diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2002-09-05 22:12:13 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-09-05 22:12:13 +0000 |
commit | b9680a25ddd0bd72bffb28a5cc859a347a8cf979 (patch) | |
tree | 4c16ea2ce58d0618420a0409ffaea6b834efcf48 /lib | |
parent | 3a327dad8e22d3b847a34518d736902335a15006 (diff) |
merge with 0.9.7-beta1
Diffstat (limited to 'lib')
29 files changed, 75 insertions, 108 deletions
diff --git a/lib/libssl/crypto/Makefile b/lib/libssl/crypto/Makefile index 15c310f2ee4..490ce259c66 100644 --- a/lib/libssl/crypto/Makefile +++ b/lib/libssl/crypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.25 2002/09/03 18:59:55 markus Exp $ +# $OpenBSD: Makefile,v 1.26 2002/09/05 22:12:11 markus Exp $ LIB= crypto @@ -29,7 +29,7 @@ CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H CFLAGS+= -DNO_WINDOWS_BRAINDEATH CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP -CFLAGS+= -DOPENSSL_NO_HW_SUREWARE +CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} CFLAGS+= -I${LCRYPTO_SRC} SRCS+= o_time.c @@ -282,11 +282,13 @@ includes: obj_mac.h CFLAGS+= -I${.OBJDIR} GENERATED=obj_mac.h obj_dat.h -CLEANFILES=${GENERATED} +CLEANFILES=${GENERATED} obj_mac.num.tmp SSL_OBJECTS=${SSL_SRC}/crypto/objects -obj_mac.h: ${SSL_OBJECTS}/objects.h - /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt ${SSL_OBJECTS}/obj_mac.num obj_mac.h +obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt + cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp + /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h + obj_dat.h: obj_mac.h /usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure index 0976f41f8d6..986db2f614e 100644 --- a/lib/libssl/src/Configure +++ b/lib/libssl/src/Configure @@ -366,6 +366,9 @@ my %table=( "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +# assembler versions -- currently defunct: +##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}", + # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the # bn86-elf.o file file since it is hand tweaked assembler. "linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/lib/libssl/src/Makefile.org b/lib/libssl/src/Makefile.org index 799c370cb64..71c196b1e65 100644 --- a/lib/libssl/src/Makefile.org +++ b/lib/libssl/src/Makefile.org @@ -35,8 +35,6 @@ OPENSSLDIR=/usr/local/ssl # DEVRANDOM - Give this the value of the 'random device' if your OS supports # one. 32 bytes will be read from this when the random # number generator is initalised. -# SSL_ALLOW_ADH - define if you want the server to be able to use the -# SSLv3 anon-DH ciphers. # SSL_FORBID_ENULL - define if you want the server to be not able to use the # NULL encryption ciphers. # @@ -734,21 +732,21 @@ install_docs: fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ + (cd `dirname $$i`; \ sh -c "`cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ done @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ + (cd `dirname $$i`; \ sh -c "`cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ done # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c index 3f55e26bdd5..fea0ffe2cfa 100644 --- a/lib/libssl/src/apps/speed.c +++ b/lib/libssl/src/apps/speed.c @@ -1627,7 +1627,7 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", HZ); + printf("HZ=%g", (double)HZ); # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif diff --git a/lib/libssl/src/crypto/asn1/a_utctm.c b/lib/libssl/src/crypto/asn1/a_utctm.c index dbb4a42c9d1..ed2d827db2f 100644 --- a/lib/libssl/src/crypto/asn1/a_utctm.c +++ b/lib/libssl/src/crypto/asn1/a_utctm.c @@ -222,7 +222,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { struct tm *tm; - struct