Merge in the 0.9.6-stable branch once more and hope for better

results.

crypto/evp/Makefile.ssl

@@ -58,7 +58,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/evp/evp.h

@@ -463,12 +463,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 		ASN1_TYPE *param, EVP_CIPHER *cipher,
                 EVP_MD *md, int en_de);
 
+#ifndef NO_RSA
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
 					(char *)(rsa))
+#endif
+
+#ifndef NO_DSA
 #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
 					(char *)(dsa))
+#endif
+
+#ifndef NO_DH
 #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
 					(char *)(dh))
+#endif
 
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -612,17 +620,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 #endif
 
 EVP_MD *EVP_md_null(void);
+#ifndef NO_MD2
 EVP_MD *EVP_md2(void);
+#endif
+#ifndef NO_MD4
 EVP_MD *EVP_md4(void);
+#endif
+#ifndef NO_MD5
 EVP_MD *EVP_md5(void);
+#endif
+#ifndef NO_SHA
 EVP_MD *EVP_sha(void);
 EVP_MD *EVP_sha1(void);
 EVP_MD *EVP_dss(void);
 EVP_MD *EVP_dss1(void);
+#endif
+#ifndef NO_MDC2
 EVP_MD *EVP_mdc2(void);
+#endif
+#ifndef NO_RIPEMD
 EVP_MD *EVP_ripemd160(void);
-
+#endif
 EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
+#ifndef NO_DES
 EVP_CIPHER *EVP_des_ecb(void);
 EVP_CIPHER *EVP_des_ede(void);
 EVP_CIPHER *EVP_des_ede3(void);
@@ -636,31 +656,43 @@ EVP_CIPHER *EVP_des_cbc(void);
 EVP_CIPHER *EVP_des_ede_cbc(void);
 EVP_CIPHER *EVP_des_ede3_cbc(void);
 EVP_CIPHER *EVP_desx_cbc(void);
+#endif
+#ifndef NO_RC4
 EVP_CIPHER *EVP_rc4(void);
 EVP_CIPHER *EVP_rc4_40(void);
+#endif
+#ifndef NO_IDEA
 EVP_CIPHER *EVP_idea_ecb(void);
 EVP_CIPHER *EVP_idea_cfb(void);
 EVP_CIPHER *EVP_idea_ofb(void);
 EVP_CIPHER *EVP_idea_cbc(void);
+#endif
+#ifndef NO_RC2
 EVP_CIPHER *EVP_rc2_ecb(void);
 EVP_CIPHER *EVP_rc2_cbc(void);
 EVP_CIPHER *EVP_rc2_40_cbc(void);
 EVP_CIPHER *EVP_rc2_64_cbc(void);
 EVP_CIPHER *EVP_rc2_cfb(void);
 EVP_CIPHER *EVP_rc2_ofb(void);
+#endif
+#ifndef NO_BF
 EVP_CIPHER *EVP_bf_ecb(void);
 EVP_CIPHER *EVP_bf_cbc(void);
 EVP_CIPHER *EVP_bf_cfb(void);
 EVP_CIPHER *EVP_bf_ofb(void);
+#endif
+#ifndef NO_CAST
 EVP_CIPHER *EVP_cast5_ecb(void);
 EVP_CIPHER *EVP_cast5_cbc(void);
 EVP_CIPHER *EVP_cast5_cfb(void);
 EVP_CIPHER *EVP_cast5_ofb(void);
+#endif
+#ifndef NO_RC5
 EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
 EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
 EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
 EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-
+#endif
 void OpenSSL_add_all_algorithms(void);
 void OpenSSL_add_all_ciphers(void);
 void OpenSSL_add_all_digests(void);

crypto/hmac/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/idea/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/lhash/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/md2/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/md4/Makefile.ssl

@@ -40,7 +40,8 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/md5/Makefile.ssl

@@ -50,7 +50,8 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/mdc2/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/objects/Makefile.ssl

@@ -39,7 +39,8 @@ all:	obj_dat.h lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/pem/Makefile.ssl

@@ -40,7 +40,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/pem/pem_info.c

@@ -305,7 +305,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 		{
 		if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
 			{
-			/* copy from wierdo names into more normal things */
+			/* copy from weirdo names into more normal things */
 			iv=xi->enc_cipher.iv;
 			data=(unsigned char *)xi->enc_data;
 			i=xi->enc_len;

crypto/pkcs12/Makefile.ssl

@@ -45,7 +45,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/pkcs12/p12_attr.c

@@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
 {
 	unsigned char *uniname;
 	int ret, unilen;
-	if (!asc2uni(name, &uniname, &unilen)) {
+	if (!asc2uni(name, namelen, &uniname, &unilen)) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
 							ERR_R_MALLOC_FAILURE);
 		return 0;

crypto/pkcs12/p12_key.c

@@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 	if(!pass) {
 		unipass = NULL;
 		uniplen = 0;
-	} else if (!asc2uni(pass, &unipass, &uniplen)) {
+	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
 		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
 		return 0;
 	}

crypto/pkcs12/p12_utl.c

@@ -62,30 +62,34 @@
 
 /* Cheap and nasty Unicode stuff */
 
-unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
 {
 	int ulen, i;
 	unsigned char *unitmp;
-	ulen = strlen(asc)*2  + 2;
+	if (asclen == -1) asclen = strlen(asc);
-	if (!(unitmp = OPENSSL_malloc (ulen))) return NULL;
+	ulen = asclen*2  + 2;
-	for (i = 0; i < ulen; i+=2) {
+	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
+	for (i = 0; i < ulen - 2; i+=2) {
 		unitmp[i] = 0;
 		unitmp[i + 1] = asc[i>>1];
 	}
+	/* Make result double null terminated */
+	unitmp[ulen - 2] = 0;
+	unitmp[ulen - 1] = 0;
 	if (unilen) *unilen = ulen;
 	if (uni) *uni = unitmp;
 	return unitmp;
 }
 
