I haven't merged from 0.9.7-stable in a loooong time. It shows :-).

CHANGES

@@ -4,6 +4,9 @@
 
  Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
 
+  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
   *) Use the correct content when signing type "other".
      [Steve Henson]
 

apps/apps.c

@@ -475,7 +475,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password[0] != '\0')
+			if (password && password[0] != '\0')
 				{
 				UI_set_result(ui, uis, password);
 				return 1;
@@ -499,7 +499,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password[0] != '\0')
+			if (password && password[0] != '\0')
 				return 1;
 			}
 		default:

apps/req.c

@@ -824,7 +824,7 @@ loop:
 			if ((x509ss=X509_new()) == NULL) goto end;
 
 			/* Set version to V3 */
-			if(!X509_set_version(x509ss, 2)) goto end;
+			if(extensions && !X509_set_version(x509ss, 2)) goto end;
 			if (serial)
 				{
 				if (!X509_set_serialNumber(x509ss, serial)) goto end;

apps/speed.c

@@ -1006,6 +1006,9 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
 	c[D_CBC_CAST][0]=count;
+	c[D_CBC_128_AES][0]=count;
+	c[D_CBC_192_AES][0]=count;
+	c[D_CBC_256_AES][0]=count;
 
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1031,6 +1034,9 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
+		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
+		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
+		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
 		}
 #ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;

crypto/Makefile.ssl

@@ -50,7 +50,7 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all: buildinf.h lib subdirs shared
+all: shared
 
 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
@@ -96,7 +96,7 @@ lib:	$(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
-shared:
+shared: buildinf.h lib subdirs
 	if [ -n "$(SHARED_LIBS)" ]; then \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
 	fi

crypto/asn1/a_strex.c

@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
 	-1, -1, 0, -1,		/* 10-13 */
 	-1, -1, -1, -1,		/* 15-17 */
 	-1, 1, 1,		/* 18-20 */
-	-1, 1, -1,-1,		/* 21-24 */
+	-1, 1, 1, 1,		/* 21-24 */
 	-1, 1, -1,		/* 25-27 */
 	4, -1, 2		/* 28-30 */
 };

crypto/bf/Makefile.ssl

@@ -22,6 +22,7 @@ BF_ENC=		bf_enc.o
 #DES_ENC=	bx86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=bftest.c

crypto/bio/b_print.c

@@ -652,8 +652,8 @@ fmtfp(
             (caps ? "0123456789ABCDEF"
               : "0123456789abcdef")[intpart % 10];
         intpart = (intpart / 10);
-    } while (intpart && (iplace < sizeof iplace));
-    if (iplace == sizeof iplace)
+    } while (intpart && (iplace < sizeof iconvert));
+    if (iplace == sizeof iconvert)
         iplace--;
     iconvert[iplace] = 0;
 
@@ -664,7 +664,7 @@ fmtfp(
               : "0123456789abcdef")[fracpart % 10];
         fracpart = (fracpart / 10);
     } while (fplace < max);
-    if (fplace == sizeof fplace)
+    if (fplace == sizeof fconvert)
         fplace--;
     fconvert[fplace] = 0;
 

crypto/bn/asm/bn-586.pl

@@ -11,7 +11,7 @@ require "x86asm.pl";
 &bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
 &bn_sub_words("bn_sub_words");
-&bn_sub_part_words("bn_sub_part_words");
+#&bn_sub_part_words("bn_sub_part_words");
 
 &asm_finish();
 

crypto/cast/Makefile.ssl

@@ -25,6 +25,7 @@ CAST_ENC=c_enc.o
 #CAST_ENC=asm/cx86bdsi.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=casttest.c

crypto/conf/conf_mod.c

@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
  * be used to parse comma separated lists for example.
  */
 
