summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2002-09-05 22:12:13 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2002-09-05 22:12:13 +0000
commitb9680a25ddd0bd72bffb28a5cc859a347a8cf979 (patch)
tree4c16ea2ce58d0618420a0409ffaea6b834efcf48 /lib
parent3a327dad8e22d3b847a34518d736902335a15006 (diff)
merge with 0.9.7-beta1
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/crypto/Makefile12
-rw-r--r--lib/libssl/src/Configure3
-rw-r--r--lib/libssl/src/Makefile.org10
-rw-r--r--lib/libssl/src/apps/speed.c2
-rw-r--r--lib/libssl/src/crypto/asn1/a_utctm.c3
-rw-r--r--lib/libssl/src/crypto/des/fcrypt.c8
-rw-r--r--lib/libssl/src/crypto/des/read_pwd.c2
-rw-r--r--lib/libssl/src/crypto/dsa/dsa_key.c4
-rw-r--r--lib/libssl/src/crypto/dsa/dsa_ossl.c56
-rw-r--r--lib/libssl/src/crypto/engine/Makefile.ssl2
-rw-r--r--lib/libssl/src/crypto/engine/eng_all.c5
-rw-r--r--lib/libssl/src/crypto/engine/engine.h2
-rw-r--r--lib/libssl/src/crypto/evp/evp_test.c4
-rw-r--r--lib/libssl/src/crypto/objects/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/objects/obj_dat.pl3
-rw-r--r--lib/libssl/src/crypto/rand/randfile.c14
-rw-r--r--lib/libssl/src/demos/easy_tls/Makefile2
-rw-r--r--lib/libssl/src/demos/easy_tls/cacerts.pem2
-rw-r--r--lib/libssl/src/demos/easy_tls/cert.pem2
-rw-r--r--lib/libssl/src/demos/easy_tls/easy-tls.c9
-rw-r--r--lib/libssl/src/demos/easy_tls/easy-tls.h2
-rw-r--r--lib/libssl/src/demos/easy_tls/test.c2
-rw-r--r--lib/libssl/src/demos/easy_tls/test.h2
-rw-r--r--lib/libssl/src/doc/crypto/des_modes.pod4
-rw-r--r--lib/libssl/src/e_os.h2
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c4
-rw-r--r--lib/libssl/src/ssl/ssl_locl.h2
-rw-r--r--lib/libssl/src/test/Makefile.ssl15
-rw-r--r--lib/libssl/src/util/domd4
29 files changed, 75 insertions, 108 deletions
diff --git a/lib/libssl/crypto/Makefile b/lib/libssl/crypto/Makefile
index 15c310f2ee4..490ce259c66 100644
--- a/lib/libssl/crypto/Makefile
+++ b/lib/libssl/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.25 2002/09/03 18:59:55 markus Exp $
+# $OpenBSD: Makefile,v 1.26 2002/09/05 22:12:11 markus Exp $
LIB= crypto
@@ -29,7 +29,7 @@ CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H
CFLAGS+= -DNO_WINDOWS_BRAINDEATH
CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA
CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP
-CFLAGS+= -DOPENSSL_NO_HW_SUREWARE
+CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA
CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}
CFLAGS+= -I${LCRYPTO_SRC}
SRCS+= o_time.c
@@ -282,11 +282,13 @@ includes: obj_mac.h
CFLAGS+= -I${.OBJDIR}
GENERATED=obj_mac.h obj_dat.h
-CLEANFILES=${GENERATED}
+CLEANFILES=${GENERATED} obj_mac.num.tmp
SSL_OBJECTS=${SSL_SRC}/crypto/objects
-obj_mac.h: ${SSL_OBJECTS}/objects.h
- /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt ${SSL_OBJECTS}/obj_mac.num obj_mac.h
+obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt
+ cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp
+ /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h
+
obj_dat.h: obj_mac.h
/usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h
diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure
index 0976f41f8d6..986db2f614e 100644
--- a/lib/libssl/src/Configure
+++ b/lib/libssl/src/Configure
@@ -366,6 +366,9 @@ my %table=(
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+# assembler versions -- currently defunct:
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
+
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/lib/libssl/src/Makefile.org b/lib/libssl/src/Makefile.org
index 799c370cb64..71c196b1e65 100644
--- a/lib/libssl/src/Makefile.org
+++ b/lib/libssl/src/Makefile.org
@@ -35,8 +35,6 @@ OPENSSLDIR=/usr/local/ssl
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-# SSLv3 anon-DH ciphers.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
@@ -734,21 +732,21 @@ install_docs:
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
+ (cd `dirname $$i`; \
sh -c "`cd ../../util; ./pod2mantest ignore` \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