-char *uni2asc (unsigned char *uni, int unilen)
+char *uni2asc(unsigned char *uni, int unilen)
 {
 	int asclen, i;
 	char *asctmp;
 	asclen = unilen / 2;
 	/* If no terminating zero allow for one */
-	if (uni[unilen - 1]) asclen++;
+	if (!unilen || uni[unilen - 1]) asclen++;
 	uni++;
-	if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
+	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
 	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
 	asctmp[asclen - 1] = 0;
 	return asctmp;

crypto/pkcs12/pkcs12.h

@@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 		   EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
 					 int saltlen, EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
 int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
 PKCS12_BAGS *PKCS12_BAGS_new(void);

crypto/pkcs7/Makefile.ssl

@@ -58,7 +58,8 @@ verify: verify.o example.o lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/pkcs7/pk7_doit.c

@@ -783,6 +783,11 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 
 	os=si->enc_digest;
 	pkey = X509_get_pubkey(x509);
+	if (!pkey)
+		{
+		ret = -1;
+		goto err;
+		}
 	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
 
 	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);

crypto/pkcs7/pk7_mime.c

@@ -165,9 +165,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 		}
 		bound[32] = 0;
 		BIO_printf(bio, "MIME-Version: 1.0\n");
-		BIO_printf(bio, "Content-Type: multipart/signed ; ");
+		BIO_printf(bio, "Content-Type: multipart/signed;");
-		BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
+		BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
-		BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
+		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
 		BIO_printf(bio, "This is an S/MIME signed message\n\n");
 		/* Now write out the first part */
 		BIO_printf(bio, "------%s\n", bound);

crypto/pkcs7/pk7_smime.c

@@ -153,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	PKCS7_SIGNER_INFO *si;
 	X509_STORE_CTX cert_ctx;
 	char buf[4096];
-	int i, j=0, k;
+	int i, j=0, k, ret = 0;
 	BIO *p7bio;
 	BIO *tmpout;
 
@@ -258,18 +258,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 		}
 	}
 
-	sk_X509_free(signers);
+	ret = 1;
-	if(indata) BIO_pop(p7bio);
-	BIO_free_all(p7bio);
-
-	return 1;
 
 	err:
 
+	if(indata) BIO_pop(p7bio);
+	BIO_free_all(p7bio);
 	sk_X509_free(signers);
-	BIO_free(p7bio);
 
-	return 0;
+	return ret;
 }
 
 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)

crypto/rand/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/rand/rand_win.c

@@ -570,14 +570,15 @@ static void readtimer(void)
 	DWORD w;
 	LARGE_INTEGER l;
 	static int have_perfc = 1;
-#ifndef __GNUC__
+#ifdef _MSC_VER
 	static int have_tsc = 1;
 	DWORD cyclecount;
 
 	if (have_tsc) {
 	  __try {
 	    __asm {
-	      rdtsc
+	      _emit 0x0f
+	      _emit 0x31
 	      mov cyclecount, eax
 	      }
 	    RAND_add(&cyclecount, sizeof(cyclecount), 1);

crypto/rand/randfile.c

@@ -73,7 +73,7 @@
 # include <sys/stat.h>
 #endif
 
-#include <openssl/e_os.h>
+#include "openssl/e_os.h"
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 
@@ -83,6 +83,9 @@
 
 /* #define RFILE ".rnd" - defined in ../../e_os.h */
 
+/* Note that these functions are intended for seed files only.
+ * Entropy devices and EGD sockets are handled in rand_unix.c */
+
 int RAND_load_file(const char *file, long bytes)
 	{
 	/* If bytes >= 0, read up to 'bytes' bytes.
@@ -117,7 +120,7 @@ int RAND_load_file(const char *file, long bytes)
 		if (bytes > 0)
 			{
 			bytes-=n;
-			if (bytes == 0) break;
+			if (bytes <= 0) break;
 			}
 		}
 	fclose(in);
@@ -193,10 +196,11 @@ err:
 
 const char *RAND_file_name(char *buf, int size)
 	{
-	char *s;
+	char *s=NULL;
 	char *ret=NULL;
 
-	s=getenv("RANDFILE");
+	if (OPENSSL_issetugid() == 0)
+		s=getenv("RANDFILE");
 	if (s != NULL)
 		{
 		strncpy(buf,s,size-1);
@@ -205,16 +209,19 @@ const char *RAND_file_name(char *buf, int size)
 		}
 	else
 		{
-		s=getenv("HOME");
+		if (OPENSSL_issetugid() == 0)
-		if (s == NULL) return(RFILE);
+			s=getenv("HOME");
-		if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
+		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
-			return(RFILE);
+			{
-		strcpy(buf,s);
+			strcpy(buf,s);
 #ifndef VMS
-		strcat(buf,"/");
+			strcat(buf,"/");
 #endif
-		strcat(buf,RFILE);
+			strcat(buf,RFILE);
-		ret=buf;
+			ret=buf;
+			}
+		  else
+		  	buf[0] = '\0'; /* no file name */
 		}
 	return(ret);
 	}

crypto/rc2/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/rc4/Makefile.ssl

@@ -47,7 +47,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/rc5/Makefile.ssl

@@ -44,7 +44,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/ripemd/Makefile.ssl

