src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2002-09-05 22:12:13 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2002-09-05 22:12:13 +0000
commit	b9680a25ddd0bd72bffb28a5cc859a347a8cf979 (patch)
tree	4c16ea2ce58d0618420a0409ffaea6b834efcf48 /lib/libssl
parent	3a327dad8e22d3b847a34518d736902335a15006 (diff)

merge with 0.9.7-beta1

Diffstat (limited to 'lib/libssl')

-rw-r--r--

lib/libssl/crypto/Makefile

-rw-r--r--

lib/libssl/src/Configure

-rw-r--r--

lib/libssl/src/Makefile.org

-rw-r--r--

lib/libssl/src/apps/speed.c

-rw-r--r--

lib/libssl/src/crypto/asn1/a_utctm.c

-rw-r--r--

lib/libssl/src/crypto/des/fcrypt.c

-rw-r--r--

lib/libssl/src/crypto/des/read_pwd.c

-rw-r--r--

lib/libssl/src/crypto/dsa/dsa_key.c

-rw-r--r--

lib/libssl/src/crypto/dsa/dsa_ossl.c

-rw-r--r--

lib/libssl/src/crypto/engine/Makefile.ssl

-rw-r--r--

lib/libssl/src/crypto/engine/eng_all.c

-rw-r--r--

lib/libssl/src/crypto/engine/engine.h

-rw-r--r--

lib/libssl/src/crypto/evp/evp_test.c

-rw-r--r--

lib/libssl/src/crypto/objects/Makefile.ssl

-rw-r--r--

lib/libssl/src/crypto/objects/obj_dat.pl

-rw-r--r--

lib/libssl/src/crypto/rand/randfile.c

-rw-r--r--

lib/libssl/src/demos/easy_tls/Makefile

-rw-r--r--

lib/libssl/src/demos/easy_tls/cacerts.pem

-rw-r--r--

lib/libssl/src/demos/easy_tls/cert.pem

-rw-r--r--

lib/libssl/src/demos/easy_tls/easy-tls.c

-rw-r--r--

lib/libssl/src/demos/easy_tls/easy-tls.h

-rw-r--r--

lib/libssl/src/demos/easy_tls/test.c

-rw-r--r--

lib/libssl/src/demos/easy_tls/test.h

-rw-r--r--

lib/libssl/src/doc/crypto/des_modes.pod

-rw-r--r--

lib/libssl/src/e_os.h

-rw-r--r--

lib/libssl/src/ssl/s3_srvr.c

-rw-r--r--

lib/libssl/src/ssl/ssl_locl.h

-rw-r--r--

lib/libssl/src/test/Makefile.ssl

-rw-r--r--

lib/libssl/src/util/domd

29 files changed, 75 insertions, 108 deletions

diff --git a/lib/libssl/crypto/Makefile b/lib/libssl/crypto/Makefile
index 15c310f2ee4..490ce259c66 100644
--- a/lib/libssl/crypto/Makefile
+++ b/lib/libssl/crypto/Makefile

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile,v 1.25 2002/09/03 18:59:55 markus Exp $

+# $OpenBSD: Makefile,v 1.26 2002/09/05 22:12:11 markus Exp $

LIB= crypto

@@ -29,7 +29,7 @@ CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H

CFLAGS+= -DNO_WINDOWS_BRAINDEATH

CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA

CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP

-CFLAGS+= -DOPENSSL_NO_HW_SUREWARE

+CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA

CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}

CFLAGS+= -I${LCRYPTO_SRC}

SRCS+= o_time.c

@@ -282,11 +282,13 @@ includes: obj_mac.h

CFLAGS+= -I${.OBJDIR}

GENERATED=obj_mac.h obj_dat.h

-CLEANFILES=${GENERATED}

+CLEANFILES=${GENERATED} obj_mac.num.tmp

SSL_OBJECTS=${SSL_SRC}/crypto/objects

-obj_mac.h: ${SSL_OBJECTS}/objects.h

- /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt ${SSL_OBJECTS}/obj_mac.num obj_mac.h

+obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt

+ cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp

+ /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h

obj_dat.h: obj_mac.h

/usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h

diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure
index 0976f41f8d6..986db2f614e 100644
--- a/lib/libssl/src/Configure
+++ b/lib/libssl/src/Configure

