272 if (!e->load_pubkey) 275 if (!e->load_pubkey)
273 { 276 {
274 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 277 ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
275 ENGINE_R_NO_LOAD_FUNCTION); 278 ENGINE_R_NO_LOAD_FUNCTION);
276 return 0; 279 return 0;
277 } 280 }
278 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
279 pkey = e->load_pubkey(key_id, passphrase); 281 pkey = e->load_pubkey(key_id, passphrase);
280 if (!pkey) 282 if (!pkey)
281 { 283 {
@@ -286,8 +288,6 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
286 return pkey; 288 return pkey;
287 } 289 }
288 290
289/* Initialise a engine type for use (or up its functional reference count
290 * if it's already in use). */
291int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) 291int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
292 { 292 {
293 if(e == NULL) 293 if(e == NULL)
@@ -298,15 +298,16 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
298 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 298 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
299 if(e->struct_ref == 0) 299 if(e->struct_ref == 0)
300 { 300 {
301 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
301 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); 302 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
302 return 0; 303 return 0;
303 } 304 }
305 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
304 if (!e->ctrl) 306 if (!e->ctrl)
305 { 307 {
306 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); 308 ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
307 return 0; 309 return 0;
308 } 310 }
309 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
310 return e->ctrl(cmd, i, p, f); 311 return e->ctrl(cmd, i, p, f);
311 } 312 }
312 313
diff --git a/src/lib/libssl/src/crypto/err/Makefile.ssl b/src/lib/libssl/src/crypto/err/Makefile.ssl
index cf94f406e4..58218d1cea 100644
--- a/src/lib/libssl/src/crypto/err/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/err/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index 99272e437c..839f4ab81a 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -389,20 +389,18 @@ void ERR_put_error(int lib, int func, int reason, const char *file,
389 389
390void ERR_clear_error(void) 390void ERR_clear_error(void)
391 { 391 {
392 int i;
392 ERR_STATE *es; 393 ERR_STATE *es;
393 394
394 es=ERR_get_state(); 395 es=ERR_get_state();
395 396
396#if 0
397 /* hmm... is this needed */
398 for (i=0; i<ERR_NUM_ERRORS; i++) 397 for (i=0; i<ERR_NUM_ERRORS; i++)
399 { 398 {
400 es->err_buffer[i]=0; 399 es->err_buffer[i]=0;
400 err_clear_data(es,i);
401 es->err_file[i]=NULL; 401 es->err_file[i]=NULL;
402 es->err_line[i]= -1; 402 es->err_line[i]= -1;
403 err_clear_data(es,i);
404 } 403 }
405#endif
406 es->top=es->bottom=0; 404 es->top=es->bottom=0;
407 } 405 }
408 406
@@ -464,7 +462,14 @@ static unsigned long get_error_values(int inc, const char **file, int *line,
464 } 462 }
465 } 463 }
466 464
467 if (data != NULL) 465 if (data == NULL)
466 {
467 if (inc)
468 {
469 err_clear_data(es, i);
470 }
471 }
472 else
468 { 473 {
469 if (es->err_data[i] == NULL) 474 if (es->err_data[i] == NULL)
470 { 475 {
@@ -749,8 +754,9 @@ void ERR_set_error_data(char *data, int flags)
749 if (i == 0) 754 if (i == 0)
750 i=ERR_NUM_ERRORS-1; 755 i=ERR_NUM_ERRORS-1;
751 756
757 err_clear_data(es,i);
752 es->err_data[i]=data; 758 es->err_data[i]=data;
753 es->err_data_flags[es->top]=flags; 759 es->err_data_flags[i]=flags;
754 } 760 }
755 761
756void ERR_add_error_data(int num, ...) 762void ERR_add_error_data(int num, ...)
@@ -759,7 +765,7 @@ void ERR_add_error_data(int num, ...)
759 int i,n,s; 765 int i,n,s;
760 char *str,*p,*a; 766 char *str,*p,*a;
761 767
762 s=64; 768 s=80;
763 str=OPENSSL_malloc(s+1); 769 str=OPENSSL_malloc(s+1);
764 if (str == NULL) return; 770 if (str == NULL) return;
765 str[0]='\0'; 771 str[0]='\0';
diff --git a/src/lib/libssl/src/crypto/evp/Makefile.ssl b/src/lib/libssl/src/crypto/evp/Makefile.ssl
index ad39fcc9e7..624168031d 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/evp/Makefile.ssl
@@ -58,7 +58,8 @@ all: lib
58 58
59lib: $(LIBOBJ) 59lib: $(LIBOBJ)
60 $(AR) $(LIB) $(LIBOBJ) 60 $(AR) $(LIB) $(LIBOBJ)
61 $(RANLIB) $(LIB) 61 @echo You may get an error following this line. Please ignore.
62 - $(RANLIB) $(LIB)
62 @touch lib 63 @touch lib
63 64
64files: 65files:
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 62350dfd69..76d417b44a 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -462,12 +462,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
462 ASN1_TYPE *param, EVP_CIPHER *cipher, 462 ASN1_TYPE *param, EVP_CIPHER *cipher,
463 EVP_MD *md, int en_de); 463 EVP_MD *md, int en_de);
464 464
465#ifndef NO_RSA
465#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ 466#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
466 (char *)(rsa)) 467 (char *)(rsa))
468#endif
469
470#ifndef NO_DSA
467#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ 471#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
468 (char *)(dsa)) 472 (char *)(dsa))
473#endif
474
475#ifndef NO_DH
469#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ 476#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
470 (char *)(dh)) 477 (char *)(dh))
478#endif
471 479
472/* Add some extra combinations */ 480/* Add some extra combinations */
473#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) 481#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -611,17 +619,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
611#endif 619#endif
612 620
613EVP_MD *EVP_md_null(void); 621EVP_MD *EVP_md_null(void);
622#ifndef NO_MD2
614EVP_MD *EVP_md2(void); 623EVP_MD *EVP_md2(void);
624#endif
625#ifndef NO_MD4
615EVP_MD *EVP_md4(void); 626EVP_MD *EVP_md4(void);
627#endif
628#ifndef NO_MD5
616EVP_MD *EVP_md5(void); 629EVP_MD *EVP_md5(void);
630#endif
631#ifndef NO_SHA
617EVP_MD *EVP_sha(void); 632EVP_MD *EVP_sha(void);
618EVP_MD *EVP_sha1(void); 633EVP_MD *EVP_sha1(void);
619EVP_MD *EVP_dss(void); 634EVP_MD *EVP_dss(void);
620EVP_MD *EVP_dss1(void); 635EVP_MD *EVP_dss1(void);
636#endif
637#ifndef NO_MDC2
621EVP_MD *EVP_mdc2(void); 638EVP_MD *EVP_mdc2(void);
639#endif
640#ifndef NO_RIPEMD
622EVP_MD *EVP_ripemd160(void); 641EVP_MD *EVP_ripemd160(void);
623 642#endif
624EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ 643EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
644#ifndef NO_DES
625EVP_CIPHER *EVP_des_ecb(void); 645EVP_CIPHER *EVP_des_ecb(void);
626EVP_CIPHER *EVP_des_ede(void); 646EVP_CIPHER *EVP_des_ede(void);
627EVP_CIPHER *EVP_des_ede3(void); 647EVP_CIPHER *EVP_des_ede3(void);
@@ -635,31 +655,43 @@ EVP_CIPHER *EVP_des_cbc(void);
635EVP_CIPHER *EVP_des_ede_cbc(void); 655EVP_CIPHER *EVP_des_ede_cbc(void);
636EVP_CIPHER *EVP_des_ede3_cbc(void); 656EVP_CIPHER *EVP_des_ede3_cbc(void);
637EVP_CIPHER *EVP_desx_cbc(void); 657EVP_CIPHER *EVP_desx_cbc(void);
658#endif
659#ifndef NO_RC4
638EVP_CIPHER *EVP_rc4(void); 660EVP_CIPHER *EVP_rc4(void);
639EVP_CIPHER *EVP_rc4_40(void); 661EVP_CIPHER *EVP_rc4_40(void);
662#endif
663#ifndef NO_IDEA
640EVP_CIPHER *EVP_idea_ecb(void); 664EVP_CIPHER *EVP_idea_ecb(void);
641EVP_CIPHER *EVP_idea_cfb(void); 665EVP_CIPHER *EVP_idea_cfb(void);
642EVP_CIPHER *EVP_idea_ofb(void); 666EVP_CIPHER *EVP_idea_ofb(void);
643EVP_CIPHER *EVP_idea_cbc(void); 667EVP_CIPHER *EVP_idea_cbc(void);
668#endif
669#ifndef NO_RC2
644EVP_CIPHER *EVP_rc2_ecb(void); 670EVP_CIPHER *EVP_rc2_ecb(void);
645EVP_CIPHER *EVP_rc2_cbc(void); 671EVP_CIPHER *EVP_rc2_cbc(void);
646EVP_CIPHER *EVP_rc2_40_cbc(void); 672EVP_CIPHER *EVP_rc2_40_cbc(void);
647EVP_CIPHER *EVP_rc2_64_cbc(void); 673EVP_CIPHER *EVP_rc2_64_cbc(void);
648EVP_CIPHER *EVP_rc2_cfb(void); 674EVP_CIPHER *EVP_rc2_cfb(void);
649EVP_CIPHER *EVP_rc2_ofb(void); 675EVP_CIPHER *EVP_rc2_ofb(void);
676#endif
677#ifndef NO_BF
650EVP_CIPHER *EVP_bf_ecb(void); 678EVP_CIPHER *EVP_bf_ecb(void);
651EVP_CIPHER *EVP_bf_cbc(void); 679EVP_CIPHER *EVP_bf_cbc(void);
652EVP_CIPHER *EVP_bf_cfb(void); 680EVP_CIPHER *EVP_bf_cfb(void);
653EVP_CIPHER *EVP_bf_ofb(void); 681EVP_CIPHER *EVP_bf_ofb(void);
682#endif
683#ifndef NO_CAST
654EVP_CIPHER *EVP_cast5_ecb(void); 684EVP_CIPHER *EVP_cast5_ecb(void);
655EVP_CIPHER *EVP_cast5_cbc(void); 685EVP_CIPHER *EVP_cast5_cbc(void);
656EVP_CIPHER *EVP_cast5_cfb(void); 686EVP_CIPHER *EVP_cast5_cfb(void);
657EVP_CIPHER *EVP_cast5_ofb(void); 687EVP_CIPHER *EVP_cast5_ofb(void);
688#endif
689#ifndef NO_RC5
658EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); 690EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
659EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); 691EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
660EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); 692EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
661EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); 693EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
662 694#endif
663void OpenSSL_add_all_algorithms(void); 695void OpenSSL_add_all_algorithms(void);
664void OpenSSL_add_all_ciphers(void); 696void OpenSSL_add_all_ciphers(void);
665void OpenSSL_add_all_digests(void); 697void OpenSSL_add_all_digests(void);
diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c
index 1ee88da2a8..739e543d78 100644
--- a/src/lib/libssl/src/crypto/ex_data.c
+++ b/src/lib/libssl/src/crypto/ex_data.c
@@ -101,7 +101,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long
101 ret=idx; 101 ret=idx;
102err: 102err:
103 MemCheck_on(); 103 MemCheck_on();
104 return(idx); 104 return(ret);
105 } 105 }
106 106
107int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) 107int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile.ssl b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
index cf57311973..326339a90d 100644
--- a/src/lib/libssl/src/crypto/hmac/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/hmac/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/idea/Makefile.ssl b/src/lib/libssl/src/crypto/idea/Makefile.ssl
index 5b334ce921..30302e0b9f 100644
--- a/src/lib/libssl/src/crypto/idea/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/idea/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile.ssl b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
index 6c3d442e22..79849d7d6e 100644
--- a/src/lib/libssl/src/crypto/lhash/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/lhash/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/md2/Makefile.ssl b/src/lib/libssl/src/crypto/md2/Makefile.ssl
index d46c73a9b9..269628d739 100644
--- a/src/lib/libssl/src/crypto/md2/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/md2/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/md4/Makefile.ssl b/src/lib/libssl/src/crypto/md4/Makefile.ssl
index 6ee3ca88ed..646607274e 100644
--- a/src/lib/libssl/src/crypto/md4/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/md4/Makefile.ssl
@@ -40,7 +40,8 @@ all: lib
40 40
41lib: $(LIBOBJ) 41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ) 42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) 43 @echo You may get an error following this line. Please ignore.
44 - $(RANLIB) $(LIB)
44 @touch lib 45 @touch lib
45 46
46files: 47files:
diff --git a/src/lib/libssl/src/crypto/md5/Makefile.ssl b/src/lib/libssl/src/crypto/md5/Makefile.ssl
index e8d0cced7f..784215579b 100644
--- a/src/lib/libssl/src/crypto/md5/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/md5/Makefile.ssl
@@ -50,7 +50,8 @@ all: lib
50 50
51lib: $(LIBOBJ) 51lib: $(LIBOBJ)
52 $(AR) $(LIB) $(LIBOBJ) 52 $(AR) $(LIB) $(LIBOBJ)
53 $(RANLIB) $(LIB) 53 @echo You may get an error following this line. Please ignore.
54 - $(RANLIB) $(LIB)
54 @touch lib 55 @touch lib
55 56
56# elf 57# elf
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile.ssl b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
index da11c4edea..a9b06b02bd 100644
--- a/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c
index 866c53e73a..ef19d8f844 100644
--- a/src/lib/libssl/src/crypto/mem_dbg.c
+++ b/src/lib/libssl/src/crypto/mem_dbg.c
@@ -81,7 +81,8 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF;
81 */ 81 */
82 82
83static unsigned long order = 0; /* number of memory requests */ 83static unsigned long order = 0; /* number of memory requests */
84static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ 84static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
85 * access requires MALLOC2 lock */
85 86
86 87
87typedef struct app_mem_info_st 88typedef struct app_mem_info_st
@@ -103,7 +104,8 @@ typedef struct app_mem_info_st
103 104
104static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's 105static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
105 * that are at the top of their thread's stack 106 * that are at the top of their thread's stack
106 * (with `thread' as key) */ 107 * (with `thread' as key);
108 * access requires MALLOC2 lock */
107 109
108typedef struct mem_st 110typedef struct mem_st
109/* memory-block description */ 111/* memory-block description */
@@ -128,7 +130,15 @@ static long options = /* extra information to be recorded */
128 0; 130 0;
129 131
130 132
131static unsigned long disabling_thread = 0; 133static unsigned int num_disable = 0; /* num_disable > 0
134 * iff
135 * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
136 */
137static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
138 * CRYPTO_LOCK_MALLOC2 is locked
139 * exactly in this case (by the
140 * thread named in disabling_thread).
141 */
132 142
133int CRYPTO_mem_ctrl(int mode) 143int CRYPTO_mem_ctrl(int mode)
134 { 144 {
@@ -137,22 +147,23 @@ int CRYPTO_mem_ctrl(int mode)
137 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 147 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
138 switch (mode) 148 switch (mode)
139 { 149 {
140 /* for applications: */ 150 /* for applications (not to be called while multiple threads
151 * use the library): */
141 case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ 152 case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
142 mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; 153 mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
143 disabling_thread = 0; 154 num_disable = 0;
144 break; 155 break;
145 case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ 156 case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
146 mh_mode = 0; 157 mh_mode = 0;
147 disabling_thread = 0; 158 num_disable = 0; /* should be true *before* MemCheck_stop is used,
159 or there'll be a lot of confusion */
148 break; 160 break;
149 161
150 /* switch off temporarily (for library-internal use): */ 162 /* switch off temporarily (for library-internal use): */
151 case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ 163 case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
152 if (mh_mode & CRYPTO_MEM_CHECK_ON) 164 if (mh_mode & CRYPTO_MEM_CHECK_ON)
153 { 165 {
154 mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE; 166 if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
155 if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */
156 { 167 {
157 /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while 168 /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
158 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if 169 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
@@ -169,18 +180,23 @@ int CRYPTO_mem_ctrl(int mode)
169 * OpenSSL threads. */ 180 * OpenSSL threads. */
170 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); 181 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
171 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 182 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
183 mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
172 disabling_thread=CRYPTO_thread_id(); 184 disabling_thread=CRYPTO_thread_id();
173 } 185 }
186 num_disable++;
174 } 187 }
175 break; 188 break;
176 case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ 189 case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
177 if (mh_mode & CRYPTO_MEM_CHECK_ON) 190 if (mh_mode & CRYPTO_MEM_CHECK_ON)
178 { 191 {
179 mh_mode|=CRYPTO_MEM_CHECK_ENABLE; 192 if (num_disable) /* always true, or something is going wrong */
180 if (disabling_thread != 0)
181 { 193 {
182 disabling_thread=0; 194 num_disable--;
183 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); 195 if (num_disable == 0)
196 {
197 mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
198 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
199 }
184 } 200 }
185 } 201 }
186 break; 202 break;
@@ -198,12 +214,12 @@ int CRYPTO_is_mem_check_on(void)
198 214
199 if (mh_mode & CRYPTO_MEM_CHECK_ON) 215 if (mh_mode & CRYPTO_MEM_CHECK_ON)
200 { 216 {
201 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 217 CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
202 218
203 ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) 219 ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
204 && disabling_thread != CRYPTO_thread_id(); 220 || (disabling_thread != CRYPTO_thread_id());
205 221
206 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); 222 CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
207 } 223 }
208 return(ret); 224 return(ret);
209 } 225 }
@@ -293,7 +309,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
293 309
294 if (is_MemCheck_on()) 310 if (is_MemCheck_on())
295 { 311 {
296 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 312 MemCheck_off(); /* obtain MALLOC2 lock */
297 313
298 if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) 314 if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
299 { 315 {
@@ -330,7 +346,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
330 ami->next=amim; 346 ami->next=amim;
331 } 347 }
332 err: 348 err:
333 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 349 MemCheck_on(); /* release MALLOC2 lock */
334 } 350 }
335 351
336 return(ret); 352 return(ret);
@@ -342,11 +358,11 @@ int CRYPTO_pop_info(void)
342 358
343 if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ 359 if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
344 { 360 {
345 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 361 MemCheck_off(); /* obtain MALLOC2 lock */
346 362
347 ret=(pop_info() != NULL); 363 ret=(pop_info() != NULL);
348 364
349 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 365 MemCheck_on(); /* release MALLOC2 lock */
350 } 366 }
351 return(ret); 367 return(ret);
352 } 368 }
@@ -357,12 +373,12 @@ int CRYPTO_remove_all_info(void)
357 373
358 if (is_MemCheck_on()) /* _must_ be true */ 374 if (is_MemCheck_on()) /* _must_ be true */
359 { 375 {
360 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 376 MemCheck_off(); /* obtain MALLOC2 lock */
361 377
362 while(pop_info() != NULL) 378 while(pop_info() != NULL)
363 ret++; 379 ret++;
364 380
365 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 381 MemCheck_on(); /* release MALLOC2 lock */
366 } 382 }
367 return(ret); 383 return(ret);
368 } 384 }
@@ -385,11 +401,12 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
385 401
386 if (is_MemCheck_on()) 402 if (is_MemCheck_on())
387 { 403 {
388 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 404 MemCheck_off(); /* make sure we hold MALLOC2 lock */
389 if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) 405 if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
390 { 406 {
391 OPENSSL_free(addr); 407 OPENSSL_free(addr);
392 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 408 MemCheck_on(); /* release MALLOC2 lock
409 * if num_disabled drops to 0 */
393 return; 410 return;
394 } 411 }
395 if (mh == NULL) 412 if (mh == NULL)
@@ -448,7 +465,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
448 OPENSSL_free(mm); 465 OPENSSL_free(mm);
449 } 466 }
450 err: 467 err:
451 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 468 MemCheck_on(); /* release MALLOC2 lock
469 * if num_disabled drops to 0 */
452 } 470 }
453 break; 471 break;
454 } 472 }
@@ -467,7 +485,7 @@ void CRYPTO_dbg_free(void *addr, int before_p)
467 485
468 if (is_MemCheck_on() && (mh != NULL)) 486 if (is_MemCheck_on() && (mh != NULL))
469 { 487 {
470 MemCheck_off(); 488 MemCheck_off(); /* make sure we hold MALLOC2 lock */
471 489
472 m.addr=addr; 490 m.addr=addr;
473 mp=(MEM *)lh_delete(mh,(char *)&m); 491 mp=(MEM *)lh_delete(mh,(char *)&m);
@@ -484,7 +502,8 @@ void CRYPTO_dbg_free(void *addr, int before_p)
484 OPENSSL_free(mp); 502 OPENSSL_free(mp);
485 } 503 }
486 504
487 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 505 MemCheck_on(); /* release MALLOC2 lock
506 * if num_disabled drops to 0 */
488 } 507 }
489 break; 508 break;
490 case 1: 509 case 1:
@@ -518,7 +537,7 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
518 537
519 if (is_MemCheck_on()) 538 if (is_MemCheck_on())
520 { 539 {
521 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ 540 MemCheck_off(); /* make sure we hold MALLOC2 lock */
522 541
523 m.addr=addr1; 542 m.addr=addr1;
524 mp=(MEM *)lh_delete(mh,(char *)&m); 543 mp=(MEM *)lh_delete(mh,(char *)&m);
@@ -535,7 +554,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
535 lh_insert(mh,(char *)mp); 554 lh_insert(mh,(char *)mp);
536 } 555 }
537 556
538 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 557 MemCheck_on(); /* release MALLOC2 lock
558 * if num_disabled drops to 0 */
539 } 559 }
540 break; 560 break;
541 } 561 }
@@ -642,10 +662,12 @@ void CRYPTO_mem_leaks(BIO *b)
642 662
643 if (mh == NULL && amih == NULL) 663 if (mh == NULL && amih == NULL)
644 return; 664 return;
665
666 MemCheck_off(); /* obtain MALLOC2 lock */
667
645 ml.bio=b; 668 ml.bio=b;
646 ml.bytes=0; 669 ml.bytes=0;
647 ml.chunks=0; 670 ml.chunks=0;
648 MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
649 if (mh != NULL) 671 if (mh != NULL)
650 lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); 672 lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
651 if (ml.chunks != 0) 673 if (ml.chunks != 0)
@@ -671,7 +693,15 @@ void CRYPTO_mem_leaks(BIO *b)
671 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. 693 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
672 * Otherwise the code police will come and get us.) 694 * Otherwise the code police will come and get us.)
673 */ 695 */
696 int old_mh_mode;
697
674 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); 698 CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
699
700 /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
701 * which uses CRYPTO_is_mem_check_on */
702 old_mh_mode = mh_mode;
703 mh_mode = CRYPTO_MEM_CHECK_OFF;
704
675 if (mh != NULL) 705 if (mh != NULL)
676 { 706 {
677 lh_free(mh); 707 lh_free(mh);
@@ -685,15 +715,11 @@ void CRYPTO_mem_leaks(BIO *b)
685 amih = NULL; 715 amih = NULL;
686 } 716 }
687 } 717 }
718
719 mh_mode = old_mh_mode;
688 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); 720 CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
689 } 721 }
690 MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ 722 MemCheck_on(); /* release MALLOC2 lock */
691
692#if 0
693 lh_stats_bio(mh,b);
694 lh_node_stats_bio(mh,b);
695 lh_node_usage_stats_bio(mh,b);
696#endif
697 } 723 }
698 724
699#ifndef NO_FP_API 725#ifndef NO_FP_API
diff --git a/src/lib/libssl/src/crypto/objects/Makefile.ssl b/src/lib/libssl/src/crypto/objects/Makefile.ssl
index bdb7aa94dc..6746ad21e7 100644
--- a/src/lib/libssl/src/crypto/objects/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/objects/Makefile.ssl
@@ -39,7 +39,8 @@ all: obj_dat.h lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index 6b5aedeea6..dc50f6d7da 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090600fL 28#define OPENSSL_VERSION_NUMBER 0x0090601fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 [engine] 24 Sep 2000" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libssl/src/crypto/pem/Makefile.ssl b/src/lib/libssl/src/crypto/pem/Makefile.ssl
index 97af8255a3..31db6b65a1 100644
--- a/src/lib/libssl/src/crypto/pem/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/pem/Makefile.ssl
@@ -40,7 +40,8 @@ all: lib
40 40
41lib: $(LIBOBJ) 41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ) 42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) 43 @echo You may get an error following this line. Please ignore.
44 - $(RANLIB) $(LIB)
44 @touch lib 45 @touch lib
45 46
46files: 47files:
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c
index 1c5c6dea00..f1694f1125 100644
--- a/src/lib/libssl/src/crypto/pem/pem_info.c
+++ b/src/lib/libssl/src/crypto/pem/pem_info.c
@@ -305,7 +305,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
305 { 305 {
306 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) 306 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
307 { 307 {
308 /* copy from wierdo names into more normal things */ 308 /* copy from weirdo names into more normal things */
309 iv=xi->enc_cipher.iv; 309 iv=xi->enc_cipher.iv;
310 data=(unsigned char *)xi->enc_data; 310 data=(unsigned char *)xi->enc_data;
311 i=xi->enc_len; 311 i=xi->enc_len;
diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
index 67869f204f..d745c53621 100644
--- a/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/pkcs12/Makefile.ssl
@@ -45,7 +45,8 @@ all: lib
45 45
46lib: $(LIBOBJ) 46lib: $(LIBOBJ)
47 $(AR) $(LIB) $(LIBOBJ) 47 $(AR) $(LIB) $(LIBOBJ)
48 $(RANLIB) $(LIB) 48 @echo You may get an error following this line. Please ignore.
49 - $(RANLIB) $(LIB)
49 @touch lib 50 @touch lib
50 51
51files: 52files:
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
index f1a210b5d2..a16a97d03d 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c
@@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
151{ 151{
152 unsigned char *uniname; 152 unsigned char *uniname;
153 int ret, unilen; 153 int ret, unilen;
154 if (!asc2uni(name, &uniname, &unilen)) { 154 if (!asc2uni(name, namelen, &uniname, &unilen)) {
155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC, 155 PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
156 ERR_R_MALLOC_FAILURE); 156 ERR_R_MALLOC_FAILURE);
157 return 0; 157 return 0;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_key.c b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
index b042dcf05c..a4fd5b98ec 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_key.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
@@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
84 if(!pass) { 84 if(!pass) {
85 unipass = NULL; 85 unipass = NULL;
86 uniplen = 0; 86 uniplen = 0;
87 } else if (!asc2uni(pass, &unipass, &uniplen)) { 87 } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); 88 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
89 return 0; 89 return 0;
90 } 90 }
@@ -102,7 +102,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
102 const EVP_MD *md_type) 102 const EVP_MD *md_type)
103{ 103{
104 unsigned char *B, *D, *I, *p, *Ai; 104 unsigned char *B, *D, *I, *p, *Ai;
105 int Slen, Plen, Ilen; 105 int Slen, Plen, Ilen, Ijlen;
106 int i, j, u, v; 106 int i, j, u, v;
107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ 107 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
108 EVP_MD_CTX ctx; 108 EVP_MD_CTX ctx;
@@ -180,10 +180,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
180 BN_bin2bn (I + j, v, Ij); 180 BN_bin2bn (I + j, v, Ij);
181 BN_add (Ij, Ij, Bpl1); 181 BN_add (Ij, Ij, Bpl1);
182 BN_bn2bin (Ij, B); 182 BN_bn2bin (Ij, B);
183 Ijlen = BN_num_bytes (Ij);
183 /* If more than 2^(v*8) - 1 cut off MSB */ 184 /* If more than 2^(v*8) - 1 cut off MSB */
184 if (BN_num_bytes (Ij) > v) { 185 if (Ijlen > v) {
185 BN_bn2bin (Ij, B); 186 BN_bn2bin (Ij, B);
186 memcpy (I + j, B + 1, v); 187 memcpy (I + j, B + 1, v);
188#ifndef PKCS12_BROKEN_KEYGEN
189 /* If less than v bytes pad with zeroes */
190 } else if (Ijlen < v) {
191 memset(I + j, 0, v - Ijlen);
192 BN_bn2bin(Ij, I + j + v - Ijlen);
193#endif
187 } else BN_bn2bin (Ij, I + j); 194 } else BN_bn2bin (Ij, I + j);
188 } 195 }
189 } 196 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
index 1fbbd6c99f..5d67f19b45 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c
@@ -264,6 +264,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
264 if (lkey) { 264 if (lkey) {
265 *keymatch |= MATCH_CERT; 265 *keymatch |= MATCH_CERT;
266 if (cert) *cert = x509; 266 if (cert) *cert = x509;
267 else X509_free(x509);
267 } else { 268 } else {
268 if(ca) sk_X509_push (*ca, x509); 269 if(ca) sk_X509_push (*ca, x509);
269 else X509_free(x509); 270 else X509_free(x509);
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
index 17f41b4549..2f1d1e534f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c
@@ -62,30 +62,34 @@
62 62
63/* Cheap and nasty Unicode stuff */ 63/* Cheap and nasty Unicode stuff */
64 64
65unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen) 65unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
66{ 66{
67 int ulen, i; 67 int ulen, i;
68 unsigned char *unitmp; 68 unsigned char *unitmp;
69 ulen = strlen(asc)*2 + 2; 69 if (asclen == -1) asclen = strlen(asc);
70 if (!(unitmp = OPENSSL_malloc (ulen))) return NULL; 70 ulen = asclen*2 + 2;
71 for (i = 0; i < ulen; i+=2) { 71 if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
72 for (i = 0; i < ulen - 2; i+=2) {
72 unitmp[i] = 0; 73 unitmp[i] = 0;
73 unitmp[i + 1] = asc[i>>1]; 74 unitmp[i + 1] = asc[i>>1];
74 } 75 }
76 /* Make result double null terminated */
77 unitmp[ulen - 2] = 0;
78 unitmp[ulen - 1] = 0;
75 if (unilen) *unilen = ulen; 79 if (unilen) *unilen = ulen;
76 if (uni) *uni = unitmp; 80 if (uni) *uni = unitmp;
77 return unitmp; 81 return unitmp;
78} 82}
79 83
80char *uni2asc (unsigned char *uni, int unilen) 84char *uni2asc(unsigned char *uni, int unilen)
81{ 85{
82 int asclen, i; 86 int asclen, i;
83 char *asctmp; 87 char *asctmp;
84 asclen = unilen / 2; 88 asclen = unilen / 2;
85 /* If no terminating zero allow for one */ 89 /* If no terminating zero allow for one */
86 if (uni[unilen - 1]) asclen++; 90 if (!unilen || uni[unilen - 1]) asclen++;
87 uni++; 91 uni++;
88 if (!(asctmp = OPENSSL_malloc (asclen))) return NULL; 92 if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
89 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; 93 for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
90 asctmp[asclen - 1] = 0; 94 asctmp[asclen - 1] = 0;
91 return asctmp; 95 return asctmp;
diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
index 502fceff95..e529154f26 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
+++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
@@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
247 EVP_MD *md_type); 247 EVP_MD *md_type);
248int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 248int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
249 int saltlen, EVP_MD *md_type); 249 int saltlen, EVP_MD *md_type);
250unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen); 250unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
251char *uni2asc(unsigned char *uni, int unilen); 251char *uni2asc(unsigned char *uni, int unilen);
252int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp); 252int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
253PKCS12_BAGS *PKCS12_BAGS_new(void); 253PKCS12_BAGS *PKCS12_BAGS_new(void);
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
index 6cd18b671e..37b72f0890 100644
--- a/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile.ssl
@@ -58,7 +58,8 @@ verify: verify.o example.o lib
58 58
59lib: $(LIBOBJ) 59lib: $(LIBOBJ)
60 $(AR) $(LIB) $(LIBOBJ) 60 $(AR) $(LIB) $(LIBOBJ)
61 $(RANLIB) $(LIB) 61 @echo You may get an error following this line. Please ignore.