done
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
+ (cd `dirname $$i`; \
sh -c "`cd ../../util; ./pod2mantest ignore` \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c
index 3f55e26bdd5..fea0ffe2cfa 100644
--- a/lib/libssl/src/apps/speed.c
+++ b/lib/libssl/src/apps/speed.c
@@ -1627,7 +1627,7 @@ show_res:
#endif
#ifdef HZ
#define as_string(s) (#s)
- printf("HZ=%g", HZ);
+ printf("HZ=%g", (double)HZ);
# ifdef _SC_CLK_TCK
printf(" [sysconf value]");
# endif
diff --git a/lib/libssl/src/crypto/asn1/a_utctm.c b/lib/libssl/src/crypto/asn1/a_utctm.c
index dbb4a42c9d1..ed2d827db2f 100644
--- a/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -222,7 +222,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
{
struct tm *tm;
- struct tm data;
int offset;
int year;
@@ -239,7 +238,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
t -= offset*60; /* FIXME: may overflow in extreme cases */
- tm = OPENSSL_gmtime(&t, &data);
+ { struct tm data; tm = OPENSSL_gmtime(&t, &data); }
#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
year = g2(s->data);
diff --git a/lib/libssl/src/crypto/des/fcrypt.c b/lib/libssl/src/crypto/des/fcrypt.c
index 387d97f28d1..2758c32656a 100644
--- a/lib/libssl/src/crypto/des/fcrypt.c
+++ b/lib/libssl/src/crypto/des/fcrypt.c
@@ -1,5 +1,13 @@
/* NOCW */
#include <stdio.h>
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
/* This version of crypt has been developed from my MIT compatible
* DES library.
diff --git a/lib/libssl/src/crypto/des/read_pwd.c b/lib/libssl/src/crypto/des/read_pwd.c
index 54e0e2e6b6c..00000190f80 100644
--- a/lib/libssl/src/crypto/des/read_pwd.c
+++ b/lib/libssl/src/crypto/des/read_pwd.c
@@ -211,7 +211,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty);
#endif
static jmp_buf save;
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+int des_read_pw_string(char *buf, int length, const char *prompt,
int verify)
{
char buff[BUFSIZ];
diff --git a/lib/libssl/src/crypto/dsa/dsa_key.c b/lib/libssl/src/crypto/dsa/dsa_key.c
index bf718c1c6d2..ef87c3e6372 100644
--- a/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -64,8 +64,6 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
-extern int __BN_rand_range(BIGNUM *r, BIGNUM *range);
-
int DSA_generate_key(DSA *dsa)
{
int ok=0;
@@ -82,7 +80,7 @@ int DSA_generate_key(DSA *dsa)
priv_key=dsa->priv_key;
do
- if (!__BN_rand_range(priv_key,dsa->q)) goto err;
+ if (!BN_rand_range(priv_key,dsa->q)) goto err;
while (BN_is_zero(priv_key));
if (dsa->pub_key == NULL)
diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c
index 07addc94d9e..37dd5fc9940 100644
--- a/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -66,8 +66,6 @@
#include <openssl/asn1.h>
#include <openssl/engine.h>
-int __BN_rand_range(BIGNUM *r, BIGNUM *range);
-
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -193,7 +191,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
/* Get random k */
do
- if (!__BN_rand_range(&k, dsa->q)) goto err;
+ if (!BN_rand_range(&k, dsa->q)) goto err;
while (BN_is_zero(&k));
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
@@ -344,55 +342,3 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
{
return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
}
-
-
-/* random number r: 0 <= r < range */
-int __BN_rand_range(BIGNUM *r, BIGNUM *range)
- {
- int n;
-
- if (range->neg || BN_is_zero(range))
- {
- /* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */
- return 0;
- }
-
- n = BN_num_bits(range); /* n > 0 */
-
- if (n == 1)
- {
- if (!BN_zero(r)) return 0;
- }
- else if (BN_is_bit_set(range, n - 2))
- {
- do
- {
- /* range = 11..._2, so each iteration succeeds with probability >= .75 */
- if (!BN_rand(r, n, -1, 0)) return 0;
- }
- while (BN_cmp(r, range) >= 0);
- }
- else
- {
- /* range = 10..._2,
- * so 3*range (= 11..._2) is exactly one bit longer than range */
- do
- {
- if (!BN_rand(r, n + 1, -1, 0)) return 0;
- /* If r < 3*range, use r := r MOD range
- * (which is either r, r - range, or r - 2*range).
- * Otherwise, iterate once more.
