merge with 0.9.7-beta1

lib/libcrypto/asn1/a_utctm.c

@@ -222,7 +222,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
-	struct tm data;
 	int offset;
 	int year;
 
@@ -239,7 +238,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 
-	tm = OPENSSL_gmtime(&t, &data);
+	{ struct tm data; tm = OPENSSL_gmtime(&t, &data); }
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);

lib/libcrypto/des/fcrypt.c

@@ -1,5 +1,13 @@
 /* NOCW */
 #include <stdio.h>
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 /* This version of crypt has been developed from my MIT compatible
  * DES library.

lib/libcrypto/des/read_pwd.c

@@ -211,7 +211,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty);
 #endif
 static jmp_buf save;
 
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+int des_read_pw_string(char *buf, int length, const char *prompt,
 	     int verify)
 	{
 	char buff[BUFSIZ];

lib/libcrypto/dsa/dsa_key.c

@@ -64,8 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-extern int	__BN_rand_range(BIGNUM *r, BIGNUM *range);
-
 int DSA_generate_key(DSA *dsa)
 	{
 	int ok=0;
@@ -82,7 +80,7 @@ int DSA_generate_key(DSA *dsa)
 		priv_key=dsa->priv_key;
 
 	do
-		if (!__BN_rand_range(priv_key,dsa->q)) goto err;
+		if (!BN_rand_range(priv_key,dsa->q)) goto err;
 	while (BN_is_zero(priv_key));
 
 	if (dsa->pub_key == NULL)

lib/libcrypto/dsa/dsa_ossl.c

@@ -66,8 +66,6 @@
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 
-int	__BN_rand_range(BIGNUM *r, BIGNUM *range);
-
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -193,7 +191,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 
 	/* Get random k */
 	do
-		if (!__BN_rand_range(&k, dsa->q)) goto err;
+		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
 
 	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
@@ -344,55 +342,3 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 {
 	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
-
-
-/* random number r:  0 <= r < range */
-int	__BN_rand_range(BIGNUM *r, BIGNUM *range)
-	{
-	int n;
-
-	if (range->neg || BN_is_zero(range))
-		{
-		/* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */
-		return 0;
-		}
-
-	n = BN_num_bits(range); /* n > 0 */
-
-	if (n == 1)
-		{
-		if (!BN_zero(r)) return 0;
-		}
-	else if (BN_is_bit_set(range, n - 2))
-		{
-		do
-			{
-			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
-			if (!BN_rand(r, n, -1, 0)) return 0;
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-	else
-		{
-		/* range = 10..._2,
-		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
-		do
-			{
-			if (!BN_rand(r, n + 1, -1, 0)) return 0;
-			/* If  r < 3*range,  use  r := r MOD range
-			 * (which is either  r, r - range,  or  r - 2*range).
-			 * Otherwise, iterate once more.
-			 * Since  3*range = 11..._2, each iteration succeeds with
-			 * probability >= .75. */
-			if (BN_cmp(r ,range) >= 0)
-				{
-				if (!BN_sub(r, r, range)) return 0;
-				if (BN_cmp(r, range) >= 0)
-					if (!BN_sub(r, r, range)) return 0;
-				}
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-
-	return 1;
-	}

lib/libcrypto/engine/Makefile.ssl

@@ -74,7 +74,7 @@ tags:
 
 errors:
 	$(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
-		-nostatic -staticloader -write hw_*.c
+		-nostatic -staticloader -write hw_*.c; \
 
 tests:
 

lib/libcrypto/engine/eng_all.c

@@ -96,6 +96,9 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_HW_SUREWARE
 	ENGINE_load_sureware();
 #endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+	ENGINE_load_4758cca();
+#endif
 #ifdef OPENSSL_OPENBSD_DEV_CRYPTO
 	ENGINE_load_openbsd_dev_crypto();
 #endif
@@ -114,5 +117,3 @@ void ENGINE_setup_openbsd(void) {
 	openbsd_default_loaded=1;
 }
 #endif
-
-