@@ -42,7 +42,8 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/rsa/Makefile.ssl

@@ -41,7 +41,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/rsa/rsa_eay.c

@@ -141,9 +141,26 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
 	
 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
 		{
-		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+		BN_MONT_CTX* bn_mont_ctx;
-			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-			    goto err;
+			goto err;
+		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+			{
+			BN_MONT_CTX_free(bn_mont_ctx);
+			goto err;
+			}
+		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+			if (rsa->_method_mod_n == NULL)
+				{
+				rsa->_method_mod_n = bn_mont_ctx;
+				bn_mont_ctx = NULL;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+			}
+		if (bn_mont_ctx)
+			BN_MONT_CTX_free(bn_mont_ctx);
 		}
 
 	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -378,9 +395,26 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
 	/* do the decrypt */
 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
 		{
-		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+		BN_MONT_CTX* bn_mont_ctx;
-			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-			    goto err;
+			goto err;
+		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+			{
+			BN_MONT_CTX_free(bn_mont_ctx);
+			goto err;
+			}
+		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+			if (rsa->_method_mod_n == NULL)
+				{
+				rsa->_method_mod_n = bn_mont_ctx;
+				bn_mont_ctx = NULL;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+			}
+		if (bn_mont_ctx)
+			BN_MONT_CTX_free(bn_mont_ctx);
 		}
 
 	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
@@ -432,17 +466,50 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 		{
 		if (rsa->_method_mod_p == NULL)
 			{
-			if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
+			BN_MONT_CTX* bn_mont_ctx;
-				if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-						     ctx))
+				goto err;
-					goto err;
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				goto err;
+				}
+			if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
+				{
+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+				if (rsa->_method_mod_p == NULL)
+					{
+					rsa->_method_mod_p = bn_mont_ctx;
+					bn_mont_ctx = NULL;
+					}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				}
+			if (bn_mont_ctx)
+				BN_MONT_CTX_free(bn_mont_ctx);
 			}
+
 		if (rsa->_method_mod_q == NULL)
 			{
-			if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
+			BN_MONT_CTX* bn_mont_ctx;
-				if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-						     ctx))
+				goto err;
-					goto err;
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				goto err;
+				}
+			if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
+				{
+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+				if (rsa->_method_mod_q == NULL)
+					{
+					rsa->_method_mod_q = bn_mont_ctx;
+					bn_mont_ctx = NULL;
+					}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				}
+			if (bn_mont_ctx)
+				BN_MONT_CTX_free(bn_mont_ctx);
 			}
 		}
 		

crypto/rsa/rsa_lib.c

@@ -191,13 +191,13 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->blinding=NULL;
 	ret->bignum_data=NULL;
 	ret->flags=meth->flags;
+	CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
 	if ((meth->init != NULL) && !meth->init(ret))
 		{
+		CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-	else
-		CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
 	return(ret);
 	}
 
@@ -221,13 +221,13 @@ void RSA_free(RSA *r)
 		}
 #endif
 
-	CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
-
 	meth = ENGINE_get_RSA(r->engine);
 	if (meth->finish != NULL)
 		meth->finish(r);
 	ENGINE_finish(r->engine);
 
+	CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
+
 	if (r->n != NULL) BN_clear_free(r->n);
 	if (r->e != NULL) BN_clear_free(r->e);
 	if (r->d != NULL) BN_clear_free(r->d);
@@ -325,7 +325,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 
 	BN_CTX_start(ctx);
 	A = BN_CTX_get(ctx);
-	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
+	if (!BN_rand_range(A,rsa->n)) goto err;
 	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
 	if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,

crypto/sha/Makefile.ssl

@@ -42,7 +42,8 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 # elf

crypto/sha/asm/sha1-586.pl

@@ -317,7 +317,7 @@ sub BODY_60_79
 
 sub sha1_block_host
 	{
-	local($name)=@_;
+	local($name, $sclabel)=@_;
 
 	&function_begin_B($name,"");
 
@@ -352,7 +352,7 @@ sub sha1_block_host
 		&mov(&swtmp($i+0),$A);
 		 &mov(&swtmp($i+1),$B);
 		}
-	&jmp(&label("shortcut"));
+	&jmp($sclabel);
 	&function_end_B($name);
 	}
 
@@ -529,10 +529,12 @@ sub sha1_block_data
 	&pop("esi");
 	 &ret();
 
-	# it has to reside within sha1_block_asm_host_order body
+	# keep a note of shortcut label so it can be used outside
-	# because it calls &jmp(&label("shortcut"));
+	# block.
-	&sha1_block_host("sha1_block_asm_host_order");
+	my $sclabel = &label("shortcut");
 
 	&function_end_B($name);
+	# Putting this here avoids problems with MASM in debugging mode
+	&sha1_block_host("sha1_block_asm_host_order", $sclabel);
 	}
 

crypto/stack/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/txt_db/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/x509/Makefile.ssl

@@ -49,7 +49,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/x509/by_dir.c

@@ -327,7 +327,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 		 * it out again */
 		CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
 		j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
-		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i);
+		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
 		else tmp = NULL;
 		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
 

crypto/x509/x509_cmp.c

@@ -199,19 +199,13 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 	{
 	unsigned long ret=0;
 	unsigned char md[16];
-	unsigned char str[256],*p,*pp;
-	int i;
 