- * Since 3*range = 11..._2, each iteration succeeds with
- * probability >= .75. */
- if (BN_cmp(r ,range) >= 0)
- {
- if (!BN_sub(r, r, range)) return 0;
- if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
- }
- while (BN_cmp(r, range) >= 0);
- }
-
- return 1;
- }
diff --git a/lib/libssl/src/crypto/engine/Makefile.ssl b/lib/libssl/src/crypto/engine/Makefile.ssl
index 8ee3b7d2dd0..5172028f93a 100644
--- a/lib/libssl/src/crypto/engine/Makefile.ssl
+++ b/lib/libssl/src/crypto/engine/Makefile.ssl
@@ -74,7 +74,7 @@ tags:
errors:
$(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
- -nostatic -staticloader -write hw_*.c
+ -nostatic -staticloader -write hw_*.c; \
tests:
diff --git a/lib/libssl/src/crypto/engine/eng_all.c b/lib/libssl/src/crypto/engine/eng_all.c
index a35b3db9e86..bc504654225 100644
--- a/lib/libssl/src/crypto/engine/eng_all.c
+++ b/lib/libssl/src/crypto/engine/eng_all.c
@@ -96,6 +96,9 @@ void ENGINE_load_builtin_engines(void)
#ifndef OPENSSL_NO_HW_SUREWARE
ENGINE_load_sureware();
#endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+ ENGINE_load_4758cca();
+#endif
#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
ENGINE_load_openbsd_dev_crypto();
#endif
@@ -114,5 +117,3 @@ void ENGINE_setup_openbsd(void) {
openbsd_default_loaded=1;
}
#endif
-
-
diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h
index 97f5de9e129..fd17ff616d2 100644
--- a/lib/libssl/src/crypto/engine/engine.h
+++ b/lib/libssl/src/crypto/engine/engine.h
@@ -312,7 +312,7 @@ void ENGINE_load_builtin_engines(void);
#ifdef __OpenBSD__
void ENGINE_load_cryptodev(void);
#endif
-
+
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
unsigned int ENGINE_get_table_flags(void);
diff --git a/lib/libssl/src/crypto/evp/evp_test.c b/lib/libssl/src/crypto/evp/evp_test.c
index 90294ef686e..1bfffb34cf3 100644
--- a/lib/libssl/src/crypto/evp/evp_test.c
+++ b/lib/libssl/src/crypto/evp/evp_test.c
@@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim)
}
static unsigned char *ustrsep(char **p,const char *sep)
- { return (unsigned char *)sstrsep(p,sep); }
+ { return (unsigned char *)sstrsep((char **)p,sep); }
static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
const unsigned char *iv,int in,
@@ -358,7 +358,7 @@ int main(int argc,char **argv)
p[-1] = '\0';
encdec = -1;
} else {
- encdec = atoi(sstrsep(&p,"\n"));
+ encdec = atoi(strsep(&p,"\n"));
}
diff --git a/lib/libssl/src/crypto/objects/Makefile.ssl b/lib/libssl/src/crypto/objects/Makefile.ssl
index 1e990107d32..a9f01ffc0d5 100644
--- a/lib/libssl/src/crypto/objects/Makefile.ssl
+++ b/lib/libssl/src/crypto/objects/Makefile.ssl
@@ -15,6 +15,7 @@ MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile.ssl
AR= ar r
+PERL= perl
CFLAGS= $(INCLUDES) $(CFLAG)
diff --git a/lib/libssl/src/crypto/objects/obj_dat.pl b/lib/libssl/src/crypto/objects/obj_dat.pl
index 85ab2098097..d0371661f97 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.pl
+++ b/lib/libssl/src/crypto/objects/obj_dat.pl
@@ -1,4 +1,7 @@
#!/usr/local/bin/perl
+
+# fixes bug in floating point emulation on sparc64 when
+# this script produces off-by-one output on sparc64
use integer;
sub obj_cmp
diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index 4b221e08f5b..1c3e68ef317 100644
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c
@@ -99,12 +99,11 @@ int RAND_load_file(const char *file, long bytes)
if (file == NULL) return(0);
i=stat(file,&sb);
- if (i < 0) {