tm data; int offset; int year; @@ -239,7 +238,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) t -= offset*60; /* FIXME: may overflow in extreme cases */ - tm = OPENSSL_gmtime(&t, &data); + { struct tm data; tm = OPENSSL_gmtime(&t, &data); } #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 year = g2(s->data); diff --git a/lib/libssl/src/crypto/des/fcrypt.c b/lib/libssl/src/crypto/des/fcrypt.c index 387d97f28d1..2758c32656a 100644 --- a/lib/libssl/src/crypto/des/fcrypt.c +++ b/lib/libssl/src/crypto/des/fcrypt.c @@ -1,5 +1,13 @@ /* NOCW */ #include <stdio.h> +#ifdef _OSD_POSIX +#ifndef CHARSET_EBCDIC +#define CHARSET_EBCDIC 1 +#endif +#endif +#ifdef CHARSET_EBCDIC +#include <openssl/ebcdic.h> +#endif /* This version of crypt has been developed from my MIT compatible * DES library. diff --git a/lib/libssl/src/crypto/des/read_pwd.c b/lib/libssl/src/crypto/des/read_pwd.c index 54e0e2e6b6c..00000190f80 100644 --- a/lib/libssl/src/crypto/des/read_pwd.c +++ b/lib/libssl/src/crypto/des/read_pwd.c @@ -211,7 +211,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty); #endif static jmp_buf save; -int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, +int des_read_pw_string(char *buf, int length, const char *prompt, int verify) { char buff[BUFSIZ]; diff --git a/lib/libssl/src/crypto/dsa/dsa_key.c b/lib/libssl/src/crypto/dsa/dsa_key.c index bf718c1c6d2..ef87c3e6372 100644 --- a/lib/libssl/src/crypto/dsa/dsa_key.c +++ b/lib/libssl/src/crypto/dsa/dsa_key.c @@ -64,8 +64,6 @@ #include <openssl/dsa.h> #include <openssl/rand.h> -extern int __BN_rand_range(BIGNUM *r, BIGNUM *range); - int DSA_generate_key(DSA *dsa) { int ok=0; @@ -82,7 +80,7 @@ int DSA_generate_key(DSA *dsa) priv_key=dsa->priv_key; do - if (!__BN_rand_range(priv_key,dsa->q)) goto err; + if (!BN_rand_range(priv_key,dsa->q)) goto err; while (BN_is_zero(priv_key)); if (dsa->pub_key == NULL) diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c index 07addc94d9e..37dd5fc9940 100644 --- a/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -66,8 +66,6 @@ #include <openssl/asn1.h> #include <openssl/engine.h> -int __BN_rand_range(BIGNUM *r, BIGNUM *range); - static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, @@ -193,7 +191,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) /* Get random k */ do - if (!__BN_rand_range(&k, dsa->q)) goto err; + if (!BN_rand_range(&k, dsa->q)) goto err; while (BN_is_zero(&k)); if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) @@ -344,55 +342,3 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, { return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); } - - -/* random number r: 0 <= r < range */ -int __BN_rand_range(BIGNUM *r, BIGNUM *range) - { - int n; - - if (range->neg || BN_is_zero(range)) - { - /* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */ - return 0; - } - - n = BN_num_bits(range); /* n > 0 */ - - if (n == 1) - { - if (!BN_zero(r)) return 0; - } - else if (BN_is_bit_set(range, n - 2)) - { - do - { - /* range = 11..._2, so each iteration succeeds with probability >= .75 */ - if (!BN_rand(r, n, -1, 0)) return 0; - } - while (BN_cmp(r, range) >= 0); - } - else - { - /* range = 10..._2, - * so 3*range (= 11..._2) is exactly one bit longer than range */ - do - { - if (!BN_rand(r, n + 1, -1, 0)) return 0; - /* If r < 3*range, use r := r MOD range - * (which is either r, r - range, or r - 2*range). - * Otherwise, iterate once more. - * Since 3*range = 11..._2, each iteration succeeds with - * probability >= .75. */ - if (BN_cmp(r ,range) >= 0) - { - if (!BN_sub(r, r, range)) return 0; - if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) return 