62 - $(RANLIB) $(LIB)
62 @touch lib 63 @touch lib
63 64
64files: 65files:
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 099e9651c1..bf43d030ad 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -370,7 +370,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
370 if (ri == NULL) { 370 if (ri == NULL) {
371 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 371 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
372 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 372 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
373 return(NULL); 373 goto err;
374 } 374 }
375 375
376 jj=EVP_PKEY_size(pkey); 376 jj=EVP_PKEY_size(pkey);
@@ -393,7 +393,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
393 BIO_get_cipher_ctx(etmp,&evp_ctx); 393 BIO_get_cipher_ctx(etmp,&evp_ctx);
394 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0); 394 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
395 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 395 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
396 return(NULL); 396 goto err;
397 397
398 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { 398 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
399 /* Some S/MIME clients don't use the same key 399 /* Some S/MIME clients don't use the same key
@@ -588,8 +588,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
588 pp=NULL; 588 pp=NULL;
589 } 589 }
590 590
591#ifndef NO_DSA
591 if (si->pkey->type == EVP_PKEY_DSA) 592 if (si->pkey->type == EVP_PKEY_DSA)
592 ctx_tmp.digest=EVP_dss1(); 593 ctx_tmp.digest=EVP_dss1();
594#endif
593 595
594 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, 596 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
595 (unsigned int *)&buf->length,si->pkey)) 597 (unsigned int *)&buf->length,si->pkey))
@@ -783,7 +785,14 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
783 785
784 os=si->enc_digest; 786 os=si->enc_digest;
785 pkey = X509_get_pubkey(x509); 787 pkey = X509_get_pubkey(x509);
788 if (!pkey)
789 {
790 ret = -1;
791 goto err;
792 }
793#ifndef NO_DSA
786 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); 794 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
795#endif
787 796
788 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 797 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
789 EVP_PKEY_free(pkey); 798 EVP_PKEY_free(pkey);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 994473c0bd..086d394270 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -165,9 +165,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
165 } 165 }
166 bound[32] = 0; 166 bound[32] = 0;
167 BIO_printf(bio, "MIME-Version: 1.0\n"); 167 BIO_printf(bio, "MIME-Version: 1.0\n");
168 BIO_printf(bio, "Content-Type: multipart/signed ; "); 168 BIO_printf(bio, "Content-Type: multipart/signed;");
169 BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); 169 BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
170 BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); 170 BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
171 BIO_printf(bio, "This is an S/MIME signed message\n\n"); 171 BIO_printf(bio, "This is an S/MIME signed message\n\n");
172 /* Now write out the first part */ 172 /* Now write out the first part */
173 BIO_printf(bio, "------%s\n", bound); 173 BIO_printf(bio, "------%s\n", bound);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index d716f9faeb..3d3214f5ee 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
153 PKCS7_SIGNER_INFO *si; 153 PKCS7_SIGNER_INFO *si;
154 X509_STORE_CTX cert_ctx; 154 X509_STORE_CTX cert_ctx;
155 char buf[4096]; 155 char buf[4096];
156 int i, j=0, k; 156 int i, j=0, k, ret = 0;
157 BIO *p7bio; 157 BIO *p7bio;
158 BIO *tmpout; 158 BIO *tmpout;
159 159
@@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
258 } 258 }
259 } 259 }
260 260
261 sk_X509_free(signers); 261 ret = 1;
262 if(indata) BIO_pop(p7bio);
263 BIO_free_all(p7bio);
264
265 return 1;
266 262
267 err: 263 err:
268 264
265 if(indata) BIO_pop(p7bio);
266 BIO_free_all(p7bio);
269 sk_X509_free(signers); 267 sk_X509_free(signers);
270 BIO_free(p7bio);
271 268
272 return 0; 269 return ret;
273} 270}
274 271
275STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) 272STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
diff --git a/src/lib/libssl/src/crypto/rand/Makefile.ssl b/src/lib/libssl/src/crypto/rand/Makefile.ssl
index 5f6199a35f..707eaac678 100644
--- a/src/lib/libssl/src/crypto/rand/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
index d167dea77d..567838f6c3 100644
--- a/src/lib/libssl/src/crypto/rand/md_rand.c
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -482,12 +482,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
482 unpredictable */ 482 unpredictable */
483static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 483static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
484 { 484 {
485 int ret, err; 485 int ret;
486 486
487 ret = RAND_bytes(buf, num); 487 ret = RAND_bytes(buf, num);
488 if (ret == 0) 488 if (ret == 0)
489 { 489 {
490 err = ERR_peek_error(); 490 long err = ERR_peek_error();
491 if (ERR_GET_LIB(err) == ERR_LIB_RAND && 491 if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
492 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) 492 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
493 (void)ERR_get_error(); 493 (void)ERR_get_error();
diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h
index eb9c8c034d..9c6052733e 100644
--- a/src/lib/libssl/src/crypto/rand/rand.h
+++ b/src/lib/libssl/src/crypto/rand/rand.h
@@ -59,6 +59,8 @@
59#ifndef HEADER_RAND_H 59#ifndef HEADER_RAND_H
60#define HEADER_RAND_H 60#define HEADER_RAND_H
61 61
62#include <stdlib.h>
63
62#ifdef __cplusplus 64#ifdef __cplusplus
63extern "C" { 65extern "C" {
64#endif 66#endif
@@ -89,7 +91,7 @@ void RAND_seed(const void *buf,int num);
89void RAND_add(const void *buf,int num,double entropy); 91void RAND_add(const void *buf,int num,double entropy);
90int RAND_load_file(const char *file,long max_bytes); 92int RAND_load_file(const char *file,long max_bytes);
91int RAND_write_file(const char *file); 93int RAND_write_file(const char *file);
92const char *RAND_file_name(char *file,int num); 94const char *RAND_file_name(char *file,size_t num);
93int RAND_status(void); 95int RAND_status(void);
94int RAND_egd(const char *path); 96int RAND_egd(const char *path);
95int RAND_egd_bytes(const char *path,int bytes); 97int RAND_egd_bytes(const char *path,int bytes);
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c
index 02a0d86fa3..79b5e6fa57 100644
--- a/src/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/src/lib/libssl/src/crypto/rand/rand_egd.c
@@ -74,7 +74,14 @@ int RAND_egd_bytes(const char *path,int bytes)
74#include OPENSSL_UNISTD 74#include OPENSSL_UNISTD
75#include <sys/types.h> 75#include <sys/types.h>
76#include <sys/socket.h> 76#include <sys/socket.h>
77#ifndef NO_SYS_UN_H
77#include <sys/un.h> 78#include <sys/un.h>
79#else
80struct sockaddr_un {
81 short sun_family; /* AF_UNIX */
82 char sun_path[108]; /* path name (gag) */
83};
84#endif /* NO_SYS_UN_H */
78#include <string.h> 85#include <string.h>
79 86
80#ifndef offsetof 87#ifndef offsetof
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c
index 9f2dcff9a9..3d137badd0 100644
--- a/src/lib/libssl/src/crypto/rand/rand_win.c
+++ b/src/lib/libssl/src/crypto/rand/rand_win.c
@@ -570,14 +570,15 @@ static void readtimer(void)
570 DWORD w; 570 DWORD w;
571 LARGE_INTEGER l; 571 LARGE_INTEGER l;
572 static int have_perfc = 1; 572 static int have_perfc = 1;
573#ifndef __GNUC__ 573#ifdef _MSC_VER
574 static int have_tsc = 1; 574 static int have_tsc = 1;
575 DWORD cyclecount; 575 DWORD cyclecount;
576 576
577 if (have_tsc) { 577 if (have_tsc) {
578 __try { 578 __try {
579 __asm { 579 __asm {
580 rdtsc 580 _emit 0x0f
581 _emit 0x31
581 mov cyclecount, eax 582 mov cyclecount, eax
582 } 583 }
583 RAND_add(&cyclecount, sizeof(cyclecount), 1); 584 RAND_add(&cyclecount, sizeof(cyclecount), 1);
@@ -725,8 +726,9 @@ int RAND_poll(void)
725 726
726#ifdef DEVRANDOM 727#ifdef DEVRANDOM
727 return 1; 728 return 1;
728#endif 729#else
729 return 0; 730 return 0;
731#endif
730} 732}
731 733
732#endif 734#endif
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index 663a36cb70..f4376cf8cc 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -73,7 +73,7 @@
73# include <sys/stat.h> 73# include <sys/stat.h>
74#endif 74#endif
75 75
76#include <openssl/e_os.h> 76#include "openssl/e_os.h"
77#include <openssl/crypto.h> 77#include <openssl/crypto.h>
78#include <openssl/rand.h> 78#include <openssl/rand.h>
79 79
@@ -83,6 +83,9 @@
83 83
84/* #define RFILE ".rnd" - defined in ../../e_os.h */ 84/* #define RFILE ".rnd" - defined in ../../e_os.h */
85 85
86/* Note that these functions are intended for seed files only.
87 * Entropy devices and EGD sockets are handled in rand_unix.c */
88
86int RAND_load_file(const char *file, long bytes) 89int RAND_load_file(const char *file, long bytes)
87 { 90 {
88 /* If bytes >= 0, read up to 'bytes' bytes. 91 /* If bytes >= 0, read up to 'bytes' bytes.
@@ -213,7 +216,7 @@ err:
213 return (rand_err ? -1 : ret); 216 return (rand_err ? -1 : ret);
214 } 217 }
215 218
216const char *RAND_file_name(char *buf, int size) 219const char *RAND_file_name(char *buf, size_t size)
217 { 220 {
218 char *s = NULL; 221 char *s = NULL;
219 char *ret=NULL; 222 char *ret=NULL;
@@ -239,6 +242,8 @@ const char *RAND_file_name(char *buf, int size)
239 strlcat(buf,RFILE,size); 242 strlcat(buf,RFILE,size);
240 ret=buf; 243 ret=buf;
241 } 244 }
245 else
246 buf[0] = '\0'; /* no file name */
242 } 247 }
243 248
244#ifdef DEVRANDOM 249#ifdef DEVRANDOM
@@ -257,3 +262,4 @@ const char *RAND_file_name(char *buf, int size)
257#endif 262#endif
258 return(ret); 263 return(ret);
259 } 264 }
265
diff --git a/src/lib/libssl/src/crypto/rc2/Makefile.ssl b/src/lib/libssl/src/crypto/rc2/Makefile.ssl
index 9e94051cd7..39813d68be 100644
--- a/src/lib/libssl/src/crypto/rc2/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rc2/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile.ssl b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
index 8d2a795c22..e75858d3b9 100644
--- a/src/lib/libssl/src/crypto/rc4/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
@@ -47,7 +47,8 @@ all: lib
47 47
48lib: $(LIBOBJ) 48lib: $(LIBOBJ)
49 $(AR) $(LIB) $(LIBOBJ) 49 $(AR) $(LIB) $(LIBOBJ)
50 $(RANLIB) $(LIB) 50 @echo You may get an error following this line. Please ignore.
51 - $(RANLIB) $(LIB)
51 @touch lib 52 @touch lib
52 53
53# elf 54# elf
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile.ssl b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
index 5a54a162ba..c8ee124776 100644
--- a/src/lib/libssl/src/crypto/rc5/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
@@ -44,7 +44,8 @@ all: lib
44 44
45lib: $(LIBOBJ) 45lib: $(LIBOBJ)
46 $(AR) $(LIB) $(LIBOBJ) 46 $(AR) $(LIB) $(LIBOBJ)
47 $(RANLIB) $(LIB) 47 @echo You may get an error following this line. Please ignore.
48 - $(RANLIB) $(LIB)
48 @touch lib 49 @touch lib
49 50
50# elf 51# elf
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
index de01a953ec..1550c32ca1 100644
--- a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -42,7 +42,8 @@ all: lib
42 42
43lib: $(LIBOBJ) 43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ) 44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) 45 @echo You may get an error following this line. Please ignore.
46 - $(RANLIB) $(LIB)
46 @touch lib 47 @touch lib
47 48
48# elf 49# elf
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile.ssl b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
index c159eedafe..2bee181d4e 100644
--- a/src/lib/libssl/src/crypto/rsa/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rsa/Makefile.ssl
@@ -41,7 +41,8 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 $(RANLIB) $(LIB) 44 @echo You may get an error following this line. Please ignore.
45 - $(RANLIB) $(LIB)
45 @touch lib 46 @touch lib
46 47
47files: 48files:
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index ccaa62b239..cde5ca27d5 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -141,9 +141,26 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
141 141
142 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 142 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
143 { 143 {
144 if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) 144 BN_MONT_CTX* bn_mont_ctx;
145 if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) 145 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
146 goto err; 146 goto err;
147 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
148 {
149 BN_MONT_CTX_free(bn_mont_ctx);
150 goto err;
151 }
152 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
153 {
154 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
155 if (rsa->_method_mod_n == NULL)
156 {
157 rsa->_method_mod_n = bn_mont_ctx;
158 bn_mont_ctx = NULL;
159 }
160 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
161 }
162 if (bn_mont_ctx)
163 BN_MONT_CTX_free(bn_mont_ctx);
147 } 164 }
148 165
149 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 166 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -378,9 +395,26 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
378 /* do the decrypt */ 395 /* do the decrypt */
379 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 396 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
380 { 397 {
381 if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) 398 BN_MONT_CTX* bn_mont_ctx;
382 if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) 399 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
383 goto err; 400 goto err;
401 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
402 {
403 BN_MONT_CTX_free(bn_mont_ctx);
404 goto err;
405 }
406 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
407 {
408 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
409 if (rsa->_method_mod_n == NULL)
410 {
411 rsa->_method_mod_n = bn_mont_ctx;
412 bn_mont_ctx = NULL;
413 }
414 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
415 }
416 if (bn_mont_ctx)
417 BN_MONT_CTX_free(bn_mont_ctx);
384 } 418 }
385 419
386 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 420 if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -433,20 +467,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
433 { 467 {
434 if (rsa->_method_mod_p == NULL) 468 if (rsa->_method_mod_p == NULL)
435 { 469 {
436 if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL) 470 BN_MONT_CTX* bn_mont_ctx;
437 if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p, 471 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
438 ctx)) 472 goto err;
439 goto err; 473 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
474 {
475 BN_MONT_CTX_free(bn_mont_ctx);
476 goto err;
477 }
478 if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
479 {
480 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
481 if (rsa->_method_mod_p == NULL)
482 {
483 rsa->_method_mod_p = bn_mont_ctx;
484 bn_mont_ctx = NULL;
485 }
486 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
487 }
488 if (bn_mont_ctx)
489 BN_MONT_CTX_free(bn_mont_ctx);
440 } 490 }
491
441 if (rsa->_method_mod_q == NULL) 492 if (rsa->_method_mod_q == NULL)
442 { 493 {
443 if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL) 494 BN_MONT_CTX* bn_mont_ctx;
444 if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q, 495 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
445 ctx)) 496 goto err;
446 goto err; 497 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
498 {
499 BN_MONT_CTX_free(bn_mont_ctx);
500 goto err;
501 }
502 if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
503 {
504 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
505 if (rsa->_method_mod_q == NULL)
506 {
507 rsa->_method_mod_q = bn_mont_ctx;
508 bn_mont_ctx = NULL;
509 }
510 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
511 }
512 if (bn_mont_ctx)
513 BN_MONT_CTX_free(bn_mont_ctx);
447 } 514 }
448 } 515 }
449 516
450 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; 517 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
451 if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, 518 if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
452 rsa->_method_mod_q)) goto err; 519 rsa->_method_mod_q)) goto err;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index 5e1e8fcdf3..94395cc22c 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -191,13 +191,13 @@ RSA *RSA_new_method(ENGINE *engine)
191 ret->blinding=NULL; 191 ret->blinding=NULL;
192 ret->bignum_data=NULL; 192 ret->bignum_data=NULL;
193 ret->flags=meth->flags; 193 ret->flags=meth->flags;
194 CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
194 if ((meth->init != NULL) && !meth->init(ret)) 195 if ((meth->init != NULL) && !meth->init(ret))
195 { 196 {
197 CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data);
196 OPENSSL_free(ret); 198 OPENSSL_free(ret);
197 ret=NULL; 199 ret=NULL;
198 } 200 }
199 else
200 CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
201 return(ret); 201 return(ret);
202 } 202 }
203 203
@@ -221,13 +221,13 @@ void RSA_free(RSA *r)
221 } 221 }
222#endif 222#endif
223 223
224 CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
225
226 meth = ENGINE_get_RSA(r->engine); 224 meth = ENGINE_get_RSA(r->engine);
227 if (meth->finish != NULL) 225 if (meth->finish != NULL)
228 meth->finish(r); 226 meth->finish(r);
229 ENGINE_finish(r->engine); 227 ENGINE_finish(r->engine);
230 228
229 CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
230
231 if (r->n != NULL) BN_clear_free(r->n); 231 if (r->n != NULL) BN_clear_free(r->n);
232 if (r->e != NULL) BN_clear_free(r->e); 232 if (r->e != NULL) BN_clear_free(r->e);
233 if (r->d != NULL) BN_clear_free(r->d); 233 if (r->d != NULL) BN_clear_free(r->d);
@@ -325,7 +325,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
325 325
326 BN_CTX_start(ctx); 326 BN_CTX_start(ctx);
327 A = BN_CTX_get(ctx); 327 A = BN_CTX_get(ctx);
328 if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; 328 if (!BN_rand_range(A,rsa->n)) goto err;
329 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; 329 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
330 330
331 if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A, 331 if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
diff --git a/src/lib/libssl/src/crypto/sha/Makefile.ssl b/src/lib/libssl/src/crypto/sha/Makefile.ssl
index 72acd8f046..790e572fa2 100644
--- a/src/lib/libssl/src/crypto/sha/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/sha/Makefile.ssl
@@ -42,7 +42,8 @@ all: lib
42 42
43lib: $(LIBOBJ) 43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ) 44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) 45 @echo You may get an error following this line. Please ignore.
46 - $(RANLIB) $(LIB)
46 @touch lib 47 @touch lib
47 48
48# elf 49# elf
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
index 09df993ecd..fe51fd0794 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -317,7 +317,7 @@ sub BODY_60_79
317 317
318sub sha1_block_host 318sub sha1_block_host
319 { 319 {
320 local($name)=@_; 320 local($name, $sclabel)=@_;
321 321
322 &function_begin_B($name,""); 322 &function_begin_B($name,"");
323 323
@@ -352,7 +352,7 @@ sub sha1_block_host
352 &mov(&swtmp($i+0),$A); 352 &mov(&swtmp($i+0),$A);
353 &mov(&swtmp($i+1),$B); 353 &mov(&swtmp($i+1),$B);
354 } 354 }
355 &jmp(&label("shortcut")); 355 &jmp($sclabel);
356 &function_end_B($name); 356 &function_end_B($name);
357 } 357 }
358 358
@@ -529,10 +529,12 @@ sub sha1_block_data
529 &pop("esi"); 529 &pop("esi");
530 &ret(); 530 &ret();
531 531
532 # it has to reside within sha1_block_asm_host_order body 532 # keep a note of shortcut label so it can be used outside
533 # because it calls &jmp(&label("shortcut")); 533 # block.
534 &sha1_block_host("sha1_block_asm_host_order"); 534 my $sclabel = &label("shortcut");
535 535
536 &function_end_B($name); 536 &function_end_B($name);
537 # Putting this here avoids problems with MASM in debugging mode
538 &sha1_block_host("sha1_block_asm_host_order", $sclabel);
537 } 539 }
538 540
diff --git a/src/lib/libssl/src/crypto/stack/Makefile.ssl b/src/lib/libssl/src/crypto/stack/Makefile.ssl
index 86ed928750..c916fd5451 100644
--- a/src/lib/libssl/src/crypto/stack/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/stack/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile.ssl b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
index cb54d53323..ee054e91f2 100644
--- a/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/crypto/uid.c b/src/lib/libssl/src/crypto/uid.c
new file mode 100644
index 0000000000..b5b61b76d4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/uid.c
@@ -0,0 +1,88 @@
1/* crypto/uid.c */
2/* ====================================================================
3 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/crypto.h>
57
58#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
59
60#include <unistd.h>
61
62int OPENSSL_issetugid(void)
63 {
64 return issetugid();
65 }
66
67#elif defined(WIN32)
68
69int OPENSSL_issetugid(void)
70 {
71 return 0;
72 }
73
74#else
75
76#include <unistd.h>
77#include <sys/types.h>
78
79int OPENSSL_issetugid(void)
80 {
81 if (getuid() != geteuid()) return 1;
82 if (getgid() != getegid()) return 1;
83 return 0;
84 }
85#endif
86
87
88
diff --git a/src/lib/libssl/src/crypto/x509/Makefile.ssl b/src/lib/libssl/src/crypto/x509/Makefile.ssl
index 4619693733..79f09d4f71 100644
--- a/src/lib/libssl/src/crypto/x509/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/x509/Makefile.ssl
@@ -49,7 +49,8 @@ all: lib
49 49
50lib: $(LIBOBJ) 50lib: $(LIBOBJ)
51 $(AR) $(LIB) $(LIBOBJ) 51 $(AR) $(LIB) $(LIBOBJ)
52 $(RANLIB) $(LIB) 52 @echo You may get an error following this line. Please ignore.
53 - $(RANLIB) $(LIB)
53 @touch lib 54 @touch lib
54 55
55files: 56files:
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index cac64a6f40..448bd7e69c 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -327,7 +327,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
327 * it out again */ 327 * it out again */
328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); 328 CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
329 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); 329 j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
330 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i); 330 if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
331 else tmp = NULL; 331 else tmp = NULL;
332 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); 332 CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
333 333
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
index b147d573d2..3f9f9b3d47 100644
--- a/src/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x)
199 { 199 {
200 unsigned long ret=0; 200 unsigned long ret=0;
201 unsigned char md[16]; 201 unsigned char md[16];
202 unsigned char str[256],*p,*pp;
203 int i;
204
205 i=i2d_X509_NAME(x,NULL);
206 if (i > sizeof(str))
207 p=OPENSSL_malloc(i);
208 else
209 p=str;
210 202
211 pp=p; 203 /* Ensure cached version is up to date */
212 i2d_X509_NAME(x,&pp); 204 i2d_X509_NAME(x,NULL);
213 MD5((unsigned char *)p,i,&(md[0])); 205 /* Use cached encoding directly rather than copying: this should
214 if (p != str) OPENSSL_free(p); 206 * keep libsafe happy.
207 */
208 MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
215 209
216 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| 210 ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
217 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) 211 ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile.ssl b/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
index f7c3a6ca13..236e13af4e 100644
--- a/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/x509v3/Makefile.ssl
@@ -43,7 +43,8 @@ all: lib
43 43
44lib: $(LIBOBJ) 44lib: $(LIBOBJ)
45 $(AR) $(LIB) $(LIBOBJ) 45 $(AR) $(LIB) $(LIBOBJ)
46 $(RANLIB) $(LIB) 46 @echo You may get an error following this line. Please ignore.
47 - $(RANLIB) $(LIB)
47 @touch lib 48 @touch lib
48 49
49files: 50files:
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
index 733919f250..94bebcd448 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -270,7 +270,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
270 /* Now add any email address(es) to STACK */ 270 /* Now add any email address(es) to STACK */
271 i = -1; 271 i = -1;
272 while((i = X509_NAME_get_index_by_NID(nm, 272 while((i = X509_NAME_get_index_by_NID(nm,
273 NID_pkcs9_emailAddress, i)) > 0) { 273 NID_pkcs9_emailAddress, i)) >= 0) {
274 ne = X509_NAME_get_entry(nm, i); 274 ne = X509_NAME_get_entry(nm, i);
275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); 275 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
276 if(!email || !(gen = GENERAL_NAME_new())) { 276 if(!email || !(gen = GENERAL_NAME_new())) {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_prn.c b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
index dbc4fb1f16..14b804c4ad 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_prn.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_prn.c
@@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
85 else BIO_printf(out, "%s:%s", nval->name, nval->value); 85 else BIO_printf(out, "%s:%s", nval->name, nval->value);
86#else 86#else
87 else { 87 else {
88 char tmp[10240]; /* 10k is BIO_printf's limit anyway */ 88 int len;
89 ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1); 89 char *tmp;
90 BIO_printf(out, "%s:%s", nval->name, tmp); 90 len = strlen(nval->value)+1;
91 tmp = OPENSSL_malloc(len);
92 if (tmp)
93 {
94 ascii2ebcdic(tmp, nval->value, len);
95 BIO_printf(out, "%s:%s", nval->name, tmp);
96 OPENSSL_free(tmp);
97 }
91 } 98 }
92#endif 99#endif
93 if(ml) BIO_puts(out, "\n"); 100 if(ml) BIO_puts(out, "\n");
@@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
115 BIO_printf(out, "%*s%s", indent, "", value); 122 BIO_printf(out, "%*s%s", indent, "", value);
116#else 123#else
117 { 124 {
118 char tmp[10240]; /* 10k is BIO_printf's limit anyway */ 125 int len;
119 ascii2ebcdic(tmp, value, strlen(value)+1); 126 char *tmp;
120 BIO_printf(out, "%*s%s", indent, "", tmp); 127 len = strlen(value)+1;
128 tmp = OPENSSL_malloc(len);
129 if (tmp)
130 {
131 ascii2ebcdic(tmp, value, len);
132 BIO_printf(out, "%*s%s", indent, "", tmp);
133 OPENSSL_free(tmp);
134 }
121 } 135 }
122#endif 136#endif
123 } else if(method->i2v) { 137 } else if(method->i2v) {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index 867699b26f..8aecd00e63 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -362,6 +362,8 @@ static int ca_check(const X509 *x)
362 else return 0; 362 else return 0;
363 } else { 363 } else {
364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 364 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
365 /* If key usage present it must have certSign so tolerate it */
366 else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
365 else return 2; 367 else return 2;
366 } 368 }
367} 369}
@@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x)
380 if(ca_ret != 2) return ca_ret; 382 if(ca_ret != 2) return ca_ret;
381 else return 0; 383 else return 0;
382} 384}
383 385
384 386
385static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) 387static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
386{ 388{
@@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
446 int ret; 448 int ret;
447 ret = purpose_smime(x, ca); 449 ret = purpose_smime(x, ca);
448 if(!ret || ca) return ret; 450 if(!ret || ca) return ret;
449 if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; 451 if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
450 return ret; 452 return ret;
451} 453}
452 454
diff --git a/src/lib/libssl/src/doc/apps/pkcs12.pod b/src/lib/libssl/src/doc/apps/pkcs12.pod
index c4009998b8..7e0307dda0 100644
--- a/src/lib/libssl/src/doc/apps/pkcs12.pod
+++ b/src/lib/libssl/src/doc/apps/pkcs12.pod
@@ -304,6 +304,26 @@ Include some extra certificates:
304 304
305Some would argue that the PKCS#12 standard is one big bug :-) 305Some would argue that the PKCS#12 standard is one big bug :-)
306 306
307Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation
308routines. Under rare circumstances this could produce a PKCS#12 file encrypted
309with an invalid key. As a result some PKCS#12 files which triggered this bug
310from other implementations (MSIE or Netscape) could not be decrypted
311by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could
312not be decrypted by other implementations. The chances of producing such
313a file are relatively small: less than 1 in 256.
314
315A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
316files cannot no longer be parsed by the fixed version. Under such circumstances
317the B<pkcs12> utility will report that the MAC is OK but fail with a decryption
318error when extracting private keys.
319
320This problem can be resolved by extracting the private keys and certificates
321from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12
322file from the keys and certificates using a newer version of OpenSSL. For example:
323
324 old-openssl -in bad.p12 -out keycerts.pem
325 openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12
326
307=head1 SEE ALSO 327=head1 SEE ALSO
308 328
309L<pkcs8(1)|pkcs8(1)> 329L<pkcs8(1)|pkcs8(1)>
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index 9df1c07fb7..078ff086c3 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -32,6 +32,7 @@ B<openssl> B<s_client>
32[B<-no_tls1>] 32[B<-no_tls1>]
33[B<-bugs>] 33[B<-bugs>]
34[B<-cipher cipherlist>] 34[B<-cipher cipherlist>]
35[B<-rand file(s)>]
35[B<-engine id>] 36[B<-engine id>]
36 37
37=head1 DESCRIPTION 38=head1 DESCRIPTION
@@ -157,6 +158,14 @@ the server determines which cipher suite is used it should take the first
157supported cipher in the list sent by the client. See the B<ciphers> 158supported cipher in the list sent by the client. See the B<ciphers>
158command for more information. 159command for more information.
159 160
161=item B<-rand file(s)>
162
163a file or files containing random data used to seed the random number
164generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
165Multiple files can be specified separated by a OS-dependent character.
166The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
167all others.
168
160=item B<-engine id> 169=item B<-engine id>
161 170
162specifying an engine (by it's unique B<id> string) will cause B<s_client> 171specifying an engine (by it's unique B<id> string) will cause B<s_client>
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod
index 3a5bf46e28..419383b55d 100644
--- a/src/lib/libssl/src/doc/apps/s_server.pod
+++ b/src/lib/libssl/src/doc/apps/s_server.pod
@@ -39,6 +39,7 @@ B<openssl> B<s_client>
39[B<-hack>] 39[B<-hack>]
40[B<-www>] 40[B<-www>]
41[B<-WWW>] 41[B<-WWW>]
42[B<-rand file(s)>]
42[B<-engine id>] 43[B<-engine id>]
43 44
44=head1 DESCRIPTION 45=head1 DESCRIPTION
@@ -95,7 +96,7 @@ using a set of DH parameters. If not specified then an attempt is made to
95load the parameters from the server certificate file. If this fails then 96load the parameters from the server certificate file. If this fails then
96a static set of parameters hard coded into the s_server program will be used. 97a static set of parameters hard coded into the s_server program will be used.