-	i=i2d_X509_NAME(x,NULL);
+	/* Ensure cached version is up to date */
-	if (i > sizeof(str))
+	i2d_X509_NAME(x,NULL);
-		p=OPENSSL_malloc(i);
+	/* Use cached encoding directly rather than copying: this should
-	else
+	 * keep libsafe happy.
-		p=str;
+	 */
-
+	MD5((unsigned char *)x->bytes->data,x->bytes->length,&(md[0]));
-	pp=p;
-	i2d_X509_NAME(x,&pp);
-	MD5((unsigned char *)p,i,&(md[0]));
-	if (p != str) OPENSSL_free(p);
 
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)

crypto/x509v3/Makefile.ssl

@@ -43,7 +43,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/x509v3/v3_alt.c

@@ -270,7 +270,7 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 	/* Now add any email address(es) to STACK */
 	i = -1;
 	while((i = X509_NAME_get_index_by_NID(nm,
-					 NID_pkcs9_emailAddress, i)) > 0) {
+					 NID_pkcs9_emailAddress, i)) >= 0) {
 		ne = X509_NAME_get_entry(nm, i);
 		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
 		if(!email || !(gen = GENERAL_NAME_new())) {

crypto/x509v3/v3_prn.c

@@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
 		else BIO_printf(out, "%s:%s", nval->name, nval->value);
 #else
 		else {
-			char tmp[10240]; /* 10k is BIO_printf's limit anyway */
+			int len;
-			ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1);
+			char *tmp;
-			BIO_printf(out, "%s:%s", nval->name, tmp);
+			len = strlen(nval->value)+1;
+			tmp = OPENSSL_malloc(len);
+			if (tmp)
+			{
+				ascii2ebcdic(tmp, nval->value, len);
+				BIO_printf(out, "%s:%s", nval->name, tmp);
+				OPENSSL_free(tmp);
+			}
 		}
 #endif
 		if(ml) BIO_puts(out, "\n");
@@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
 		BIO_printf(out, "%*s%s", indent, "", value);
 #else
 		{
-			char tmp[10240]; /* 10k is BIO_printf's limit anyway */
+			int len;
-			ascii2ebcdic(tmp, value, strlen(value)+1);
+			char *tmp;
-			BIO_printf(out, "%*s%s", indent, "", tmp);
+			len = strlen(value)+1;
+			tmp = OPENSSL_malloc(len);
+			if (tmp)
+			{
+				ascii2ebcdic(tmp, value, len);
+				BIO_printf(out, "%*s%s", indent, "", tmp);
+				OPENSSL_free(tmp);
+			}
 		}
 #endif
 	} else if(method->i2v) {

crypto/x509v3/v3_purp.c

@@ -362,6 +362,8 @@ static int ca_check(const X509 *x)
 		else return 0;
 	} else {
 		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
+		/* If key usage present it must have certSign so tolerate it */
+		else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
 		else return 2;
 	}
 }
@@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
 	int ret;
 	ret = purpose_smime(x, ca);
 	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0;
+	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
 	return ret;
 }
 

doc/apps/s_client.pod

@@ -32,6 +32,7 @@ B<openssl> B<s_client>
 [B<-no_tls1>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
+[B<-rand file(s)>]
 [B<-engine id>]
 
 =head1 DESCRIPTION
@@ -157,6 +158,14 @@ the server determines which cipher suite is used it should take the first
 supported cipher in the list sent by the client. See the B<ciphers>
 command for more information.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
 =item B<-engine id>
 
 specifying an engine (by it's unique B<id> string) will cause B<s_client>

doc/apps/s_server.pod

@@ -39,6 +39,7 @@ B<openssl> B<s_client>
 [B<-hack>]
 [B<-www>]
 [B<-WWW>]
+[B<-rand file(s)>]
 [B<-engine id>]
 
 =head1 DESCRIPTION
@@ -95,7 +96,7 @@ using a set of DH parameters. If not specified then an attempt is made to
 load the parameters from the server certificate file. If this fails then
 a static set of parameters hard coded into the s_server program will be used.
 
-=item B<-nodhe>
+=item B<-no_dhe>
 
 if this option is set then no DH parameters will be loaded effectively
 disabling the ephemeral DH cipher suites.
@@ -187,6 +188,14 @@ emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
 =item B<-engine id>
 
 specifying an engine (by it's unique B<id> string) will cause B<s_server>

doc/crypto/BN_rand.pod

@@ -12,24 +12,31 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number
 
  int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
 
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+
 =head1 DESCRIPTION
 
 BN_rand() generates a cryptographically strong pseudo-random number of
-B<bits> bits in length and stores it in B<rnd>. If B<top> is true, the
+B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the
-two most significant bits of the number will be set to 1, so that the
+most significant bit of the random number can be zero. If B<top> is 0,
-product of two such random numbers will always have 2*B<bits> length.
+it is set to 1, and if B<top> is 1, the two most significant bits of
-If B<bottom> is true, the number will be odd.
+the number will be set to 1, so that the product of two such random
+numbers will always have 2*B<bits> length.  If B<bottom> is true, the
+number will be odd.
 
 BN_pseudo_rand() does the same, but pseudo-random numbers generated by
 this function are not necessarily unpredictable. They can be used for
 non-cryptographic purposes and for certain purposes in cryptographic
 protocols, but usually not for key generation etc.
 
-The PRNG must be seeded prior to calling BN_rand().
+BN_rand_range() generates a cryptographically strong pseudo-random
+number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
+
+The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
 
 =head1 RETURN VALUES
 
-BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
+The functions return 1 on success, 0 on error.
 The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 
 =head1 SEE ALSO
@@ -40,6 +47,7 @@ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
 =head1 HISTORY
 
 BN_rand() is available in all versions of SSLeay and OpenSSL.
-BN_pseudo_rand() was added in OpenSSL 0.9.5.
+BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
+and the function BN_rand_range() were added in OpenSSL 0.9.6a.
 