@@ -366,6 +366,9 @@ my %table=(

"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

+# assembler versions -- currently defunct:

+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",

# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the

# bn86-elf.o file file since it is hand tweaked assembler.

"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

diff --git a/lib/libssl/src/Makefile.org b/lib/libssl/src/Makefile.org
index 799c370cb64..71c196b1e65 100644
--- a/lib/libssl/src/Makefile.org
+++ b/lib/libssl/src/Makefile.org

@@ -35,8 +35,6 @@ OPENSSLDIR=/usr/local/ssl

# DEVRANDOM - Give this the value of the 'random device' if your OS supports

# one. 32 bytes will be read from this when the random

# number generator is initalised.

-# SSL_ALLOW_ADH - define if you want the server to be able to use the

-# SSLv3 anon-DH ciphers.

# SSL_FORBID_ENULL - define if you want the server to be not able to use the

# NULL encryption ciphers.

@@ -734,21 +732,21 @@ install_docs:

fn=`basename $$i .pod`; \

if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \

echo "installing man$$sec/`basename $$i .pod`.$$sec"; \

- (cd `$(PERL) util/dirname.pl $$i`; \

+ (cd `dirname $$i`; \

sh -c "`cd ../../util; ./pod2mantest ignore` \

--section=$$sec --center=OpenSSL \

--release=$(VERSION) `basename $$i`") \

- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \

+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \

done

@for i in doc/crypto/*.pod doc/ssl/*.pod; do \

fn=`basename $$i .pod`; \

if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \

echo "installing man$$sec/`basename $$i .pod`.$$sec"; \

- (cd `$(PERL) util/dirname.pl $$i`; \

+ (cd `dirname $$i`; \

sh -c "`cd ../../util; ./pod2mantest ignore` \

--section=$$sec --center=OpenSSL \

--release=$(VERSION) `basename $$i`") \

- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \

+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \

done

# DO NOT DELETE THIS LINE -- make depend depends on it.

diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c
index 3f55e26bdd5..fea0ffe2cfa 100644
--- a/lib/libssl/src/apps/speed.c
+++ b/lib/libssl/src/apps/speed.c

@@ -1627,7 +1627,7 @@ show_res:

#endif

#ifdef HZ

#define as_string(s) (#s)

- printf("HZ=%g", HZ);

+ printf("HZ=%g", (double)HZ);

# ifdef _SC_CLK_TCK

printf(" [sysconf value]");

# endif

diff --git a/lib/libssl/src/crypto/asn1/a_utctm.c b/lib/libssl/src/crypto/asn1/a_utctm.c
index dbb4a42c9d1..ed2d827db2f 100644
--- a/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/lib/libssl/src/crypto/asn1/a_utctm.c

@@ -222,7 +222,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)

int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

{

struct tm *tm;

- struct tm data;

int offset;

int year;

@@ -239,7 +238,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

t -= offset*60; /* FIXME: may overflow in extreme cases */

- tm = OPENSSL_gmtime(&t, &data);

+ { struct tm data; tm = OPENSSL_gmtime(&t, &data); }

#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1

year = g2(s->data);

diff --git a/lib/libssl/src/crypto/des/fcrypt.c b/lib/libssl/src/crypto/des/fcrypt.c
index 387d97f28d1..2758c32656a 100644
--- a/lib/libssl/src/crypto/des/fcrypt.c
+++ b/lib/libssl/src/crypto/des/fcrypt.c

@@ -1,5 +1,13 @@

/* NOCW */

#include <stdio.h>

+#ifdef _OSD_POSIX

+#ifndef CHARSET_EBCDIC

+#define CHARSET_EBCDIC 1

+#endif

+#ifdef CHARSET_EBCDIC

+#include <openssl/ebcdic.h>

+#endif

/* This version of crypt has been developed from my MIT compatible

* DES library.

diff --git a/lib/libssl/src/crypto/des/read_pwd.c b/lib/libssl/src/crypto/des/read_pwd.c
index 54e0e2e6b6c..00000190f80 100644
--- a/lib/libssl/src/crypto/des/read_pwd.c
+++ b/lib/libssl/src/crypto/des/read_pwd.c

@@ -211,7 +211,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty);

#endif

static jmp_buf save;

-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,

+int des_read_pw_string(char *buf, int length, const char *prompt,

int verify)