97 98
98=item B<-nodhe> 99=item B<-no_dhe>
99 100
100if this option is set then no DH parameters will be loaded effectively 101if this option is set then no DH parameters will be loaded effectively
101disabling the ephemeral DH cipher suites. 102disabling the ephemeral DH cipher suites.
@@ -187,6 +188,14 @@ emulates a simple web server. Pages will be resolved relative to the
187current directory, for example if the URL https://myhost/page.html is 188current directory, for example if the URL https://myhost/page.html is
188requested the file ./page.html will be loaded. 189requested the file ./page.html will be loaded.
189 190
191=item B<-rand file(s)>
192
193a file or files containing random data used to seed the random number
194generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
195Multiple files can be specified separated by a OS-dependent character.
196The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
197all others.
198
190=item B<-engine id> 199=item B<-engine id>
191 200
192specifying an engine (by it's unique B<id> string) will cause B<s_server> 201specifying an engine (by it's unique B<id> string) will cause B<s_server>
diff --git a/src/lib/libssl/src/doc/crypto/BN_rand.pod b/src/lib/libssl/src/doc/crypto/BN_rand.pod
index f234553853..5406552ba4 100644
--- a/src/lib/libssl/src/doc/crypto/BN_rand.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_rand.pod
@@ -12,24 +12,31 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number
12 12
13 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); 13 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
14 14
15 int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
16
15=head1 DESCRIPTION 17=head1 DESCRIPTION
16 18
17BN_rand() generates a cryptographically strong pseudo-random number of 19BN_rand() generates a cryptographically strong pseudo-random number of
18B<bits> bits in length and stores it in B<rnd>. If B<top> is true, the 20B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the
19two most significant bits of the number will be set to 1, so that the 21most significant bit of the random number can be zero. If B<top> is 0,
20product of two such random numbers will always have 2*B<bits> length. 22it is set to 1, and if B<top> is 1, the two most significant bits of
21If B<bottom> is true, the number will be odd. 23the number will be set to 1, so that the product of two such random
24numbers will always have 2*B<bits> length. If B<bottom> is true, the
25number will be odd.
22 26
23BN_pseudo_rand() does the same, but pseudo-random numbers generated by 27BN_pseudo_rand() does the same, but pseudo-random numbers generated by
24this function are not necessarily unpredictable. They can be used for 28this function are not necessarily unpredictable. They can be used for
25non-cryptographic purposes and for certain purposes in cryptographic 29non-cryptographic purposes and for certain purposes in cryptographic
26protocols, but usually not for key generation etc. 30protocols, but usually not for key generation etc.
27 31
28The PRNG must be seeded prior to calling BN_rand(). 32BN_rand_range() generates a cryptographically strong pseudo-random
33number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
34
35The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
29 36
30=head1 RETURN VALUES 37=head1 RETURN VALUES
31 38
32BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error. 39The functions return 1 on success, 0 on error.
33The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 40The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
34 41
35=head1 SEE ALSO 42=head1 SEE ALSO
@@ -40,6 +47,7 @@ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
40=head1 HISTORY 47=head1 HISTORY
41 48
42BN_rand() is available in all versions of SSLeay and OpenSSL. 49BN_rand() is available in all versions of SSLeay and OpenSSL.
43BN_pseudo_rand() was added in OpenSSL 0.9.5. 50BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
51and the function BN_rand_range() were added in OpenSSL 0.9.6a.
44 52
45=cut 53=cut
diff --git a/src/lib/libssl/src/doc/crypto/RAND_egd.pod b/src/lib/libssl/src/doc/crypto/RAND_egd.pod
index 40241e2df8..71cab3ca04 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_egd.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_egd.pod
@@ -9,10 +9,30 @@ RAND_egd - query entropy gathering daemon
9 #include <openssl/rand.h> 9 #include <openssl/rand.h>
10 10
11 int RAND_egd(const char *path); 11 int RAND_egd(const char *path);
12 int RAND_egd_bytes(const char *path, int bytes);
12 13
13=head1 DESCRIPTION 14=head1 DESCRIPTION
14 15
15RAND_egd() queries the entropy gathering daemon EGD on socket B<path>. 16RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
17It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
18OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
19RAND_egd_bytes(path, 255);
20
21RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
22It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
23OpenSSL built-in PRNG.
24This function is more flexible than RAND_egd().
25When only one secret key must
26be generated, it is not necessary to request the full amount 255 bytes from
27the EGD socket. This can be advantageous, since the amount of entropy
28that can be retrieved from EGD over time is limited.
29
30=head1 NOTES
31
32On systems without /dev/*random devices providing entropy from the kernel,
33the EGD entropy gathering daemon can be used to collect entropy. It provides
34a socket interface through which entropy can be gathered in chunks up to
35255 bytes. Several chunks can be queried during one connection.
16 36
17EGD is available from http://www.lothar.com/tech/crypto/ (C<perl 37EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
18Makefile.PL; make; make install> to install). It is run as B<egd> 38Makefile.PL; make; make install> to install). It is run as B<egd>
@@ -21,22 +41,27 @@ RAND_egd() is called with that path as an argument, it tries to read
21random bytes that EGD has collected. The read is performed in 41random bytes that EGD has collected. The read is performed in
22non-blocking mode. 42non-blocking mode.
23 43
24Alternatively, the EGD-compatible daemon PRNGD can be used. It is 44Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
25available from 45available from
26http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . 46http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
47PRNGD does employ an internal PRNG itself and can therefore never run
48out of entropy.
27 49
28=head1 RETURN VALUE 50=head1 RETURN VALUE
29 51
30RAND_egd() returns the number of bytes read from the daemon on 52RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
31success, and -1 if the connection failed or the daemon did not return 53daemon on success, and -1 if the connection failed or the daemon did not
32enough data to fully seed the PRNG. 54return enough data to fully seed the PRNG.
33 55
34=head1 SEE ALSO 56=head1 SEE ALSO
35 57
36L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> 58L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
59L<RAND_cleanup(3)|RAND_cleanup(3)>
37 60
38=head1 HISTORY 61=head1 HISTORY
39 62
40RAND_egd() is available since OpenSSL 0.9.5. 63RAND_egd() is available since OpenSSL 0.9.5.
41 64
65RAND_egd_bytes() is available since OpenSSL 0.9.6.
66
42=cut 67=cut
diff --git a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
index 8dd700ca3d..d8c134e621 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_load_file.pod
@@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
8 8
9 #include <openssl/rand.h> 9 #include <openssl/rand.h>
10 10
11 const char *RAND_file_name(char *buf, int num); 11 const char *RAND_file_name(char *buf, size_t num);
12 12
13 int RAND_load_file(const char *filename, long max_bytes); 13 int RAND_load_file(const char *filename, long max_bytes);
14 14
diff --git a/src/lib/libssl/src/doc/crypto/bn.pod b/src/lib/libssl/src/doc/crypto/bn.pod
index 1504a1c92d..d183028d61 100644
--- a/src/lib/libssl/src/doc/crypto/bn.pod
+++ b/src/lib/libssl/src/doc/crypto/bn.pod
@@ -60,6 +60,7 @@ bn - multiprecision integer arithmetics
60 60
61 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); 61 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
62 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); 62 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
63 int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
63 64
64 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, 65 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
65 BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); 66 BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod
index f089dd49a2..edf47dbde6 100644
--- a/src/lib/libssl/src/doc/crypto/evp.pod
+++ b/src/lib/libssl/src/doc/crypto/evp.pod
@@ -10,7 +10,7 @@ evp - high-level cryptographic functions
10 10
11=head1 DESCRIPTION 11=head1 DESCRIPTION
12 12
13The EVP library provided a high-level interface to cryptographic 13The EVP library provides a high-level interface to cryptographic
14functions. 14functions.
15 15
16B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption 16B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
diff --git a/src/lib/libssl/src/doc/crypto/rand.pod b/src/lib/libssl/src/doc/crypto/rand.pod
index 295b681050..9545f0e109 100644
--- a/src/lib/libssl/src/doc/crypto/rand.pod
+++ b/src/lib/libssl/src/doc/crypto/rand.pod
@@ -8,17 +8,17 @@ rand - pseudo-random number generator
8 8
9 #include <openssl/rand.h> 9 #include <openssl/rand.h>
10 10
11 int RAND_bytes(unsigned char *buf,int num); 11 int RAND_bytes(unsigned char *buf, int num);
12 int RAND_pseudo_bytes(unsigned char *buf,int num); 12 int RAND_pseudo_bytes(unsigned char *buf, int num);
13 13
14 void RAND_seed(const void *buf,int num); 14 void RAND_seed(const void *buf, int num);
15 void RAND_add(const void *buf,int num,int entropy); 15 void RAND_add(const void *buf, int num, int entropy);
16 int RAND_status(void); 16 int RAND_status(void);
17 void RAND_screen(void); 17 void RAND_screen(void);
18 18
19 int RAND_load_file(const char *file,long max_bytes); 19 int RAND_load_file(const char *file, long max_bytes);
20 int RAND_write_file(const char *file); 20 int RAND_write_file(const char *file);
21 const char *RAND_file_name(char *file,int num); 21 const char *RAND_file_name(char *file, size_t num);
22 22
23 int RAND_egd(const char *path); 23 int RAND_egd(const char *path);
24 24
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
index 7fea14ee68..4b91c63ba0 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod
@@ -2,8 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, 5SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
6SSL_CIPHER_description - get SSL_CIPHER properties
7 6
8=head1 SYNOPSIS 7=head1 SYNOPSIS
9 8
@@ -29,9 +28,10 @@ SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
29 28
30SSL_CIPHER_description() returns a textual description of the cipher used 29SSL_CIPHER_description() returns a textual description of the cipher used
31into the buffer B<buf> of length B<len> provided. B<len> must be at least 30into the buffer B<buf> of length B<len> provided. B<len> must be at least
32128 bytes, otherwise the string "Buffer too small" is returned. If B<buf> 31128 bytes, otherwise a pointer to the the string "Buffer too small" is
33is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the 32returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
34allocation fails, the string "OPENSSL_malloc Error" is returned. 33OPENSSL_malloc(). If the allocation fails, a pointer to the string
34"OPENSSL_malloc Error" is returned.
35 35
36=head1 NOTES 36=head1 NOTES
37 37
@@ -40,11 +40,66 @@ export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm
40does use the full 128 bits (which would be returned for B<alg_bits>), of 40does use the full 128 bits (which would be returned for B<alg_bits>), of
41which however 88bits are fixed. The search space is hence only 40 bits. 41which however 88bits are fixed. The search space is hence only 40 bits.
42 42
43The string returned by SSL_CIPHER_description() in case of success consists
44of cleartext information separated by one or more blanks in the following
45sequence:
46
47=over 4
48
49=item <ciphername>
50
51Textual representation of the cipher name.
52
53=item <protocol version>
54
55Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
56
57=item Kx=<key exchange>
58
59Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or
60B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>),
61B<DH/RSA>, B<DH/DSS>, B<Fortezza>.
62
63=item Au=<authentication>
64
65Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the
66representation of anonymous ciphers.
67
68=item Enc=<symmetric encryption method>
69
70Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>,
71B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>,
72B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>.
73
74=item Mac=<message authentication code>
75
76Message digest: B<MD5>, B<SHA1>.
77
78=item <export flag>
79
80If the cipher is flagged exportable with respect to old US crypto
81regulations, the word "B<export>" is printed.
82
83=back
84
85=head1 EXAMPLES
86
87Some examples for the output of SSL_CIPHER_description():
88
89 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
90 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
91 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
92 EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
93
43=head1 BUGS 94=head1 BUGS
44 95
45If SSL_CIPHER_description() is called with B<cipher> being NULL, the 96If SSL_CIPHER_description() is called with B<cipher> being NULL, the
46library crashes. 97library crashes.
47 98
99If SSL_CIPHER_description() cannot handle a built-in cipher, the according
100description of the cipher property is B<unknown>. This case should not
101occur.
102
48=head1 RETURN VALUES 103=head1 RETURN VALUES
49 104
50See DESCRIPTION 105See DESCRIPTION
@@ -52,6 +107,6 @@ See DESCRIPTION
52=head1 SEE ALSO 107=head1 SEE ALSO
53 108
54L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, 109L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>,
55L<SSL_get_ciphers(3)|SSL_get_ciphers(3)> 110L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>
56 111
57=cut 112=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
new file mode 100644
index 0000000000..21a9db0e2a
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -0,0 +1,38 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_add_extra_chain_cert - add certificate to chain
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
12
13=head1 DESCRIPTION
14
15SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
16chain presented together with the certificate. Several certificates
17can be added one after the other.
18
19=head1 NOTES
20
21When constructing the certificate chain, the chain will be formed from
22these certificates explicitly specified. If no chain is specified,
23the library will try to complete the chain from the available CA
24certificates in the trusted CA storage, see
25L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
26
27=head1 RETURN VALUES
28
29SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
30error stack to find out the reason for failure otherwise.
31
32=head1 SEE ALSO
33
34L<ssl(3)|ssl(3)>,
35L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
36L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
37
38=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod
new file mode 100644
index 0000000000..af326c2f73
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_add_session.pod
@@ -0,0 +1,65 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
12 int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);
13
14 int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
15 int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
16
17=head1 DESCRIPTION
18
19SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The
20reference count for session B<c> is incremented by 1. If a session with
21the same session id already exists, the old session is removed by calling
22L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
23
24SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>.
25L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> is called once for B<c>.
26
27SSL_add_session() and SSL_remove_session() are synonyms for their
28SSL_CTX_*() counterparts.
29
30=head1 NOTES
31
32When adding a new session to the internal session cache, it is examined
33whether a session with the same session id already exists. In this case
34it is assumed that both sessions are identical. If the same session is
35stored in a different SSL_SESSION object, The old session is
36removed and replaced by the new session. If the session is actually
37identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
38is a no-op, and the return value is 0.
39
40
41=head1 RETURN VALUES
42
43The following values are returned by all functions:
44
45=over 4
46
47=item 0
48
49 The operation failed. In case of the add operation, it was tried to add
50 the same (identical) session twice. In case of the remove operation, the
51 session was not found in the cache.
52
53=item 1
54
55 The operation succeeded.
56
57=back
58
59=head1 SEE ALSO
60
61L<ssl(3)|ssl(3)>,
62L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
63L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
64
65=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod
new file mode 100644
index 0000000000..148c36c871
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_flush_sessions.pod
@@ -0,0 +1,49 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
12 void SSL_flush_sessions(SSL_CTX *ctx, long tm);
13
14=head1 DESCRIPTION
15
16SSL_CTX_flush_sessions() causes a run through the session cache of
17B<ctx> to remove sessions expired at time B<tm>.
18
19SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions().
20
21=head1 NOTES
22
23If enabled, the internal session cache will collect all sessions established
24up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).
25As sessions will not be reused ones they are expired, they should be
26removed from the cache to save resources. This can either be done
27 automatically whenever 255 new sessions were established (see
28L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
29or manually by calling SSL_CTX_flush_sessions().
30
31The parameter B<tm> specifies the time which should be used for the
32expiration test, in most cases the actual time given by time(0)
33will be used.
34
35SSL_CTX_flush_sessions() will only check sessions stored in the internal
36cache. When a session is found and removed, the remove_session_cb is however
37called to synchronize with the external cache (see
38L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
39
40=head1 RETURN VALUES
41
42=head1 SEE ALSO
43
44L<ssl(3)|ssl(3)>,
45L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
46L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
47L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
48
49=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod
index de69672422..c716cde164 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_free.pod
@@ -17,7 +17,7 @@ SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
17the reference count has reached 0. 17the reference count has reached 0.
18 18
19It also calls the free()ing procedures for indirectly affected items, if 19It also calls the free()ing procedures for indirectly affected items, if
20applicable: the session cacahe, the list of ciphers, the list of Client CAs, 20applicable: the session cache, the list of ciphers, the list of Client CAs,
21the certificates and keys. 21the certificates and keys.
22 22
23=head1 RETURN VALUES 23=head1 RETURN VALUES
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
new file mode 100644
index 0000000000..15067438c8
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
@@ -0,0 +1,53 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_CTX_get_ex_new_index(long argl, void *argp,
12 CRYPTO_EX_new *new_func,
13 CRYPTO_EX_dup *dup_func,
14 CRYPTO_EX_free *free_func);
15
16 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
17
18 void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx);
19
20 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
21 int idx, long argl, void *argp);
22 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
23 int idx, long argl, void *argp);
24 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
25 int idx, long argl, void *argp);
26
27=head1 DESCRIPTION
28
29Several OpenSSL structures can have application specific data attached to them.
30These functions are used internally by OpenSSL to manipulate application
31specific data attached to a specific structure.
32
33SSL_CTX_get_ex_new_index() is used to register a new index for application
34specific data.
35
36SSL_CTX_set_ex_data() is used to store application data at B<arg> for B<idx>
37into the B<ctx> object.
38
39SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
40B<ctx>.
41
42A detailed description for the B<*_get_ex_new_index()> functionality
43can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
46
47=head1 SEE ALSO
48
49L<ssl(3)|ssl(3)>,
50L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
51L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
52
53=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod
new file mode 100644
index 0000000000..7f10c6e945
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_verify_mode.pod
@@ -0,0 +1,50 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
12 int SSL_get_verify_mode(SSL *ssl);
13 int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
14 int SSL_get_verify_depth(SSL *ssl);
15 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *);
16 int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *);
17
18=head1 DESCRIPTION
19
20SSL_CTX_get_verify_mode() returns the verification mode currently set in
21B<ctx>.
22
23SSL_get_verify_mode() returns the verification mode currently set in
24B<ssl>.
25
26SSL_CTX_get_verify_depth() returns the verification depth limit currently set
27in B<ctx>. If no limit has been explicitly set, -1 is returned and the
28default value will be used.
29
30SSL_get_verify_depth() returns the verification depth limit currently set
31in B<ssl>. If no limit has been explicitly set, -1 is returned and the
32default value will be used.
33
34SSL_CTX_get_verify_callback() returns a function pointer to the verification
35callback currently set in B<ctx>. If no callback was explicitly set, the
36NULL pointer is returned and the default callback will be used.
37
38SSL_get_verify_callback() returns a function pointer to the verification
39callback currently set in B<ssl>. If no callback was explicitly set, the
40NULL pointer is returned and the default callback will be used.
41
42=head1 RETURN VALUES
43
44See DESCRIPTION
45
46=head1 SEE ALSO
47
48L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
49
50=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod
new file mode 100644
index 0000000000..88f18bd5ff
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -0,0 +1,124 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_load_verify_locations - set default locations for trusted CA
6certificates
7
8=head1 SYNOPSIS
9
10 #include <openssl/ssl.h>
11
12 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
13 const char *CApath);
14
15=head1 DESCRIPTION
16
17SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
18which CA certificates for verification purposes are located. The certificates
19available via B<CAfile> and B<CApath> are trusted.
20
21=head1 NOTES
22
23If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
24format. The file can contain several CA certificates identified by
25
26 -----BEGIN CERTIFICATE-----
27 ... (CA certificate in base64 encoding) ...
28 -----END CERTIFICATE-----
29
30sequences. Before, between, and after the certificates text is allowed
31which can be used e.g. for descriptions of the certificates.
32
33The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
34function.
35
36If on an TLS/SSL server no special setting is performed using *client_CA_list()
37functions, the certificates contained in B<CAfile> are listed to the client
38as available CAs during the TLS/SSL handshake.
39
40If B<CApath> is not NULL, it points to a directory containing CA certificates
41in PEM format. The files each contain one CA certificate. The files are
42looked up by the CA subject name hash value, which must hence be available.
43If more than one CA certificate with the same name hash value exist, the
44extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
45is performed in the ordering of the extension number, regardless of other
46properties of the certificates.
47Use the B<c_rehash> utility to create the necessary links.
48
49The certificates in B<CApath> are only looked up when required, e.g. when
50building the certificate chain or when actually performing the verification
51of a peer certificate.
52
53On a server, the certificates in B<CApath> are not listed as available
54CA certificates to a client during a TLS/SSL handshake.
55
56When looking up CA certificates, the OpenSSL library will first search the
57certificates in B<CAfile>, then those in B<CApath>. Certificate matching
58is done based on the subject name, the key identifier (if present), and the
59serial number as taken from the certificate to be verified. If these data
60do not match, the next certificate will be tried. If a first certificate
61matching the parameters is found, the verification process will be performed;
62no other certificates for the same parameters will be searched in case of
63failure.
64
65When building its own certificate chain, an OpenSSL client/server will
66try to fill in missing certificates from B<CAfile>/B<CApath>, if the
67certificate chain was not explicitly specified (see
68L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
69L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>.
70
71=head1 WARNINGS
72
73If several CA certificates matching the name, key identifier, and serial
74number condition are available, only the first one will be examined. This
75may lead to unexpected results if the same CA certificate is available
76with different expiration dates. If a "certificate expired" verification
77error occurs, no other certificate will be searched. Make sure to not
78have expired certificates mixed with valid ones.
79
80=head1 EXAMPLES
81
82Generate a CA certificate file with descriptive text from the CA certificates
83ca1.pem ca2.pem ca3.pem:
84
85 #!/bin/sh
86 rm CAfile.pem
87 for i in ca1.pem ca2.pem ca3.pem ; do
88 openssl x509 -in $i -text >> CAfile.pem
89 done
90
91Prepare the directory /some/where/certs containing several CA certificates
92for use as B<CApath>:
93
94 cd /some/where/certs
95 c_rehash .
96
97=head1 RETURN VALUES
98
99The following return values can occur:
100
101=over 4
102
103=item 0
104
105The operation failed because B<CAfile> and B<CApath> are NULL or the
106processing at one of the locations specified failed. Check the error
107stack to find out the reason.
108
109=item 1
110
111The operation succeeded.
112
113=back
114
115=head1 SEE ALSO
116
117L<ssl(3)|ssl(3)>,
118L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
119L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
120L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
121L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
122
123
124=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
index e166c692c3..1dae8b0bdd 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod
@@ -33,9 +33,9 @@ understand SSLv2 client hello messages.
33=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) 33=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
34 34
35A TLS/SSL connection established with these methods will only understand the 35A TLS/SSL connection established with these methods will only understand the
36SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages 36SSLv3 protocol. A client will send out SSLv3 client hello messages
37and will indicate that it also understands TLSv1. A server will only understand 37and will indicate that it only understands SSLv3. A server will only understand
38SSLv3 and TLSv1 client hello messages. This especially means, that it will 38SSLv3 client hello messages. This especially means, that it will
39not understand SSLv2 client hello messages which are widely used for 39not understand SSLv2 client hello messages which are widely used for
40compatibility reasons, see SSLv23_*_method(). 40compatibility reasons, see SSLv23_*_method().
41 41
@@ -46,7 +46,8 @@ TLSv1 protocol. A client will send out TLSv1 client hello messages
46and will indicate that it only understands TLSv1. A server will only understand 46and will indicate that it only understands TLSv1. A server will only understand
47TLSv1 client hello messages. This especially means, that it will 47TLSv1 client hello messages. This especially means, that it will
48not understand SSLv2 client hello messages which are widely used for 48not understand SSLv2 client hello messages which are widely used for
49compatibility reasons, see SSLv23_*_method(). 49compatibility reasons, see SSLv23_*_method(). It will also not understand
50SSLv3 client hello messages.
50 51
51=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) 52=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
52 53
@@ -58,6 +59,10 @@ choice when compatibility is a concern.
58 59
59=back 60=back
60 61
62If a generic method is used, it is necessary to explicitly set client or
63server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
64or SSL_set_accept_state().
65
61The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, 66The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
62SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or 67SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
63B<SSL_set_options()> functions. Using these options it is possible to choose 68B<SSL_set_options()> functions. Using these options it is possible to choose
@@ -88,6 +93,6 @@ The return value points to an allocated SSL_CTX object.
88=head1 SEE ALSO 93=head1 SEE ALSO
89 94
90L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, 95L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
91L<ssl(3)|ssl(3)> 96L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
92 97
93=cut 98=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_number.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_number.pod
new file mode 100644
index 0000000000..19aa4e2902
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_number.pod
@@ -0,0 +1,76 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_sess_number(SSL_CTX *ctx);
12 long SSL_CTX_sess_connect(SSL_CTX *ctx);
13 long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
14 long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
15 long SSL_CTX_sess_accept(SSL_CTX *ctx);
16 long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
17 long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
18 long SSL_CTX_sess_hits(SSL_CTX *ctx);
19 long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
20 long SSL_CTX_sess_misses(SSL_CTX *ctx);
21 long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
22 long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
23
24=head1 DESCRIPTION
25
26SSL_CTX_sess_number() returns the current number of sessions in the internal
27session cache.
28
29SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in
30client mode.
31
32SSL_CTX_sess_connect_good() returns the number of successfully established
33SSL/TLS sessions in client mode.
34
35SSL_CTX_sess_connect_renegotiate() returns the number of start renegotiations
36in client mode.
37
38SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in
39server mode.
40
41SSL_CTX_sess_accept_good() returns the number of successfully established
42SSL/TLS sessions in server mode.
43
44SSL_CTX_sess_accept_renegotiate() returns the number of start renegotiations
45in server mode.
46
47SSL_CTX_sess_hits() returns the number of successfully reused sessions.
48In client mode a session set with L<SSL_set_session(3)|SSL_set_session(3)>
49successfully reused is counted as a hit. In server mode a session successfully
50retrieved from internal or external cache is counted as a hit.
51
52SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions
53from the external session cache in server mode.
54
55SSL_CTX_sess_misses() returns the number of sessions proposed by clients
56that were not found in the internal session cache in server mode.
57
58SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients
59and either found in the internal or external session cache in server mode,
60 but that were invalid due to timeout. These sessions are not included in
61the SSL_CTX_sess_hits() count.
62
63SSL_CTX_sess_cache_full() returns the number of sessions that were removed
64because the maximum session cache size was exceeded.
65
66=head1 RETURN VALUES
67
68The functions return the values indicated in the DESCRIPTION section.
69
70=head1 SEE ALSO
71
72L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
73L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
74L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>
75
76=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod
new file mode 100644
index 0000000000..d59a7db636
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod
@@ -0,0 +1,51 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
12 long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
13
14=head1 DESCRIPTION
15
16SSL_CTX_sess_set_cache_size() sets the size of the internal session cache
17of context B<ctx> to B<t>.
18
19SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.
20
21=head1 NOTES
22
23The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,
24currently 1024*20, so that up to 20000 sessions can be held. This size
25can be modified using the SSL_CTX_sess_set_cache_size() call. A special
26case is the size 0, which is used for unlimited size.
27
28When the maximum number of sessions is reached, no more new sessions are
29added to the cache. New space may be added by calling
30L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> to remove
31expired sessions.
32
33If the size of the session cache is reduced and more sessions are already
34in the session cache, old session will be removed at the next time a
35session shall be added. This removal is not synchronized with the
36expiration of sessions.
37
38=head1 RETURN VALUES
39
40SSL_CTX_sess_set_cache_size() returns the previously valid size.
41
42SSL_CTX_sess_get_cache_size() returns the currently valid size.
43
44=head1 SEE ALSO
45
46L<ssl(3)|ssl(3)>,
47L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
48L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
49L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
50
51=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod
new file mode 100644
index 0000000000..b6f15b4404
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod
@@ -0,0 +1,81 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
12 int (*new_session_cb)(SSL *, SSL_SESSION *));
13 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
14 void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
15 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
16 SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *));
17
18 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
19 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
20 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy);
21
22 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
23 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
24 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
25 int len, int *copy);
26
27=head1 DESCRIPTION
28
29SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
30called whenever a new session was negotiated.
31
32SSL_CTX_sess_set_remove_cb() sets the callback function, which is
33automatically called whenever a session is removed by the SSL engine,
34because it is considered faulty or the session has become obsolete because
35of exceeding the timeout value.
36
37SSL_CTX_sess_set_get_cb() sets the callback function which is called,
38whenever a SSL/TLS client proposed to resume a session but the session
39could not be found in the internal session cache (see
40L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
41(SSL/TLS server only.)
42
43SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
44SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
45provided callback functions. If a callback function has not been set,
46the NULL pointer is returned.
47
48=head1 NOTES
49
50In order to allow external session caching, synchronization with the internal
51session cache is realized via callback functions. Inside these callback
52functions, session can be saved to disk or put into a database using the
53L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> interface.
54
55The new_session_cb() is called, whenever a new session has been negotiated
56and session caching is enabled (see
57L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
58The new_session_cb() is passed the B<ssl> connection and the ssl session
59B<sess>. If the callback returns B<0>, the session will be immediately
60removed again.
61
62The remove_session_cb() is called, whenever the SSL engine removes a session
63from the internal cache. This happens if the session is removed because
64it is expired or when a connection was not shutdown cleanly. The
65remove_session_cb() is passed the B<ctx> and the ssl session B<sess>.
66It does not provide any feedback.
67
68The get_session_cb() is only called on SSL/TLS servers with the session id
69proposed by the client. The get_session_cb() is always called, also when
70session caching was disabled. The get_session_cb() is passed the
71B<ssl> connection, the session id of length B<length> at the memory location
72B<data>. With the parameter B<copy> the callback can require the
73SSL engine to increment the reference count of the SSL_SESSION object.
74
75=head1 SEE ALSO
76
77L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
78L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
79L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
80
81=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_sessions.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_sessions.pod
new file mode 100644
index 0000000000..e05aab3c1b
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_sessions.pod
@@ -0,0 +1,34 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_sessions - access internal session cache
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
12
13=head1 DESCRIPTION
14
15SSL_CTX_sessions() returns a pointer to the lhash databases containing the
16internal session cache for B<ctx>.
17
18=head1 NOTES
19
20The sessions in the internal session cache are kept in an
21L<lhash(3)|lhash(3)> type database. It is possible to directly
22access this database e.g. for searching. In parallel, the sessions
23form a linked list which is maintained separately from the
24L<lhash(3)|lhash(3)> operations, so that the database must not be
25modified directly but by using the
26L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)> family of functions.
27
28=head1 SEE ALSO
29
30L<ssl(3)|ssl(3)>, L<lhash(3)|lhash(3)>,
31L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
32L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
33
34=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod
index 272d6b3de2..9a29eeeb95 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -2,8 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5SSL_CTX_set_cipher_list, SSL_set_cipher_list 5SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs
6- choose list of available SSL_CIPHERs
7 6
8=head1 SYNOPSIS 7=head1 SYNOPSIS
9 8
@@ -47,6 +46,7 @@ could be selected and 0 on complete failure.
47=head1 SEE ALSO 46=head1 SEE ALSO
48 47
49L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, 48L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
49L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
50L<ciphers(1)|ciphers(1)> 50L<ciphers(1)|ciphers(1)>
51 51
52=cut 52=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
new file mode 100644
index 0000000000..81e312761e
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -0,0 +1,90 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
6SSL_add_client_CA - set list of CAs sent to the client when requesting a
7client certificate
8
9=head1 SYNOPSIS
10
11 #include <openssl/ssl.h>
12
13 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
14 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
15 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
16 int SSL_add_client_CA(SSL *ssl, X509 *cacert);
17
18=head1 DESCRIPTION
19
20SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
21requesting a client certificate for B<ctx>.