 =cut

doc/crypto/RAND_egd.pod

@@ -9,10 +9,30 @@ RAND_egd - query entropy gathering daemon
  #include <openssl/rand.h>
 
  int RAND_egd(const char *path);
+ int RAND_egd_bytes(const char *path, int bytes);
 
 =head1 DESCRIPTION
 
 RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
+It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
+OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
+RAND_egd_bytes(path, 255);
+
+RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
+It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
+OpenSSL built-in PRNG.
+This function is more flexible than RAND_egd().
+When only one secret key must
+be generated, it is not necessary to request the full amount 255 bytes from
+the EGD socket. This can be advantageous, since the amount of entropy
+that can be retrieved from EGD over time is limited.
+
+=head1 NOTES
+
+On systems without /dev/*random devices providing entropy from the kernel,
+the EGD entropy gathering daemon can be used to collect entropy. It provides
+a socket interface through which entropy can be gathered in chunks up to
+255 bytes. Several chunks can be queried during one connection.
 
 EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
 Makefile.PL; make; make install> to install). It is run as B<egd>
@@ -21,22 +41,27 @@ RAND_egd() is called with that path as an argument, it tries to read
 random bytes that EGD has collected. The read is performed in
 non-blocking mode.
 
-Alternatively, the EGD-compatible daemon PRNGD can be used. It is
+Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
 available from
 http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
+PRNGD does employ an internal PRNG itself and can therefore never run
+out of entropy.
 
 =head1 RETURN VALUE
 
-RAND_egd() returns the number of bytes read from the daemon on
+RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
-success, and -1 if the connection failed or the daemon did not return
+daemon on success, and -1 if the connection failed or the daemon did not
-enough data to fully seed the PRNG.
+return enough data to fully seed the PRNG.
 
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<RAND_cleanup(3)|RAND_cleanup(3)>
 
 =head1 HISTORY
 
 RAND_egd() is available since OpenSSL 0.9.5.
 
+RAND_egd_bytes() is available since OpenSSL 0.9.6.
+
 =cut

doc/crypto/bn.pod

@@ -60,6 +60,7 @@ bn - multiprecision integer arithmetics
 
  int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
  int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 
  BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
          BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);

doc/crypto/des.pod

@@ -345,7 +345,7 @@ the MIT Kerberos library.
 
 =head1 SEE ALSO
 
-crypt(3), L<des_modes(3)|des_modes(3)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
+crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
 
 =head1 HISTORY
 

doc/crypto/evp.pod

@@ -10,7 +10,7 @@ evp - high-level cryptographic functions
 
 =head1 DESCRIPTION
 
-The EVP library provided a high-level interface to cryptographic
+The EVP library provides a high-level interface to cryptographic
 functions.
 
 B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption

doc/ssl/SSL_CIPHER_get_name.pod

@@ -2,8 +2,7 @@
 
 =head1 NAME
 
-SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
+SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
-SSL_CIPHER_description - get SSL_CIPHER properties
 
 =head1 SYNOPSIS
 
@@ -29,9 +28,10 @@ SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
 
 SSL_CIPHER_description() returns a textual description of the cipher used
 into the buffer B<buf> of length B<len> provided. B<len> must be at least
-128 bytes, otherwise the string "Buffer too small" is returned. If B<buf>
+128 bytes, otherwise a pointer to the the string "Buffer too small" is
-is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the
+returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
-allocation fails, the string "OPENSSL_malloc Error" is returned.
+OPENSSL_malloc(). If the allocation fails, a pointer to the string
+"OPENSSL_malloc Error" is returned.
 
 =head1 NOTES
 
@@ -40,11 +40,66 @@ export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm
 does use the full 128 bits (which would be returned for B<alg_bits>), of
 which however 88bits are fixed. The search space is hence only 40 bits.
 
+The string returned by SSL_CIPHER_description() in case of success consists
+of cleartext information separated by one or more blanks in the following
+sequence:
+
+=over 4
+
+=item <ciphername>
+
+Textual representation of the cipher name.
+
+=item <protocol version>
+
+Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
+
+=item Kx=<key exchange>
+
+Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or
+B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>),
+B<DH/RSA>, B<DH/DSS>, B<Fortezza>.
+
+=item Au=<authentication>
+
+Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the
+representation of anonymous ciphers.
+
+=item Enc=<symmetric encryption method>
+
+Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>,
+B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>,
+B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>.
+
+=item Mac=<message authentication code>
+
+Message digest: B<MD5>, B<SHA1>.
+
+=item <export flag>
+
+If the cipher is flagged exportable with respect to old US crypto
+regulations, the word "B<export>" is printed.
+
+=back
+
+=head1 EXAMPLES
+
+Some examples for the output of SSL_CIPHER_description():
+
+ EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
+ EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
+ RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
+ EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+
 =head1 BUGS
 
 If SSL_CIPHER_description() is called with B<cipher> being NULL, the
 library crashes.
 
+If SSL_CIPHER_description() cannot handle a built-in cipher, the according
+description of the cipher property is B<unknown>. This case should not
+occur.
+
 =head1 RETURN VALUES
 
 See DESCRIPTION
@@ -52,6 +107,6 @@ See DESCRIPTION
 =head1 SEE ALSO
 
 L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>,
-L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>
 
 =cut

doc/ssl/SSL_CTX_free.pod

@@ -17,7 +17,7 @@ SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
 the reference count has reached 0.
 
 It also calls the free()ing procedures for indirectly affected items, if
-applicable: the session cacahe, the list of ciphers, the list of Client CAs,
+applicable: the session cache, the list of ciphers, the list of Client CAs,
 the certificates and keys.
 