-int CONF_parse_list(const char *list, int sep, int nospc,
+int CONF_parse_list(const char *list_, int sep, int nospc,
 	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
 	{
 	int ret;
 	const char *lstart, *tmpend, *p;
-	lstart = list;
+	lstart = list_;
 
 	for(;;)
 		{

crypto/des/Makefile.ssl

@@ -22,6 +22,7 @@ DES_ENC=	des_enc.o fcrypt_b.o
 #DES_ENC=	dx86-elf.o yx86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=destest.c

crypto/engine/eng_fat.c

@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
 	}
 
 
-int ENGINE_set_default_string(ENGINE *e, const char *list)
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
 	{
 	unsigned int flags = 0;
-	if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
+	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
 					ENGINE_R_INVALID_STRING);
-		ERR_add_error_data(2, "str=",list);
+		ERR_add_error_data(2, "str=",def_list);
 		return 0;
 		}
 	return ENGINE_set_default(e, flags);

crypto/engine/engine.h

@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
  * structure will have had its reference count up'd so the caller
  * should still free their own reference 'e'. */
 int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *list);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
 /* Same for the other "methods" */
 int ENGINE_set_default_DSA(ENGINE *e);
 int ENGINE_set_default_DH(ENGINE *e);
@@ -616,6 +616,8 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 				const dynamic_fns *fns);
 #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
 	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+		if (ERR_get_implementation() != fns->err_fns) \
+			{ \
 			if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
 				fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
 				return 0; \
@@ -627,6 +629,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 			if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
 				return 0; \
 			if(!ERR_set_implementation(fns->err_fns)) return 0; \
+			} \
 		if(!fn(e,id)) return 0; \
 		return 1; }
 

crypto/engine/hw_cryptodev.c

@@ -1058,14 +1058,17 @@ ENGINE_load_cryptodev(void)
 
 	if (engine == NULL)
 		return;
-	if ((fd = get_dev_crypto()) < 0)
+	if ((fd = get_dev_crypto()) < 0) {
+		ENGINE_free(engine);
 		return;
+	}
 
 	/*
 	 * find out what asymmetric crypto algorithms we support
 	 */
 	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
 		close(fd);
+		ENGINE_free(engine);
 		return;
 	}
 	close(fd);

crypto/evp/evp_enc.c

@@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #endif
 
 		ctx->cipher=cipher;
+		if (ctx->cipher->ctx_size)
+			{
 			ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+			if (!ctx->cipher_data)
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
+		else
+			{
+			ctx->cipher_data = NULL;
+			}
 		ctx->key_len = cipher->key_len;
 		ctx->flags = 0;
 		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)

crypto/mem.c

@@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	void *ret = NULL;
 	extern unsigned char cleanse_ctr;
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 	void *ret = NULL;
 	extern unsigned char cleanse_ctr;
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
 	if (str == NULL)
 		return CRYPTO_malloc(num, file, line);
 
- 	if (num < 0) return NULL;
+ 	if (num <= 0) return NULL;
  
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);
@@ -346,7 +346,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
 	if (str == NULL)
 		return CRYPTO_malloc(num, file, line);
  
- 	if (num < 0) return NULL;
+ 	if (num <= 0) return NULL;
  
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);

crypto/rc4/Makefile.ssl

@@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o
 #RC4_ENC=asm/rx86bdsi.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=rc4test.c

crypto/rc5/Makefile.ssl

@@ -22,6 +22,7 @@ RC5_ENC=		rc5_enc.o
 #DES_ENC=	r586-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=rc5test.c

crypto/ripemd/Makefile.ssl

@@ -20,6 +20,7 @@ AR=             ar r
 RIP_ASM_OBJ=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=rmdtest.c

crypto/sha/Makefile.ssl

@@ -20,6 +20,7 @@ AR=             ar r
 SHA1_ASM_OBJ=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
 
 GENERAL=Makefile
 TEST=shatest.c sha1test.c

crypto/x509/x509.h

@@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#ifndef OPENSSL_NO_RSA
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-#endif
 
 #endif /* !SSLEAY_MACROS */
 

crypto/x509/x509type.c

@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 		break;
 		}
 
-	if (EVP_PKEY_size(pk) <= 512/8)	/* /8 because it's 512 bits we look
+	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
 					   for, not bytes */
 		ret|=EVP_PKT_EXP;
 	if(pkey==NULL) EVP_PKEY_free(pk);

crypto/x509v3/v3_crld.c

@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
 
 ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
 ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
 
 IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)

doc/crypto/BIO_f_ssl.pod

@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
 	return 0;
  }
 
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "</pre>\r\n");
+ BIO_puts(sbio, "\r\n");
 
  /* Since there is a buffering BIO present we had better flush it */
  BIO_flush(sbio);

doc/crypto/d2i_DSAPublicKey.pod

@@ -9,6 +9,7 @@ and parsing functions.
 =head1 SYNOPSIS
 
  #include <openssl/dsa.h>
+ #include <openssl/x509.h>
 
  DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
 
@@ -35,8 +36,8 @@ and parsing functions.
 d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
 components structure.
 