22
23SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
24requesting a client certificate for the chosen B<ssl>, overriding the
25setting valid for B<ssl>'s SSL_CTX object.
26
27SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
28list of CAs sent to the client when requesting a client certificate for
29B<ctx>.
30
31SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
32list of CAs sent to the client when requesting a client certificate for
33the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
34
35=head1 NOTES
36
37When a TLS/SSL server requests a client certificate (see
38B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
39it will accept certificates, to the client. If no special list is provided,
40the CAs available using the B<CAfile> option in
41L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
42are sent.
43
44This list can be explicitly set using the SSL_CTX_set_client_CA_list() for
45B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
46specified overrides the previous setting. The CAs listed do not become
47trusted (B<list> only contains the names, not the complete certificates); use
48L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
49to additionally load them for verification.
50
51SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
52items the list of client CAs. If no list was specified before using
53SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
54CA list for B<ctx> or B<ssl> (as appropriate) is opened. The CAs implicitly
55specified using
56L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
57are no longer used automatically.
58
59These functions are only useful for TLS/SSL servers.
60
61=head1 RETURN VALUES
62
63SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
64diagnostic information.
65
66SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
67values:
68
69=over 4
70
71=item 1
72
73The operation succeeded.
74
75=item 0
76
77A failure while manipulating the STACK_OF(X509_NAME) object occurred or
78the X509_NAME could not be extracted from B<cacert>. Check the error stack
79to find out the reason.
80
81=back
82
83=head1 SEE ALSO
84
85L<ssl(3)|ssl(3)>,
86L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
87L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
88L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
89
90=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
new file mode 100644
index 0000000000..a5343a1cf3
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -0,0 +1,70 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
12 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
13
14 int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
15
16=head1 DESCRIPTION
17
18SSL_CTX_set_default_passwd_cb() sets the default password callback called
19when loading/storing a PEM certificate with encryption.
20
21SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
22will be provided to the password callback on invocation.
23
24The pem_passwd_cb(), which must be provided by the application, hands back the
25password to be used during decryption. On invocation a pointer to B<userdata>
26is provided. The pem_passwd_cb must write the password into the provided buffer
27B<buf> which is of size B<size>. The actual length of the password must
28be returned to the calling function. B<rwflag> indicates whether the
29callback is used for reading/decryption (rwflag=0) or writing/encryption
30(rwflag=1).
31
32=head1 NOTES
33
34When loading or storing private keys, a password might be supplied to
35protect the private key. The way this password can be supplied may depend
36on the application. If only one private key is handled, it can be practical
37to have pem_passwd_cb() handle the password dialog interactively. If several
38keys have to be handled, it can be practical to ask for the password once,
39then keep it in memory and use it several times. In the last case, the
40password could be stored into the B<userdata> storage and the
41pem_passwd_cb() only returns the password already stored.
42
43Other items in PEM formatting (certificates) can also be encrypted, it is
44however not usual, as certificate information is considered public.
45
46=head1 RETURN VALUES
47
48SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata()
49do not provide diagnostic information.
50
51=head1 EXAMPLES
52
53The following example returns the password provided as B<userdata> to the
54calling function. The password is considered to be a '\0' terminated
55string. If the password does not fit into the buffer, the password is
56truncated.
57
58 int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
59 {
60 strncpy(buf, (char *)(password), size);
61 buf[size - 1] = '\0';
62 return(strlen(buf));
63 }
64
65=head1 SEE ALSO
66
67L<ssl(3)|ssl(3)>,
68L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>
69
70=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod
new file mode 100644
index 0000000000..9a035bb4d1
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod
@@ -0,0 +1,78 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
12 long SSL_set_mode(SSL *ssl, long mode);
13
14 long SSL_CTX_get_mode(SSL_CTX *ctx);
15 long SSL_get_mode(SSL *ssl);
16
17=head1 DESCRIPTION
18
19SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
20Options already set before are not cleared.
21
22SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
23Options already set before are not cleared.
24
25SSL_CTX_get_mode() returns the mode set for B<ctx>.
26
27SSL_get_mode() returns the mode set for B<ssl>.
28
29=head1 NOTES
30
31The following mode changes are available:
32
33=over 4
34
35=item SSL_MODE_ENABLE_PARTIAL_WRITE
36
37Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
38when just a single record has been written). When not set (the default),
39SSL_write() will only report success once the complete chunk was written.
40
41=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
42
43Make it possible to retry SSL_write() with changed buffer location
44(the buffer contents must stay the same). This is not the default to avoid
45the misconception that non-blocking SSL_write() behaves like
46non-blocking write().
47
48=item SSL_MODE_AUTO_RETRY
49
50Never bother the application with retries if the transport is blocking.
51If a renegotiation take place during normal operation, a
52L<SSL_read(3)|SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return
53with -1 and indicate the need to retry with SSL_ERROR_WANT_READ.
54In a non-blocking environment applications must be prepared to handle
55incomplete read/write operations.
56In a blocking environment, applications are not always prepared to
57deal with read/write operations returning without success report. The
58flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
59return after the handshake and successful completion.
60
61=back
62
63=head1 RETURN VALUES
64
65SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
66after adding B<mode>.
67
68SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
69
70=head1 SEE ALSO
71
72L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)>
73
74=head1 HISTORY
75
76SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.
77
78=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
new file mode 100644
index 0000000000..3dc7cc74ad
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -0,0 +1,183 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_set_options(SSL_CTX *ctx, long options);
12 long SSL_set_options(SSL *ssl, long options);
13
14 long SSL_CTX_get_options(SSL_CTX *ctx);
15 long SSL_get_options(SSL *ssl);
16
17=head1 DESCRIPTION
18
19SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
20Options already set before are not cleared.
21
22SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
23Options already set before are not cleared.
24
25SSL_CTX_get_options() returns the options set for B<ctx>.
26
27SSL_get_options() returns the options set for B<ssl>.
28
29=head1 NOTES
30
31The behaviour of the SSL library can be changed by setting several options.
32The options are coded as bitmasks and can be combined by a logical B<or>
33operation (|). Options can only be added but can never be reset.
34
35During a handshake, the option settings of the SSL object used. When
36a new SSL object is created from a context using SSL_new(), the current
37option setting is copied. Changes to B<ctx> do not affect already created
38SSL objects. SSL_clear() does not affect the settings.
39
40The following B<bug workaround> options are available:
41
42=over 4
43
44=item SSL_OP_MICROSOFT_SESS_ID_BUG
45
46www.microsoft.com - when talking SSLv2, if session-id reuse is
47performed, the session-id passed back in the server-finished message
48is different from the one decided upon.
49
50=item SSL_OP_NETSCAPE_CHALLENGE_BUG
51
52Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
53challenge but then appears to only use 16 bytes when generating the
54encryption keys. Using 16 bytes is ok but it should be ok to use 32.
55According to the SSLv3 spec, one should use 32 bytes for the challenge
56when operating in SSLv2/v3 compatibility mode, but as mentioned above,
57this breaks this server so 16 bytes is the way to go.
58
59=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
60
61ssl3.netscape.com:443, first a connection is established with RC4-MD5.
62If it is then resumed, we end up using DES-CBC3-SHA. It should be
63RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
64
65Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
66It only really shows up when connecting via SSLv2/v3 then reconnecting
67via SSLv3. The cipher list changes....
68
69NEW INFORMATION. Try connecting with a cipher list of just
70DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
71RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
72doing a re-connect, always takes the first cipher in the cipher list.
73
74=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
75
76...
77
78=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
79
80...
81
82=item SSL_OP_MSIE_SSLV2_RSA_PADDING
83
84...
85
86=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
87
88...
89
90=item SSL_OP_TLS_D5_BUG
91
92...
93
94=item SSL_OP_TLS_BLOCK_PADDING_BUG
95
96...
97
98=item SSL_OP_TLS_ROLLBACK_BUG
99
100Disable version rollback attack detection.
101
102During the client key exchange, the client must send the same information
103about acceptable SSL/TLS protocol levels as during the first hello. Some
104clients violate this rule by adapting to the server's answer. (Example:
105the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
106only understands up to SSLv3. In this case the client must still use the
107same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
108to the server's answer and violate the version rollback protection.)
109
110=item SSL_OP_ALL
111
112All of the above bug workarounds.
113
114=back
115
116It is save and recommended to use SSL_OP_ALL to enable the bug workaround
117options.
118
119The following B<modifying> options are available:
120
121=over 4
122
123=item SSL_OP_SINGLE_DH_USE
124
125Always create a new key when using temporary DH parameters.
126
127=item SSL_OP_EPHEMERAL_RSA
128
129Also use the temporary RSA key when doing RSA operations.
130
131=item SSL_OP_PKCS1_CHECK_1
132
133...
134
135=item SSL_OP_PKCS1_CHECK_2
136
137...
138
139=item SSL_OP_NETSCAPE_CA_DN_BUG
140
141If we accept a netscape connection, demand a client cert, have a
142non-self-sighed CA which does not have it's CA in netscape, and the
143browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
144
145=item SSL_OP_NON_EXPORT_FIRST
146
147On servers try to use non-export (stronger) ciphers first. This option does
148not work under all circumstances (in the code it is declared "broken").
149
150=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
151
152...
153
154=item SSL_OP_NO_SSLv2
155
156Do not use the SSLv2 protocol.
157
158=item SSL_OP_NO_SSLv3
159
160Do not use the SSLv3 protocol.
161
162=item SSL_OP_NO_TLSv1
163
164Do not use the TLSv1 protocol.
165
166=back
167
168=head1 RETURN VALUES
169
170SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
171after adding B<options>.
172
173SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
174
175=head1 SEE ALSO
176
177L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>
178
179=head1 HISTORY
180
181SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
182
183=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod
new file mode 100644
index 0000000000..083766f8d0
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -0,0 +1,107 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
12 long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
13
14=head1 DESCRIPTION
15
16SSL_CTX_set_session_cache_mode() enables/disables session caching
17by setting the operational mode for B<ctx> to <mode>.
18
19SSL_CTX_get_session_cache_mode() returns the currently used cache mode.
20
21=head1 NOTES
22
23The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
24The sessions can be held in memory for each B<ctx>, if more than one
25SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
26object.
27
28In order to reuse a session, a client must send the session's id to the
29server. It can only send exactly one id. The server then decides whether it
30agrees in reusing the session or starts the handshake for a new session.
31
32A server will lookup up the session in its internal session storage. If
33the session is not found in internal storage or internal storage is
34deactivated, the server will try the external storage if available.
35
36Since a client may try to reuse a session intended for use in a different
37context, the session id context must be set by the server (see
38L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>).
39
40The following session cache modes and modifiers are available:
41
42=over 4
43
44=item SSL_SESS_CACHE_OFF
45
46No session caching for client or server takes place.
47
48=item SSL_SESS_CACHE_CLIENT
49
50Client sessions are added to the session cache. As there is no reliable way
51for the OpenSSL library to know whether a session should be reused or which
52session to choose (due to the abstract BIO layer the SSL engine does not
53have details about the connection), the application must select the session
54to be reused by using the L<SSL_set_session(3)|SSL_set_session(3)>
55function. This option is not activated by default.
56
57=item SSL_SESS_CACHE_SERVER
58
59Server sessions are added to the session cache. When a client proposes a
60session to be reused, the session is looked up in the internal session cache.
61If the session is found, the server will try to reuse the session.
62This is the default.
63
64=item SSL_SESS_CACHE_BOTH
65
66Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.
67
68=item SSL_SESS_CACHE_NO_AUTO_CLEAR
69
70Normally the session cache is checked for expired sessions every
71255 connections using the
72L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> function. Since
73this may lead to a delay which cannot be controlled, the automatic
74flushing may be disabled and
75L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> can be called
76explicitly by the application.
77
78=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
79
80By setting this flag sessions are cached in the internal storage but
81they are not looked up automatically. If an external session cache
82is enabled, sessions are looked up in the external cache. As automatic
83lookup only applies for SSL/TLS servers, the flag has no effect on
84clients.
85
86=back
87
88The default mode is SSL_SESS_CACHE_SERVER.
89
90=head1 RETURN VALUES
91
92SSL_CTX_set_session_cache_mode() returns the previously set cache mode.
93
94SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
95
96
97=head1 SEE ALSO
98
99L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
100L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
101L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
102L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
103L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
104L<SSL_CTX_set_timeout.pod(3)|SSL_CTX_set_timeout.pod(3)>,
105L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
106
107=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod
new file mode 100644
index 0000000000..5949395159
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -0,0 +1,82 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
12 unsigned int sid_ctx_len);
13 int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
14 unsigned int sid_ctx_len);
15
16=head1 DESCRIPTION
17
18SSL_CTX_set_session_id_context() sets the context B<sid_ctx> of length
19B<sid_ctx_len> within which a session can be reused for the B<ctx> object.
20
21SSL_set_session_id_context() sets the context B<sid_ctx> of length
22B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
23
24=head1 NOTES
25
26Sessions are generated within a certain context. When exporting/importing
27sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible,
28to re-import a session generated from another context (e.g. another
29application), which might lead to malfunctions. Therefore each application
30must set its own session id context B<sid_ctx> which is used to distinguish
31the contexts and is stored in exported sessions. The B<sid_ctx> can be
32any kind of binary data with a given length, it is therefore possible
33to use e.g. the name of the application and/or the hostname and/or service
34name ...
35
36The session id context becomes part of the session. The session id context
37is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and
38SSL_set_session_id_context() functions are therefore only useful on the
39server side.
40
41OpenSSL clients will check the session id context returned by the server
42when reusing a session.
43
44The maximum length of the B<sid_ctx> is limited to
45B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
46
47=head1 WARNINGS
48
49If the session id context is not set on an SSL/TLS server, stored sessions
50will not be reused but a fatal error will be flagged and the handshake
51will fail.
52
53If a server returns a different session id context to an OpenSSL client
54when reusing a session, an error will be flagged and the handshake will
55fail. OpenSSL servers will always return the correct session id context,
56as an OpenSSL server checks the session id context itself before reusing
57a session as described above.
58
59=head1 RETURN VALUES
60
61SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
62return the following values:
63
64=over 4
65
66=item 0
67
68The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
69the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
70is logged to the error stack.
71
72=item 1
73
74The operation succeeded.
75
76=back
77
78=head1 SEE ALSO
79
80L<ssl(3)|ssl(3)>
81
82=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
index 3091bd6895..0020180965 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -17,8 +17,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
17 17
18SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects 18SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
19newly created from this B<ctx>. SSL objects already created with 19newly created from this B<ctx>. SSL objects already created with
20L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is 20L<SSL_new(3)|SSL_new(3)> are not affected, except when
21being called. 21L<SSL_clear(3)|SSL_clear(3)> is being called.
22 22
23SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> 23SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
24object. It may be reset, when SSL_clear() is called. 24object. It may be reset, when SSL_clear() is called.
@@ -31,9 +31,9 @@ set in B<ssl>.
31The available B<method> choices are described in 31The available B<method> choices are described in
32L<SSL_CTX_new(3)|SSL_CTX_new(3)>. 32L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
33 33
34When SSL_clear() is called and no session is connected to an SSL object, 34When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to
35the method of the SSL object is reset to the method currently set in 35an SSL object, the method of the SSL object is reset to the method currently
36the corresponding SSL_CTX object. 36set in the corresponding SSL_CTX object.
37 37
38=head1 RETURN VALUES 38=head1 RETURN VALUES
39 39
@@ -55,6 +55,7 @@ The operation succeeded.
55=head1 SEE ALSO 55=head1 SEE ALSO
56 56
57L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>, 57L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
58L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)> 58L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>,
59L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
59 60
60=cut 61=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_timeout.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_timeout.pod
new file mode 100644
index 0000000000..21faed12d4
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_timeout.pod
@@ -0,0 +1,55 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
12 long SSL_CTX_get_timeout(SSL_CTX *ctx);
13
14=head1 DESCRIPTION
15
16SSL_CTX_set_timeout() sets the timeout for newly created sessions for
17B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
18
19SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
20
21=head1 NOTES
22
23Whenever a new session is created, it is assigned a maximum lifetime. This
24lifetime is specified by storing the creation time of the session and the
25timeout value valid at this time. If the actual time is later than creation
26time plus timeout, the session is not reused.
27
28Due to this realization, all sessions behave according to the timeout value
29valid at the time of the session negotiation. Changes of the timeout value
30do not affect already established sessions.
31
32The expiration time of a single session can be modified using the
33L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)> family of functions.
34
35Expired sessions are removed from the internal session cache, whenever
36L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either
37directly by the application or automatically (see
38L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
39
40The default value for session timeout is 300 seconds.
41
42=head1 RETURN VALUES
43
44SSL_CTX_set_timeout() returns the previously set timeout value.
45
46SSL_CTX_get_timeout() returns the currently set timeout value.
47
48=head1 SEE ALSO
49
50L<ssl(3)|ssl(3)>,
51L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
52L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
53L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
54
55=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
new file mode 100644
index 0000000000..fc0b76118f
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
@@ -0,0 +1,284 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth - set peer certificate verification parameters
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
12 int (*verify_callback)(int, X509_STORE_CTX *));
13 void SSL_set_verify(SSL *s, int mode,
14 int (*verify_callback)(int, X509_STORE_CTX *));
15 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
16 void SSL_set_verify_depth(SSL *s, int depth);
17
18 int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
19
20=head1 DESCRIPTION
21
22SSL_CTX_set_verify() sets the verification flags for B<ctx> to be B<mode> and
23specifies the B<verify_callback> function to be used. If no callback function
24shall be specified, the NULL pointer can be used for B<verify_callback>.
25
26SSL_set_verify() sets the verification flags for B<ssl> to be B<mode> and
27specifies the B<verify_callback> function to be used. If no callback function
28shall be specified, the NULL pointer can be used for B<verify_callback>. In
29this case last B<verify_callback> set specifically for this B<ssl> remains. If
30no special B<callback> was set before, the default callback for the underlying
31B<ctx> is used, that was valid at the the time B<ssl> was created with
32L<SSL_new(3)|SSL_new(3)>.
33
34SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
35verification that shall be allowed for B<ctx>. (See the BUGS section.)
36
37SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
38verification that shall be allowed for B<ssl>. (See the BUGS section.)
39
40=head1 NOTES
41
42The verification of certificates can be controlled by a set of logically
43or'ed B<mode> flags:
44
45=over 4
46
47=item SSL_VERIFY_NONE
48
49B<Server mode:> the server will not send a client certificate request to the
50client, so the client will not send a certificate.
51
52B<Client mode:> if not using an anonymous cipher (by default disabled), the
53server will send a certificate which will be checked. The result of the
54certificate verification process can be checked after the TLS/SSL handshake
55using the L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> function.
56The handshake will be continued regardless of the verification result.
57
58=item SSL_VERIFY_PEER
59
60B<Server mode:> the server sends a client certificate request to the client.
61The certificate returned (if any) is checked. If the verification process
62fails as indicated by B<verify_callback>, the TLS/SSL handshake is
63immediately terminated with an alert message containing the reason for
64the verification failure.
65The behaviour can be controlled by the additional
66SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
67
68B<Client mode:> the server certificate is verified. If the verification process
69fails as indicated by B<verify_callback>, the TLS/SSL handshake is
70immediately terminated with an alert message containing the reason for
71the verification failure. If no server certificate is sent, because an
72anonymous cipher is used, SSL_VERIFY_PEER is ignored.
73
74=item SSL_VERIFY_FAIL_IF_NO_PEER_CERT
75
76B<Server mode:> if the client did not return a certificate, the TLS/SSL
77handshake is immediately terminated with a "handshake failure" alert.
78This flag must be used together with SSL_VERIFY_PEER.
79
80B<Client mode:> ignored
81
82=item SSL_VERIFY_CLIENT_ONCE
83
84B<Server mode:> only request a client certificate on the initial TLS/SSL
85handshake. Do not ask for a client certificate again in case of a
86renegotiation. This flag must be used together with SSL_VERIFY_PEER.
87
88B<Client mode:> ignored
89
90=back
91
92Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
93set at any time.
94
95SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
96to which depth certificates in a chain are used during the verification
97procedure. If the certificate chain is longer than allowed, the certificates
98above the limit are ignored. Error messages are generated as if these
99certificates would not be present, most likely a
100X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
101The depth count is "level 0:peer certificate", "level 1: CA certificate",
102"level 2: higher level CA certificate", and so on. Setting the maximum
103depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
104allowing for the peer certificate and additional 9 CA certificates.
105
106The B<verify_callback> function is used to control the behaviour when the
107SSL_VERIFY_PEER flag is set. It must be supplied by the application and
108receives two arguments: B<preverify_ok> indicates, whether the verification of
109the certificate in question was passed (preverify_ok=1) or not
110(preverify_ok=0). B<x509_ctx> is a pointer to the complete context used
111for the certificate chain verification.
112
113The certificate chain is checked starting with the deepest nesting level
114(the root CA certificate) and worked upward to the peer's certificate.
115At each level signatures and issuer attributes are checked. Whenever
116a verification error is found, the error number is stored in B<x509_ctx>
117and B<verify_callback> is called with B<preverify_ok>=0. By applying
118X509_CTX_store_* functions B<verify_callback> can locate the certificate
119in question and perform additional steps (see EXAMPLES). If no error is
120found for a certificate, B<verify_callback> is called with B<preverify_ok>=1
121before advancing to the next level.
122
123The return value of B<verify_callback> controls the strategy of the further
124verification process. If B<verify_callback> returns 0, the verification
125process is immediately stopped with "verification failed" state. If
126SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
127the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
128the verification process is continued. If B<verify_callback> always returns
1291, the TLS/SSL handshake will never be terminated because of this application
130experiencing a verification failure. The calling process can however
131retrieve the error code of the last verification error using
132L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
133own error storage managed by B<verify_callback>.
134
135If no B<verify_callback> is specified, the default callback will be used.
136Its return value is identical to B<preverify_ok>, so that any verification
137failure will lead to a termination of the TLS/SSL handshake with an
138alert message, if SSL_VERIFY_PEER is set.
139
140=head1 BUGS
141
142In client mode, it is not checked whether the SSL_VERIFY_PEER flag
143is set, but whether SSL_VERIFY_NONE is not set. This can lead to
144unexpected behaviour, if the SSL_VERIFY_PEER and SSL_VERIFY_NONE are not
145used as required (exactly one must be set at any time).
146
147The certificate verification depth set with SSL[_CTX]_verify_depth()
148stops the verification at a certain depth. The error message produced
149will be that of an incomplete certificate chain and not
150X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.
151
152=head1 RETURN VALUES
153
154The SSL*_set_verify*() functions do not provide diagnostic information.
155
156=head1 EXAMPLES
157
158The following code sequence realizes an example B<verify_callback> function
159that will always continue the TLS/SSL handshake regardless of verification
160failure, if wished. The callback realizes a verification depth limit with
161more informational output.
162
163All verification errors are printed, informations about the certificate chain
164are printed on request.
165The example is realized for a server that does allow but not require client
166certificates.
167
168The example makes use of the ex_data technique to store application data
169into/retrieve application data from the SSL structure
170(see L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
171L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
172
173 ...
174 typedef struct {
175 int verbose_mode;
176 int verify_depth;
177 int always_continue;
178 } mydata_t;
179 int mydata_index;
180 ...
181 static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
182 {
183 char buf[256];
184 X509 *err_cert;
185 int err, depth;
186 SSL *ssl;
187 mydata_t *mydata;
188
189 err_cert = X509_STORE_CTX_get_current_cert(ctx);
190 err = X509_STORE_CTX_get_error(ctx);
191 depth = X509_STORE_CTX_get_error_depth(ctx);
192
193 /*
194 * Retrieve the pointer to the SSL of the connection currently treated
195 * and the application specific data stored into the SSL object.
196 */
197 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
198 mydata = SSL_get_ex_data(ssl, mydata_index);
199
200 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
201
202 /*
203 * Catch a too long certificate chain. The depth limit set using
204 * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
205 * that whenever the "depth>verify_depth" condition is met, we
206 * have violated the limit and want to log this error condition.
207 * We must do it here, because the CHAIN_TOO_LONG error would not
208 * be found explicitly; only errors introduced by cutting off the
209 * additional certificates would be logged.
210 */
211 if (depth > mydata->verify_depth) {
212 preverify_ok = 0;
213 err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
214 X509_STORE_CTX_set_error(ctx, err);
215 }
216 if (!preverify_ok) {
217 printf("verify error:num=%d:%s:depth=%d:%s\n", err,
218 X509_verify_cert_error_string(err), depth, buf);
219 }
220 else if (mydata->verbose_mode)
221 {
222 printf("depth=%d:%s\n", depth, buf);
223 }
224
225 /*
226 * At this point, err contains the last verification error. We can use
227 * it for something special
228 */
229 if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
230 {
231 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
232 printf("issuer= %s\n", buf);
233 }
234
235 if (mydata->always_continue)
236 return 1;
237 else
238 return preverify_ok;
239 }
240 ...
241
242 mydata_t mydata;
243
244 ...
245 mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
246
247 ...
248 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
249 verify_callback);
250
251 /*
252 * Let the verify_callback catch the verify_depth error so that we get
253 * an appropriate error in the logfile.
254 */
255 SSL_CTX_set_verify_depth(verify_depth + 1);
256
257 /*
258 * Set up the SSL specific data into "mydata" and store it into th SSL
259 * structure.
260 */
261 mydata.verify_depth = verify_depth; ...
262 SSL_set_ex_data(ssl, mydata_index, &mydata);
263
264 ...
265 SSL_accept(ssl); /* check of success left out for clarity */
266 if (peer = SSL_get_peer_certificate(ssl))
267 {
268 if (SSL_get_verify_result(ssl) == X509_V_OK)
269 {
270 /* The client sent a certificate which verified OK */
271 }
272 }
273
274=head1 SEE ALSO
275
276L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>,
277L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
278L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
279L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
280L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
281L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
282L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>
283
284=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
new file mode 100644
index 0000000000..3b2fe6fc50
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod
@@ -0,0 +1,154 @@
1=pod
2
3=head1 NAME
4
5SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key - load certificate and key data
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
12 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
13 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
14 int SSL_use_certificate(SSL *ssl, X509 *x);
15 int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
16 int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
17
18 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
19
20 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
21 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
22 long len);
23 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
24 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
25 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
26 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
27 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
28 int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
29 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
30 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
31 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
32 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
33
34 int SSL_CTX_check_private_key(SSL_CTX *ctx);
35 int SSL_check_private_key(SSL *ssl);
36
37=head1 DESCRIPTION
38
39These functions load the certificates and private keys into the SSL_CTX
40or SSL object, respectively.
41
42The SSL_CTX_* class of functions loads the certificates and keys into the
43SSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl>
44created from B<ctx> with L<SSL_new(3)|SSL_new(3)> by copying, so that
45changes applied to B<ctx> do not propagate to already existing SSL objects.
46
47The SSL_* class of functions only loads certificates and keys into a
48specific SSL object. The specific information is kept, when
49L<SSL_clear(3)|SSL_clear(3)> is called for this SSL object.
50
51SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
52SSL_use_certificate() loads B<x> into B<ssl>. The rest of the
53certificates needed to form the complete certificate chain can be
54specified using the
55L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
56function.
57
58SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
59the memory location B<d> (with length B<len>) into B<ctx>,
60SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
61
62SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
63into B<ctx>. The formatting B<type> of the certificate must be specified
64from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
65SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
66See the NOTES section on why SSL_CTX_use_certificate_chain_file()
67should be preferred.
68
69SSL_CTX_use_certificate_chain_file() loads a certificate chain from
70B<file> into B<ctx>. The certificates must be in PEM format and must
71be sorted starting with the certificate to the highest level (root CA).
72There is no corresponding function working on a single SSL object.
73
74SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
75SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
76to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>;
77SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>.
78
79SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
80stored at memory location B<d> (length B<len>) to B<ctx>.
81SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA
82stored at memory location B<d> (length B<len>) to B<ctx>.
83SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private
84key to B<ssl>.
85
86SSL_CTX_use_PrivateKey_file() adds the first private key found in
87B<file> to B<ctx>. The formatting B<type> of the certificate must be specified
88from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
89SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in
90B<file> to B<ctx>. SSL_use_PrivateKey_file() adds the first private key found
91in B<file> to B<ssl>; SSL_use_RSAPrivateKey_file() adds the first private
92RSA key found to B<ssl>.
93
94SSL_CTX_check_private_key() checks the consistency of a private key with
95the corresponding certificate loaded into B<ctx>. If more than one
96key/certificate pair (RSA/DSA) is installed, the last item installed will
97be checked. If e.g. the last item was a RSA certificate or key, the RSA
98key/certificate pair will be checked. SSL_check_private_key() performs
99the same check for B<ssl>. If no key/certificate was explicitly added for
100this B<ssl>, the last item added into B<ctx> will be checked.
101
102=head1 NOTES
103
104The internal certificate store of OpenSSL can hold two private key/certificate
105pairs at a time: one key/certificate of type RSA and one key/certificate
106of type DSA. The certificate used depends on the cipher select, see
107also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>.
108
109When reading certificates and private keys from file, files of type
110SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain
111one certificate or private key, consequently
112SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting.
113Files of type SSL_FILETYPE_PEM can contain more than one item.
114
115SSL_CTX_use_certificate_chain_file() adds the first certificate found
116in the file to the certificate store. The other certificates are added
117to the store of chain certificates using
118L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>.
119There exists only one extra chain store, so that the same chain is appended
120to both types of certificates, RSA and DSA! If it is not intended to use
121both type of certificate at the same time, it is recommended to use the
122SSL_CTX_use_certificate_chain_file() instead of the
123SSL_CTX_use_certificate_file() function in order to allow the use of
124complete certificate chains even when no trusted CA storage is used or
125when the CA issuing the certificate shall not be added to the trusted
126CA storage.
127
128If additional certificates are needed to complete the chain during the
129TLS negotiation, CA certificates are additionally looked up in the
130locations of trusted CA certificates, see
131L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
132
133The private keys loaded from file can be encrypted. In order to successfully
134load encrypted keys, a function returning the passphrase must have been
135supplied, see
136L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>.
137(Certificate files might be encrypted as well from the technical point
138of view, it however does not make sense as the data in the certificate
139is considered public anyway.)
140
141=head1 RETURN VALUES
142
143On success, the functions return 1.
144Otherwise check out the error stack to find out the reason.