 =head1 RETURN VALUES

doc/ssl/SSL_CTX_new.pod

@@ -33,9 +33,9 @@ understand SSLv2 client hello messages.
 =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
 
 A TLS/SSL connection established with these methods will only understand the
-SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages
+SSLv3 protocol. A client will send out SSLv3 client hello messages
-and will indicate that it also understands TLSv1. A server will only understand
+and will indicate that it only understands SSLv3. A server will only understand
-SSLv3 and TLSv1 client hello messages. This especially means, that it will
+SSLv3 client hello messages. This especially means, that it will
 not understand SSLv2 client hello messages which are widely used for
 compatibility reasons, see SSLv23_*_method().
 
@@ -46,7 +46,8 @@ TLSv1 protocol. A client will send out TLSv1 client hello messages
 and will indicate that it only understands TLSv1. A server will only understand
 TLSv1 client hello messages. This especially means, that it will
 not understand SSLv2 client hello messages which are widely used for
-compatibility reasons, see SSLv23_*_method().
+compatibility reasons, see SSLv23_*_method(). It will also not understand
+SSLv3 client hello messages.
 
 =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
 
@@ -58,6 +59,10 @@ choice when compatibility is a concern.
 
 =back
 
+If a generic method is used, it is necessary to explicitly set client or
+server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+or SSL_set_accept_state().
+
 The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
 SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
 B<SSL_set_options()> functions. Using these options it is possible to choose
@@ -88,6 +93,6 @@ The return value points to an allocated SSL_CTX object.
 =head1 SEE ALSO
 
 L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<ssl(3)|ssl(3)>
+L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
 
 =cut

doc/ssl/SSL_CTX_set_cipher_list.pod

@@ -2,8 +2,7 @@
 
 =head1 NAME
 
-SSL_CTX_set_cipher_list, SSL_set_cipher_list 
+SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs
-- choose list of available SSL_CIPHERs
 
 =head1 SYNOPSIS
 
@@ -47,6 +46,7 @@ could be selected and 0 on complete failure.
 =head1 SEE ALSO
 
 L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
 L<ciphers(1)|ciphers(1)>
 
 =cut

doc/ssl/SSL_CTX_set_ssl_version.pod

@@ -17,8 +17,8 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
 
 SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
 newly created from this B<ctx>. SSL objects already created with
-L<SSL_new(3)|SSL_new(3)> are not affected, except when SSL_clear() is
+L<SSL_new(3)|SSL_new(3)> are not affected, except when
-being called.
+L<SSL_clear(3)|SSL_clear(3)> is being called.
 
 SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
 object. It may be reset, when SSL_clear() is called.
@@ -31,9 +31,9 @@ set in B<ssl>.
 The available B<method> choices are described in
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
 
-When SSL_clear() is called and no session is connected to an SSL object,
+When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to
-the method of the SSL object is reset to the method currently set in
+an SSL object, the method of the SSL object is reset to the method currently
-the corresponding SSL_CTX object.
+set in the corresponding SSL_CTX object.
 
 =head1 RETURN VALUES
 
@@ -55,6 +55,7 @@ The operation succeeded.
 =head1 SEE ALSO
 
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
-L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>
+L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
 
 =cut

doc/ssl/SSL_accept.pod

@@ -37,6 +37,11 @@ nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
 
+When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
+is necessary to call SSL_set_accept_state()
+before calling SSL_accept() to explicitly switch the B<ssl> to server
+mode.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
@@ -54,7 +59,7 @@ The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item -1
+=item E<lt>0
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
@@ -67,6 +72,8 @@ to find out the reason.
 =head1 SEE ALSO
 
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut

doc/ssl/SSL_clear.pod

@@ -13,8 +13,17 @@ SSL_clear - reset SSL object to allow another connection
 =head1 DESCRIPTION
 
 Reset B<ssl> to allow another connection. All settings (method, ciphers,
-BIOs) are kept. A completely negotiated B<SSL_SESSION> is not freed but left
+BIOs) are kept.
-untouched for the underlying B<SSL_CTX>.
+
+=head1 NOTES
+
+SSL_clear is used to prepare an SSL object for a new connection. While all
+settings are kept, a side effect is the handling of the current SSL session.
+If a session is still B<open>, it is considered bad and will be removed
+from the session cache, as required by RFC2246. A session is considered open,
+if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
+or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
+set the SSL_SENT_SHUTDOWN state.
 
 =head1 RETURN VALUES
 
@@ -34,6 +43,7 @@ The SSL_clear() operation was successful.
 =back
 
 L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
-L<ssl(3)|ssl(3)>
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>
 
 =cut

doc/ssl/SSL_connect.pod

@@ -34,6 +34,11 @@ nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
 
+When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
+is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+before calling SSL_connect() to explicitly switch the B<ssl> to client
+mode.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
@@ -51,7 +56,7 @@ The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item -1
+=item E<lt>0
 
 The TLS/SSL handshake was not successful, because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
@@ -64,6 +69,8 @@ to find out the reason.
 =head1 SEE ALSO
 
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut

doc/ssl/SSL_free.pod

@@ -16,18 +16,29 @@ SSL_free() decrements the reference count of B<ssl>, and removes the SSL
 structure pointed to by B<ssl> and frees up the allocated memory if the
 the reference count has reached 0.
 
-It also calls the free()ing procedures for indirectly affected items, if
+=head1 NOTES
+
+SSL_free() also calls the free()ing procedures for indirectly affected items, if
 applicable: the buffering BIO, the read and write BIOs,
 cipher lists specially created for this B<ssl>, the B<SSL_SESSION>.
 Do not explicitly free these indirectly freed up items before or after
 calling SSL_free(), as trying to free things twice may lead to program
 failure.
 