-d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a
-SubjectPublicKeyInfo (certificate public key) structure.
+d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
 
 d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
 components.

doc/crypto/d2i_RSAPublicKey.pod

@@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
+ #include <openssl/x509.h>
 
  RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
 
@@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
 d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
 structure.
 
-d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a
-SubjectPublicKeyInfo (certificate public key) structure.
+d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
 
 d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
 structure.

doc/ssl/SSL_COMP_add_compression_method.pod

@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
 
 =over 4
 
-=item 1
+=item 0
 
 The operation succeeded.
 
-=item 0
+=item 1
 
 The operation failed. Check the error queue to find out the reason.
 

os2/OS2-EMX.cmd

@@ -64,3 +64,39 @@ echo RC5\32
 cd crypto\rc5\asm
 perl rc5-586.pl a.out > r5-os2.asm
 cd ..\..\..
+
+cd os2
+
+if exist noname\backward_ssl.def goto nomkdir
+mkdir noname
+:nomkdir
+
+perl backwardify.pl		crypto.def	>backward_crypto.def
+perl backwardify.pl		ssl.def		>backward_ssl.def
+perl backwardify.pl -noname	crypto.def	>noname\backward_crypto.def
+perl backwardify.pl -noname	ssl.def		>noname\backward_ssl.def
+
+echo Creating backward compatibility forwarder dlls:
+echo  crypto.dll
+gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085
+echo  ssl.dll
+gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085
+
+echo Creating smaller backward compatibility forwarder dlls:
+echo These DLLs are not good for runtime resolution of symbols.
+echo  noname\crypto.dll
+gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085
+echo  noname\ssl.dll
+gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085
+
+echo Compressing forwarders (it is ok if lxlite is not found):
+lxlite *.dll noname/*.dll
+
+cd ..
+
+echo Now run:
+echo For static build:
+echo  make -f OS2-EMX.mak
+echo For dynamic build:
+echo  make -f OS2-EMX-DLL.mak
+echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll

ssl/Makefile.ssl

@@ -55,14 +55,14 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all:	lib shared
+all:	shared
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
-shared:
+shared: lib
 	if [ -n "$(SHARED_LIBS)" ]; then \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
 	fi

ssl/s3_clnt.c

@@ -1957,7 +1957,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		if (algs & SSL_kRSA)
 			{
 			if (rsa == NULL
-			    || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1969,7 +1969,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
-				|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;

ssl/ssl.h

@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
 const char *SSL_alert_desc_string_long(int value);
 const char *SSL_alert_desc_string(int value);
 
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);

ssl/ssl_cert.c

@@ -514,12 +514,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	return(i);
 	}
 
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
 	{
 	if (*ca_list != NULL)
 		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
 
-	*ca_list=list;
+	*ca_list=name_list;
 	}
 
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -541,14 +541,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
 	return(ret);
 	}
 
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
 	{
-	set_client_CA_list(&(s->client_CA),list);
+	set_client_CA_list(&(s->client_CA),name_list);
 	}
 
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
 	{
-	set_client_CA_list(&(ctx->client_CA),list);
+	set_client_CA_list(&(ctx->client_CA),name_list);
 	}
 
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)

ssl/ssl_ciph.c

@@ -334,10 +334,10 @@ static unsigned long ssl_cipher_get_disabled(void)
 	}
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
-	int i, list_num;
+	int i, co_list_num;
 	SSL_CIPHER *c;
 