145
146=head1 SEE ALSO
147
148L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
149L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
150L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
151L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
152L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
153
154=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
new file mode 100644
index 0000000000..dd5cb4f04b
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
@@ -0,0 +1,61 @@
1=pod
2
3=head1 NAME
4
5SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_SESSION_get_ex_new_index(long argl, void *argp,
12 CRYPTO_EX_new *new_func,
13 CRYPTO_EX_dup *dup_func,
14 CRYPTO_EX_free *free_func);
15
16 int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
17
18 void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx);
19
20 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
21 int idx, long argl, void *argp);
22 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
23 int idx, long argl, void *argp);
24 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
25 int idx, long argl, void *argp);
26
27=head1 DESCRIPTION
28
29Several OpenSSL structures can have application specific data attached to them.
30These functions are used internally by OpenSSL to manipulate application
31specific data attached to a specific structure.
32
33SSL_SESSION_get_ex_new_index() is used to register a new index for application
34specific data.
35
36SSL_SESSION_set_ex_data() is used to store application data at B<arg> for B<idx>
37into the B<session> object.
38
39SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from
40B<session>.
41
42A detailed description for the B<*_get_ex_new_index()> functionality
43can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
46
47=head1 WARNINGS
48
49The application data is only maintained for sessions held in memory. The
50application data is not included when dumping the session with
51i2d_SSL_SESSION() (and all functions indirectly calling the dump functions
52like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can
53therefore not be restored.
54
55=head1 SEE ALSO
56
57L<ssl(3)|ssl(3)>,
58L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
59L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
60
61=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
new file mode 100644
index 0000000000..cd33b73aa3
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod
@@ -0,0 +1,63 @@
1=pod
2
3=head1 NAME
4
5SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout - retrieve and manipulate session time and timeout settings
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_SESSION_get_time(SSL_SESSION *s);
12 long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
13 long SSL_SESSION_get_timeout(SSL_SESSION *s);
14 long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
15
16 long SSL_get_time(SSL_SESSION *s);
17 long SSL_set_time(SSL_SESSION *s, long tm);
18 long SSL_get_timeout(SSL_SESSION *s);
19 long SSL_set_timeout(SSL_SESSION *s, long tm);
20
21=head1 DESCRIPTION
22
23SSL_SESSION_get_time() returns the time at which the session B<s> was
24established. The time is given in seconds since the Epoch and therefore
25compatible to the time delivered by the time() call.
26
27SSL_SESSION_set_time() replaces the creation time of the session B<s> with
28the chosen value B<tm>.
29
30SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
31in seconds.
32
33SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
34to B<tm>.
35
36The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
37functions are synonyms for the SSL_SESSION_*() counterparts.
38
39=head1 NOTES
40
41Sessions are expired by examining the creation time and the timeout value.
42Both are set at creation time of the session to the actual time and the
43default timeout value at creation, respectively, as set by
44L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>.
45Using these functions it is possible to extend or shorten the lifetime
46of the session.
47
48=head1 RETURN VALUES
49
50SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently
51valid values.
52
53SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.
54
55If any of the function is passed the NULL pointer for the session B<s>,
560 is returned.
57
58=head1 SEE ALSO
59
60L<ssl(3)|ssl(3)>,
61L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>
62
63=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_accept.pod b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
index 0c79ac515e..86f980de41 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_accept.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
@@ -37,6 +37,11 @@ nothing is to be done, but select() can be used to check for the required
37condition. When using a buffering BIO, like a BIO pair, data must be written 37condition. When using a buffering BIO, like a BIO pair, data must be written
38into or retrieved out of the BIO before being able to continue. 38into or retrieved out of the BIO before being able to continue.
39 39
40When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
41is necessary to call SSL_set_accept_state()
42before calling SSL_accept() to explicitly switch the B<ssl> to server
43mode.
44
40=head1 RETURN VALUES 45=head1 RETURN VALUES
41 46
42The following return values can occur: 47The following return values can occur:
@@ -54,7 +59,7 @@ The TLS/SSL handshake was not successful but was shut down controlled and
54by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the 59by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
55return value B<ret> to find out the reason. 60return value B<ret> to find out the reason.
56 61
57=item -1 62=item E<lt>0
58 63
59The TLS/SSL handshake was not successful because a fatal error occurred either 64The TLS/SSL handshake was not successful because a fatal error occurred either
60at the protocol level or a connection failure occurred. The shutdown was 65at the protocol level or a connection failure occurred. The shutdown was
@@ -67,6 +72,8 @@ to find out the reason.
67=head1 SEE ALSO 72=head1 SEE ALSO
68 73
69L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, 74L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
70L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 75L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
76L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
77L<SSL_CTX_new(3)|SSL_CTX_new(3)>
71 78
72=cut 79=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_clear.pod b/src/lib/libssl/src/doc/ssl/SSL_clear.pod
index 862fd8291d..8b735d81dc 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_clear.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_clear.pod
@@ -13,8 +13,17 @@ SSL_clear - reset SSL object to allow another connection
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
15Reset B<ssl> to allow another connection. All settings (method, ciphers, 15Reset B<ssl> to allow another connection. All settings (method, ciphers,
16BIOs) are kept. A completely negotiated B<SSL_SESSION> is not freed but left 16BIOs) are kept.
17untouched for the underlying B<SSL_CTX>. 17
18=head1 NOTES
19
20SSL_clear is used to prepare an SSL object for a new connection. While all
21settings are kept, a side effect is the handling of the current SSL session.
22If a session is still B<open>, it is considered bad and will be removed
23from the session cache, as required by RFC2246. A session is considered open,
24if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
25or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
26set the SSL_SENT_SHUTDOWN state.
18 27
19=head1 RETURN VALUES 28=head1 RETURN VALUES
20 29
@@ -34,6 +43,7 @@ The SSL_clear() operation was successful.
34=back 43=back
35 44
36L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>, 45L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
37L<ssl(3)|ssl(3)> 46L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
47L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>
38 48
39=cut 49=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_connect.pod b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
index debe41744f..bcc167745b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_connect.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
@@ -34,6 +34,11 @@ nothing is to be done, but select() can be used to check for the required
34condition. When using a buffering BIO, like a BIO pair, data must be written 34condition. When using a buffering BIO, like a BIO pair, data must be written
35into or retrieved out of the BIO before being able to continue. 35into or retrieved out of the BIO before being able to continue.
36 36
37When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
38is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
39before calling SSL_connect() to explicitly switch the B<ssl> to client
40mode.
41
37=head1 RETURN VALUES 42=head1 RETURN VALUES
38 43
39The following return values can occur: 44The following return values can occur:
@@ -51,7 +56,7 @@ The TLS/SSL handshake was not successful but was shut down controlled and
51by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the 56by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
52return value B<ret> to find out the reason. 57return value B<ret> to find out the reason.
53 58
54=item -1 59=item E<lt>0
55 60
56The TLS/SSL handshake was not successful, because a fatal error occurred either 61The TLS/SSL handshake was not successful, because a fatal error occurred either
57at the protocol level or a connection failure occurred. The shutdown was 62at the protocol level or a connection failure occurred. The shutdown was
@@ -64,6 +69,8 @@ to find out the reason.
64=head1 SEE ALSO 69=head1 SEE ALSO
65 70
66L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>, 71L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
67L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)> 72L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
73L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
74L<SSL_CTX_new(3)|SSL_CTX_new(3)>
68 75
69=cut 76=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_free.pod b/src/lib/libssl/src/doc/ssl/SSL_free.pod
index f3f0c345f8..2d4f8b6168 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_free.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_free.pod
@@ -16,18 +16,29 @@ SSL_free() decrements the reference count of B<ssl>, and removes the SSL
16structure pointed to by B<ssl> and frees up the allocated memory if the 16structure pointed to by B<ssl> and frees up the allocated memory if the
17the reference count has reached 0. 17the reference count has reached 0.
18 18
19It also calls the free()ing procedures for indirectly affected items, if 19=head1 NOTES
20
21SSL_free() also calls the free()ing procedures for indirectly affected items, if
20applicable: the buffering BIO, the read and write BIOs, 22applicable: the buffering BIO, the read and write BIOs,
21cipher lists specially created for this B<ssl>, the B<SSL_SESSION>. 23cipher lists specially created for this B<ssl>, the B<SSL_SESSION>.
22Do not explicitly free these indirectly freed up items before or after 24Do not explicitly free these indirectly freed up items before or after
23calling SSL_free(), as trying to free things twice may lead to program 25calling SSL_free(), as trying to free things twice may lead to program
24failure. 26failure.
25 27
28The ssl session has reference counts from two users: the SSL object, for
29which the reference count is removed by SSL_free() and the internal
30session cache. If the session is considered bad, because
31L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
32and L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was not used to set the
33SSL_SENT_SHUTDOWN state, the session will also be removed
34from the session cache as required by RFC2246.
35
26=head1 RETURN VALUES 36=head1 RETURN VALUES
27 37
28SSL_free() does not provide diagnostic information. 38SSL_free() does not provide diagnostic information.
29 39
30L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, 40L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
41L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
31L<ssl(3)|ssl(3)> 42L<ssl(3)|ssl(3)>
32 43
33=cut 44=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod b/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod
new file mode 100644
index 0000000000..40e01cf9c8
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_client_CA_list.pod
@@ -0,0 +1,52 @@
1=pod
2
3=head1 NAME
4
5SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
12 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx);
13
14=head1 DESCRIPTION
15
16SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
17B<ctx> using L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>.
18
19SSL_get_client_CA_list() returns the list of client CAs explicitly
20set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
21L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, when in
22server mode. In client mode, SSL_get_client_CA_list returns the list of
23client CAs sent from the server, if any.
24
25=head1 RETURN VALUES
26
27SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
28diagnostic information.
29
30SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
31values:
32
33=over 4
34
35=item STACK_OF(X509_NAMES)
36
37List of CA names explicitly set (for B<ctx> or in server mode) or send
38by the server (client mode).
39
40=item NULL
41
42No client CA list was explicitly set (for B<ctx> or in server mode) or
43the server did not send a list of CAs (client mode).
44
45=back
46
47=head1 SEE ALSO
48
49L<ssl(3)|ssl(3)>,
50L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
51
52=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
index d85b564258..fefaf61936 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
@@ -14,8 +14,8 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation
14 14
15SSL_get_error() returns a result code (suitable for the C "switch" 15SSL_get_error() returns a result code (suitable for the C "switch"
16statement) for a preceding call to SSL_connect(), SSL_accept(), 16statement) for a preceding call to SSL_connect(), SSL_accept(),
17SSL_read(), or SSL_write() on B<ssl>. The value returned by that 17SSL_read(), SSL_peek(), or SSL_write() on B<ssl>. The value returned by
18TLS/SSL I/O function must be passed to SSL_get_error() in parameter 18that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
19B<ret>. 19B<ret>.
20 20
21In addition to B<ssl> and B<ret>, SSL_get_error() inspects the 21In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
@@ -48,16 +48,26 @@ has been closed.
48=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE 48=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
49 49
50The operation did not complete; the same TLS/SSL I/O function should be 50The operation did not complete; the same TLS/SSL I/O function should be
51called again later. There will be protocol progress if, by then, the 51called again later. If, by then, the underlying B<BIO> has data
52underlying B<BIO> has data available for reading (if the result code is 52available for reading (if the result code is B<SSL_ERROR_WANT_READ>)
53B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>). 53or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL
54For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that 54protocol progress will take place, i.e. at least part of an TLS/SSL
55select() or poll() on the underlying socket can be used to find out 55record will be read or written. Note that the retry may again lead to
56when the TLS/SSL I/O function should be retried. 56a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition.
57There is no fixed upper limit for the number of iterations that
58may be necessary until progress becomes visible at application
59protocol level.
60
61For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or
62poll() on the underlying socket can be used to find out when the
63TLS/SSL I/O function should be retried.
57 64
58Caveat: Any TLS/SSL I/O function can lead to either of 65Caveat: Any TLS/SSL I/O function can lead to either of
59B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>, i.e. SSL_read() 66B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>. In particular,
60may want to write data and SSL_write() may want to read data. 67SSL_read() or SSL_peek() may want to write data and SSL_write() may want
68to read data. This is mainly because TLS/SSL handshakes may occur at any
69time during the protocol (initiated by either the client or the server);
70SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
61 71
62=item SSL_ERROR_WANT_X509_LOOKUP 72=item SSL_ERROR_WANT_X509_LOOKUP
63 73
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
new file mode 100644
index 0000000000..165c6a5b2c
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
@@ -0,0 +1,61 @@
1=pod
2
3=head1 NAME
4
5SSL_get_ex_data_X509_STORE_CTX_idx - get ex_data index to access SSL structure
6from X509_STORE_CTX
7
8=head1 SYNOPSIS
9
10 #include <openssl/ssl.h>
11
12 int SSL_get_ex_data_X509_STORE_CTX_idx(void);
13
14=head1 DESCRIPTION
15
16SSL_get_ex_data_X509_STORE_CTX_idx() returns the index number under which
17the pointer to the SSL object is stored into the X509_STORE_CTX object.
18
19=head1 NOTES
20
21Whenever a X509_STORE_CTX object is created for the verification of the
22peers certificate during a handshake, a pointer to the SSL object is
23stored into the X509_STORE_CTX object to identify the connection affected.
24To retrieve this pointer the X509_STORE_CTX_get_ex_data() function can
25be used with the correct index. This index is globally the same for all
26X509_STORE_CTX objects and can be retrieved using
27SSL_get_ex_data_X509_STORE_CTX_idx(). The index value is set when
28SSL_get_ex_data_X509_STORE_CTX_idx() is first called either by the application
29program directly or indirectly during other SSL setup functions or during
30the handshake.
31
32The value depends on other index values defined for X509_STORE_CTX objects
33before the SSL index is created.
34
35=head1 RETURN VALUES
36
37=over 4
38
39=item E<gt>=0
40
41The index value to access the pointer.
42
43=item E<lt>0
44
45An error occurred, check the error stack for a detailed error message.
46
47=back
48
49=head1 EXAMPLES
50
51The index returned from SSL_get_ex_data_X509_STORE_CTX_idx() allows to
52access the SSL object for the connection to be accessed during the
53verify_callback() when checking the peers certificate. Please check
54the example in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
55
56=head1 SEE ALSO
57
58L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
59L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
60
61=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
new file mode 100644
index 0000000000..2b69bb1050
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
@@ -0,0 +1,59 @@
1=pod
2
3=head1 NAME
4
5SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 int SSL_get_ex_new_index(long argl, void *argp,
12 CRYPTO_EX_new *new_func,
13 CRYPTO_EX_dup *dup_func,
14 CRYPTO_EX_free *free_func);
15
16 int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
17
18 void *SSL_get_ex_data(SSL *ssl, int idx);
19
20 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
21 int idx, long argl, void *argp);
22 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
23 int idx, long argl, void *argp);
24 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
25 int idx, long argl, void *argp);
26
27=head1 DESCRIPTION
28
29Several OpenSSL structures can have application specific data attached to them.
30These functions are used internally by OpenSSL to manipulate application
31specific data attached to a specific structure.
32
33SSL_get_ex_new_index() is used to register a new index for application
34specific data.
35
36SSL_set_ex_data() is used to store application data at B<arg> for B<idx> into
37the B<ssl> object.
38
39SSL_get_ex_data() is used to retrieve the information for B<idx> from
40B<ssl>.
41
42A detailed description for the B<*_get_ex_new_index()> functionality
43can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
46
47=head1 EXAMPLES
48
49An example on how to use the functionality is included in the example
50verify_callback() in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
51
52=head1 SEE ALSO
53
54L<ssl(3)|ssl(3)>,
55L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
56L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>,
57L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
58
59=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
index e93e8206fa..390ce0b41b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -15,7 +15,7 @@ SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
15SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates 15SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
16forming the certificate chain of the peer. If called on the client side, 16forming the certificate chain of the peer. If called on the client side,
17the stack also contains the peer's certificate; if called on the server 17the stack also contains the peer's certificate; if called on the server
18side, the peer's certificate must be obtained seperately using 18side, the peer's certificate must be obtained separately using
19L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>. 19L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
20If the peer did not present a certificate, NULL is returned. 20If the peer did not present a certificate, NULL is returned.
21 21
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
index 79c089aa51..1102c7fba9 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
@@ -23,7 +23,7 @@ to check the verification state.
23 23
24The reference count of the X509 object is incremented by one, so that it 24The reference count of the X509 object is incremented by one, so that it
25will not be destroyed when the session containing the peer certificate is 25will not be destroyed when the session containing the peer certificate is
26freed. The X509 object must be explicitely freed using X509_free(). 26freed. The X509 object must be explicitly freed using X509_free().
27 27
28=head1 RETURN VALUES 28=head1 RETURN VALUES
29 29
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_session.pod b/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
index aff41fb9cf..a0266e2ac6 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_session.pod
@@ -16,14 +16,30 @@ SSL_get_session - retrieve TLS/SSL session data
16 16
17SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in 17SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
18B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so 18B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
19that the pointer can become invalid when the B<ssl> is freed and 19that the pointer can become invalid by other operations.
20SSL_SESSION_free() is implicitly called.
21 20
22SSL_get0_session() is the same as SSL_get_session(). 21SSL_get0_session() is the same as SSL_get_session().
23 22
24SSL_get1_session() is the same as SSL_get_session(), but the reference 23SSL_get1_session() is the same as SSL_get_session(), but the reference
25count of the B<SSL_SESSION> is incremented by one. 24count of the B<SSL_SESSION> is incremented by one.
26 25
26=head1 NOTES
27
28The ssl session contains all information required to re-establish the
29connection without a new handshake.
30
31SSL_get0_session() returns a pointer to the actual session. As the
32reference counter is not incremented, the pointer is only valid while
33the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or
34L<SSL_free(3)|SSL_free(3)> is called, the session may be removed completely
35(if considered bad), and the pointer obtained will become invalid. Even
36if the session is valid, it can be removed at any time due to timeout
37during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
38
39If the data is to be kept, SSL_get1_session() will increment the reference
40count and the session will stay in memory until explicitly freed with
41L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
42
27=head1 RETURN VALUES 43=head1 RETURN VALUES
28 44
29The following return values can occur: 45The following return values can occur:
@@ -43,6 +59,7 @@ The return value points to the data of an SSL session.
43=head1 SEE ALSO 59=head1 SEE ALSO
44 60
45L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>, 61L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
62L<SSL_clear(3)|SSL_clear(3)>,
46L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> 63L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
47 64
48=cut 65=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod b/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
index 4d66236a05..e6bac9c35a 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_verify_result.pod
@@ -19,7 +19,7 @@ X509 certificate presented by the peer, if any.
19 19
20SSL_get_verify_result() can only return one error code while the verification 20SSL_get_verify_result() can only return one error code while the verification
21of a certificate can fail because of many reasons at the same time. Only 21of a certificate can fail because of many reasons at the same time. Only
22the last verification error that occured during the processing is available 22the last verification error that occurred during the processing is available
23from SSL_get_verify_result(). 23from SSL_get_verify_result().
24 24
25The verification result is part of the established session and is restored 25The verification result is part of the established session and is restored
@@ -28,7 +28,7 @@ when a session is reused.
28=head1 BUGS 28=head1 BUGS
29 29
30If no peer certificate was presented, the returned result code is 30If no peer certificate was presented, the returned result code is
31X509_V_OK. This is because no verification error occured, it does however 31X509_V_OK. This is because no verification error occurred, it does however
32not indicate success. SSL_get_verify_result() is only useful in connection 32not indicate success. SSL_get_verify_result() is only useful in connection
33with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>. 33with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
34 34
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_version.pod b/src/lib/libssl/src/doc/ssl/SSL_get_version.pod
new file mode 100644
index 0000000000..24d5291256
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_version.pod
@@ -0,0 +1,46 @@
1=pod
2
3=head1 NAME
4
5SSL_get_version - get the protocol version of a connection.
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 const char *SSL_get_version(SSL *ssl);
12
13=head1 DESCRIPTION
14
15SSL_get_cipher_version() returns the name of the protocol used for the
16connection B<ssl>.
17
18=head1 RETURN VALUES
19
20The following strings can occur:
21
22=over 4
23
24=item SSLv2
25
26The connection uses the SSLv2 protocol.
27
28=item SSLv3
29
30The connection uses the SSLv3 protocol.
31
32=item TLSv1
33
34The connection uses the TLSv1 protocol.
35
36=item unknown
37
38This indicates that no version has been set (no connection established).
39
40=back
41
42=head1 SEE ALSO
43
44L<ssl(3)|ssl(3)>
45
46=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod b/src/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod
new file mode 100644
index 0000000000..02527dc2ed
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_load_client_CA_file.pod
@@ -0,0 +1,62 @@
1=pod
2
3=head1 NAME
4
5SSL_load_client_CA_file - load certificate names from file
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
12
13=head1 DESCRIPTION
14
15SSL_load_client_CA_file() reads certificates from B<file> and returns
16a STACK_OF(X509_NAME) with the subject names found.
17
18=head1 NOTES
19
20SSL_load_client_CA_file() reads a file of PEM formatted certificates and
21extracts the X509_NAMES of the certificates found. While the name suggests
22the specific usage as support function for
23L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
24it is not limited to CA certificates.
25
26=head1 EXAMPLES
27
28Load names of CAs from file and use it as a client CA list:
29
30 SSL_CTX *ctx;
31 STACK_OF(X509_NAME) *cert_names;
32
33 ...
34 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
35 if (cert_names != NULL)
36 SSL_CTX_set_client_CA_list(ctx, cert_names);
37 else
38 error_handling();
39 ...
40
41=head1 RETURN VALUES
42
43The following return values can occur:
44
45=over 4
46
47=item NULL
48
49The operation failed, check out the error stack for the reason.
50
51=item Pointer to STACK_OF(X509_NAME)
52
53Pointer to the subject names of the successfully read certificates.
54
55=back
56
57=head1 SEE ALSO
58
59L<ssl(3)|ssl(3)>,
60L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
61
62=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_new.pod b/src/lib/libssl/src/doc/ssl/SSL_new.pod
index 8e8638fa95..3b084e867d 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_new.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_new.pod
@@ -37,6 +37,7 @@ The return value points to an allocated SSL structure.
37=head1 SEE ALSO 37=head1 SEE ALSO
38 38
39L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>, 39L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
40L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
40L<ssl(3)|ssl(3)> 41L<ssl(3)|ssl(3)>
41 42
42=cut 43=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_pending.pod b/src/lib/libssl/src/doc/ssl/SSL_pending.pod
index 744e1855e1..b4c48598b2 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_pending.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_pending.pod
@@ -25,6 +25,19 @@ L<SSL_read(3)|SSL_read(3)>.
25 25
26The number of bytes pending is returned. 26The number of bytes pending is returned.
27 27
28=head1 BUGS
29
30SSL_pending() takes into account only bytes from the TLS/SSL record
31that is currently being processed (if any). If the B<SSL> object's
32I<read_ahead> flag is set, additional protocol bytes may have been
33read containing more TLS/SSL records; these are ignored by
34SSL_pending().
35
36Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
37of pending data is application data.
38
39=head1 SEE ALSO
40
28L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)> 41L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
29 42
30=cut 43=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_read.pod b/src/lib/libssl/src/doc/ssl/SSL_read.pod
index 072dc26cf2..7db5ee0a22 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_read.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_read.pod
@@ -8,7 +8,7 @@ SSL_read - read bytes from a TLS/SSL connection.
8 8
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 10
11 int SSL_read(SSL *ssl, char *buf, int num); 11 int SSL_read(SSL *ssl, void *buf, int num);
12 12
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
@@ -18,17 +18,29 @@ buffer B<buf>.
18=head1 NOTES 18=head1 NOTES
19 19
20If necessary, SSL_read() will negotiate a TLS/SSL session, if 20If necessary, SSL_read() will negotiate a TLS/SSL session, if
21not already explicitly performed by SSL_connect() or SSL_accept(). If the 21not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
22L<SSL_accept(3)|SSL_accept(3)>. If the
22peer requests a re-negotiation, it will be performed transparently during 23peer requests a re-negotiation, it will be performed transparently during
23the SSL_read() operation. The behaviour of SSL_read() depends on the 24the SSL_read() operation. The behaviour of SSL_read() depends on the
24underlying BIO. 25underlying BIO.
25 26
27For the transparent negotiation to succeed, the B<ssl> must have been
28initialized to client or server mode. This is not the case if a generic
29method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
30L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
31must be used before the first call to an SSL_read() or
32L<SSL_write(3)|SSL_write(3)> function.
33
26If the underlying BIO is B<blocking>, SSL_read() will only return, once the 34If the underlying BIO is B<blocking>, SSL_read() will only return, once the
27read operation has been finished or an error occurred. 35read operation has been finished or an error occurred, except when a
36renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
37This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
38L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
28 39
29If the underlying BIO is B<non-blocking>, SSL_read() will also return 40If the underlying BIO is B<non-blocking>, SSL_read() will also return
30when the underlying BIO could not satisfy the needs of SSL_read() 41when the underlying BIO could not satisfy the needs of SSL_read()
31to continue the operation. In this case a call to SSL_get_error() with the 42to continue the operation. In this case a call to
43L<SSL_get_error(3)|SSL_get_error(3)> with the
32return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or 44return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
33B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a 45B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
34call to SSL_read() can also cause write operations! The calling process 46call to SSL_read() can also cause write operations! The calling process
@@ -61,7 +73,7 @@ The read operation was not successful, probably because no data was
61available. Call SSL_get_error() with the return value B<ret> to find out, 73available. Call SSL_get_error() with the return value B<ret> to find out,
62whether an error occurred. 74whether an error occurred.
63 75
64=item -1 76=item E<lt>0
65 77
66The read operation was not successful, because either an error occurred 78The read operation was not successful, because either an error occurred
67or action must be taken by the calling process. Call SSL_get_error() with the 79or action must be taken by the calling process. Call SSL_get_error() with the
@@ -72,6 +84,9 @@ return value B<ret> to find out the reason.
72=head1 SEE ALSO 84=head1 SEE ALSO
73 85
74L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, 86L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
87L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
88L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
89L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
75L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 90L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
76 91
77=cut 92=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod b/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod
new file mode 100644
index 0000000000..a8c4463c64
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod
@@ -0,0 +1,47 @@
1=pod
2
3=head1 NAME
4
5SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in client or server mode
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 void SSL_set_connect_state(SSL *ssl);
12
13 void SSL_set_accept_state(SSL *ssl);
14
15=head1 DESCRIPTION
16
17SSL_set_connect_state() B<ssl> to work in client mode.
18
19SSL_set_accept_state() B<ssl> to work in server mode.
20
21=head1 NOTES
22
23When the SSL_CTX object was created with L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
24it was either assigned a dedicated client method, a dedicated server
25method, or a generic method, that can be used for both client and
26server connections. (The method might have been changed with
27L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
28SSL_set_ssl_method().)
29
30In order to successfully accomplish the handshake, the SSL routines need
31to know whether they should act in server or client mode. If the generic
32method was used, this is not clear from the method itself and must be set
33with either SSL_set_connect_state() or SSL_set_accept_state(). If these
34routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
35is called is server mode.
36
37=head1 RETURN VALUES
38
39SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic
40information.
41
42=head1 SEE ALSO
43
44L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
45L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
46
47=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_session.pod b/src/lib/libssl/src/doc/ssl/SSL_set_session.pod
index 9f78d9e434..c4f7878579 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_set_session.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_session.pod
@@ -40,6 +40,7 @@ The operation succeeded.
40 40
41=head1 SEE ALSO 41=head1 SEE ALSO
42 42
43L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> 43L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
44L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
44 45
45=cut 46=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
new file mode 100644
index 0000000000..6b196c1f15
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
@@ -0,0 +1,68 @@
1=pod
2
3=head1 NAME
4
5SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 void SSL_set_shutdown(SSL *ssl, int mode);
12
13 int SSL_get_shutdown(SSL *ssl);
14
15=head1 DESCRIPTION
16
17SSL_set_shutdown() sets the shutdown state of B<ssl> to B<mode>.
18
19SSL_get_shutdown() returns the shutdown mode of B<ssl>.
20
21=head1 NOTES
22
23The shutdown state of an ssl connection is a bitmask of:
24
25=over 4
26
27=item 0
28
29No shutdown setting, yet.
30
31=item SSL_SENT_SHUTDOWN
32
33A "close notify" shutdown alert was sent to the peer, the connection is being
34considered closed and the session is closed and correct.
35
36=item SSL_RECEIVED_SHUTDOWN
37
38A shutdown alert was received form the peer, either a normal "close notify"
39or a fatal error.
40
41=back
42
43SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.
44
45The shutdown state of the connection is used to determine the state of
46the ssl session. If the session is still open, when
47L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
48it is considered bad and removed according to RFC2246.
49The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN.
50SSL_set_shutdown() can be used to set this state without sending a
51close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
52
53If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set,
54for setting SSL_SENT_SHUTDOWN the application must however still call
55L<SSL_shutdown(3)|SSL_shutdown(3)> or SSL_set_shutdown() itself.
56
57=head1 RETURN VALUES
58
59SSL_set_shutdown() does not return diagnostic information.
60
61SSL_get_shutdown() returns the current setting.
62
63=head1 SEE ALSO
64
65L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
66L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
67
68=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
index 20e273bd4d..7988dd3c90 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
@@ -12,9 +12,17 @@ SSL_shutdown - shut down a TLS/SSL connection
12 12
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
15SSL_shutdown() shuts down an active TLS/SSL connection. It sends the shutdown 15SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
16alert to the peer. The behaviour of SSL_shutdown() depends on the underlying 16"close notify" shutdown alert to the peer.
17BIO. 17
18=head1 NOTES
19
20SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
21Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
22a currently open session is considered closed and good and will be kept in the
23session cache for further reuse.
24
25The behaviour of SSL_shutdown() depends on the underlying BIO.
18 26
19If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the 27If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
20handshake has been finished or an error occurred. 28handshake has been finished or an error occurred.
@@ -57,6 +65,8 @@ Call SSL_get_error() with the return value B<ret> to find out the reason.
57=head1 SEE ALSO 65=head1 SEE ALSO
58 66
59L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, 67L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
60L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 68L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
69L<SSL_clear(3)|SSL_clear(3), L<SSL_free(3)|SSL_free(3)>,
70L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
61 71
62=cut 72=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_write.pod b/src/lib/libssl/src/doc/ssl/SSL_write.pod
index db67c187e0..be1ad76d3b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_write.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_write.pod
@@ -2,13 +2,13 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5SSL_read - write bytes to a TLS/SSL connection. 5SSL_write - write bytes to a TLS/SSL connection.
6 6
7=head1 SYNOPSIS 7=head1 SYNOPSIS
8 8
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 10
11 int SSL_write(SSL *ssl, char *buf, int num); 11 int SSL_write(SSL *ssl, const void *buf, int num);
12 12
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
@@ -18,20 +18,32 @@ B<ssl> connection.