+The ssl session has reference counts from two users: the SSL object, for
+which the reference count is removed by SSL_free() and the internal
+session cache. If the session is considered bad, because
+L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
+and L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was not used to set the
+SSL_SENT_SHUTDOWN state, the session will also be removed
+from the session cache as required by RFC2246.
+
 =head1 RETURN VALUES
 
 SSL_free() does not provide diagnostic information.
 
 L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
 L<ssl(3)|ssl(3)>
 
 =cut

doc/ssl/SSL_get_error.pod

@@ -14,8 +14,8 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation
 
 SSL_get_error() returns a result code (suitable for the C "switch"
 statement) for a preceding call to SSL_connect(), SSL_accept(),
-SSL_read(), or SSL_write() on B<ssl>.  The value returned by that
+SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
-TLS/SSL I/O function must be passed to SSL_get_error() in parameter
+that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
 B<ret>.
 
 In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
@@ -48,16 +48,26 @@ has been closed.
 =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
 
 The operation did not complete; the same TLS/SSL I/O function should be
-called again later.  There will be protocol progress if, by then, the
+called again later.  If, by then, the underlying B<BIO> has data
-underlying B<BIO> has data available for reading (if the result code is
+available for reading (if the result code is B<SSL_ERROR_WANT_READ>)
-B<SSL_ERROR_WANT_READ>) or allows writing data (B<SSL_ERROR_WANT_WRITE>). 
+or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL
-For socket B<BIO>s (e.g. when SSL_set_fd() was used) this means that
+protocol progress will take place, i.e. at least part of an TLS/SSL
-select() or poll() on the underlying socket can be used to find out
+record will be read or written.  Note that the retry may again lead to
-when the TLS/SSL I/O function should be retried.
+a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition.
+There is no fixed upper limit for the number of iterations that
+may be necessary until progress becomes visible at application
+protocol level.
+
+For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or
+poll() on the underlying socket can be used to find out when the
+TLS/SSL I/O function should be retried.
 
 Caveat: Any TLS/SSL I/O function can lead to either of
-B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>, i.e. SSL_read()
+B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>.  In particular,
-may want to write data and SSL_write() may want to read data.
+SSL_read() or SSL_peek() may want to write data and SSL_write() may want
+to read data.  This is mainly because TLS/SSL handshakes may occur at any
+time during the protocol (initiated by either the client or the server);
+SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
 
 =item SSL_ERROR_WANT_X509_LOOKUP
 

doc/ssl/SSL_get_peer_cert_chain.pod

@@ -15,7 +15,7 @@ SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
 SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
 forming the certificate chain of the peer. If called on the client side,
 the stack also contains the peer's certificate; if called on the server
-side, the peer's certificate must be obtained seperately using
+side, the peer's certificate must be obtained separately using
 L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
 If the peer did not present a certificate, NULL is returned.
 

doc/ssl/SSL_get_peer_certificate.pod

@@ -23,7 +23,7 @@ to check the verification state.
 
 The reference count of the X509 object is incremented by one, so that it
 will not be destroyed when the session containing the peer certificate is
-freed. The X509 object must be explicitely freed using X509_free().
+freed. The X509 object must be explicitly freed using X509_free().
 
 =head1 RETURN VALUES
 

doc/ssl/SSL_get_session.pod

@@ -16,14 +16,30 @@ SSL_get_session - retrieve TLS/SSL session data
 
 SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
 B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
-that the pointer can become invalid when the B<ssl> is freed and
+that the pointer can become invalid by other operations.
-SSL_SESSION_free() is implicitly called.
 
 SSL_get0_session() is the same as SSL_get_session().
 
 SSL_get1_session() is the same as SSL_get_session(), but the reference
 count of the B<SSL_SESSION> is incremented by one.
 
+=head1 NOTES
+
+The ssl session contains all information required to re-establish the
+connection without a new handshake.
+
+SSL_get0_session() returns a pointer to the actual session. As the
+reference counter is not incremented, the pointer is only valid while
+the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or
+L<SSL_free(3)|SSL_free(3)> is called, the session may be removed completely
+(if considered bad), and the pointer obtained will become invalid. Even
+if the session is valid, it can be removed at any time due to timeout
+during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
+
+If the data is to be kept, SSL_get1_session() will increment the reference
+count and the session will stay in memory until explicitly freed with
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
@@ -43,6 +59,7 @@ The return value points to the data of an SSL session.
 =head1 SEE ALSO
 
 L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_clear(3)|SSL_clear(3)>,
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
 
 =cut

doc/ssl/SSL_get_verify_result.pod

@@ -19,7 +19,7 @@ X509 certificate presented by the peer, if any.
 
 SSL_get_verify_result() can only return one error code while the verification
 of a certificate can fail because of many reasons at the same time. Only
-the last verification error that occured during the processing is available
+the last verification error that occurred during the processing is available
 from SSL_get_verify_result().
 
 The verification result is part of the established session and is restored
@@ -28,7 +28,7 @@ when a session is reused.
 =head1 BUGS
 
 If no peer certificate was presented, the returned result code is
-X509_V_OK. This is because no verification error occured, it does however
+X509_V_OK. This is because no verification error occurred, it does however
 not indicate success. SSL_get_verify_result() is only useful in connection
 with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
 

doc/ssl/SSL_new.pod

@@ -37,6 +37,7 @@ The return value points to an allocated SSL structure.
 =head1 SEE ALSO
 
 L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
 L<ssl(3)|ssl(3)>
 
 =cut

doc/ssl/SSL_pending.pod

@@ -25,6 +25,19 @@ L<SSL_read(3)|SSL_read(3)>.
 