lib/libcrypto/engine/engine.h

@@ -312,7 +312,7 @@ void ENGINE_load_builtin_engines(void);
 #ifdef __OpenBSD__
 void ENGINE_load_cryptodev(void);
 #endif	
-	
+
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
  * "registry" handling. */
 unsigned int ENGINE_get_table_flags(void);

lib/libcrypto/evp/evp_test.c

@@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim)
     }
 
 static unsigned char *ustrsep(char **p,const char *sep)
-    { return (unsigned char *)sstrsep(p,sep); }
+    { return (unsigned char *)sstrsep((char **)p,sep); }
 
 static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 		  const unsigned char *iv,int in,
@@ -358,7 +358,7 @@ int main(int argc,char **argv)
 	    p[-1] = '\0';
 	    encdec = -1;
 	} else {
-	    encdec = atoi(sstrsep(&p,"\n"));
+	    encdec = atoi(strsep(&p,"\n"));
 	}
 	      
 

lib/libcrypto/objects/Makefile.ssl

@@ -15,6 +15,7 @@ MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+PERL=		perl
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 

lib/libcrypto/objects/obj_dat.pl

@@ -1,4 +1,7 @@
 #!/usr/local/bin/perl
+
+# fixes bug in floating point emulation on sparc64 when
+# this script produces off-by-one output on sparc64
 use integer;
 
 sub obj_cmp

lib/libcrypto/rand/randfile.c

@@ -99,12 +99,11 @@ int RAND_load_file(const char *file, long bytes)
 	if (file == NULL) return(0);
 
 	i=stat(file,&sb);
-	if (i < 0) { 
-	  /* If the state fails, put some crap in anyway */
-	  RAND_add(&sb,sizeof(sb),0);
-	  return(0);
-	}
+	/* If the state fails, put some crap in anyway */
+	RAND_add(&sb,sizeof(sb),0);
+	if (i < 0) return(0);
 	if (bytes == 0) return(ret);
+
 	in=fopen(file,"rb");
 	if (in == NULL) goto err;
 	if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -218,12 +217,12 @@ err:
 
 const char *RAND_file_name(char *buf, size_t size)
 	{
-	char *s = NULL;
+	char *s=NULL;
 	int ok = 0;
 	struct stat sb;
 
 	if (issetugid() == 0)
-		s = getenv("RANDFILE");
+		s=getenv("RANDFILE");
 	if (s != NULL && *s && strlen(s) + 1 < size)
 		{
 		strlcpy(buf,s,size);
@@ -272,4 +271,3 @@ const char *RAND_file_name(char *buf, size_t size)
 #endif
 	return(buf);
 	}
-

lib/libcrypto/util/domd

@@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
     sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp
     echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
     gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp
-    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
     rm -f Makefile.tmp
 else
     ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@
-    ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+    perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
 fi
 mv Makefile.new Makefile.ssl
 # unfake the presence of Kerberos

lib/libssl/crypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.25 2002/09/03 18:59:55 markus Exp $
+# $OpenBSD: Makefile,v 1.26 2002/09/05 22:12:11 markus Exp $
 
 LIB=	crypto
 
@@ -29,7 +29,7 @@ CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H
 CFLAGS+= -DNO_WINDOWS_BRAINDEATH
 CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA
 CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP
-CFLAGS+= -DOPENSSL_NO_HW_SUREWARE
+CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
 CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}
 CFLAGS+= -I${LCRYPTO_SRC}
 SRCS+= o_time.c
@@ -282,11 +282,13 @@ includes: obj_mac.h
 CFLAGS+= -I${.OBJDIR}
 
 GENERATED=obj_mac.h obj_dat.h
-CLEANFILES=${GENERATED}
+CLEANFILES=${GENERATED} obj_mac.num.tmp
 SSL_OBJECTS=${SSL_SRC}/crypto/objects
 