{

char buff[BUFSIZ];

diff --git a/lib/libssl/src/crypto/dsa/dsa_key.c b/lib/libssl/src/crypto/dsa/dsa_key.c
index bf718c1c6d2..ef87c3e6372 100644
--- a/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/lib/libssl/src/crypto/dsa/dsa_key.c

@@ -64,8 +64,6 @@

#include <openssl/dsa.h>

#include <openssl/rand.h>

-extern int __BN_rand_range(BIGNUM *r, BIGNUM *range);

int DSA_generate_key(DSA *dsa)

{

int ok=0;

@@ -82,7 +80,7 @@ int DSA_generate_key(DSA *dsa)

priv_key=dsa->priv_key;

- if (!__BN_rand_range(priv_key,dsa->q)) goto err;

+ if (!BN_rand_range(priv_key,dsa->q)) goto err;

while (BN_is_zero(priv_key));

if (dsa->pub_key == NULL)

diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c
index 07addc94d9e..37dd5fc9940 100644
--- a/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c

@@ -66,8 +66,6 @@

#include <openssl/asn1.h>

#include <openssl/engine.h>

-int __BN_rand_range(BIGNUM *r, BIGNUM *range);

static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);

static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);

static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,

@@ -193,7 +191,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)

/* Get random k */

- if (!__BN_rand_range(&k, dsa->q)) goto err;

+ if (!BN_rand_range(&k, dsa->q)) goto err;

while (BN_is_zero(&k));

if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))

@@ -344,55 +342,3 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,

{

return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);

}

-/* random number r: 0 <= r < range */

-int __BN_rand_range(BIGNUM *r, BIGNUM *range)

- {

- int n;

- if (range->neg || BN_is_zero(range))

- {

- /* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */

- return 0;

- }

- n = BN_num_bits(range); /* n > 0 */

- if (n == 1)

- {

- if (!BN_zero(r)) return 0;

- }

- else if (BN_is_bit_set(range, n - 2))

- {

- do

- {

- /* range = 11..._2, so each iteration succeeds with probability >= .75 */

- if (!BN_rand(r, n, -1, 0)) return 0;

- }

- while (BN_cmp(r, range) >= 0);

- }

- else

- {

- /* range = 10..._2,

- * so 3*range (= 11..._2) is exactly one bit longer than range */

- do

- {

- if (!BN_rand(r, n + 1, -1, 0)) return 0;

- /* If r < 3*range, use r := r MOD range

- * (which is either r, r - range, or r - 2*range).

- * Otherwise, iterate once more.

- * Since 3*range = 11..._2, each iteration succeeds with

- * probability >= .75. */

- if (BN_cmp(r ,range) >= 0)

- {

- if (!BN_sub(r, r, range)) return 0;

- if (BN_cmp(r, range) >= 0)

- if (!BN_sub(r, r, range)) return 0;

- }

- while (BN_cmp(r, range) >= 0);

- }

- return 1;

- }

diff --git a/lib/libssl/src/crypto/engine/Makefile.ssl b/lib/libssl/src/crypto/engine/Makefile.ssl
index 8ee3b7d2dd0..5172028f93a 100644
--- a/lib/libssl/src/crypto/engine/Makefile.ssl
+++ b/lib/libssl/src/crypto/engine/Makefile.ssl

@@ -74,7 +74,7 @@ tags:

errors:

$(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \

- -nostatic -staticloader -write hw_*.c

+ -nostatic -staticloader -write hw_*.c; \

tests:

diff --git a/lib/libssl/src/crypto/engine/eng_all.c b/lib/libssl/src/crypto/engine/eng_all.c
index a35b3db9e86..bc504654225 100644
--- a/lib/libssl/src/crypto/engine/eng_all.c
+++ b/lib/libssl/src/crypto/engine/eng_all.c

@@ -96,6 +96,9 @@ void ENGINE_load_builtin_engines(void)

#ifndef OPENSSL_NO_HW_SUREWARE

ENGINE_load_sureware();

#endif

+#ifndef OPENSSL_NO_HW_4758_CCA

+ ENGINE_load_4758cca();

+#endif

#ifdef OPENSSL_OPENBSD_DEV_CRYPTO

ENGINE_load_openbsd_dev_crypto();

#endif

@@ -114,5 +117,3 @@ void ENGINE_setup_openbsd(void) {

openbsd_default_loaded=1;