 	/*
@@ -348,18 +348,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 	 */
 
 	/* Get the initial list of ciphers */
-	list_num = 0;	/* actual count of ciphers */
+	co_list_num = 0;	/* actual count of ciphers */
 	for (i = 0; i < num_of_ciphers; i++)
 		{
 		c = ssl_method->get_cipher(i);
 		/* drop those that use any of that is not available */
 		if ((c != NULL) && c->valid && !(c->algorithms & mask))
 			{
-			list[list_num].cipher = c;
-			list[list_num].next = NULL;
-			list[list_num].prev = NULL;
-			list[list_num].active = 0;
-			list_num++;
+			co_list[co_list_num].cipher = c;
+			co_list[co_list_num].next = NULL;
+			co_list[co_list_num].prev = NULL;
+			co_list[co_list_num].active = 0;
+			co_list_num++;
 #ifdef KSSL_DEBUG
 			printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
 #endif	/* KSSL_DEBUG */
@@ -372,18 +372,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 	/*
 	 * Prepare linked list from list entries
 	 */	
-	for (i = 1; i < list_num - 1; i++)
+	for (i = 1; i < co_list_num - 1; i++)
 		{
-		list[i].prev = &(list[i-1]);
-		list[i].next = &(list[i+1]);
+		co_list[i].prev = &(co_list[i-1]);
+		co_list[i].next = &(co_list[i+1]);
 		}
-	if (list_num > 0)
+	if (co_list_num > 0)
 		{
-		(*head_p) = &(list[0]);
+		(*head_p) = &(co_list[0]);
 		(*head_p)->prev = NULL;
-		(*head_p)->next = &(list[1]);
-		(*tail_p) = &(list[list_num - 1]);
-		(*tail_p)->prev = &(list[list_num - 2]);
+		(*head_p)->next = &(co_list[1]);
+		(*tail_p) = &(co_list[co_list_num - 1]);
+		(*tail_p)->prev = &(co_list[co_list_num - 2]);
 		(*tail_p)->next = NULL;
 		}
 	}
@@ -429,7 +429,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
 
 static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 		unsigned long algo_strength, unsigned long mask_strength,
-		int rule, int strength_bits, CIPHER_ORDER *list,
+		int rule, int strength_bits, CIPHER_ORDER *co_list,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
 	CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -524,7 +524,8 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 	*tail_p = tail;
 	}
 
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+				    CIPHER_ORDER **head_p,
 				    CIPHER_ORDER **tail_p)
 	{
 	int max_strength_bits, i, *number_uses;
@@ -570,14 +571,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
 	for (i = max_strength_bits; i >= 0; i--)
 		if (number_uses[i] > 0)
 			ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
-					list, head_p, tail_p);
+					co_list, head_p, tail_p);
 
 	OPENSSL_free(number_uses);
 	return(1);
 	}
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
-		CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
 		CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
 	{
 	unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -702,7 +703,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			ok = 0;
 			if ((buflen == 8) &&
 				!strncmp(buf, "STRENGTH", 8))
-				ok = ssl_cipher_strength_sort(list,
+				ok = ssl_cipher_strength_sort(co_list,
 					head_p, tail_p);
 			else
 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -722,7 +723,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			{
 			ssl_cipher_apply_rule(algorithms, mask,
 				algo_strength, mask_strength, rule, -1,
-				list, head_p, tail_p);
+				co_list, head_p, tail_p);
 			}
 		else
 			{
@@ -744,7 +745,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	unsigned long disabled_mask;
 	STACK_OF(SSL_CIPHER) *cipherstack;
 	const char *rule_p;
-	CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
 	SSL_CIPHER **ca_list = NULL;
 
 	/*
@@ -774,15 +775,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #ifdef KSSL_DEBUG
 	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
 #endif    /* KSSL_DEBUG */
-	list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-	if (list == NULL)
+	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+	if (co_list == NULL)
 		{
 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 		return(NULL);	/* Failure */
 		}
 
 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-				   list, &head, &tail);
+				   co_list, &head, &tail);
 
 	/*
 	 * We also need cipher aliases for selecting based on the rule_str.
@@ -798,7 +799,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 		(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
 	if (ca_list == NULL)
 		{
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 		return(NULL);	/* Failure */
 		}
@@ -814,21 +815,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	if (strncmp(rule_str,"DEFAULT",7) == 0)
 		{
 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-			list, &head, &tail, ca_list);
+			co_list, &head, &tail, ca_list);
 		rule_p += 7;
 		if (*rule_p == ':')
 			rule_p++;
 		}
 
 	if (ok && (strlen(rule_p) > 0))
-		ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+		ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
 						ca_list);
 
 	OPENSSL_free(ca_list);	/* Not needed anymore */
 
 	if (!ok)
 		{	/* Rule processing failure */
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		return(NULL);
 		}
 	/*
@@ -837,7 +838,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 */
 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
 		{
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		return(NULL);
 		}
 
@@ -855,7 +856,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #endif
 			}
 		}
-	OPENSSL_free(list);	/* Not needed any longer */
+	OPENSSL_free(co_list);	/* Not needed any longer */
 