18=head1 NOTES 18=head1 NOTES
19 19
20If necessary, SSL_write() will negotiate a TLS/SSL session, if 20If necessary, SSL_write() will negotiate a TLS/SSL session, if
21not already explicitly performed by SSL_connect() or SSL_accept(). If the 21not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
22L<SSL_accept(3)|SSL_accept(3)>. If the
22peer requests a re-negotiation, it will be performed transparently during 23peer requests a re-negotiation, it will be performed transparently during
23the SSL_write() operation. The behaviour of SSL_write() depends on the 24the SSL_write() operation. The behaviour of SSL_write() depends on the
24underlying BIO. 25underlying BIO.
25 26
27For the transparent negotiation to succeed, the B<ssl> must have been
28initialized to client or server mode. This is not the case if a generic
29method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
30L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
31must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
32or SSL_write() function.
33
26If the underlying BIO is B<blocking>, SSL_write() will only return, once the 34If the underlying BIO is B<blocking>, SSL_write() will only return, once the
27write operation has been finished or an error occurred. 35write operation has been finished or an error occurred, except when a
36renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
37This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
38L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
28 39
29If the underlying BIO is B<non-blocking>, SSL_write() will also return, 40If the underlying BIO is B<non-blocking>, SSL_write() will also return,
30when the underlying BIO could not satisfy the needs of SSL_write() 41when the underlying BIO could not satisfy the needs of SSL_write()
31to continue the operation. In this case a call to SSL_get_error() with the 42to continue the operation. In this case a call to
43L<SSL_get_error(3)|SSL_get_error(3)> with the
32return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or 44return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
33B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a 45B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
34call to SSL_write() can also cause write operations! The calling process 46call to SSL_write() can also cause read operations! The calling process
35then must repeat the call after taking appropriate action to satisfy the 47then must repeat the call after taking appropriate action to satisfy the
36needs of SSL_write(). The action depends on the underlying BIO. When using a 48needs of SSL_write(). The action depends on the underlying BIO. When using a
37non-blocking socket, nothing is to be done, but select() can be used to check 49non-blocking socket, nothing is to be done, but select() can be used to check
@@ -60,9 +72,9 @@ bytes actually written to the TLS/SSL connection.
60The write operation was not successful. Call SSL_get_error() with the return 72The write operation was not successful. Call SSL_get_error() with the return
61value B<ret> to find out, whether an error occurred. 73value B<ret> to find out, whether an error occurred.
62 74
63=item -1 75=item E<lt>0
64 76
65The read operation was not successful, because either an error occurred 77The write operation was not successful, because either an error occurred
66or action must be taken by the calling process. Call SSL_get_error() with the 78or action must be taken by the calling process. Call SSL_get_error() with the
67return value B<ret> to find out the reason. 79return value B<ret> to find out the reason.
68 80
@@ -71,6 +83,9 @@ return value B<ret> to find out the reason.
71=head1 SEE ALSO 83=head1 SEE ALSO
72 84
73L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>, 85L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>,
86L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
87L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
88L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
74L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 89L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
75 90
76=cut 91=cut
diff --git a/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod b/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod
new file mode 100644
index 0000000000..9a1ba6c47b
--- /dev/null
+++ b/src/lib/libssl/src/doc/ssl/d2i_SSL_SESSION.pod
@@ -0,0 +1,56 @@
1=pod
2
3=head1 NAME
4
5d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
12 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
13
14=head1 DESCRIPTION
15
16d2i_SSL_SESSION() transforms the external ASN1 representation of an SSL/TLS
17session, stored as binary data at location B<pp> with length B<length>, into
18an SSL_SESSION object.
19
20i2d_SSL_SESSION() transforms the SSL_SESSION object B<in> into the ASN1
21representation and stores it into the memory location pointed to by B<pp>.
22The length of the resulting ASN1 representation is returned. If B<pp> is
23the NULL pointer, only the length is calculated and returned.
24
25=head1 NOTES
26
27The SSL_SESSION object is built from several malloc()ed parts, it can
28therefore not be moved, copied or stored directly. In order to store
29session data on disk or into a database, it must be transformed into
30a binary ASN1 representation.
31
32When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
33allocated.
34
35When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
36large enough to hold the binary representation of the session. There is no
37known limit on the size of the created ASN1 representation, so the necessary
38amount of space should be obtained by first calling i2d_SSL_SESSION() with
39B<pp=NULL>, and obtain the size needed, then allocate the memory and
40call i2d_SSL_SESSION() again.
41
42=head1 RETURN VALUES
43
44d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
45object. In case of failure the NULL-pointer is returned and the error message
46can be retrieved from the error stack.
47
48i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes.
49When the session is not valid, B<0> is returned and no operation is performed.
50
51=head1 SEE ALSO
52
53L<ssl(3)|ssl(3)>,
54L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
55
56=cut
diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod
index 7787376f7b..16292a05f2 100644
--- a/src/lib/libssl/src/doc/ssl/ssl.pod
+++ b/src/lib/libssl/src/doc/ssl/ssl.pod
@@ -13,6 +13,69 @@ The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
13Transport Layer Security (TLS v1) protocols. It provides a rich API which is 13Transport Layer Security (TLS v1) protocols. It provides a rich API which is
14documented here. 14documented here.
15 15
16At first the library must be initialized; see
17L<SSL_library_init(3)|SSL_library_init(3)>.
18
19Then an B<SSL_CTX> object is created as a framework to establish
20TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>).
21Various options regarding certificates, algorithms etc. can be set
22in this object.
23
24When a network connection has been created, it can be assigned to an
25B<SSL> object. After the B<SSL> object has been created using
26L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or
27L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network
28connection with the object.
29
30Then the TLS/SSL handshake is performed using
31L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)>
32respectively.
33L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used
34to read and write data on the TLS/SSL connection.
35L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the
36TLS/SSL connection.
37
38=head1 DATA STRUCTURES
39
40Currently the OpenSSL B<ssl> library functions deals with the following data
41structures:
42
43=over 4
44
45=item B<SSL_METHOD> (SSL Method)
46
47That's a dispatch structure describing the internal B<ssl> library
48methods/functions which implement the various protocol versions (SSLv1, SSLv2
49and TLSv1). It's needed to create an B<SSL_CTX>.
50
51=item B<SSL_CIPHER> (SSL Cipher)
52
53This structure holds the algorithm information for a particular cipher which
54are a core part of the SSL/TLS protocol. The available ciphers are configured
55on a B<SSL_CTX> basis and the actually used ones are then part of the
56B<SSL_SESSION>.
57
58=item B<SSL_CTX> (SSL Context)
59
60That's the global context structure which is created by a server or client
61once per program life-time and which holds mainly default values for the
62B<SSL> structures which are later created for the connections.
63
64=item B<SSL_SESSION> (SSL Session)
65
66This is a structure containing the current TLS/SSL session details for a
67connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
68
69=item B<SSL> (SSL Connection)
70
71That's the main SSL/TLS structure which is created by a server or client per
72established connection. This actually is the core structure in the SSL API.
73Under run-time the application usually deals with this structure which has
74links to mostly all other structures.
75
76=back
77
78
16=head1 HEADER FILES 79=head1 HEADER FILES
17 80
18Currently the OpenSSL B<ssl> library provides the following C header files 81Currently the OpenSSL B<ssl> library provides the following C header files
@@ -55,46 +118,6 @@ it's already included by ssl.h>.
55 118
56=back 119=back
57 120
58=head1 DATA STRUCTURES
59
60Currently the OpenSSL B<ssl> library functions deals with the following data
61structures:
62
63=over 4
64
65=item B<SSL_METHOD> (SSL Method)
66
67That's a dispatch structure describing the internal B<ssl> library
68methods/functions which implement the various protocol versions (SSLv1, SSLv2
69and TLSv1). It's needed to create an B<SSL_CTX>.
70
71=item B<SSL_CIPHER> (SSL Cipher)
72
73This structure holds the algorithm information for a particular cipher which
74are a core part of the SSL/TLS protocol. The available ciphers are configured
75on a B<SSL_CTX> basis and the actually used ones are then part of the
76B<SSL_SESSION>.
77
78=item B<SSL_CTX> (SSL Context)
79
80That's the global context structure which is created by a server or client
81once per program life-time and which holds mainly default values for the
82B<SSL> structures which are later created for the connections.
83
84=item B<SSL_SESSION> (SSL Session)
85
86This is a structure containing the current TLS/SSL session details for a
87connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
88
89=item B<SSL> (SSL Connection)
90
91That's the main SSL/TLS structure which is created by a server or client per
92established connection. This actually is the core structure in the SSL API.
93Under run-time the application usually deals with this structure which has
94links to mostly all other structures.
95
96=back
97
98=head1 API FUNCTIONS 121=head1 API FUNCTIONS
99 122
100Currently the OpenSSL B<ssl> library exports 214 API functions. 123Currently the OpenSSL B<ssl> library exports 214 API functions.
@@ -521,11 +544,11 @@ connection defined in the B<SSL> structure.
521 544
522=item long B<SSL_num_renegotiations>(SSL *ssl); 545=item long B<SSL_num_renegotiations>(SSL *ssl);
523 546
524=item int B<SSL_peek>(SSL *ssl, char *buf, int num); 547=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
525 548
526=item int B<SSL_pending>(SSL *ssl); 549=item int B<SSL_pending>(SSL *ssl);
527 550
528=item int B<SSL_read>(SSL *ssl, char *buf, int num); 551=item int B<SSL_read>(SSL *ssl, void *buf, int num);
529 552
530=item int B<SSL_renegotiate>(SSL *ssl); 553=item int B<SSL_renegotiate>(SSL *ssl);
531 554
@@ -617,7 +640,7 @@ connection defined in the B<SSL> structure.
617 640
618=item int B<SSL_want_x509_lookup>(s); 641=item int B<SSL_want_x509_lookup>(s);
619 642
620=item int B<SSL_write>(SSL *ssl, char *buf, int num); 643=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
621 644
622=back 645=back
623 646
@@ -625,20 +648,53 @@ connection defined in the B<SSL> structure.
625 648
626L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, 649L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
627L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>, 650L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
628L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, 651L<SSL_connect(3)|SSL_connect(3)>,
652L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
653L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
654L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
655L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
656L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
657L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
658L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
659L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
660L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
661L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
662L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
663L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
664L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
665L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
666L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
667L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
668L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
669L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
629L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>, 670L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
671L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
672L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
673L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
630L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, 674L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
631L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>, 675L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
676L<SSL_get_error(3)|SSL_get_error(3)>,
677L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
678L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
679L<SSL_get_fd(3)|SSL_get_fd(3)>,
632L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>, 680L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
633L<SSL_get_rbio(3)|SSL_get_rbio(3)>, 681L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
634L<SSL_get_session(3)|SSL_get_session(3)>, 682L<SSL_get_session(3)|SSL_get_session(3)>,
635L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, 683L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
636L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>, 684L<SSL_get_version(3)|SSL_get_version(3)>,
685L<SSL_library_init(3)|SSL_library_init(3)>,
686L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
687L<SSL_new(3)|SSL_new(3)>,
637L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>, 688L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
689L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
638L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>, 690L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
639L<SSL_set_session(3)|SSL_set_session(3)>, 691L<SSL_set_session(3)|SSL_set_session(3)>,
692L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
640L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>, 693L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
641L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> 694L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
695L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
696L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
697L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
642 698
643=head1 HISTORY 699=head1 HISTORY
644 700
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt
index 3e964c2e9a..fab8d42c42 100644
--- a/src/lib/libssl/src/doc/ssleay.txt
+++ b/src/lib/libssl/src/doc/ssleay.txt
@@ -5743,7 +5743,7 @@ strucutre but also the private key and certificate associated with
5743 5743
5744EXAMPLES. 5744EXAMPLES.
5745 5745
5746So lets play at being a wierd SSL server. 5746So lets play at being a weird SSL server.
5747 5747
5748/* setup a context */ 5748/* setup a context */
5749ctx=SSL_CTX_new(); 5749ctx=SSL_CTX_new();
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 318e83edb5..fc61e0e00b 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -340,12 +340,14 @@ extern HINSTANCE _hInstance;
340# if defined(VMS) && !defined(__DECC) 340# if defined(VMS) && !defined(__DECC)
341# include <socket.h> 341# include <socket.h>
342# include <in.h> 342# include <in.h>
343# include <inet.h>
343# else 344# else
344# include <sys/socket.h> 345# include <sys/socket.h>
345# ifdef FILIO_H 346# ifdef FILIO_H
346# include <sys/filio.h> /* Added for FIONBIO under unixware */ 347# include <sys/filio.h> /* Added for FIONBIO under unixware */
347# endif 348# endif
348# include <netinet/in.h> 349# include <netinet/in.h>
350# include <arpa/inet.h>
349# endif 351# endif
350 352
351# if defined(NeXT) || defined(_NEXT_SOURCE) 353# if defined(NeXT) || defined(_NEXT_SOURCE)
diff --git a/src/lib/libssl/src/ms/16all.bat b/src/lib/libssl/src/ms/16all.bat
index e57e177177..62ccf78963 100644
--- a/src/lib/libssl/src/ms/16all.bat
+++ b/src/lib/libssl/src/ms/16all.bat
@@ -1,10 +1,13 @@
1set OPTS=no_asm 1set OPTS=no_asm
2 2
3perl Configure VC-WIN16 3perl Configure VC-WIN16
4perl util\mkfiles.pl >MINFO
4perl util\mk1mf.pl %OPTS% debug VC-WIN16 >d16.mak 5perl util\mk1mf.pl %OPTS% debug VC-WIN16 >d16.mak
5perl util\mk1mf.pl %OPTS% VC-WIN16 >16.mak 6perl util\mk1mf.pl %OPTS% VC-WIN16 >16.mak
6perl util\mk1mf.pl %OPTS% debug dll VC-WIN16 >d16dll.mak 7perl util\mk1mf.pl %OPTS% debug dll VC-WIN16 >d16dll.mak
7perl util\mk1mf.pl %OPTS% dll VC-WIN16 >16dll.mak 8perl util\mk1mf.pl %OPTS% dll VC-WIN16 >16dll.mak
9perl util\mkdef.pl 16 libeay > ms\libeay32.def
10perl util\mkdef.pl 16 ssleay > ms\ssleay32.def
8 11
9nmake -f d16.mak 12nmake -f d16.mak
10nmake -f 16.mak 13nmake -f 16.mak
diff --git a/src/lib/libssl/src/ms/32all.bat b/src/lib/libssl/src/ms/32all.bat
index d1f014c4e0..09f47059ad 100644
--- a/src/lib/libssl/src/ms/32all.bat
+++ b/src/lib/libssl/src/ms/32all.bat
@@ -1,10 +1,13 @@
1set OPTS=no-asm 1set OPTS=no-asm
2 2
3perl Configure VC-WIN32 3perl Configure VC-WIN32
4perl util\mkfiles.pl >MINFO
4perl util\mk1mf.pl %OPTS% debug VC-WIN32 >d32.mak 5perl util\mk1mf.pl %OPTS% debug VC-WIN32 >d32.mak
5perl util\mk1mf.pl %OPTS% VC-WIN32 >32.mak 6perl util\mk1mf.pl %OPTS% VC-WIN32 >32.mak
6perl util\mk1mf.pl %OPTS% debug dll VC-WIN32 >d32dll.mak 7perl util\mk1mf.pl %OPTS% debug dll VC-WIN32 >d32dll.mak
7perl util\mk1mf.pl %OPTS% dll VC-WIN32 >32dll.mak 8perl util\mk1mf.pl %OPTS% dll VC-WIN32 >32dll.mak
9perl util\mkdef.pl 32 libeay > ms\libeay32.def
10perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
8 11
9nmake -f d32.mak 12nmake -f d32.mak
10nmake -f 32.mak 13nmake -f 32.mak
diff --git a/src/lib/libssl/src/ms/test.bat b/src/lib/libssl/src/ms/test.bat
index ef37beaa22..8f69194283 100644
--- a/src/lib/libssl/src/ms/test.bat
+++ b/src/lib/libssl/src/ms/test.bat
@@ -1,4 +1,4 @@
1@echo=off 1@echo off
2 2
3set test=..\ms 3set test=..\ms
4set opath=%PATH% 4set opath=%PATH%
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 1c8f4e9d81..d00e461e37 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,15 +1,15 @@
1%define libmaj 0 1%define libmaj 0
2%define libmin 9 2%define libmin 9
3%define librel 6 3%define librel 6
4#%define librev 4%define librev a
5Release: 1 5Release: 1
6 6
7%define openssldir /var/ssl 7%define openssldir /var/ssl
8 8
9Summary: Secure Sockets Layer and cryptography libraries and tools 9Summary: Secure Sockets Layer and cryptography libraries and tools
10Name: openssl-engine 10Name: openssl-engine
11Version: %{libmaj}.%{libmin}.%{librel} 11#Version: %{libmaj}.%{libmin}.%{librel}
12#Version: %{libmaj}.%{libmin}.%{librel}%{librev} 12Version: %{libmaj}.%{libmin}.%{librel}%{librev}
13Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz 13Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
14Copyright: Freely distributable 14Copyright: Freely distributable
15Group: System Environment/Libraries 15Group: System Environment/Libraries
@@ -105,7 +105,7 @@ LD_LIBRARY_PATH=`pwd` make test
105 105
106%install 106%install
107rm -rf $RPM_BUILD_ROOT 107rm -rf $RPM_BUILD_ROOT
108make install MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" 108make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install
109 109
110# Rename manpages 110# Rename manpages
111for x in $RPM_BUILD_ROOT/usr/man/man*/* 111for x in $RPM_BUILD_ROOT/usr/man/man*/*
@@ -119,19 +119,6 @@ install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib
119# Make backwards-compatibility symlink to ssleay 119# Make backwards-compatibility symlink to ssleay
120ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay 120ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
121 121
122# Install shared libs
123install -m644 libcrypto.a $RPM_BUILD_ROOT/usr/lib
124#!#install -m755 libcrypto.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib
125install -m644 libssl.a $RPM_BUILD_ROOT/usr/lib
126#!#install -m755 libssl.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib
127(
128 cd $RPM_BUILD_ROOT/usr/lib
129 #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so.%{libmaj}
130 #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so
131 #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so.%{libmaj}
132 #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so
133)
134
135%clean 122%clean
136rm -rf $RPM_BUILD_ROOT 123rm -rf $RPM_BUILD_ROOT
137 124
@@ -169,6 +156,21 @@ ldconfig
169ldconfig 156ldconfig
170 157
171%changelog 158%changelog
159* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
160- Removed redundant subsection that re-installed libcrypto.a and libssl.a
161 as well.
162* Thu Mar 15 2001 Jeremiah Johnson <jjohnson@penguincomputing.com>
163- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
164 libssl.so.0.9.6. As well as the subsection that created symlinks for
165 these. make install handles all this.
166* Sat Oct 21 2000 Horms <horms@vergenet.net>
167- Make sure symlinks are created by using -f flag to ln.
168 Otherwise some .so libraries are copied rather than
169 linked in the resulting binary RPM. This causes the package
170 to be larger than neccessary and makes ldconfig complain.
171* Fri Oct 13 2000 Horms <horms@vergenet.net>
172- Make defattr is set for files in all packages so packages built as
173 non-root will still be installed with files owned by root.
172* Thu Sep 14 2000 Richard Levitte <richard@levitte.org> 174* Thu Sep 14 2000 Richard Levitte <richard@levitte.org>
173- Changed to adapt to the new (supported) way of making shared libraries 175- Changed to adapt to the new (supported) way of making shared libraries
174- Installs all static libraries, not just libRSAglue.a 176- Installs all static libraries, not just libRSAglue.a
diff --git a/src/lib/libssl/src/rsaref/Makefile.ssl b/src/lib/libssl/src/rsaref/Makefile.ssl
index a17e38f9a5..861193d39c 100644
--- a/src/lib/libssl/src/rsaref/Makefile.ssl
+++ b/src/lib/libssl/src/rsaref/Makefile.ssl
@@ -39,7 +39,8 @@ all: lib
39 39
40lib: $(LIBOBJ) 40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ) 41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) 42 @echo You may get an error following this line. Please ignore.
43 - $(RANLIB) $(LIB)
43 @touch lib 44 @touch lib
44 45
45files: 46files:
diff --git a/src/lib/libssl/src/ssl/Makefile.ssl b/src/lib/libssl/src/ssl/Makefile.ssl
index ad8da5c4be..cfb627d29a 100644
--- a/src/lib/libssl/src/ssl/Makefile.ssl
+++ b/src/lib/libssl/src/ssl/Makefile.ssl
@@ -55,7 +55,8 @@ all: lib
55 55
56lib: $(LIBOBJ) 56lib: $(LIBOBJ)
57 $(AR) $(LIB) $(LIBOBJ) 57 $(AR) $(LIB) $(LIBOBJ)
58 $(RANLIB) $(LIB) 58 @echo You may get an error following this line. Please ignore.
59 - $(RANLIB) $(LIB)
59 @touch lib 60 @touch lib
60 61
61files: 62files:
diff --git a/src/lib/libssl/src/ssl/s23_lib.c b/src/lib/libssl/src/ssl/s23_lib.c
index dded7a19c5..ad2d8dadf7 100644
--- a/src/lib/libssl/src/ssl/s23_lib.c
+++ b/src/lib/libssl/src/ssl/s23_lib.c
@@ -63,6 +63,7 @@
63static int ssl23_num_ciphers(void ); 63static int ssl23_num_ciphers(void );
64static SSL_CIPHER *ssl23_get_cipher(unsigned int u); 64static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
65static int ssl23_read(SSL *s, void *buf, int len); 65static int ssl23_read(SSL *s, void *buf, int len);
66static int ssl23_peek(SSL *s, void *buf, int len);
66static int ssl23_write(SSL *s, const void *buf, int len); 67static int ssl23_write(SSL *s, const void *buf, int len);
67static long ssl23_default_timeout(void ); 68static long ssl23_default_timeout(void );
68static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 69static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
@@ -77,7 +78,7 @@ static SSL_METHOD SSLv23_data= {
77 ssl_undefined_function, 78 ssl_undefined_function,
78 ssl_undefined_function, 79 ssl_undefined_function,
79 ssl23_read, 80 ssl23_read,
80 (int (*)(struct ssl_st *, char *, int))ssl_undefined_function, 81 ssl23_peek,
81 ssl23_write, 82 ssl23_write,
82 ssl_undefined_function, 83 ssl_undefined_function,
83 ssl_undefined_function, 84 ssl_undefined_function,
@@ -169,13 +170,6 @@ static int ssl23_read(SSL *s, void *buf, int len)
169 { 170 {
170 int n; 171 int n;
171 172
172#if 0
173 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
174 {
175 s->rwstate=SSL_NOTHING;
176 return(0);
177 }
178#endif
179 clear_sys_error(); 173 clear_sys_error();
180 if (SSL_in_init(s) && (!s->in_handshake)) 174 if (SSL_in_init(s) && (!s->in_handshake))
181 { 175 {
@@ -195,17 +189,33 @@ static int ssl23_read(SSL *s, void *buf, int len)
195 } 189 }
196 } 190 }
197 191
198static int ssl23_write(SSL *s, const void *buf, int len) 192static int ssl23_peek(SSL *s, void *buf, int len)
199 { 193 {
200 int n; 194 int n;
201 195
202#if 0 196 clear_sys_error();
203 if (s->shutdown & SSL_SENT_SHUTDOWN) 197 if (SSL_in_init(s) && (!s->in_handshake))
198 {
199 n=s->handshake_func(s);
200 if (n < 0) return(n);
201 if (n == 0)
202 {
203 SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
204 return(-1);
205 }
206 return(SSL_peek(s,buf,len));
207 }
208 else
204 { 209 {
205 s->rwstate=SSL_NOTHING; 210 ssl_undefined_function(s);
206 return(0); 211 return(-1);
207 } 212 }
208#endif 213 }
214
215static int ssl23_write(SSL *s, const void *buf, int len)
216 {
217 int n;
218
209 clear_sys_error(); 219 clear_sys_error();
210 if (SSL_in_init(s) && (!s->in_handshake)) 220 if (SSL_in_init(s) && (!s->in_handshake))
211 { 221 {
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c
index b52ca1d58b..40684311db 100644
--- a/src/lib/libssl/src/ssl/s23_meth.c
+++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -64,7 +64,7 @@ static SSL_METHOD *ssl23_get_method(int ver);
64static SSL_METHOD *ssl23_get_method(int ver) 64static SSL_METHOD *ssl23_get_method(int ver)
65 { 65 {
66 if (ver == SSL2_VERSION) 66 if (ver == SSL2_VERSION)
67 return(SSLv23_method()); 67 return(SSLv2_method());
68 else if (ver == SSL3_VERSION) 68 else if (ver == SSL3_VERSION)
69 return(SSLv3_method()); 69 return(SSLv3_method());
70 else if (ver == TLS1_VERSION) 70 else if (ver == TLS1_VERSION)
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 47dd09c286..28d6d65296 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
921 goto err; 921 goto err;
922 } 922 }
923 ERR_clear_error(); /* but we keep s->verify_result */ 923 ERR_clear_error(); /* but we keep s->verify_result */
924 s->session->verify_result = s->verify_result;
924 925
925 /* server's cert for this session */ 926 /* server's cert for this session */
926 sc=ssl_sess_cert_new(); 927 sc=ssl_sess_cert_new();
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index 129ed89d97..a590dbfa5c 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -260,7 +260,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
260 260
261int ssl2_pending(SSL *s) 261int ssl2_pending(SSL *s)
262 { 262 {
263 return(s->s2->ract_data_length); 263 return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
264 } 264 }
265 265
266int ssl2_new(SSL *s) 266int ssl2_new(SSL *s)
@@ -270,10 +270,16 @@ int ssl2_new(SSL *s)
270 if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; 270 if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
271 memset(s2,0,sizeof *s2); 271 memset(s2,0,sizeof *s2);
272 272
273#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
274# error "assertion failed"
275#endif
276
273 if ((s2->rbuf=OPENSSL_malloc( 277 if ((s2->rbuf=OPENSSL_malloc(
274 SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; 278 SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
279 /* wbuf needs one byte more because when using two-byte headers,
280 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
275 if ((s2->wbuf=OPENSSL_malloc( 281 if ((s2->wbuf=OPENSSL_malloc(
276 SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; 282 SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
277 s->s2=s2; 283 s->s2=s2;
278 284
279 ssl2_clear(s); 285 ssl2_clear(s);
diff --git a/src/lib/libssl/src/ssl/s2_pkt.c b/src/lib/libssl/src/ssl/s2_pkt.c
index 56662f29fa..f2f46ff377 100644
--- a/src/lib/libssl/src/ssl/s2_pkt.c
+++ b/src/lib/libssl/src/ssl/s2_pkt.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include "ssl_locl.h" 112#include "ssl_locl.h"
60#ifndef NO_SSL2 113#ifndef NO_SSL2
@@ -66,23 +119,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
66static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); 119static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
67static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); 120static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
68static int ssl_mt_error(int n); 121static int ssl_mt_error(int n);
69int ssl2_peek(SSL *s, char *buf, int len)
70 {
71 int ret;
72 122
73 ret=ssl2_read(s,buf,len);
74 if (ret > 0)
75 {
76 s->s2->ract_data_length+=ret;
77 s->s2->ract_data-=ret;
78 }
79 return(ret);
80 }
81 123
82/* SSL_read - 124/* SSL 2.0 imlementation for SSL_read/SSL_peek -
83 * This routine will return 0 to len bytes, decrypted etc if required. 125 * This routine will return 0 to len bytes, decrypted etc if required.
84 */ 126 */
85int ssl2_read(SSL *s, void *buf, int len) 127static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
86 { 128 {
87 int n; 129 int n;
88 unsigned char mac[MAX_MAC_SIZE]; 130 unsigned char mac[MAX_MAC_SIZE];
@@ -90,14 +132,14 @@ int ssl2_read(SSL *s, void *buf, int len)
90 int i; 132 int i;
91 unsigned int mac_size=0; 133 unsigned int mac_size=0;
92 134
93ssl2_read_again: 135 ssl2_read_again:
94 if (SSL_in_init(s) && !s->in_handshake) 136 if (SSL_in_init(s) && !s->in_handshake)
95 { 137 {
96 n=s->handshake_func(s); 138 n=s->handshake_func(s);
97 if (n < 0) return(n); 139 if (n < 0) return(n);
98 if (n == 0) 140 if (n == 0)
99 { 141 {
100 SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE); 142 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
101 return(-1); 143 return(-1);
102 } 144 }
103 } 145 }
@@ -114,13 +156,22 @@ ssl2_read_again:
114 n=len; 156 n=len;
115 157
116 memcpy(buf,s->s2->ract_data,(unsigned int)n); 158 memcpy(buf,s->s2->ract_data,(unsigned int)n);
117 s->s2->ract_data_length-=n; 159 if (!peek)
118 s->s2->ract_data+=n; 160 {
119 if (s->s2->ract_data_length == 0) 161 s->s2->ract_data_length-=n;
120 s->rstate=SSL_ST_READ_HEADER; 162 s->s2->ract_data+=n;
163 if (s->s2->ract_data_length == 0)
164 s->rstate=SSL_ST_READ_HEADER;
165 }
166
121 return(n); 167 return(n);
122 } 168 }
123 169
170 /* s->s2->ract_data_length == 0
171 *
172 * Fill the buffer, then goto ssl2_read_again.
173 */
174
124 if (s->rstate == SSL_ST_READ_HEADER) 175 if (s->rstate == SSL_ST_READ_HEADER)
125 { 176 {
126 if (s->first_packet) 177 if (s->first_packet)
@@ -133,7 +184,7 @@ ssl2_read_again:
133 (p[2] == SSL2_MT_CLIENT_HELLO) || 184 (p[2] == SSL2_MT_CLIENT_HELLO) ||
134 (p[2] == SSL2_MT_SERVER_HELLO)))) 185 (p[2] == SSL2_MT_SERVER_HELLO))))
135 { 186 {
136 SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); 187 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
137 return(-1); 188 return(-1);
138 } 189 }
139 } 190 }
@@ -211,48 +262,49 @@ ssl2_read_again:
211 (unsigned int)mac_size) != 0) || 262 (unsigned int)mac_size) != 0) ||
212 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) 263 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
213 { 264 {
214 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE); 265 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
215 return(-1); 266 return(-1);
216 } 267 }
217 } 268 }
218 INC32(s->s2->read_sequence); /* expect next number */ 269 INC32(s->s2->read_sequence); /* expect next number */
219 /* s->s2->ract_data is now available for processing */ 270 /* s->s2->ract_data is now available for processing */
220 271
221#if 1 272 /* Possibly the packet that we just read had 0 actual data bytes.
222 /* How should we react when a packet containing 0 273 * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
223 * bytes is received? (Note that SSLeay/OpenSSL itself 274 * In this case, returning 0 would be interpreted by the caller
224 * never sends such packets; see ssl2_write.) 275 * as indicating EOF, so it's not a good idea. Instead, we just
225 * Returning 0 would be interpreted by the caller as 276 * continue reading; thus ssl2_read_internal may have to process
226 * indicating EOF, so it's not a good idea. 277 * multiple packets before it can return.