}

#endif

diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h
index 97f5de9e129..fd17ff616d2 100644
--- a/lib/libssl/src/crypto/engine/engine.h
+++ b/lib/libssl/src/crypto/engine/engine.h

@@ -312,7 +312,7 @@ void ENGINE_load_builtin_engines(void);

#ifdef __OpenBSD__

void ENGINE_load_cryptodev(void);

#endif

/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation

* "registry" handling. */

unsigned int ENGINE_get_table_flags(void);

diff --git a/lib/libssl/src/crypto/evp/evp_test.c b/lib/libssl/src/crypto/evp/evp_test.c
index 90294ef686e..1bfffb34cf3 100644
--- a/lib/libssl/src/crypto/evp/evp_test.c
+++ b/lib/libssl/src/crypto/evp/evp_test.c

@@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim)

}

static unsigned char *ustrsep(char **p,const char *sep)

- { return (unsigned char *)sstrsep(p,sep); }

+ { return (unsigned char *)sstrsep((char **)p,sep); }

static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,

const unsigned char *iv,int in,

@@ -358,7 +358,7 @@ int main(int argc,char **argv)

p[-1] = '\0';

encdec = -1;

} else {

- encdec = atoi(sstrsep(&p,"\n"));

+ encdec = atoi(strsep(&p,"\n"));

}

diff --git a/lib/libssl/src/crypto/objects/Makefile.ssl b/lib/libssl/src/crypto/objects/Makefile.ssl
index 1e990107d32..a9f01ffc0d5 100644
--- a/lib/libssl/src/crypto/objects/Makefile.ssl
+++ b/lib/libssl/src/crypto/objects/Makefile.ssl

@@ -15,6 +15,7 @@ MAKEDEPPROG= makedepend

MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)

MAKEFILE= Makefile.ssl

AR= ar r

+PERL= perl

CFLAGS= $(INCLUDES) $(CFLAG)

diff --git a/lib/libssl/src/crypto/objects/obj_dat.pl b/lib/libssl/src/crypto/objects/obj_dat.pl
index 85ab2098097..d0371661f97 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.pl
+++ b/lib/libssl/src/crypto/objects/obj_dat.pl

@@ -1,4 +1,7 @@

#!/usr/local/bin/perl

+# fixes bug in floating point emulation on sparc64 when

+# this script produces off-by-one output on sparc64

use integer;

sub obj_cmp

diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index 4b221e08f5b..1c3e68ef317 100644
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c

@@ -99,12 +99,11 @@ int RAND_load_file(const char *file, long bytes)

if (file == NULL) return(0);

i=stat(file,&sb);

- if (i < 0) {

- /* If the state fails, put some crap in anyway */

- RAND_add(&sb,sizeof(sb),0);

- return(0);

- }

+ /* If the state fails, put some crap in anyway */

+ RAND_add(&sb,sizeof(sb),0);

+ if (i < 0) return(0);

if (bytes == 0) return(ret);

in=fopen(file,"rb");

if (in == NULL) goto err;

if (sb.st_mode & (S_IFBLK | S_IFCHR)) {

@@ -218,12 +217,12 @@ err:

const char *RAND_file_name(char *buf, size_t size)

{

- char *s = NULL;

+ char *s=NULL;

int ok = 0;

struct stat sb;

if (issetugid() == 0)

- s = getenv("RANDFILE");

+ s=getenv("RANDFILE");

if (s != NULL && *s && strlen(s) + 1 < size)

{

strlcpy(buf,s,size);

@@ -272,4 +271,3 @@ const char *RAND_file_name(char *buf, size_t size)

#endif

return(buf);

}

diff --git a/lib/libssl/src/demos/easy_tls/Makefile b/lib/libssl/src/demos/easy_tls/Makefile
index fd3c246ef4e..32a79c4cc99 100644
--- a/lib/libssl/src/demos/easy_tls/Makefile
+++ b/lib/libssl/src/demos/easy_tls/Makefile