-obj_mac.h: ${SSL_OBJECTS}/objects.h
-	/usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt ${SSL_OBJECTS}/obj_mac.num obj_mac.h
+obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt
+	cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp
+	/usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h
+
 obj_dat.h: obj_mac.h
 	/usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h
 

lib/libssl/s3_srvr.c

@@ -114,8 +114,6 @@
 
 
 #include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -123,8 +121,10 @@
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
 #endif
 #include <openssl/md5.h>
+#include "ssl_locl.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);

lib/libssl/src/Configure

@@ -366,6 +366,9 @@ my %table=(
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
+# assembler versions -- currently defunct:
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
+
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

lib/libssl/src/Makefile.org

@@ -35,8 +35,6 @@ OPENSSLDIR=/usr/local/ssl
 # DEVRANDOM - Give this the value of the 'random device' if your OS supports
 #           one.  32 bytes will be read from this when the random
 #           number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#           SSLv3 anon-DH ciphers.
 # SSL_FORBID_ENULL - define if you want the server to be not able to use the
 #           NULL encryption ciphers.
 #
@@ -734,21 +732,21 @@ install_docs:
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
+		(cd `dirname $$i`; \
 		sh -c "`cd ../../util; ./pod2mantest ignore` \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
+		(cd `dirname $$i`; \
 		sh -c "`cd ../../util; ./pod2mantest ignore` \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

lib/libssl/src/apps/speed.c

@@ -1627,7 +1627,7 @@ show_res:
 #endif
 #ifdef HZ
 #define as_string(s) (#s)
-		printf("HZ=%g", HZ);
+		printf("HZ=%g", (double)HZ);
 # ifdef _SC_CLK_TCK
 		printf(" [sysconf value]");
 # endif

lib/libssl/src/crypto/asn1/a_utctm.c

@@ -222,7 +222,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
-	struct tm data;
 	int offset;
 	int year;
 
@@ -239,7 +238,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
 
-	tm = OPENSSL_gmtime(&t, &data);
+	{ struct tm data; tm = OPENSSL_gmtime(&t, &data); }
 	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
 	year = g2(s->data);

lib/libssl/src/crypto/des/fcrypt.c

@@ -1,5 +1,13 @@
 /* NOCW */
 #include <stdio.h>
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 /* This version of crypt has been developed from my MIT compatible
  * DES library.

lib/libssl/src/crypto/des/read_pwd.c

@@ -211,7 +211,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty);
 #endif
 static jmp_buf save;
 
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+int des_read_pw_string(char *buf, int length, const char *prompt,
 	     int verify)
 	{
 	char buff[BUFSIZ];

lib/libssl/src/crypto/dsa/dsa_key.c

@@ -64,8 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-extern int	__BN_rand_range(BIGNUM *r, BIGNUM *range);
-
 int DSA_generate_key(DSA *dsa)
 	{
 	int ok=0;
@@ -82,7 +80,7 @@ int DSA_generate_key(DSA *dsa)
 		priv_key=dsa->priv_key;
 
 	do
-		if (!__BN_rand_range(priv_key,dsa->q)) goto err;
+		if (!BN_rand_range(priv_key,dsa->q)) goto err;
 	while (BN_is_zero(priv_key));
 
 	if (dsa->pub_key == NULL)

lib/libssl/src/crypto/dsa/dsa_ossl.c

@@ -66,8 +66,6 @@
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 
-int	__BN_rand_range(BIGNUM *r, BIGNUM *range);
-
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -193,7 +191,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 
 	/* Get random k */
 	do
-		if (!__BN_rand_range(&k, dsa->q)) goto err;
+		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
 