227 * Instead, we just continue reading. Note that using 278 *
228 * select() for blocking sockets *never* guarantees 279 * [Note that using select() for blocking sockets *never* guarantees
229 * that the next SSL_read will not block -- the available 280 * that the next SSL_read will not block -- the available
230 * data may contain incomplete packets, and except for SSL 2 281 * data may contain incomplete packets, and except for SSL 2,
231 * renegotiation can confuse things even more. */ 282 * renegotiation can confuse things even more.] */
232 283
233 goto ssl2_read_again; /* This should really be 284 goto ssl2_read_again; /* This should really be
234 * "return ssl2_read(s,buf,len)", 285 * "return ssl2_read(s,buf,len)",
235 * but that would allow for 286 * but that would allow for
236 * denial-of-service attacks if a 287 * denial-of-service attacks if a
237 * C compiler is used that does not 288 * C compiler is used that does not
238 * recognize end-recursion. */ 289 * recognize end-recursion. */
239#else
240 /* If a 0 byte packet was sent, return 0, otherwise
241 * we play havoc with people using select with
242 * blocking sockets. Let them handle a packet at a time,
243 * they should really be using non-blocking sockets. */
244 if (s->s2->ract_data_length == 0)
245 return(0);
246 return(ssl2_read(s,buf,len));
247#endif
248 } 290 }
249 else 291 else
250 { 292 {
251 SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE); 293 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
252 return(-1); 294 return(-1);
253 } 295 }
254 } 296 }
255 297
298int ssl2_read(SSL *s, void *buf, int len)
299 {
300 return ssl2_read_internal(s, buf, len, 0);
301 }
302
303int ssl2_peek(SSL *s, void *buf, int len)
304 {
305 return ssl2_read_internal(s, buf, len, 1);
306 }
307
256static int read_n(SSL *s, unsigned int n, unsigned int max, 308static int read_n(SSL *s, unsigned int n, unsigned int max,
257 unsigned int extend) 309 unsigned int extend)
258 { 310 {
@@ -483,6 +535,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
483 { 535 {
484 bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); 536 bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
485 j=len+mac_size; 537 j=len+mac_size;
538 /* Two-byte headers allow for a larger record length than
539 * three-byte headers, but we can't use them if we need
540 * padding or if we have to set the escape bit. */
486 if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && 541 if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
487 (!s->s2->escape)) 542 (!s->s2->escape))
488 { 543 {
@@ -498,25 +553,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
498 } 553 }
499 else if ((bs <= 1) && (!s->s2->escape)) 554 else if ((bs <= 1) && (!s->s2->escape))
500 { 555 {
501 /* len=len; */ 556 /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
557 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
502 s->s2->three_byte_header=0; 558 s->s2->three_byte_header=0;
503 p=0; 559 p=0;
504 } 560 }
505 else /* 3 byte header */ 561 else /* we may have to use a 3 byte header */
506 { 562 {
507 /*len=len; */ 563 /* If s->s2->escape is not set, then
564 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
565 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
508 p=(j%bs); 566 p=(j%bs);
509 p=(p == 0)?0:(bs-p); 567 p=(p == 0)?0:(bs-p);
510 if (s->s2->escape) 568 if (s->s2->escape)
569 {
511 s->s2->three_byte_header=1; 570 s->s2->three_byte_header=1;
571 if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
572 j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
573 }
512 else 574 else
513 s->s2->three_byte_header=(p == 0)?0:1; 575 s->s2->three_byte_header=(p == 0)?0:1;
514 } 576 }
515 } 577 }
578
579 /* Now
580 * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
581 * holds, and if s->s2->three_byte_header is set, then even
582 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
583 */
584
516 /* mac_size is the number of MAC bytes 585 /* mac_size is the number of MAC bytes
517 * len is the number of data bytes we are going to send 586 * len is the number of data bytes we are going to send
518 * p is the number of padding bytes 587 * p is the number of padding bytes
519 * if p == 0, it is a 2 byte header */ 588 * (if it is a two-byte header, then p == 0) */
520 589
521 s->s2->wlength=len; 590 s->s2->wlength=len;
522 s->s2->padding=p; 591 s->s2->padding=p;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index d92c164b0f..10d8d3b15a 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -365,7 +365,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
365 while (s->init_num < 4) 365 while (s->init_num < 4)
366 { 366 {
367 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], 367 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
368 4 - s->init_num); 368 4 - s->init_num, 0);
369 if (i <= 0) 369 if (i <= 0)
370 { 370 {
371 s->rwstate=SSL_READING; 371 s->rwstate=SSL_READING;
@@ -434,7 +434,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
434 n=s->s3->tmp.message_size; 434 n=s->s3->tmp.message_size;
435 while (n > 0) 435 while (n > 0)
436 { 436 {
437 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n); 437 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
438 if (i <= 0) 438 if (i <= 0)
439 { 439 {
440 s->rwstate=SSL_READING; 440 s->rwstate=SSL_READING;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 62040f9f1d..eec45cfa48 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -815,6 +815,7 @@ static int ssl3_get_server_certificate(SSL *s)
815 X509_free(s->session->peer); 815 X509_free(s->session->peer);
816 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 816 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
817 s->session->peer=x; 817 s->session->peer=x;
818 s->session->verify_result = s->verify_result;
818 819
819 x=NULL; 820 x=NULL;
820 ret=1; 821 ret=1;
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 012a4b8740..9f52c39ca9 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -504,7 +504,10 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
504 EVP_DigestFinal( &md_ctx,md,&md_size); 504 EVP_DigestFinal( &md_ctx,md,&md_size);
505 505
506 for (i=7; i>=0; i--) 506 for (i=7; i>=0; i--)
507 if (++seq[i]) break; 507 {
508 ++seq[i];
509 if (seq[i] != 0) break;
510 }
508 511
509 return(md_size); 512 return(md_size);
510 } 513 }
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index cee2021b6b..c32c06de32 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include <openssl/md5.h> 113#include <openssl/md5.h>
@@ -638,10 +691,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
638 return(NULL); 691 return(NULL);
639 } 692 }
640 693
641/* The problem is that it may not be the correct record type */
642int ssl3_pending(SSL *s) 694int ssl3_pending(SSL *s)
643 { 695 {
644 return(s->s3->rrec.length); 696 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
645 } 697 }
646 698
647int ssl3_new(SSL *s) 699int ssl3_new(SSL *s)
@@ -1189,7 +1241,7 @@ int ssl3_shutdown(SSL *s)
1189 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 1241 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
1190 { 1242 {
1191 /* If we are waiting for a close from our peer, we are closed */ 1243 /* If we are waiting for a close from our peer, we are closed */
1192 ssl3_read_bytes(s,0,NULL,0); 1244 ssl3_read_bytes(s,0,NULL,0,0);
1193 } 1245 }
1194 1246
1195 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 1247 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -1252,14 +1304,14 @@ int ssl3_write(SSL *s, const void *buf, int len)
1252 return(ret); 1304 return(ret);
1253 } 1305 }
1254 1306
1255int ssl3_read(SSL *s, void *buf, int len) 1307static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
1256 { 1308 {
1257 int ret; 1309 int ret;
1258 1310
1259 clear_sys_error(); 1311 clear_sys_error();
1260 if (s->s3->renegotiate) ssl3_renegotiate_check(s); 1312 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
1261 s->s3->in_read_app_data=1; 1313 s->s3->in_read_app_data=1;
1262 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1314 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1263 if ((ret == -1) && (s->s3->in_read_app_data == 0)) 1315 if ((ret == -1) && (s->s3->in_read_app_data == 0))
1264 { 1316 {
1265 /* ssl3_read_bytes decided to call s->handshake_func, which 1317 /* ssl3_read_bytes decided to call s->handshake_func, which
@@ -1269,7 +1321,7 @@ int ssl3_read(SSL *s, void *buf, int len)
1269 * by resetting 'in_read_app_data', strangely); so disable 1321 * by resetting 'in_read_app_data', strangely); so disable
1270 * handshake processing and try to read application data again. */ 1322 * handshake processing and try to read application data again. */
1271 s->in_handshake++; 1323 s->in_handshake++;
1272 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); 1324 ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
1273 s->in_handshake--; 1325 s->in_handshake--;
1274 } 1326 }
1275 else 1327 else
@@ -1278,26 +1330,14 @@ int ssl3_read(SSL *s, void *buf, int len)
1278 return(ret); 1330 return(ret);
1279 } 1331 }
1280 1332
1281int ssl3_peek(SSL *s, char *buf, int len) 1333int ssl3_read(SSL *s, void *buf, int len)
1282 { 1334 {
1283 SSL3_RECORD *rr; 1335 return ssl3_read_internal(s, buf, len, 0);
1284 int n; 1336 }
1285
1286 rr= &(s->s3->rrec);
1287 if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
1288 {
1289 n=ssl3_read(s,buf,1);
1290 if (n <= 0) return(n);
1291 rr->length++;
1292 rr->off--;
1293 }
1294 1337
1295 if ((unsigned int)len > rr->length) 1338int ssl3_peek(SSL *s, void *buf, int len)
1296 n=rr->length; 1339 {
1297 else 1340 return ssl3_read_internal(s, buf, len, 1);
1298 n=len;
1299 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
1300 return(n);
1301 } 1341 }
1302 1342
1303int ssl3_renegotiate(SSL *s) 1343int ssl3_renegotiate(SSL *s)
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 1414079853..9ab76604a6 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -704,7 +704,7 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
704 * Application data protocol 704 * Application data protocol
705 * none of our business 705 * none of our business
706 */ 706 */
707int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) 707int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
708 { 708 {
709 int al,i,j,ret; 709 int al,i,j,ret;
710 unsigned int n; 710 unsigned int n;
@@ -715,7 +715,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
715 if (!ssl3_setup_buffers(s)) 715 if (!ssl3_setup_buffers(s))
716 return(-1); 716 return(-1);
717 717
718 if ((type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) 718 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
719 (peek && (type != SSL3_RT_APPLICATION_DATA)))
719 { 720 {
720 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR); 721 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
721 return -1; 722 return -1;
@@ -728,6 +729,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
728 unsigned char *dst = buf; 729 unsigned char *dst = buf;
729 unsigned int k; 730 unsigned int k;
730 731
732 /* peek == 0 */
731 n = 0; 733 n = 0;
732 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) 734 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
733 { 735 {
@@ -763,7 +765,7 @@ start:
763 * s->s3->rrec.length, - number of bytes. */ 765 * s->s3->rrec.length, - number of bytes. */
764 rr = &(s->s3->rrec); 766 rr = &(s->s3->rrec);
765 767
766 /* get new packet */ 768 /* get new packet if necessary */
767 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 769 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
768 { 770 {
769 ret=ssl3_get_record(s); 771 ret=ssl3_get_record(s);
@@ -781,7 +783,8 @@ start:
781 goto err; 783 goto err;
782 } 784 }
783 785
784 /* If the other end has shutdown, throw anything we read away */ 786 /* If the other end has shut down, throw anything we read away
787 * (even in 'peek' mode) */
785 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 788 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
786 { 789 {
787 rr->length=0; 790 rr->length=0;
@@ -810,12 +813,15 @@ start:
810 n = (unsigned int)len; 813 n = (unsigned int)len;
811 814
812 memcpy(buf,&(rr->data[rr->off]),n); 815 memcpy(buf,&(rr->data[rr->off]),n);
813 rr->length-=n; 816 if (!peek)
814 rr->off+=n;
815 if (rr->length == 0)
816 { 817 {
817 s->rstate=SSL_ST_READ_HEADER; 818 rr->length-=n;
818 rr->off=0; 819 rr->off+=n;
820 if (rr->length == 0)
821 {
822 s->rstate=SSL_ST_READ_HEADER;
823 rr->off=0;
824 }
819 } 825 }
820 return(n); 826 return(n);
821 } 827 }
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index fdbdc70ba7..9de9e611ab 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -206,7 +206,7 @@ typedef struct ssl_method_st
206 int (*ssl_accept)(SSL *s); 206 int (*ssl_accept)(SSL *s);
207 int (*ssl_connect)(SSL *s); 207 int (*ssl_connect)(SSL *s);
208 int (*ssl_read)(SSL *s,void *buf,int len); 208 int (*ssl_read)(SSL *s,void *buf,int len);
209 int (*ssl_peek)(SSL *s,char *buf,int len); 209 int (*ssl_peek)(SSL *s,void *buf,int len);
210 int (*ssl_write)(SSL *s,const void *buf,int len); 210 int (*ssl_write)(SSL *s,const void *buf,int len);
211 int (*ssl_shutdown)(SSL *s); 211 int (*ssl_shutdown)(SSL *s);
212 int (*ssl_renegotiate)(SSL *s); 212 int (*ssl_renegotiate)(SSL *s);
@@ -1061,9 +1061,9 @@ int SSL_set_trust(SSL *s, int trust);
1061void SSL_free(SSL *ssl); 1061void SSL_free(SSL *ssl);
1062int SSL_accept(SSL *ssl); 1062int SSL_accept(SSL *ssl);
1063int SSL_connect(SSL *ssl); 1063int SSL_connect(SSL *ssl);
1064int SSL_read(SSL *ssl,char *buf,int num); 1064int SSL_read(SSL *ssl,void *buf,int num);
1065int SSL_peek(SSL *ssl,char *buf,int num); 1065int SSL_peek(SSL *ssl,void *buf,int num);
1066int SSL_write(SSL *ssl,const char *buf,int num); 1066int SSL_write(SSL *ssl,const void *buf,int num);
1067long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); 1067long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
1068long SSL_callback_ctrl(SSL *, int, void (*)()); 1068long SSL_callback_ctrl(SSL *, int, void (*)());
1069long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); 1069long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
@@ -1178,7 +1178,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1178#define SSL_CTX_get_read_ahead(ctx) \ 1178#define SSL_CTX_get_read_ahead(ctx) \
1179 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 1179 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1180#define SSL_CTX_set_read_ahead(ctx,m) \ 1180#define SSL_CTX_set_read_ahead(ctx,m) \
1181 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) 1181 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1182 1182
1183 /* NB: the keylength is only applicable when is_export is true */ 1183 /* NB: the keylength is only applicable when is_export is true */
1184#ifndef NO_RSA 1184#ifndef NO_RSA
@@ -1209,6 +1209,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1209/* The following lines are auto generated by the script mkerr.pl. Any changes 1209/* The following lines are auto generated by the script mkerr.pl. Any changes
1210 * made after this point may be overwritten when the script is next run. 1210 * made after this point may be overwritten when the script is next run.
1211 */ 1211 */
1212void ERR_load_SSL_strings(void);
1212 1213
1213/* Error codes for the SSL functions. */ 1214/* Error codes for the SSL functions. */
1214 1215
@@ -1233,12 +1234,15 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1233#define SSL_F_SSL23_CONNECT 117 1234#define SSL_F_SSL23_CONNECT 117
1234#define SSL_F_SSL23_GET_CLIENT_HELLO 118 1235#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1235#define SSL_F_SSL23_GET_SERVER_HELLO 119 1236#define SSL_F_SSL23_GET_SERVER_HELLO 119
1237#define SSL_F_SSL23_PEEK 237
1236#define SSL_F_SSL23_READ 120 1238#define SSL_F_SSL23_READ 120
1237#define SSL_F_SSL23_WRITE 121 1239#define SSL_F_SSL23_WRITE 121
1238#define SSL_F_SSL2_ACCEPT 122 1240#define SSL_F_SSL2_ACCEPT 122
1239#define SSL_F_SSL2_CONNECT 123 1241#define SSL_F_SSL2_CONNECT 123
1240#define SSL_F_SSL2_ENC_INIT 124 1242#define SSL_F_SSL2_ENC_INIT 124
1243#define SSL_F_SSL2_PEEK 234
1241#define SSL_F_SSL2_READ 125 1244#define SSL_F_SSL2_READ 125
1245#define SSL_F_SSL2_READ_INTERNAL 236
1242#define SSL_F_SSL2_SET_CERTIFICATE 126 1246#define SSL_F_SSL2_SET_CERTIFICATE 126
1243#define SSL_F_SSL2_WRITE 127 1247#define SSL_F_SSL2_WRITE 127
1244#define SSL_F_SSL3_ACCEPT 128 1248#define SSL_F_SSL3_ACCEPT 128
@@ -1263,6 +1267,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1263#define SSL_F_SSL3_GET_SERVER_DONE 145 1267#define SSL_F_SSL3_GET_SERVER_DONE 145
1264#define SSL_F_SSL3_GET_SERVER_HELLO 146 1268#define SSL_F_SSL3_GET_SERVER_HELLO 146
1265#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 1269#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1270#define SSL_F_SSL3_PEEK 235
1266#define SSL_F_SSL3_READ_BYTES 148 1271#define SSL_F_SSL3_READ_BYTES 148
1267#define SSL_F_SSL3_READ_N 149 1272#define SSL_F_SSL3_READ_N 149
1268#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 1273#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
@@ -1559,4 +1564,3 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1559} 1564}
1560#endif 1565#endif
1561#endif 1566#endif
1562
diff --git a/src/lib/libssl/src/ssl/ssl2.h b/src/lib/libssl/src/ssl/ssl2.h
index df7d03c18f..f8b56afb6b 100644
--- a/src/lib/libssl/src/ssl/ssl2.h
+++ b/src/lib/libssl/src/ssl/ssl2.h
@@ -134,11 +134,11 @@ extern "C" {
134/* Upper/Lower Bounds */ 134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef MPE 136#ifdef MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)29998 137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else 138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif 140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ 141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142 142
143#define SSL2_CHALLENGE_LENGTH 16 143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */ 144/*#define SSL2_CHALLENGE_LENGTH 32 */
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c
index a91ee6d22e..dde8918fe0 100644
--- a/src/lib/libssl/src/ssl/ssl_algs.c
+++ b/src/lib/libssl/src/ssl/ssl_algs.c
@@ -88,9 +88,13 @@ int SSL_library_init(void)
88#ifndef NO_SHA 88#ifndef NO_SHA
89 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 89 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
90 EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); 90 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
91 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
91#endif 92#endif
92#if !defined(NO_SHA) && !defined(NO_DSA) 93#if !defined(NO_SHA) && !defined(NO_DSA)
93 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ 94 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
95 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
96 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
97 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
94#endif 98#endif
95 99
96 /* If you want support for phased out ciphers, add the following */ 100 /* If you want support for phased out ciphers, add the following */
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index c26df62c20..27e7fcc60a 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -271,7 +271,9 @@ CERT *ssl_cert_dup(CERT *cert)
271 271
272 return(ret); 272 return(ret);
273 273
274#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
274err: 275err:
276#endif
275#ifndef NO_RSA 277#ifndef NO_RSA
276 if (ret->rsa_tmp != NULL) 278 if (ret->rsa_tmp != NULL)
277 RSA_free(ret->rsa_tmp); 279 RSA_free(ret->rsa_tmp);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 17b4caf528..1ae3333407 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -86,12 +86,15 @@ static ERR_STRING_DATA SSL_str_functs[]=
86{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, 86{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
87{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, 87{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"},
88{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, 88{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"},
89{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"},
89{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, 90{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"},
90{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, 91{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"},
91{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, 92{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
92{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, 93{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
93{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, 94{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
95{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
94{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, 96{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
97{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
95{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, 98{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
96{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, 99{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
97{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, 100{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},
@@ -116,6 +119,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
116{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, 119{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"},
117{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, 120{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"},
118{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, 121{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"},
122{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"},
119{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, 123{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"},
120{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, 124{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"},
121{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, 125{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 635b25062e..1fe85b6cb7 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -119,7 +119,9 @@ int SSL_clear(SSL *s)
119 s->client_version=s->version; 119 s->client_version=s->version;
120 s->rwstate=SSL_NOTHING; 120 s->rwstate=SSL_NOTHING;
121 s->rstate=SSL_ST_READ_HEADER; 121 s->rstate=SSL_ST_READ_HEADER;
122#if 0
122 s->read_ahead=s->ctx->read_ahead; 123 s->read_ahead=s->ctx->read_ahead;
124#endif
123 125
124 if (s->init_buf != NULL) 126 if (s->init_buf != NULL)
125 { 127 {
@@ -229,6 +231,7 @@ SSL *SSL_new(SSL_CTX *ctx)
229 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 231 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
230 s->options=ctx->options; 232 s->options=ctx->options;
231 s->mode=ctx->mode; 233 s->mode=ctx->mode;
234 s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
232 SSL_clear(s); 235 SSL_clear(s);
233 236
234 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data); 237 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
@@ -705,7 +708,7 @@ long SSL_get_default_timeout(SSL *s)
705 return(s->method->get_timeout()); 708 return(s->method->get_timeout());
706 } 709 }
707 710
708int SSL_read(SSL *s,char *buf,int num) 711int SSL_read(SSL *s,void *buf,int num)
709 { 712 {
710 if (s->handshake_func == 0) 713 if (s->handshake_func == 0)
711 { 714 {
@@ -721,8 +724,14 @@ int SSL_read(SSL *s,char *buf,int num)
721 return(s->method->ssl_read(s,buf,num)); 724 return(s->method->ssl_read(s,buf,num));
722 } 725 }
723 726
724int SSL_peek(SSL *s,char *buf,int num) 727int SSL_peek(SSL *s,void *buf,int num)
725 { 728 {
729 if (s->handshake_func == 0)
730 {
731 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
732 return -1;
733 }
734
726 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 735 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
727 { 736 {
728 return(0); 737 return(0);
@@ -730,7 +739,7 @@ int SSL_peek(SSL *s,char *buf,int num)
730 return(s->method->ssl_peek(s,buf,num)); 739 return(s->method->ssl_peek(s,buf,num));
731 } 740 }
732 741
733int SSL_write(SSL *s,const char *buf,int num) 742int SSL_write(SSL *s,const void *buf,int num)
734 { 743 {
735 if (s->handshake_func == 0) 744 if (s->handshake_func == 0)
736 { 745 {
@@ -1676,6 +1685,10 @@ SSL *SSL_dup(SSL *s)
1676 1685
1677 if (s->cert != NULL) 1686 if (s->cert != NULL)
1678 { 1687 {
1688 if (ret->cert != NULL)
1689 {
1690 ssl_cert_free(ret->cert);
1691 }
1679 ret->cert = ssl_cert_dup(s->cert); 1692 ret->cert = ssl_cert_dup(s->cert);
1680 if (ret->cert == NULL) 1693 if (ret->cert == NULL)
1681 goto err; 1694 goto err;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index d70fff4627..516d3cc5ae 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#ifndef HEADER_SSL_LOCL_H 112#ifndef HEADER_SSL_LOCL_H
60#define HEADER_SSL_LOCL_H 113#define HEADER_SSL_LOCL_H
@@ -463,7 +516,7 @@ void ssl2_free(SSL *s);
463int ssl2_accept(SSL *s); 516int ssl2_accept(SSL *s);
464int ssl2_connect(SSL *s); 517int ssl2_connect(SSL *s);
465int ssl2_read(SSL *s, void *buf, int len); 518int ssl2_read(SSL *s, void *buf, int len);
466int ssl2_peek(SSL *s, char *buf, int len); 519int ssl2_peek(SSL *s, void *buf, int len);
467int ssl2_write(SSL *s, const void *buf, int len); 520int ssl2_write(SSL *s, const void *buf, int len);
468int ssl2_shutdown(SSL *s); 521int ssl2_shutdown(SSL *s);
469void ssl2_clear(SSL *s); 522void ssl2_clear(SSL *s);
@@ -494,7 +547,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u);
494int ssl3_renegotiate(SSL *ssl); 547int ssl3_renegotiate(SSL *ssl);
495int ssl3_renegotiate_check(SSL *ssl); 548int ssl3_renegotiate_check(SSL *ssl);
496int ssl3_dispatch_alert(SSL *s); 549int ssl3_dispatch_alert(SSL *s);
497int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len); 550int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
498int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); 551int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
499int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, 552int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
500 const char *sender, int slen,unsigned char *p); 553 const char *sender, int slen,unsigned char *p);
@@ -511,7 +564,7 @@ void ssl3_free(SSL *s);
511int ssl3_accept(SSL *s); 564int ssl3_accept(SSL *s);
512int ssl3_connect(SSL *s); 565int ssl3_connect(SSL *s);
513int ssl3_read(SSL *s, void *buf, int len); 566int ssl3_read(SSL *s, void *buf, int len);
514int ssl3_peek(SSL *s,char *buf, int len); 567int ssl3_peek(SSL *s, void *buf, int len);
515int ssl3_write(SSL *s, const void *buf, int len); 568int ssl3_write(SSL *s, const void *buf, int len);
516int ssl3_shutdown(SSL *s); 569int ssl3_shutdown(SSL *s);
517void ssl3_clear(SSL *s); 570void ssl3_clear(SSL *s);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 416def8908..7064262def 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
508 if (s->session != NULL) 508 if (s->session != NULL)
509 SSL_SESSION_free(s->session); 509 SSL_SESSION_free(s->session);
510 s->session=session; 510 s->session=session;
511 s->verify_result = s->session->verify_result;
511 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ 512 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
512 ret=1; 513 ret=1;
513 } 514 }
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 0d34357eb4..d10a23af8e 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -572,7 +572,10 @@ printf("rec=");
572#endif 572#endif
573 573
574 for (i=7; i>=0; i--) 574 for (i=7; i>=0; i--)
575 if (++seq[i]) break; 575 {
576 ++seq[i];
577 if (seq[i] != 0) break;
578 }
576 579
577#ifdef TLS_DEBUG 580#ifdef TLS_DEBUG
578{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); } 581{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl
index b961dabc3c..9c7b7dd158 100644
--- a/src/lib/libssl/src/test/Makefile.ssl
+++ b/src/lib/libssl/src/test/Makefile.ssl
@@ -192,7 +192,7 @@ test_bn:
192 @./$(BNTEST) >tmp.bntest 192 @./$(BNTEST) >tmp.bntest
193 @echo quit >>tmp.bntest 193 @echo quit >>tmp.bntest
194 @echo "running bc" 194 @echo "running bc"
195 @bc tmp.bntest 2>&1 | $(PERL) -e 'while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} print STDERR "."; $$i++;} print STDERR "\n$$i tests passed\n"' 195 @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
196 @echo 'test a^b%c implementations' 196 @echo 'test a^b%c implementations'
197 ./$(EXPTEST) 197 ./$(EXPTEST)
198 198
@@ -241,7 +241,7 @@ dclean:
241 mv -f Makefile.new $(MAKEFILE) 241 mv -f Makefile.new $(MAKEFILE)
242 242
243clean: 243clean:
244 rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log 244 rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
245 245
246$(DLIBSSL): 246$(DLIBSSL):
247 (cd ../ssl; $(MAKE)) 247 (cd ../ssl; $(MAKE))
diff --git a/src/lib/libssl/src/tools/c_rehash.in b/src/lib/libssl/src/tools/c_rehash.in
index baec7c14ff..26db8999d8 100644
--- a/src/lib/libssl/src/tools/c_rehash.in
+++ b/src/lib/libssl/src/tools/c_rehash.in
@@ -117,7 +117,12 @@ sub link_hash_cert {
117 } 117 }
118 $hash .= ".$suffix"; 118 $hash .= ".$suffix";
119 print "$fname => $hash\n"; 119 print "$fname => $hash\n";
120 symlink $fname, $hash; 120 $symlink_exists=eval {symlink("",""); 1};
121 if ($symlink_exists) {
122 symlink $fname, $hash;
123 } else {
124 system ("cp", $fname, $hash);
125 }
121 $hashlist{$hash} = $fprint; 126 $hashlist{$hash} = $fprint;
122} 127}
123 128
@@ -142,7 +147,12 @@ sub link_hash_crl {
142 } 147 }
143 $hash .= ".r$suffix"; 148 $hash .= ".r$suffix";
144 print "$fname => $hash\n"; 149 print "$fname => $hash\n";
145 symlink $fname, $hash; 150 $symlink_exists=eval {symlink("",""); 1};