@@ -1,5 +1,5 @@

# Makefile for easy-tls example application (rudimentary client and server)

-# $Id: Makefile,v 1.1 2002/05/15 02:29:18 beck Exp $

+# $Id: Makefile,v 1.2 2002/09/05 22:12:11 markus Exp $

SOLARIS_CFLAGS=-Wall -pedantic -g -O2

SOLARIS_LIBS=-lxnet

diff --git a/lib/libssl/src/demos/easy_tls/cacerts.pem b/lib/libssl/src/demos/easy_tls/cacerts.pem
index 0b1c91f95ee..036e3c3dc0a 100644
--- a/lib/libssl/src/demos/easy_tls/cacerts.pem
+++ b/lib/libssl/src/demos/easy_tls/cacerts.pem

@@ -1,4 +1,4 @@

-$Id: cacerts.pem,v 1.1 2002/05/15 02:29:18 beck Exp $

+$Id: cacerts.pem,v 1.2 2002/09/05 22:12:11 markus Exp $

issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)

subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

diff --git a/lib/libssl/src/demos/easy_tls/cert.pem b/lib/libssl/src/demos/easy_tls/cert.pem
index d4d19d9ad1f..ab38de65e78 100644
--- a/lib/libssl/src/demos/easy_tls/cert.pem
+++ b/lib/libssl/src/demos/easy_tls/cert.pem

@@ -1,4 +1,4 @@

-$Id: cert.pem,v 1.1 2002/05/15 02:29:18 beck Exp $

+$Id: cert.pem,v 1.2 2002/09/05 22:12:11 markus Exp $

Example certificate and key.

diff --git a/lib/libssl/src/demos/easy_tls/easy-tls.c b/lib/libssl/src/demos/easy_tls/easy-tls.c
index 9fa0ef9a6be..70f7ae3c11b 100644
--- a/lib/libssl/src/demos/easy_tls/easy-tls.c
+++ b/lib/libssl/src/demos/easy_tls/easy-tls.c

@@ -1,7 +1,7 @@

/* -*- Mode: C; c-file-style: "bsd" -*- */

* easy-tls.c -- generic TLS proxy.

- * $Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $

+ * $Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $

@@ -73,7 +73,7 @@

static char const rcsid[] =

-"$Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $";

+"$Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $";

#include <assert.h>

#include <errno.h>

@@ -567,8 +567,13 @@ no_passphrase_callback(char *buf, int num, int w, void *arg)

return -1;

}

+#if OPENSSL_VERSION_NUMBER >= 0x00907000L

static int

verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)

+#else

+static int

+verify_dont_fail_cb(X509_STORE_CTX *c)

+#endif

{

int i;

diff --git a/lib/libssl/src/demos/easy_tls/easy-tls.h b/lib/libssl/src/demos/easy_tls/easy-tls.h
index 0cfbd8fe7b8..31332004438 100644
--- a/lib/libssl/src/demos/easy_tls/easy-tls.h
+++ b/lib/libssl/src/demos/easy_tls/easy-tls.h

@@ -1,7 +1,7 @@

/* -*- Mode: C; c-file-style: "bsd" -*- */

* easy-tls.h -- generic TLS proxy.

- * $Id: easy-tls.h,v 1.1 2002/05/15 02:29:18 beck Exp $

+ * $Id: easy-tls.h,v 1.2 2002/09/05 22:12:11 markus Exp $

diff --git a/lib/libssl/src/demos/easy_tls/test.c b/lib/libssl/src/demos/easy_tls/test.c
index 4ce676ca93e..f86141d1d89 100644
--- a/lib/libssl/src/demos/easy_tls/test.c
+++ b/lib/libssl/src/demos/easy_tls/test.c

@@ -1,5 +1,5 @@

/* test.c */

-/* $Id: test.c,v 1.1 2002/05/15 02:29:18 beck Exp $ */

+/* $Id: test.c,v 1.2 2002/09/05 22:12:11 markus Exp $ */

#define L_PORT 9999

#define C_PORT 443

diff --git a/lib/libssl/src/demos/easy_tls/test.h b/lib/libssl/src/demos/easy_tls/test.h
index c580169464b..575391c00b7 100644
--- a/lib/libssl/src/demos/easy_tls/test.h
+++ b/lib/libssl/src/demos/easy_tls/test.h

@@ -1,5 +1,5 @@

/* test.h */

-/* $Id: test.h,v 1.1 2002/05/15 02:29:18 beck Exp $ */

+/* $Id: test.h,v 1.2 2002/09/05 22:12:11 markus Exp $ */

void test_process_init(int fd, int client_p, void *apparg);

diff --git a/lib/libssl/src/doc/crypto/des_modes.pod b/lib/libssl/src/doc/crypto/des_modes.pod
index dc17942f97f..0cc22150e7e 100644
--- a/lib/libssl/src/doc/crypto/des_modes.pod
+++ b/lib/libssl/src/doc/crypto/des_modes.pod

@@ -204,8 +204,8 @@ just one key.