 	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
@@ -344,55 +342,3 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 {
 	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
-
-
-/* random number r:  0 <= r < range */
-int	__BN_rand_range(BIGNUM *r, BIGNUM *range)
-	{
-	int n;
-
-	if (range->neg || BN_is_zero(range))
-		{
-		/* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */
-		return 0;
-		}
-
-	n = BN_num_bits(range); /* n > 0 */
-
-	if (n == 1)
-		{
-		if (!BN_zero(r)) return 0;
-		}
-	else if (BN_is_bit_set(range, n - 2))
-		{
-		do
-			{
-			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
-			if (!BN_rand(r, n, -1, 0)) return 0;
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-	else
-		{
-		/* range = 10..._2,
-		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
-		do
-			{
-			if (!BN_rand(r, n + 1, -1, 0)) return 0;
-			/* If  r < 3*range,  use  r := r MOD range
-			 * (which is either  r, r - range,  or  r - 2*range).
-			 * Otherwise, iterate once more.
-			 * Since  3*range = 11..._2, each iteration succeeds with
-			 * probability >= .75. */
-			if (BN_cmp(r ,range) >= 0)
-				{
-				if (!BN_sub(r, r, range)) return 0;
-				if (BN_cmp(r, range) >= 0)
-					if (!BN_sub(r, r, range)) return 0;
-				}
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-
-	return 1;
-	}

lib/libssl/src/crypto/engine/Makefile.ssl

@@ -74,7 +74,7 @@ tags:
 
 errors:
 	$(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
-		-nostatic -staticloader -write hw_*.c
+		-nostatic -staticloader -write hw_*.c; \
 
 tests:
 

lib/libssl/src/crypto/engine/eng_all.c

@@ -96,6 +96,9 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_HW_SUREWARE
 	ENGINE_load_sureware();
 #endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+	ENGINE_load_4758cca();
+#endif
 #ifdef OPENSSL_OPENBSD_DEV_CRYPTO
 	ENGINE_load_openbsd_dev_crypto();
 #endif
@@ -114,5 +117,3 @@ void ENGINE_setup_openbsd(void) {
 	openbsd_default_loaded=1;
 }
 #endif
-
-

lib/libssl/src/crypto/engine/engine.h

@@ -312,7 +312,7 @@ void ENGINE_load_builtin_engines(void);
 #ifdef __OpenBSD__
 void ENGINE_load_cryptodev(void);
 #endif	
-	
+
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
  * "registry" handling. */
 unsigned int ENGINE_get_table_flags(void);

lib/libssl/src/crypto/evp/evp_test.c

@@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim)
     }
 
 static unsigned char *ustrsep(char **p,const char *sep)
-    { return (unsigned char *)sstrsep(p,sep); }
+    { return (unsigned char *)sstrsep((char **)p,sep); }
 
 static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 		  const unsigned char *iv,int in,
@@ -358,7 +358,7 @@ int main(int argc,char **argv)
 	    p[-1] = '\0';
 	    encdec = -1;
 	} else {
-	    encdec = atoi(sstrsep(&p,"\n"));
+	    encdec = atoi(strsep(&p,"\n"));
 	}
 	      
 

lib/libssl/src/crypto/objects/Makefile.ssl

@@ -15,6 +15,7 @@ MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+PERL=		perl
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 

lib/libssl/src/crypto/objects/obj_dat.pl

@@ -1,4 +1,7 @@
 #!/usr/local/bin/perl
+
+# fixes bug in floating point emulation on sparc64 when
+# this script produces off-by-one output on sparc64
 use integer;
 
 sub obj_cmp

lib/libssl/src/crypto/rand/randfile.c

@@ -99,12 +99,11 @@ int RAND_load_file(const char *file, long bytes)
 	if (file == NULL) return(0);
 
 	i=stat(file,&sb);
-	if (i < 0) { 
-	  /* If the state fails, put some crap in anyway */
-	  RAND_add(&sb,sizeof(sb),0);
-	  return(0);
-	}
+	/* If the state fails, put some crap in anyway */
+	RAND_add(&sb,sizeof(sb),0);
+	if (i < 0) return(0);
 	if (bytes == 0) return(ret);
+
 	in=fopen(file,"rb");
 	if (in == NULL) goto err;
 	if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -218,12 +217,12 @@ err:
 
 const char *RAND_file_name(char *buf, size_t size)
 	{
-	char *s = NULL;
+	char *s=NULL;
 	int ok = 0;
 	struct stat sb;
 