151 if ($symlink_exists) {
152 symlink $fname, $hash;
153 } else {
154 system ("cp", $fname, $hash);
155 }
146 $hashlist{$hash} = $fprint; 156 $hashlist{$hash} = $fprint;
147} 157}
148 158
diff --git a/src/lib/libssl/src/util/clean-depend.pl b/src/lib/libssl/src/util/clean-depend.pl
index af676af751..0193e726fe 100644
--- a/src/lib/libssl/src/util/clean-depend.pl
+++ b/src/lib/libssl/src/util/clean-depend.pl
@@ -15,8 +15,8 @@ while(<STDIN>) {
15 my ($file,$deps)=/^(.*): (.*)$/; 15 my ($file,$deps)=/^(.*): (.*)$/;
16 next if !defined $deps; 16 next if !defined $deps;
17 my @deps=split ' ',$deps; 17 my @deps=split ' ',$deps;
18 @deps=grep(!/^\/usr\/include/,@deps); 18 @deps=grep(!/^\//,@deps);
19 @deps=grep(!/^\/usr\/lib\/gcc-lib/,@deps); 19 @deps=grep(!/^\\$/,@deps);
20 push @{$files{$file}},@deps; 20 push @{$files{$file}},@deps;
21} 21}
22 22
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index e8eebbf50c..84ae840804 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -301,8 +301,8 @@ EVP_des_ede_cfb 308 EXIST::FUNCTION:DES
301EVP_des_ede_ofb 309 EXIST::FUNCTION:DES 301EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
302EVP_des_ofb 310 EXIST::FUNCTION:DES 302EVP_des_ofb 310 EXIST::FUNCTION:DES
303EVP_desx_cbc 311 EXIST::FUNCTION:DES 303EVP_desx_cbc 311 EXIST::FUNCTION:DES
304EVP_dss 312 EXIST::FUNCTION:DSA 304EVP_dss 312 EXIST::FUNCTION:DSA,SHA
305EVP_dss1 313 EXIST::FUNCTION:DSA 305EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
306EVP_enc_null 314 EXIST::FUNCTION: 306EVP_enc_null 314 EXIST::FUNCTION:
307EVP_get_cipherbyname 315 EXIST::FUNCTION: 307EVP_get_cipherbyname 315 EXIST::FUNCTION:
308EVP_get_digestbyname 316 EXIST::FUNCTION: 308EVP_get_digestbyname 316 EXIST::FUNCTION:
@@ -779,7 +779,7 @@ des_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES
779des_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES 779des_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES
780des_enc_read 788 EXIST::FUNCTION:DES 780des_enc_read 788 EXIST::FUNCTION:DES
781des_enc_write 789 EXIST::FUNCTION:DES 781des_enc_write 789 EXIST::FUNCTION:DES
782des_encrypt 790 EXIST::FUNCTION:DES 782des_encrypt1 790 EXIST::FUNCTION:DES
783des_encrypt2 791 EXIST::FUNCTION:DES 783des_encrypt2 791 EXIST::FUNCTION:DES
784des_encrypt3 792 EXIST::FUNCTION:DES 784des_encrypt3 792 EXIST::FUNCTION:DES
785des_fcrypt 793 EXIST::FUNCTION:DES 785des_fcrypt 793 EXIST::FUNCTION:DES
@@ -926,7 +926,7 @@ PKCS7_add_signature 938 EXIST::FUNCTION:
926PKCS7_cert_from_signer_info 939 EXIST::FUNCTION: 926PKCS7_cert_from_signer_info 939 EXIST::FUNCTION:
927PKCS7_get_signer_info 940 EXIST::FUNCTION: 927PKCS7_get_signer_info 940 EXIST::FUNCTION:
928EVP_delete_alias 941 NOEXIST::FUNCTION: 928EVP_delete_alias 941 NOEXIST::FUNCTION:
929EVP_mdc2 942 EXIST::FUNCTION: 929EVP_mdc2 942 EXIST::FUNCTION:MDC2
930PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA 930PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA
931PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA 931PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA
932d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA 932d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA
@@ -1870,61 +1870,64 @@ X509_keyid_set1 2460 EXIST::FUNCTION:
1870BIO_next 2461 EXIST::FUNCTION: 1870BIO_next 2461 EXIST::FUNCTION:
1871DSO_METHOD_vms 2462 EXIST::FUNCTION: 1871DSO_METHOD_vms 2462 EXIST::FUNCTION:
1872BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: 1872BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION:
1873ERR_load_ENGINE_strings 2464 EXIST::FUNCTION: 1873BN_bntest_rand 2464 EXIST::FUNCTION:
1874ENGINE_set_DSA 2465 EXIST::FUNCTION: 1874OPENSSL_issetugid 2465 EXIST::FUNCTION:
1875ENGINE_get_finish_function 2466 EXIST::FUNCTION: 1875BN_rand_range 2466 EXIST::FUNCTION:
1876ENGINE_get_default_RSA 2467 EXIST::FUNCTION: 1876ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:
1877ENGINE_get_BN_mod_exp 2468 EXIST::FUNCTION: 1877ENGINE_set_DSA 2468 EXIST::FUNCTION:
1878DSA_get_default_openssl_method 2469 EXIST::FUNCTION:DSA 1878ENGINE_get_finish_function 2469 EXIST::FUNCTION:
1879ENGINE_set_DH 2470 EXIST::FUNCTION: 1879ENGINE_get_default_RSA 2470 EXIST::FUNCTION:
1880ENGINE_set_default_BN_mod_exp_crt 2471 EXIST:!VMS:FUNCTION: 1880ENGINE_get_BN_mod_exp 2471 EXIST::FUNCTION:
1881ENGINE_set_def_BN_mod_exp_crt 2471 EXIST:VMS:FUNCTION: 1881DSA_get_default_openssl_method 2472 EXIST::FUNCTION:DSA
1882ENGINE_init 2472 EXIST::FUNCTION: 1882ENGINE_set_DH 2473 EXIST::FUNCTION:
1883DH_get_default_openssl_method 2473 EXIST::FUNCTION:DH 1883ENGINE_set_default_BN_mod_exp_crt 2474 EXIST:!VMS:FUNCTION:
1884RSA_set_default_openssl_method 2474 EXIST::FUNCTION:RSA 1884ENGINE_set_def_BN_mod_exp_crt 2474 EXIST:VMS:FUNCTION:
1885ENGINE_finish 2475 EXIST::FUNCTION: 1885ENGINE_init 2475 EXIST::FUNCTION:
1886ENGINE_load_public_key 2476 EXIST::FUNCTION: 1886DH_get_default_openssl_method 2476 EXIST::FUNCTION:DH
1887ENGINE_get_DH 2477 EXIST::FUNCTION: 1887RSA_set_default_openssl_method 2477 EXIST::FUNCTION:RSA
1888ENGINE_ctrl 2478 EXIST::FUNCTION: 1888ENGINE_finish 2478 EXIST::FUNCTION:
1889ENGINE_get_init_function 2479 EXIST::FUNCTION: 1889ENGINE_load_public_key 2479 EXIST::FUNCTION:
1890ENGINE_set_init_function 2480 EXIST::FUNCTION: 1890ENGINE_get_DH 2480 EXIST::FUNCTION:
1891ENGINE_set_default_DSA 2481 EXIST::FUNCTION: 1891ENGINE_ctrl 2481 EXIST::FUNCTION:
1892ENGINE_get_name 2482 EXIST::FUNCTION: 1892ENGINE_get_init_function 2482 EXIST::FUNCTION:
1893ENGINE_get_last 2483 EXIST::FUNCTION: 1893ENGINE_set_init_function 2483 EXIST::FUNCTION:
1894ENGINE_get_prev 2484 EXIST::FUNCTION: 1894ENGINE_set_default_DSA 2484 EXIST::FUNCTION:
1895ENGINE_get_default_DH 2485 EXIST::FUNCTION: 1895ENGINE_get_name 2485 EXIST::FUNCTION:
1896ENGINE_get_RSA 2486 EXIST::FUNCTION: 1896ENGINE_get_last 2486 EXIST::FUNCTION:
1897ENGINE_set_default 2487 EXIST::FUNCTION: 1897ENGINE_get_prev 2487 EXIST::FUNCTION:
1898ENGINE_get_RAND 2488 EXIST::FUNCTION: 1898ENGINE_get_default_DH 2488 EXIST::FUNCTION:
1899ENGINE_get_first 2489 EXIST::FUNCTION: 1899ENGINE_get_RSA 2489 EXIST::FUNCTION:
1900ENGINE_by_id 2490 EXIST::FUNCTION: 1900ENGINE_set_default 2490 EXIST::FUNCTION:
1901ENGINE_set_finish_function 2491 EXIST::FUNCTION: 1901ENGINE_get_RAND 2491 EXIST::FUNCTION:
1902ENGINE_get_default_BN_mod_exp_crt 2492 EXIST:!VMS:FUNCTION: 1902ENGINE_get_first 2492 EXIST::FUNCTION:
1903ENGINE_get_def_BN_mod_exp_crt 2492 EXIST:VMS:FUNCTION: 1903ENGINE_by_id 2493 EXIST::FUNCTION:
1904RSA_get_default_openssl_method 2493 EXIST::FUNCTION:RSA 1904ENGINE_set_finish_function 2494 EXIST::FUNCTION:
1905ENGINE_set_RSA 2494 EXIST::FUNCTION: 1905ENGINE_get_default_BN_mod_exp_crt 2495 EXIST:!VMS:FUNCTION:
1906ENGINE_load_private_key 2495 EXIST::FUNCTION: 1906ENGINE_get_def_BN_mod_exp_crt 2495 EXIST:VMS:FUNCTION:
1907ENGINE_set_default_RAND 2496 EXIST::FUNCTION: 1907RSA_get_default_openssl_method 2496 EXIST::FUNCTION:RSA
1908ENGINE_set_BN_mod_exp 2497 EXIST::FUNCTION: 1908ENGINE_set_RSA 2497 EXIST::FUNCTION:
1909ENGINE_remove 2498 EXIST::FUNCTION: 1909ENGINE_load_private_key 2498 EXIST::FUNCTION:
1910ENGINE_free 2499 EXIST::FUNCTION: 1910ENGINE_set_default_RAND 2499 EXIST::FUNCTION:
1911ENGINE_get_BN_mod_exp_crt 2500 EXIST::FUNCTION: 1911ENGINE_set_BN_mod_exp 2500 EXIST::FUNCTION:
1912ENGINE_get_next 2501 EXIST::FUNCTION: 1912ENGINE_remove 2501 EXIST::FUNCTION:
1913ENGINE_set_name 2502 EXIST::FUNCTION: 1913ENGINE_free 2502 EXIST::FUNCTION:
1914ENGINE_get_default_DSA 2503 EXIST::FUNCTION: 1914ENGINE_get_BN_mod_exp_crt 2503 EXIST::FUNCTION:
1915ENGINE_set_default_BN_mod_exp 2504 EXIST::FUNCTION: 1915ENGINE_get_next 2504 EXIST::FUNCTION:
1916ENGINE_set_default_RSA 2505 EXIST::FUNCTION: 1916ENGINE_set_name 2505 EXIST::FUNCTION:
1917ENGINE_get_default_RAND 2506 EXIST::FUNCTION: 1917ENGINE_get_default_DSA 2506 EXIST::FUNCTION:
1918ENGINE_get_default_BN_mod_exp 2507 EXIST::FUNCTION: 1918ENGINE_set_default_BN_mod_exp 2507 EXIST::FUNCTION:
1919ENGINE_set_RAND 2508 EXIST::FUNCTION: 1919ENGINE_set_default_RSA 2508 EXIST::FUNCTION:
1920ENGINE_set_id 2509 EXIST::FUNCTION: 1920ENGINE_get_default_RAND 2509 EXIST::FUNCTION:
1921ENGINE_set_BN_mod_exp_crt 2510 EXIST::FUNCTION: 1921ENGINE_get_default_BN_mod_exp 2510 EXIST::FUNCTION:
1922ENGINE_set_default_DH 2511 EXIST::FUNCTION: 1922ENGINE_set_RAND 2511 EXIST::FUNCTION:
1923ENGINE_new 2512 EXIST::FUNCTION: 1923ENGINE_set_id 2512 EXIST::FUNCTION:
1924ENGINE_get_id 2513 EXIST::FUNCTION: 1924ENGINE_set_BN_mod_exp_crt 2513 EXIST::FUNCTION:
1925DSA_set_default_openssl_method 2514 EXIST::FUNCTION:DSA 1925ENGINE_set_default_DH 2514 EXIST::FUNCTION:
1926ENGINE_add 2515 EXIST::FUNCTION: 1926ENGINE_new 2515 EXIST::FUNCTION:
1927DH_set_default_openssl_method 2516 EXIST::FUNCTION:DH 1927ENGINE_get_id 2516 EXIST::FUNCTION:
1928ENGINE_get_DSA 2517 EXIST::FUNCTION: 1928DSA_set_default_openssl_method 2517 EXIST::FUNCTION:DSA
1929ENGINE_get_ctrl_function 2518 EXIST::FUNCTION: 1929ENGINE_add 2518 EXIST::FUNCTION:
1930ENGINE_set_ctrl_function 2519 EXIST::FUNCTION: 1930DH_set_default_openssl_method 2519 EXIST::FUNCTION:DH
1931ENGINE_get_DSA 2520 EXIST::FUNCTION:
1932ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:
1933ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index cc41a1813e..ba453358cf 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -119,7 +119,7 @@ foreach (@ARGV, split(/ /, $options))
119 elsif (/^no-rc4$/) { $no_rc4=1; } 119 elsif (/^no-rc4$/) { $no_rc4=1; }
120 elsif (/^no-rc5$/) { $no_rc5=1; } 120 elsif (/^no-rc5$/) { $no_rc5=1; }
121 elsif (/^no-idea$/) { $no_idea=1; } 121 elsif (/^no-idea$/) { $no_idea=1; }
122 elsif (/^no-des$/) { $no_des=1; } 122 elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; }
123 elsif (/^no-bf$/) { $no_bf=1; } 123 elsif (/^no-bf$/) { $no_bf=1; }
124 elsif (/^no-cast$/) { $no_cast=1; } 124 elsif (/^no-cast$/) { $no_cast=1; }
125 elsif (/^no-md2$/) { $no_md2=1; } 125 elsif (/^no-md2$/) { $no_md2=1; }
@@ -705,7 +705,8 @@ EOF
705 } else { 705 } else {
706 (my $n, my $i) = split /\\/, $nums{$s}; 706 (my $n, my $i) = split /\\/, $nums{$s};
707 my %pf = (); 707 my %pf = ();
708 my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1)); 708 my @p = split(/,/, ($i =~ /^[^:]*:([^:]*):/,$1));
709 my @a = split(/,/, ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1));
709 # @p_purged must contain hardware platforms only 710 # @p_purged must contain hardware platforms only
710 my @p_purged = (); 711 my @p_purged = ();
711 foreach $ptmp (@p) { 712 foreach $ptmp (@p) {
@@ -727,7 +728,26 @@ EOF
727 || (!$negatives 728 || (!$negatives
728 && ($rsaref || !grep(/^RSAREF$/,@p))) 729 && ($rsaref || !grep(/^RSAREF$/,@p)))
729 || ($negatives 730 || ($negatives
730 && (!$rsaref || !grep(/^!RSAREF$/,@p))))) { 731 && (!$rsaref || !grep(/^!RSAREF$/,@p))))
732 && (!@a || (!$no_rc2 || !grep(/^RC2$/,@a)))
733 && (!@a || (!$no_rc4 || !grep(/^RC4$/,@a)))
734 && (!@a || (!$no_rc5 || !grep(/^RC5$/,@a)))
735 && (!@a || (!$no_idea || !grep(/^IDEA$/,@a)))
736 && (!@a || (!$no_des || !grep(/^DES$/,@a)))
737 && (!@a || (!$no_bf || !grep(/^BF$/,@a)))
738 && (!@a || (!$no_cast || !grep(/^CAST$/,@a)))
739 && (!@a || (!$no_md2 || !grep(/^MD2$/,@a)))
740 && (!@a || (!$no_md4 || !grep(/^MD4$/,@a)))
741 && (!@a || (!$no_md5 || !grep(/^MD5$/,@a)))
742 && (!@a || (!$no_sha || !grep(/^SHA$/,@a)))
743 && (!@a || (!$no_ripemd || !grep(/^RIPEMD$/,@a)))
744 && (!@a || (!$no_mdc2 || !grep(/^MDC2$/,@a)))
745 && (!@a || (!$no_rsa || !grep(/^RSA$/,@a)))
746 && (!@a || (!$no_dsa || !grep(/^DSA$/,@a)))
747 && (!@a || (!$no_dh || !grep(/^DH$/,@a)))
748 && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a)))
749 && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a)))
750 ) {
731 printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n; 751 printf OUT " %s%-40s@%d\n",($W32)?"":"_",$s,$n;
732# } else { 752# } else {
733# print STDERR "DEBUG: \"$sym\" (@p):", 753# print STDERR "DEBUG: \"$sym\" (@p):",
diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl
index d7b997ada7..9e9c9a5146 100644
--- a/src/lib/libssl/src/util/mklink.pl
+++ b/src/lib/libssl/src/util/mklink.pl
@@ -48,8 +48,13 @@ foreach $dirname (@from_path) {
48my $to = join('/', @to_path); 48my $to = join('/', @to_path);
49 49
50my $file; 50my $file;
51$symlink_exists=eval {symlink("",""); 1};
51foreach $file (@files) { 52foreach $file (@files) {
52 my $err = ""; 53 my $err = "";
53 symlink("$to/$file", "$from/$file") or $err = " [$!]"; 54 if ($symlink_exists) {
55 symlink("$to/$file", "$from/$file") or $err = " [$!]";
56 } else {
57 system ("cp", "$file", "$from/$file") and $err = " [$!]";
58 }
54 print $file . " => $from/$file$err\n"; 59 print $file . " => $from/$file$err\n";
55} 60}
diff --git a/src/lib/libssl/src/util/pod2man.pl b/src/lib/libssl/src/util/pod2man.pl
index f5ec0767ed..c6b64add60 100644
--- a/src/lib/libssl/src/util/pod2man.pl
+++ b/src/lib/libssl/src/util/pod2man.pl
@@ -416,6 +416,8 @@ if ($name ne 'something') {
416 warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n" 416 warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
417 } 417 }
418 else { 418 else {
419 $n[0] =~ s/\n/ /;
420 $n[1] =~ s/\n/ /;
419 %namedesc = @n; 421 %namedesc = @n;
420 } 422 }
421 } 423 }
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index fdbdc70ba7..9de9e611ab 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -206,7 +206,7 @@ typedef struct ssl_method_st
206 int (*ssl_accept)(SSL *s); 206 int (*ssl_accept)(SSL *s);
207 int (*ssl_connect)(SSL *s); 207 int (*ssl_connect)(SSL *s);
208 int (*ssl_read)(SSL *s,void *buf,int len); 208 int (*ssl_read)(SSL *s,void *buf,int len);
209 int (*ssl_peek)(SSL *s,char *buf,int len); 209 int (*ssl_peek)(SSL *s,void *buf,int len);
210 int (*ssl_write)(SSL *s,const void *buf,int len); 210 int (*ssl_write)(SSL *s,const void *buf,int len);
211 int (*ssl_shutdown)(SSL *s); 211 int (*ssl_shutdown)(SSL *s);
212 int (*ssl_renegotiate)(SSL *s); 212 int (*ssl_renegotiate)(SSL *s);
@@ -1061,9 +1061,9 @@ int SSL_set_trust(SSL *s, int trust);
1061void SSL_free(SSL *ssl); 1061void SSL_free(SSL *ssl);
1062int SSL_accept(SSL *ssl); 1062int SSL_accept(SSL *ssl);
1063int SSL_connect(SSL *ssl); 1063int SSL_connect(SSL *ssl);
1064int SSL_read(SSL *ssl,char *buf,int num); 1064int SSL_read(SSL *ssl,void *buf,int num);
1065int SSL_peek(SSL *ssl,char *buf,int num); 1065int SSL_peek(SSL *ssl,void *buf,int num);
1066int SSL_write(SSL *ssl,const char *buf,int num); 1066int SSL_write(SSL *ssl,const void *buf,int num);
1067long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); 1067long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
1068long SSL_callback_ctrl(SSL *, int, void (*)()); 1068long SSL_callback_ctrl(SSL *, int, void (*)());
1069long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); 1069long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
@@ -1178,7 +1178,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1178#define SSL_CTX_get_read_ahead(ctx) \ 1178#define SSL_CTX_get_read_ahead(ctx) \
1179 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 1179 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1180#define SSL_CTX_set_read_ahead(ctx,m) \ 1180#define SSL_CTX_set_read_ahead(ctx,m) \
1181 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) 1181 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1182 1182
1183 /* NB: the keylength is only applicable when is_export is true */ 1183 /* NB: the keylength is only applicable when is_export is true */
1184#ifndef NO_RSA 1184#ifndef NO_RSA
@@ -1209,6 +1209,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1209/* The following lines are auto generated by the script mkerr.pl. Any changes 1209/* The following lines are auto generated by the script mkerr.pl. Any changes
1210 * made after this point may be overwritten when the script is next run. 1210 * made after this point may be overwritten when the script is next run.
1211 */ 1211 */
1212void ERR_load_SSL_strings(void);
1212 1213
1213/* Error codes for the SSL functions. */ 1214/* Error codes for the SSL functions. */
1214 1215
@@ -1233,12 +1234,15 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1233#define SSL_F_SSL23_CONNECT 117 1234#define SSL_F_SSL23_CONNECT 117
1234#define SSL_F_SSL23_GET_CLIENT_HELLO 118 1235#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1235#define SSL_F_SSL23_GET_SERVER_HELLO 119 1236#define SSL_F_SSL23_GET_SERVER_HELLO 119
1237#define SSL_F_SSL23_PEEK 237
1236#define SSL_F_SSL23_READ 120 1238#define SSL_F_SSL23_READ 120
1237#define SSL_F_SSL23_WRITE 121 1239#define SSL_F_SSL23_WRITE 121
1238#define SSL_F_SSL2_ACCEPT 122 1240#define SSL_F_SSL2_ACCEPT 122
1239#define SSL_F_SSL2_CONNECT 123 1241#define SSL_F_SSL2_CONNECT 123
1240#define SSL_F_SSL2_ENC_INIT 124 1242#define SSL_F_SSL2_ENC_INIT 124
1243#define SSL_F_SSL2_PEEK 234
1241#define SSL_F_SSL2_READ 125 1244#define SSL_F_SSL2_READ 125
1245#define SSL_F_SSL2_READ_INTERNAL 236
1242#define SSL_F_SSL2_SET_CERTIFICATE 126 1246#define SSL_F_SSL2_SET_CERTIFICATE 126
1243#define SSL_F_SSL2_WRITE 127 1247#define SSL_F_SSL2_WRITE 127
1244#define SSL_F_SSL3_ACCEPT 128 1248#define SSL_F_SSL3_ACCEPT 128
@@ -1263,6 +1267,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1263#define SSL_F_SSL3_GET_SERVER_DONE 145 1267#define SSL_F_SSL3_GET_SERVER_DONE 145
1264#define SSL_F_SSL3_GET_SERVER_HELLO 146 1268#define SSL_F_SSL3_GET_SERVER_HELLO 146
1265#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 1269#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1270#define SSL_F_SSL3_PEEK 235
1266#define SSL_F_SSL3_READ_BYTES 148 1271#define SSL_F_SSL3_READ_BYTES 148
1267#define SSL_F_SSL3_READ_N 149 1272#define SSL_F_SSL3_READ_N 149
1268#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 1273#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
@@ -1559,4 +1564,3 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1559} 1564}
1560#endif 1565#endif
1561#endif 1566#endif
1562
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version
index 890c57389b..3066b9771e 100644
--- a/src/lib/libssl/ssl/shlib_version
+++ b/src/lib/libssl/ssl/shlib_version
@@ -1,2 +1,2 @@
1major=4 1major=5
2minor=1 2minor=0
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
index df7d03c18f..f8b56afb6b 100644
--- a/src/lib/libssl/ssl2.h
+++ b/src/lib/libssl/ssl2.h
@@ -134,11 +134,11 @@ extern "C" {
134/* Upper/Lower Bounds */ 134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef MPE 136#ifdef MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)29998 137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else 138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif 140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ 141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142 142
143#define SSL2_CHALLENGE_LENGTH 16 143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */ 144/*#define SSL2_CHALLENGE_LENGTH 32 */
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
index a91ee6d22e..dde8918fe0 100644
--- a/src/lib/libssl/ssl_algs.c
+++ b/src/lib/libssl/ssl_algs.c
@@ -88,9 +88,13 @@ int SSL_library_init(void)
88#ifndef NO_SHA 88#ifndef NO_SHA
89 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 89 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
90 EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); 90 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
91 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
91#endif 92#endif
92#if !defined(NO_SHA) && !defined(NO_DSA) 93#if !defined(NO_SHA) && !defined(NO_DSA)
93 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ 94 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
95 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
96 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
97 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
94#endif 98#endif
95 99
96 /* If you want support for phased out ciphers, add the following */ 100 /* If you want support for phased out ciphers, add the following */
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index c26df62c20..27e7fcc60a 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -271,7 +271,9 @@ CERT *ssl_cert_dup(CERT *cert)
271 271
272 return(ret); 272 return(ret);
273 273
274#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
274err: 275err:
276#endif
275#ifndef NO_RSA 277#ifndef NO_RSA
276 if (ret->rsa_tmp != NULL) 278 if (ret->rsa_tmp != NULL)
277 RSA_free(ret->rsa_tmp); 279 RSA_free(ret->rsa_tmp);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 17b4caf528..1ae3333407 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -86,12 +86,15 @@ static ERR_STRING_DATA SSL_str_functs[]=
86{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, 86{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
87{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, 87{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"},
88{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, 88{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"},
89{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"},
89{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, 90{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"},
90{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, 91{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"},
91{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, 92{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
92{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, 93{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
93{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, 94{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
95{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
94{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, 96{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
97{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
95{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, 98{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
96{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, 99{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
97{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, 100{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},
@@ -116,6 +119,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
116{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, 119{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"},
117{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, 120{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"},
118{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, 121{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"},
122{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"},
119{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, 123{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"},
120{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, 124{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"},
121{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, 125{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 635b25062e..1fe85b6cb7 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -119,7 +119,9 @@ int SSL_clear(SSL *s)
119 s->client_version=s->version; 119 s->client_version=s->version;
120 s->rwstate=SSL_NOTHING; 120 s->rwstate=SSL_NOTHING;
121 s->rstate=SSL_ST_READ_HEADER; 121 s->rstate=SSL_ST_READ_HEADER;
122#if 0
122 s->read_ahead=s->ctx->read_ahead; 123 s->read_ahead=s->ctx->read_ahead;
124#endif
123 125
124 if (s->init_buf != NULL) 126 if (s->init_buf != NULL)
125 { 127 {
@@ -229,6 +231,7 @@ SSL *SSL_new(SSL_CTX *ctx)
229 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 231 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
230 s->options=ctx->options; 232 s->options=ctx->options;
231 s->mode=ctx->mode; 233 s->mode=ctx->mode;
234 s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
232 SSL_clear(s); 235 SSL_clear(s);
233 236
234 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data); 237 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
@@ -705,7 +708,7 @@ long SSL_get_default_timeout(SSL *s)
705 return(s->method->get_timeout()); 708 return(s->method->get_timeout());
706 } 709 }
707 710
708int SSL_read(SSL *s,char *buf,int num) 711int SSL_read(SSL *s,void *buf,int num)
709 { 712 {
710 if (s->handshake_func == 0) 713 if (s->handshake_func == 0)
711 { 714 {
@@ -721,8 +724,14 @@ int SSL_read(SSL *s,char *buf,int num)
721 return(s->method->ssl_read(s,buf,num)); 724 return(s->method->ssl_read(s,buf,num));
722 } 725 }
723 726
724int SSL_peek(SSL *s,char *buf,int num) 727int SSL_peek(SSL *s,void *buf,int num)
725 { 728 {
729 if (s->handshake_func == 0)
730 {
731 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
732 return -1;
733 }
734
726 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 735 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
727 { 736 {
728 return(0); 737 return(0);
@@ -730,7 +739,7 @@ int SSL_peek(SSL *s,char *buf,int num)
730 return(s->method->ssl_peek(s,buf,num)); 739 return(s->method->ssl_peek(s,buf,num));
731 } 740 }
732 741
733int SSL_write(SSL *s,const char *buf,int num) 742int SSL_write(SSL *s,const void *buf,int num)
734 { 743 {
735 if (s->handshake_func == 0) 744 if (s->handshake_func == 0)
736 { 745 {
@@ -1676,6 +1685,10 @@ SSL *SSL_dup(SSL *s)
1676 1685
1677 if (s->cert != NULL) 1686 if (s->cert != NULL)
1678 { 1687 {
1688 if (ret->cert != NULL)
1689 {
1690 ssl_cert_free(ret->cert);
1691 }
1679 ret->cert = ssl_cert_dup(s->cert); 1692 ret->cert = ssl_cert_dup(s->cert);
1680 if (ret->cert == NULL) 1693 if (ret->cert == NULL)
1681 goto err; 1694 goto err;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d70fff4627..516d3cc5ae 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#ifndef HEADER_SSL_LOCL_H 112#ifndef HEADER_SSL_LOCL_H
60#define HEADER_SSL_LOCL_H 113#define HEADER_SSL_LOCL_H
@@ -463,7 +516,7 @@ void ssl2_free(SSL *s);
463int ssl2_accept(SSL *s); 516int ssl2_accept(SSL *s);
464int ssl2_connect(SSL *s); 517int ssl2_connect(SSL *s);
465int ssl2_read(SSL *s, void *buf, int len); 518int ssl2_read(SSL *s, void *buf, int len);
466int ssl2_peek(SSL *s, char *buf, int len); 519int ssl2_peek(SSL *s, void *buf, int len);
467int ssl2_write(SSL *s, const void *buf, int len); 520int ssl2_write(SSL *s, const void *buf, int len);
468int ssl2_shutdown(SSL *s); 521int ssl2_shutdown(SSL *s);
469void ssl2_clear(SSL *s); 522void ssl2_clear(SSL *s);
@@ -494,7 +547,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u);
494int ssl3_renegotiate(SSL *ssl); 547int ssl3_renegotiate(SSL *ssl);
495int ssl3_renegotiate_check(SSL *ssl); 548int ssl3_renegotiate_check(SSL *ssl);
496int ssl3_dispatch_alert(SSL *s); 549int ssl3_dispatch_alert(SSL *s);
497int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len); 550int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
498int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); 551int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
499int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, 552int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
500 const char *sender, int slen,unsigned char *p); 553 const char *sender, int slen,unsigned char *p);
@@ -511,7 +564,7 @@ void ssl3_free(SSL *s);
511int ssl3_accept(SSL *s); 564int ssl3_accept(SSL *s);
512int ssl3_connect(SSL *s); 565int ssl3_connect(SSL *s);
513int ssl3_read(SSL *s, void *buf, int len); 566int ssl3_read(SSL *s, void *buf, int len);
514int ssl3_peek(SSL *s,char *buf, int len); 567int ssl3_peek(SSL *s, void *buf, int len);
515int ssl3_write(SSL *s, const void *buf, int len); 568int ssl3_write(SSL *s, const void *buf, int len);
516int ssl3_shutdown(SSL *s); 569int ssl3_shutdown(SSL *s);
517void ssl3_clear(SSL *s); 570void ssl3_clear(SSL *s);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 416def8908..7064262def 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
508 if (s->session != NULL) 508 if (s->session != NULL)
509 SSL_SESSION_free(s->session); 509 SSL_SESSION_free(s->session);
510 s->session=session; 510 s->session=session;
511 s->verify_result = s->session->verify_result;
511 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ 512 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
512 ret=1; 513 ret=1;
513 } 514 }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 0d34357eb4..d10a23af8e 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -572,7 +572,10 @@ printf("rec=");
572#endif 572#endif
573 573
574 for (i=7; i>=0; i--) 574 for (i=7; i>=0; i--)
575 if (++seq[i]) break; 575 {
576 ++seq[i];
577 if (seq[i] != 0) break;
578 }
576 579
577#ifdef TLS_DEBUG 580#ifdef TLS_DEBUG
578{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); } 581{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl
index b961dabc3c..9c7b7dd158 100644
--- a/src/lib/libssl/test/Makefile.ssl
+++ b/src/lib/libssl/test/Makefile.ssl
@@ -192,7 +192,7 @@ test_bn:
192 @./$(BNTEST) >tmp.bntest 192 @./$(BNTEST) >tmp.bntest
193 @echo quit >>tmp.bntest 193 @echo quit >>tmp.bntest
194 @echo "running bc" 194 @echo "running bc"
195 @bc tmp.bntest 2>&1 | $(PERL) -e 'while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} print STDERR "."; $$i++;} print STDERR "\n$$i tests passed\n"' 195 @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
196 @echo 'test a^b%c implementations' 196 @echo 'test a^b%c implementations'
197 ./$(EXPTEST) 197 ./$(EXPTEST)
198 198
@@ -241,7 +241,7 @@ dclean:
241 mv -f Makefile.new $(MAKEFILE) 241 mv -f Makefile.new $(MAKEFILE)
242 242
243clean: 243clean:
244 rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log 244 rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
245 245
246$(DLIBSSL): 246$(DLIBSSL):
247 (cd ../ssl; $(MAKE)) 247 (cd ../ssl; $(MAKE))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 23:46:17 +0000