=item *

If the first and last key are the same, the key length is 112 bits.

-There are attacks that could reduce the key space to 55 bit's but it

-requires 2^56 blocks of memory.

+There are attacks that could reduce the effective key strength

+to only slightly more than 56 bits, but these require a lot of memory.

=item *

diff --git a/lib/libssl/src/e_os.h b/lib/libssl/src/e_os.h
index 055c1b0e296..f216936e18a 100644
--- a/lib/libssl/src/e_os.h
+++ b/lib/libssl/src/e_os.h

@@ -79,7 +79,7 @@ extern "C" {

#ifndef DEVRANDOM

/* set this to a comma-separated list of 'random' device files to try out.

* My default, we will try to read at least one of these files */

-#define DEVRANDOM "/dev/arandom","/dev/urandom","/dev/random","/dev/srandom"

+#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"

#endif

#ifndef DEVRANDOM_EGD

/* set this to a comma-seperated list of 'egd' sockets to try out. These

diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index dfffed7165e..cef8d4f81e2 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c

@@ -114,8 +114,6 @@

#include <stdio.h>

-#include "ssl_locl.h"

-#include "kssl_lcl.h"

#include <openssl/buffer.h>

#include <openssl/rand.h>

#include <openssl/objects.h>

@@ -123,8 +121,10 @@

#include <openssl/x509.h>

#ifndef OPENSSL_NO_KRB5

#include <openssl/krb5_asn.h>

+#include "kssl_lcl.h"

#endif

#include <openssl/md5.h>

+#include "ssl_locl.h"

static SSL_METHOD *ssl3_get_server_method(int ver);

static int ssl3_get_client_hello(SSL *s);

diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 0029edc3a6c..6afb0f4cdf7 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h

@@ -116,7 +116,7 @@

#include <string.h>

#include <errno.h>

-#include <e_os.h>

+#include "e_os.h"

#include <openssl/buffer.h>

#include <openssl/comp.h>

diff --git a/lib/libssl/src/test/Makefile.ssl b/lib/libssl/src/test/Makefile.ssl
index 952ab163710..49f2cc9a23f 100644
--- a/lib/libssl/src/test/Makefile.ssl
+++ b/lib/libssl/src/test/Makefile.ssl

@@ -14,6 +14,7 @@ MAKEFILE= Makefile.ssl

MAKE= make -f $(MAKEFILE)

MAKEDEPPROG= makedepend

MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)

+PERL= perl

PEX_LIBS=

EX_LIBS= #-lnsl -lsocket

@@ -234,7 +235,7 @@ test_gen:

@echo "Generate and verify a certificate request"

@sh ./testgen

-test_ss:

+test_ss keyU.ss certU.ss certCA.ss: testss

@echo "Generate and certify a test certificate"

@sh ./testss

@@ -242,13 +243,17 @@ test_engine:

@echo "Manipulate the ENGINE structures"

./$(ENGINETEST)

-test_ssl:

+test_ssl: keyU.ss certU.ss certCA.ss

@echo "test SSL protocol"

- @sh ./testssl

+ @sh ./testssl keyU.ss certU.ss certCA.ss

test_ca:

- @echo "Generate and certify a test certificate via the 'ca' program"

- @sh ./testca

+ @if ../apps/openssl no-rsa; then \

+ echo "skipping CA.sh test -- requires RSA"; \

+ else \

+ echo "Generate and certify a test certificate via the 'ca' program"; \

+ sh ./testca; \

+ fi

test_rd: #$(RDTEST)

# @echo "test Rijndael"

diff --git a/lib/libssl/src/util/domd b/lib/libssl/src/util/domd
index 8cbe383c165..aa99cb05236 100644
--- a/lib/libssl/src/util/domd
+++ b/lib/libssl/src/util/domd

@@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then

sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp

echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp

gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp

- ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new

+ perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new

rm -f Makefile.tmp

else

${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@

- ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new

+ perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new

mv Makefile.new Makefile.ssl

# unfake the presence of Kerberos