 	if (issetugid() == 0)
-		s = getenv("RANDFILE");
+		s=getenv("RANDFILE");
 	if (s != NULL && *s && strlen(s) + 1 < size)
 		{
 		strlcpy(buf,s,size);
@@ -272,4 +271,3 @@ const char *RAND_file_name(char *buf, size_t size)
 #endif
 	return(buf);
 	}
-

lib/libssl/src/demos/easy_tls/Makefile

@@ -1,5 +1,5 @@
 # Makefile for easy-tls example application (rudimentary client and server)
-# $Id: Makefile,v 1.1 2002/05/15 02:29:18 beck Exp $
+# $Id: Makefile,v 1.2 2002/09/05 22:12:11 markus Exp $
 
 SOLARIS_CFLAGS=-Wall -pedantic -g -O2
 SOLARIS_LIBS=-lxnet

lib/libssl/src/demos/easy_tls/cacerts.pem

@@ -1,4 +1,4 @@
-$Id: cacerts.pem,v 1.1 2002/05/15 02:29:18 beck Exp $
+$Id: cacerts.pem,v 1.2 2002/09/05 22:12:11 markus Exp $
 
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

lib/libssl/src/demos/easy_tls/cert.pem

@@ -1,4 +1,4 @@
-$Id: cert.pem,v 1.1 2002/05/15 02:29:18 beck Exp $
+$Id: cert.pem,v 1.2 2002/09/05 22:12:11 markus Exp $
 
 Example certificate and key.
 

lib/libssl/src/demos/easy_tls/easy-tls.c

@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $
+ * $Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $
  */
 /*
  (c) Copyright 1999 Bodo Moeller.  All rights reserved.
@@ -73,7 +73,7 @@
  */
 
 static char const rcsid[] =
-"$Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $";
+"$Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $";
 
 #include <assert.h>
 #include <errno.h>
@@ -567,8 +567,13 @@ no_passphrase_callback(char *buf, int num, int w, void *arg)
     return -1;
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
 static int
 verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
+#else
+static int
+verify_dont_fail_cb(X509_STORE_CTX *c)
+#endif
 {
     int i;
     

lib/libssl/src/demos/easy_tls/easy-tls.h

@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1 2002/05/15 02:29:18 beck Exp $
+ * $Id: easy-tls.h,v 1.2 2002/09/05 22:12:11 markus Exp $
  */
 /*
  * (c) Copyright 1999 Bodo Moeller.  All rights reserved.

lib/libssl/src/demos/easy_tls/test.c

@@ -1,5 +1,5 @@
 /* test.c */
-/* $Id: test.c,v 1.1 2002/05/15 02:29:18 beck Exp $ */
+/* $Id: test.c,v 1.2 2002/09/05 22:12:11 markus Exp $ */
 
 #define L_PORT 9999
 #define C_PORT 443

lib/libssl/src/demos/easy_tls/test.h

@@ -1,5 +1,5 @@
 /* test.h */
-/* $Id: test.h,v 1.1 2002/05/15 02:29:18 beck Exp $ */
+/* $Id: test.h,v 1.2 2002/09/05 22:12:11 markus Exp $ */
 
 
 void test_process_init(int fd, int client_p, void *apparg);

lib/libssl/src/doc/crypto/des_modes.pod

@@ -204,8 +204,8 @@ just one key.
 =item *
 
 If the first and last key are the same, the key length is 112 bits.
-There are attacks that could reduce the key space to 55 bit's but it
-requires 2^56 blocks of memory.
+There are attacks that could reduce the effective key strength
+to only slightly more than 56 bits, but these require a lot of memory.
 