- /* If the state fails, put some crap in anyway */
- RAND_add(&sb,sizeof(sb),0);
- return(0);
- }
+ /* If the state fails, put some crap in anyway */
+ RAND_add(&sb,sizeof(sb),0);
+ if (i < 0) return(0);
if (bytes == 0) return(ret);
+
in=fopen(file,"rb");
if (in == NULL) goto err;
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -218,12 +217,12 @@ err:
const char *RAND_file_name(char *buf, size_t size)
{
- char *s = NULL;
+ char *s=NULL;
int ok = 0;
struct stat sb;
if (issetugid() == 0)
- s = getenv("RANDFILE");
+ s=getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size)
{
strlcpy(buf,s,size);
@@ -272,4 +271,3 @@ const char *RAND_file_name(char *buf, size_t size)
#endif
return(buf);
}
-
diff --git a/lib/libssl/src/demos/easy_tls/Makefile b/lib/libssl/src/demos/easy_tls/Makefile
index fd3c246ef4e..32a79c4cc99 100644
--- a/lib/libssl/src/demos/easy_tls/Makefile
+++ b/lib/libssl/src/demos/easy_tls/Makefile
@@ -1,5 +1,5 @@
# Makefile for easy-tls example application (rudimentary client and server)
-# $Id: Makefile,v 1.1 2002/05/15 02:29:18 beck Exp $
+# $Id: Makefile,v 1.2 2002/09/05 22:12:11 markus Exp $
SOLARIS_CFLAGS=-Wall -pedantic -g -O2
SOLARIS_LIBS=-lxnet
diff --git a/lib/libssl/src/demos/easy_tls/cacerts.pem b/lib/libssl/src/demos/easy_tls/cacerts.pem
index 0b1c91f95ee..036e3c3dc0a 100644
--- a/lib/libssl/src/demos/easy_tls/cacerts.pem
+++ b/lib/libssl/src/demos/easy_tls/cacerts.pem
@@ -1,4 +1,4 @@
-$Id: cacerts.pem,v 1.1 2002/05/15 02:29:18 beck Exp $
+$Id: cacerts.pem,v 1.2 2002/09/05 22:12:11 markus Exp $
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
diff --git a/lib/libssl/src/demos/easy_tls/cert.pem b/lib/libssl/src/demos/easy_tls/cert.pem
index d4d19d9ad1f..ab38de65e78 100644
--- a/lib/libssl/src/demos/easy_tls/cert.pem
+++ b/lib/libssl/src/demos/easy_tls/cert.pem
@@ -1,4 +1,4 @@
-$Id: cert.pem,v 1.1 2002/05/15 02:29:18 beck Exp $
+$Id: cert.pem,v 1.2 2002/09/05 22:12:11 markus Exp $
Example certificate and key.
diff --git a/lib/libssl/src/demos/easy_tls/easy-tls.c b/lib/libssl/src/demos/easy_tls/easy-tls.c
index 9fa0ef9a6be..70f7ae3c11b 100644
--- a/lib/libssl/src/demos/easy_tls/easy-tls.c
+++ b/lib/libssl/src/demos/easy_tls/easy-tls.c
@@ -1,7 +1,7 @@
/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
* easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $
+ * $Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $
*/
/*
(c) Copyright 1999 Bodo Moeller. All rights reserved.
@@ -73,7 +73,7 @@
*/
static char const rcsid[] =
-"$Id: easy-tls.c,v 1.1 2002/05/15 02:29:18 beck Exp $";
+"$Id: easy-tls.c,v 1.2 2002/09/05 22:12:11 markus Exp $";
#include <assert.h>
#include <errno.h>
@@ -567,8 +567,13 @@ no_passphrase_callback(char *buf, int num, int w, void *arg)
return -1;
}
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
static int
verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
+#else
+static int
+verify_dont_fail_cb(X509_STORE_CTX *c)
+#endif
{
int i;
diff --git a/lib/libssl/src/demos/easy_tls/easy-tls.h b/lib/libssl/src/demos/easy_tls/easy-tls.h
index 0cfbd8fe7b8..31332004438 100644
--- a/lib/libssl/src/demos/easy_tls/easy-tls.h
+++ b/lib/libssl/src/demos/easy_tls/easy-tls.h
@@ -1,7 +1,7 @@
/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
* easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1 2002/05/15 02:29:18 beck Exp $
+ * $Id: easy-tls.h,v 1.2 2002/09/05 22:12:11 markus Exp $
*/
/*
* (c) Copyright 1999 Bodo Moeller. All rights reserved.