0; - } - } - while (BN_cmp(r, range) >= 0); - } - - return 1; - } diff --git a/lib/libssl/src/crypto/engine/Makefile.ssl b/lib/libssl/src/crypto/engine/Makefile.ssl index 8ee3b7d2dd0..5172028f93a 100644 --- a/lib/libssl/src/crypto/engine/Makefile.ssl +++ b/lib/libssl/src/crypto/engine/Makefile.ssl @@ -74,7 +74,7 @@ tags: errors: $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \ - -nostatic -staticloader -write hw_*.c + -nostatic -staticloader -write hw_*.c; \ tests: diff --git a/lib/libssl/src/crypto/engine/eng_all.c b/lib/libssl/src/crypto/engine/eng_all.c index a35b3db9e86..bc504654225 100644 --- a/lib/libssl/src/crypto/engine/eng_all.c +++ b/lib/libssl/src/crypto/engine/eng_all.c @@ -96,6 +96,9 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_SUREWARE ENGINE_load_sureware(); #endif +#ifndef OPENSSL_NO_HW_4758_CCA + ENGINE_load_4758cca(); +#endif #ifdef OPENSSL_OPENBSD_DEV_CRYPTO ENGINE_load_openbsd_dev_crypto(); #endif @@ -114,5 +117,3 @@ void ENGINE_setup_openbsd(void) { openbsd_default_loaded=1; } #endif - - diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h index 97f5de9e129..fd17ff616d2 100644 --- a/lib/libssl/src/crypto/engine/engine.h +++ b/lib/libssl/src/crypto/engine/engine.h @@ -312,7 +312,7 @@ void ENGINE_load_builtin_engines(void); #ifdef __OpenBSD__ void ENGINE_load_cryptodev(void); #endif - + /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ unsigned int ENGINE_get_table_flags(void); diff --git a/lib/libssl/src/crypto/evp/evp_test.c b/lib/libssl/src/crypto/evp/evp_test.c index 90294ef686e..1bfffb34cf3 100644 --- a/lib/libssl/src/crypto/evp/evp_test.c +++ b/lib/libssl/src/crypto/evp/evp_test.c @@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim) } static unsigned char *ustrsep(char **p,const char *sep) - { return (unsigned char *)sstrsep(p,sep); } + { return (unsigned char *)sstrsep((char **)p,sep); } static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, @@ -358,7 +358,7 @@ int main(int argc,char **argv) p[-1] = '\0'; encdec = -1; } else { - encdec = atoi(sstrsep(&p,"\n")); + encdec = atoi(strsep(&p,"\n")); } diff --git a/lib/libssl/src/crypto/objects/Makefile.ssl b/lib/libssl/src/crypto/objects/Makefile.ssl index 1e990107d32..a9f01ffc0d5 100644 --- a/lib/libssl/src/crypto/objects/Makefile.ssl +++ b/lib/libssl/src/crypto/objects/Makefile.ssl @@ -15,6 +15,7 @@ MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile.ssl AR= ar r +PERL= perl CFLAGS= $(INCLUDES) $(CFLAG) diff --git a/lib/libssl/src/crypto/objects/obj_dat.pl b/lib/libssl/src/crypto/objects/obj_dat.pl index 85ab2098097..d0371661f97 100644 --- a/lib/libssl/src/crypto/objects/obj_dat.pl +++ b/lib/libssl/src/crypto/objects/obj_dat.pl @@ -1,4 +1,7 @@ #!/usr/local/bin/perl + +# fixes bug in floating point emulation on sparc64 when +# this script produces off-by-one output on sparc64 use integer; sub obj_cmp diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c index 4b221e08f5b..1c3e68ef317 100644 --- a/lib/libssl/src/crypto/rand/randfile.c +++ b/lib/libssl/src/crypto/rand/randfile.c @@ -99,12 +99,11 @@ int RAND_load_file(const char *file, long bytes) if (file == NULL) return(0); i=stat(file,&sb); - if (i < 0) { - /* If the state fails, put some crap in anyway */ - RAND_add(&sb,sizeof(sb),0); - return(0); - } + /* If the state fails, put some crap in anyway */ + RAND_add(&sb,sizeof(sb),0); + if (i < 0) return(0); if (bytes == 0) return(ret); + in=fopen(file,"rb"); if (in == NULL) goto err; if (sb.st_mode & (S_IFBLK | S_IFCHR)) { @@ -218,12 +217,12 @@ err: const char *RAND_file_name(char *buf, size_t size) { - char *s = NULL; + char *s=NULL; int ok = 0; struct