 =item *
 

lib/libssl/src/e_os.h

@@ -79,7 +79,7 @@ extern "C" {
 #ifndef DEVRANDOM
 /* set this to a comma-separated list of 'random' device files to try out.
  * My default, we will try to read at least one of these files */
-#define DEVRANDOM  "/dev/arandom","/dev/urandom","/dev/random","/dev/srandom"
+#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
 #endif
 #ifndef DEVRANDOM_EGD
 /* set this to a comma-seperated list of 'egd' sockets to try out. These

lib/libssl/src/ssl/s3_srvr.c

@@ -114,8 +114,6 @@
 
 
 #include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -123,8 +121,10 @@
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
 #endif
 #include <openssl/md5.h>
+#include "ssl_locl.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);

lib/libssl/src/ssl/ssl_locl.h

@@ -116,7 +116,7 @@
 #include <string.h>
 #include <errno.h>
 
-#include <e_os.h> 
+#include "e_os.h"
 
 #include <openssl/buffer.h>
 #include <openssl/comp.h>

lib/libssl/src/test/Makefile.ssl

@@ -14,6 +14,7 @@ MAKEFILE=	Makefile.ssl
 MAKE=		make -f $(MAKEFILE)
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL=		perl
 
 PEX_LIBS=
 EX_LIBS= #-lnsl -lsocket
@@ -234,7 +235,7 @@ test_gen:
 	@echo "Generate and verify a certificate request"
 	@sh ./testgen
 
-test_ss:
+test_ss keyU.ss certU.ss certCA.ss: testss
 	@echo "Generate and certify a test certificate"
 	@sh ./testss
 
@@ -242,13 +243,17 @@ test_engine:
 	@echo "Manipulate the ENGINE structures"
 	./$(ENGINETEST)
 
-test_ssl:
+test_ssl: keyU.ss certU.ss certCA.ss
 	@echo "test SSL protocol"
-	@sh ./testssl
+	@sh ./testssl keyU.ss certU.ss certCA.ss
 
 test_ca:
-	@echo "Generate and certify a test certificate via the 'ca' program"
-	@sh ./testca
+	@if ../apps/openssl no-rsa; then \
+	  echo "skipping CA.sh test -- requires RSA"; \
+	else \
+	  echo "Generate and certify a test certificate via the 'ca' program"; \
+	  sh ./testca; \
+ 	fi
 
 test_rd: #$(RDTEST)
 #	@echo "test Rijndael"

lib/libssl/src/util/domd

@@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
     sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp
     echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
     gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp
-    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
     rm -f Makefile.tmp
 else
     ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@
-    ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+    perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
 fi
 mv Makefile.new Makefile.ssl
 # unfake the presence of Kerberos

lib/libssl/ssl_locl.h

@@ -116,7 +116,7 @@
 #include <string.h>
 #include <errno.h>
 
-#include <e_os.h> 
+#include "e_os.h"
 
 #include <openssl/buffer.h>
 #include <openssl/comp.h>

lib/libssl/test/Makefile.ssl

@@ -14,6 +14,7 @@ MAKEFILE=	Makefile.ssl
 MAKE=		make -f $(MAKEFILE)
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL=		perl
 
 PEX_LIBS=
 EX_LIBS= #-lnsl -lsocket
@@ -234,7 +235,7 @@ test_gen:
 	@echo "Generate and verify a certificate request"
 	@sh ./testgen
 
-test_ss:
+test_ss keyU.ss certU.ss certCA.ss: testss
 	@echo "Generate and certify a test certificate"
 	@sh ./testss
 
@@ -242,13 +243,17 @@ test_engine:
 	@echo "Manipulate the ENGINE structures"
 	./$(ENGINETEST)
 
-test_ssl:
+test_ssl: keyU.ss certU.ss certCA.ss
 	@echo "test SSL protocol"
-	@sh ./testssl
+	@sh ./testssl keyU.ss certU.ss certCA.ss
 
 test_ca:
-	@echo "Generate and certify a test certificate via the 'ca' program"
-	@sh ./testca
+	@if ../apps/openssl no-rsa; then \
+	  echo "skipping CA.sh test -- requires RSA"; \
+	else \
+	  echo "Generate and certify a test certificate via the 'ca' program"; \
+	  sh ./testca; \
+ 	fi
 
 test_rd: #$(RDTEST)
 #	@echo "test Rijndael"