diff --git a/lib/libssl/src/demos/easy_tls/test.c b/lib/libssl/src/demos/easy_tls/test.c
index 4ce676ca93e..f86141d1d89 100644
--- a/lib/libssl/src/demos/easy_tls/test.c
+++ b/lib/libssl/src/demos/easy_tls/test.c
@@ -1,5 +1,5 @@
/* test.c */
-/* $Id: test.c,v 1.1 2002/05/15 02:29:18 beck Exp $ */
+/* $Id: test.c,v 1.2 2002/09/05 22:12:11 markus Exp $ */
#define L_PORT 9999
#define C_PORT 443
diff --git a/lib/libssl/src/demos/easy_tls/test.h b/lib/libssl/src/demos/easy_tls/test.h
index c580169464b..575391c00b7 100644
--- a/lib/libssl/src/demos/easy_tls/test.h
+++ b/lib/libssl/src/demos/easy_tls/test.h
@@ -1,5 +1,5 @@
/* test.h */
-/* $Id: test.h,v 1.1 2002/05/15 02:29:18 beck Exp $ */
+/* $Id: test.h,v 1.2 2002/09/05 22:12:11 markus Exp $ */
void test_process_init(int fd, int client_p, void *apparg);
diff --git a/lib/libssl/src/doc/crypto/des_modes.pod b/lib/libssl/src/doc/crypto/des_modes.pod
index dc17942f97f..0cc22150e7e 100644
--- a/lib/libssl/src/doc/crypto/des_modes.pod
+++ b/lib/libssl/src/doc/crypto/des_modes.pod
@@ -204,8 +204,8 @@ just one key.
=item *
If the first and last key are the same, the key length is 112 bits.
-There are attacks that could reduce the key space to 55 bit's but it
-requires 2^56 blocks of memory.
+There are attacks that could reduce the effective key strength
+to only slightly more than 56 bits, but these require a lot of memory.
=item *
diff --git a/lib/libssl/src/e_os.h b/lib/libssl/src/e_os.h
index 055c1b0e296..f216936e18a 100644
--- a/lib/libssl/src/e_os.h
+++ b/lib/libssl/src/e_os.h
@@ -79,7 +79,7 @@ extern "C" {
#ifndef DEVRANDOM
/* set this to a comma-separated list of 'random' device files to try out.
* My default, we will try to read at least one of these files */
-#define DEVRANDOM "/dev/arandom","/dev/urandom","/dev/random","/dev/srandom"
+#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
#endif
#ifndef DEVRANDOM_EGD
/* set this to a comma-seperated list of 'egd' sockets to try out. These
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index dfffed7165e..cef8d4f81e2 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -114,8 +114,6 @@
#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
@@ -123,8 +121,10 @@
#include <openssl/x509.h>
#ifndef OPENSSL_NO_KRB5
#include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
#endif
#include <openssl/md5.h>
+#include "ssl_locl.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 0029edc3a6c..6afb0f4cdf7 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -116,7 +116,7 @@
#include <string.h>
#include <errno.h>
-#include <e_os.h>
+#include "e_os.h"
#include <openssl/buffer.h>
#include <openssl/comp.h>
diff --git a/lib/libssl/src/test/Makefile.ssl b/lib/libssl/src/test/Makefile.ssl
index 952ab163710..49f2cc9a23f 100644
--- a/lib/libssl/src/test/Makefile.ssl
+++ b/lib/libssl/src/test/Makefile.ssl
@@ -14,6 +14,7 @@ MAKEFILE= Makefile.ssl
MAKE= make -f $(MAKEFILE)
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL= perl
PEX_LIBS=
EX_LIBS= #-lnsl -lsocket
@@ -234,7 +235,7 @@ test_gen:
@echo "Generate and verify a certificate request"
@sh ./testgen
-test_ss:
+test_ss keyU.ss certU.ss certCA.ss: testss
@echo "Generate and certify a test certificate"
@sh ./testss
@@ -242,13 +243,17 @@ test_engine:
@echo "Manipulate the ENGINE structures"
./$(ENGINETEST)
-test_ssl:
+test_ssl: keyU.ss certU.ss certCA.ss
@echo "test SSL protocol"
- @sh ./testssl
+ @sh ./testssl keyU.ss certU.ss certCA.ss
test_ca:
- @echo "Generate and certify a test certificate via the 'ca' program"
- @sh ./testca
+ @if ../apps/openssl no-rsa; then \
+ echo "skipping CA.sh test -- requires RSA"; \
+ else \
+ echo "Generate and certify a test certificate via the 'ca' program"; \
+ sh ./testca; \
+ fi
test_rd: #$(RDTEST)
# @echo "test Rijndael"
diff --git a/lib/libssl/src/util/domd b/lib/libssl/src/util/domd
index 8cbe383c165..aa99cb05236 100644
--- a/lib/libssl/src/util/domd
+++ b/lib/libssl/src/util/domd
@@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp
- ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+ perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp
else
${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@
- ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+ perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
fi
mv Makefile.new Makefile.ssl
# unfake the presence of Kerberos