stat sb; if (issetugid() == 0) - s = getenv("RANDFILE"); + s=getenv("RANDFILE"); if (s != NULL && *s && strlen(s) + 1 < size) { strlcpy(buf,s,size); @@ -272,4 +271,3 @@ const char *RAND_file_name(char *buf, size_t size) #endif return(buf); } - diff --git a/lib/libssl/src/demos/easy_tls/Makefile b/lib/libssl/src/demos/easy_tls/Makefile index fd3c246ef4e..32a79c4cc99 100644 --- a/lib/libssl/src/demos/easy_tls/Makefile +++ b/lib/libssl/src/demos/easy_tls/Makefile @@ -1,5 +1,5 @@ # Makefile for easy-tls example application (rudimentary client and server) -# $Id: Makefile,v 1.1 2002/05/15 02:29:18 beck Exp $ +# $Id: Makefile,v 1.2 2002/09/05 22:12:11 markus Exp $ SOLARIS_CFLAGS=-Wall -pedantic -g -O2 SOLARIS_LIBS=-lxnet diff --git a/lib/libssl/src/demos/easy_tls/cacerts.pem b/lib/libssl/src/demos/easy_tls/cacerts.pem index 0b1c91f95ee..036e3c3dc0a 100644 --- a/lib/libssl/src/demos/easy_tls/cacerts.pem +++ b/lib/libssl/src/demos/easy_tls/cacerts.pem @@ -1,4 +1,4 @@ -$Id: cacerts.pem,v 1.1 2002/05/15 02:29:18 beck Exp $ +$Id: cacerts.pem,v 1.2 2002/09/05 22:12:11 markus Exp $ issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) diff --git a/lib/libssl/src/demos/easy_tls/cert.pem b/lib/libssl/src/demos/easy_tls/cert.pem index d4d19d9ad1f..ab38de65e78 100644 --- a/lib/libssl/src/demos/easy_tls/cert.pem +++ b/lib/libssl/src/demos/easy_tls/cert.pem @@ -1,4 +1,4 @@ -$Id: cert.pem,v 1.1 2002/05/15 02:29:18 beck Exp $ +$Id: cert.pem,v 1.2 2002/09/05 22:12:11 markus Exp $ Example certificate and key. diff --git a/lib/libssl/src/demos/easy_tls/easy-tls.c b/lib/libssl/src/demos/easy_tls/easy-tls.c index 9fa0ef9a6be..70f7ae3c11b 100644 --- a/lib/libssl/src/demos/easy_tls/easy-tls.c +++ b/lib/libssl/src/demos/easy_tls/easy-tls.c @@ -1,7 +1,7 @@ /* -*- Mode: C; c-file-style: "bsd" -*- */ /* * easy-tls.c -- generic TLS proxy. - * $Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $ + * $Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $ */ /* (c) Copyright 1999 Bodo Moeller. All rights reserved. @@ -73,7 +73,7 @@ */ static char const rcsid[] = -"$Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $"; +"$Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $"; #include <assert.h> #include <errno.h> @@ -567,8 +567,13 @@ no_passphrase_callback(char *buf, int num, int w, void *arg) return -1; } +#if OPENSSL_VERSION_NUMBER >= 0x00907000L static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg) +#else +static int +verify_dont_fail_cb(X509_STORE_CTX *c) +#endif { int i; diff --git a/lib/libssl/src/demos/easy_tls/easy-tls.h b/lib/libssl/src/demos/easy_tls/easy-tls.h index 0cfbd8fe7b8..31332004438 100644 --- a/lib/libssl/src/demos/easy_tls/easy-tls.h +++ b/lib/libssl/src/demos/easy_tls/easy-tls.h @@ -1,7 +1,7 @@ /* -*- Mode: C; c-file-style: "bsd" -*- */ /* * easy-tls.h -- generic TLS proxy. - * $Id: easy-tls.h,v 1.1 2002/05/15 02:29:18 beck Exp $ + * $Id: easy-tls.h,v 1.2 2002/09/05 22:12:11 markus Exp $ */ /* * (c) Copyright 1999 Bodo Moeller. All rights reserved. diff --git a/lib/libssl/src/demos/easy_tls/test.c b/lib/libssl/src/demos/easy_tls/test.c index 4ce676ca93e..f86141d1d89 100644 --- a/lib/libssl/src/demos/easy_tls/test.c +++ b/lib/libssl/src/demos/easy_tls/test.c @@ -1,5 +1,5 @@ /* test.c */ -/* $Id: test.c,v 1.1 2002/05/15 02:29:18 beck Exp $ */ +/* $Id: test.c,v 1.2 2002/09/05 22:12:11 markus Exp $ */ #define L_PORT 9999 #define C_PORT 443 diff --git a/lib/libssl/src/demos/easy_tls/test.h b/lib/libssl/src/demos/easy_tls/test.h index c580169464b..575391c00b7 100644 --- a/lib/libssl/src/demos/easy_tls/test.h +++ b/lib/libssl/src/demos/easy_tls/test.h @@ -1,5 +1,5 @@ /* test.h */ -/* $Id: test.h,v 1.1 2002/05/15 02:29:18 beck Exp $ */ +/* $Id: test.h,v 1.2 2002/09/05 22:12:11 markus Exp $ */ void test_process_init(int fd, int client_p, void *apparg); diff --git a/lib/libssl/src/doc/crypto/des_modes.pod b/lib/libssl/src/doc/crypto/des_modes.pod index dc17942f97f..0cc22150e7e 100644 --- a/lib/libssl/src/doc/crypto/des_modes.pod +++ b/lib/libssl/src/doc/crypto/des_modes.pod @@ -204,8 +204,8 @@ just one key. =item * If the first and last key are the same, the key length is 112 bits. -There are attacks that could reduce the key space to 55 bit's but it -requires 2^56 blocks of memory. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. =item * diff --git a/lib/libssl/src/e_os.h b/lib/libssl/src/e_os.h index 055c1b0e296..f216936e18a 100644 --- a/lib/libssl/src/e_os.h +++ b/lib/libssl/src/e_os.h @@ -79,7 +79,7 @@ extern "C" { #ifndef DEVRANDOM /* set this to a comma-separated list of 'random' device files to try out. * My default, we will try to read at least one of these files */ -#define DEVRANDOM "/dev/arandom","/dev/urandom","/dev/random","/dev/srandom" +#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" #endif #ifndef DEVRANDOM_EGD /* set this to a comma-seperated list of 'egd' sockets to try out. These diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index dfffed7165e..cef8d4f81e2 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -114,8 +114,6 @@ #include <stdio.h> -#include "ssl_locl.h" -#include "kssl_lcl.h" #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> @@ -123,8 +121,10 @@ #include <openssl/x509.h> #ifndef OPENSSL_NO_KRB5 #include <openssl/krb5_asn.h> +#include "kssl_lcl.h" #endif #include <openssl/md5.h> +#include "ssl_locl.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 0029edc3a6c..6afb0f4cdf7 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -116,7 +116,7 @@ #include <string.h> #include <errno.h> -#include <e_os.h> +#include "e_os.h" #include <openssl/buffer.h> #include <openssl/comp.h> diff --git a/lib/libssl/src/test/Makefile.ssl b/lib/libssl/src/test/Makefile.ssl index 952ab163710..49f2cc9a23f 100644 --- a/lib/libssl/src/test/Makefile.ssl +++ b/lib/libssl/src/test/Makefile.ssl @@ -14,6 +14,7 @@ MAKEFILE= Makefile.ssl MAKE= make -f $(MAKEFILE) MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +PERL= perl PEX_LIBS= EX_LIBS= #-lnsl -lsocket @@ -234,7 +235,7 @@ test_gen: @echo "Generate and verify a certificate request" @sh ./testgen -test_ss: +test_ss keyU.ss certU.ss certCA.ss: testss @echo "Generate and certify a test certificate" @sh ./testss @@ -242,13 +243,17 @@ test_engine: @echo "Manipulate the ENGINE structures" ./$(ENGINETEST) -test_ssl: +test_ssl: keyU.ss certU.ss certCA.ss @echo "test SSL protocol" - @sh ./testssl + @sh ./testssl keyU.ss certU.ss certCA.ss test_ca: - @echo "Generate and certify a test certificate via the 'ca' program" - @sh ./testca + @if ../apps/openssl no-rsa; then \ + echo "skipping CA.sh test -- requires RSA"; \ + else \ + echo "Generate and certify a test certificate via the 'ca' program"; \ + sh ./testca; \ + fi test_rd: #$(RDTEST) # @echo "test Rijndael" diff --git a/lib/libssl/src/util/domd b/lib/libssl/src/util/domd index 8cbe383c165..aa99cb05236 100644 --- a/lib/libssl/src/util/domd +++ b/lib/libssl/src/util/domd @@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp - ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new + perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@ - ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new + perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new fi mv Makefile.new Makefile.ssl # unfake the presence of Kerberos |