 	/*
 	 * The following passage is a little bit odd. If pointer variables

util/mk1mf.pl

@@ -278,6 +278,8 @@ $defs= <<"EOF";
 
 EOF
 
+$defs .= $preamble if defined $preamble;
+
 if ($platform eq "VC-CE")
 	{
 	$defs.= <<"EOF";

util/mkdef.pl

@@ -1116,27 +1116,55 @@ sub print_test_file
 	}
 }
 
+sub get_version {
+   local *MF;
+   my $v = '?';
+   open MF, 'Makefile.ssl' or return $v;
+   while (<MF>) {
+     $v = $1, last if /^VERSION=(.*?)\s*$/;
+   }
+   close MF;
+   return $v;
+}
+
 sub print_def_file
 {
 	(*OUT,my $name,*nums,my @symbols)=@_;
 	my $n = 1; my @e; my @r; my @v; my $prev="";
 	my $liboptions="";
+	my $libname = $name;
+	my $http_vendor = 'www.openssl.org/';
+	my $version = get_version();
+	my $what = "OpenSSL: implementation of Secure Socket Layer";
+	my $description = "$what $version, $name - http://$http_vendor";
 
 	if ($W32)
-		{ $name.="32"; }
+		{ $libname.="32"; }
 	elsif ($W16)
-		{ $name.="16"; }
+		{ $libname.="16"; }
 	elsif ($OS2)
-		{ $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
+		{ # DLL names should not clash on the whole system.
+		  # However, they should not have any particular relationship
+		  # to the name of the static library.  Chose descriptive names
+		  # (must be at most 8 chars).
+		  my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
+		  $libname = $translate{$name} || $name;
+		  $liboptions = <<EOO;
+INITINSTANCE
+DATA MULTIPLE NONSHARED
+EOO
+		  # Vendor field can't contain colon, drat; so we omit http://
+		  $description = "\@#$http_vendor:$version#\@$what; DLL for library $name.  Build for EMX -Zmtd";
+		}
 
 	print OUT <<"EOF";
 ;
 ; Definition file for the DLL version of the $name library from OpenSSL
 ;
 
-LIBRARY         $name	$liboptions
+LIBRARY         $libname	$liboptions
 
-DESCRIPTION     'OpenSSL $name - http://www.openssl.org/'
+DESCRIPTION     '$description'
 
 EOF
 

util/pl/OS2-EMX.pl

@@ -3,10 +3,12 @@
 # OS2-EMX.pl - for EMX GCC on OS/2
 #
 
-$o='\\';
-$cp='copy';
+$o='/';
+$cp='cp';
 $rm='rm -f';
 
+$preamble = "SHELL=sh\n";
+
 # C compiler stuff
 
 $cc='gcc';
@@ -48,24 +50,24 @@ $bf_enc_src="";
 
 if (!$no_asm)
 	{
-	$bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj";
-	$bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm";
-	$des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj";
-	$des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm";
-	$bf_enc_obj="crypto\\bf\\asm\\b-os2$obj";
-	$bf_enc_src="crypto\\bf\\asm\\b-os2.asm";
-	$cast_enc_obj="crypto\\cast\\asm\\c-os2$obj";
-	$cast_enc_src="crypto\\cast\\asm\\c-os2.asm";
-	$rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj";
-	$rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm";
-	$rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj";
-	$rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm";
-	$md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj";
-	$md5_asm_src="crypto\\md5\\asm\\m5-os2.asm";
-	$sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj";
-	$sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm";
-	$rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj";
-	$rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm";
+	$bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
+	$bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
+	$des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
+	$des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
+	$bf_enc_obj="crypto/bf/asm/b-os2$obj";
+	$bf_enc_src="crypto/bf/asm/b-os2.asm";
+	$cast_enc_obj="crypto/cast/asm/c-os2$obj";
+	$cast_enc_src="crypto/cast/asm/c-os2.asm";
+	$rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
+	$rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
+	$rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
+	$rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
+	$md5_asm_obj="crypto/md5/asm/m5-os2$obj";
+	$md5_asm_src="crypto/md5/asm/m5-os2.asm";
+	$sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
+	$sha1_asm_src="crypto/sha/asm/s1-os2.asm";
+	$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
+	$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
 	}
 
 if ($shlib)