 The number of bytes pending is returned.
 
+=head1 BUGS
+
+SSL_pending() takes into account only bytes from the TLS/SSL record
+that is currently being processed (if any).  If the B<SSL> object's
+I<read_ahead> flag is set, additional protocol bytes may have been
+read containing more TLS/SSL records; these are ignored by
+SSL_pending().
+
+Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
+of pending data is application data.
+
+=head1 SEE ALSO
+
 L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
 
 =cut

doc/ssl/SSL_read.pod

@@ -8,7 +8,7 @@ SSL_read - read bytes from a TLS/SSL connection.
 
  #include <openssl/ssl.h>
 
- int SSL_read(SSL *ssl, char *buf, int num);
+ int SSL_read(SSL *ssl, void *buf, int num);
 
 =head1 DESCRIPTION
 
@@ -18,17 +18,29 @@ buffer B<buf>.
 =head1 NOTES
 
 If necessary, SSL_read() will negotiate a TLS/SSL session, if
-not already explicitly performed by SSL_connect() or SSL_accept(). If the
+not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)>. If the
 peer requests a re-negotiation, it will be performed transparently during
 the SSL_read() operation. The behaviour of SSL_read() depends on the
 underlying BIO. 
 
+For the transparent negotiation to succeed, the B<ssl> must have been
+initialized to client or server mode. This is not the case if a generic
+method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+must be used before the first call to an SSL_read() or
+L<SSL_write(3)|SSL_write(3)> function.
+
 If the underlying BIO is B<blocking>, SSL_read() will only return, once the
-read operation has been finished or an error occurred.
+read operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 
+This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
 
 If the underlying BIO is B<non-blocking>, SSL_read() will also return
 when the underlying BIO could not satisfy the needs of SSL_read()
-to continue the operation. In this case a call to SSL_get_error() with the
+to continue the operation. In this case a call to
+L<SSL_get_error(3)|SSL_get_error(3)> with the
 return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
 call to SSL_read() can also cause write operations! The calling process
@@ -61,7 +73,7 @@ The read operation was not successful, probably because no data was
 available. Call SSL_get_error() with the return value B<ret> to find out,
 whether an error occurred.
 
-=item -1
+=item E<lt>0
 
 The read operation was not successful, because either an error occurred
 or action must be taken by the calling process. Call SSL_get_error() with the
@@ -72,6 +84,9 @@ return value B<ret> to find out the reason.
 =head1 SEE ALSO
 
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
 L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
 
 =cut

doc/ssl/SSL_set_session.pod

@@ -40,6 +40,7 @@ The operation succeeded.
 
 =head1 SEE ALSO
 
-L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
 
 =cut

doc/ssl/SSL_shutdown.pod

@@ -12,9 +12,17 @@ SSL_shutdown - shut down a TLS/SSL connection
 
 =head1 DESCRIPTION
 
-SSL_shutdown() shuts down an active TLS/SSL connection. It sends the shutdown
+SSL_shutdown() shuts down an active TLS/SSL connection. It sends the 
-alert to the peer. The behaviour of SSL_shutdown() depends on the underlying
+"close notify" shutdown alert to the peer.
-BIO. 
+
+=head1 NOTES
+
+SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
+Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
+a currently open session is considered closed and good and will be kept in the
+session cache for further reuse.
+
+The behaviour of SSL_shutdown() depends on the underlying BIO. 
 
 If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
 handshake has been finished or an error occurred.
@@ -57,6 +65,8 @@ Call SSL_get_error() with the return value B<ret> to find out the reason.
 =head1 SEE ALSO
 
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_clear(3)|SSL_clear(3), L<SSL_free(3)|SSL_free(3)>,
+L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
 
 =cut

doc/ssl/SSL_write.pod

@@ -2,13 +2,13 @@
 
 =head1 NAME
 
-SSL_read - write bytes to a TLS/SSL connection.
+SSL_write - write bytes to a TLS/SSL connection.
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
- int SSL_write(SSL *ssl, char *buf, int num);
+ int SSL_write(SSL *ssl, const void *buf, int num);
 
 =head1 DESCRIPTION
 
@@ -18,20 +18,32 @@ B<ssl> connection.
 =head1 NOTES
 
 If necessary, SSL_write() will negotiate a TLS/SSL session, if
-not already explicitly performed by SSL_connect() or SSL_accept(). If the
+not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)>. If the
 peer requests a re-negotiation, it will be performed transparently during
 the SSL_write() operation. The behaviour of SSL_write() depends on the
 underlying BIO. 
 
+For the transparent negotiation to succeed, the B<ssl> must have been
+initialized to client or server mode. This is not the case if a generic
+method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
+or SSL_write() function.
+
 If the underlying BIO is B<blocking>, SSL_write() will only return, once the
-write operation has been finished or an error occurred.
+write operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 
+This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
 
 If the underlying BIO is B<non-blocking>, SSL_write() will also return,
 when the underlying BIO could not satisfy the needs of SSL_write()
-to continue the operation. In this case a call to SSL_get_error() with the
+to continue the operation. In this case a call to
+L<SSL_get_error(3)|SSL_get_error(3)> with the
 return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
-call to SSL_write() can also cause write operations! The calling process
+call to SSL_write() can also cause read operations! The calling process
 then must repeat the call after taking appropriate action to satisfy the
 needs of SSL_write(). The action depends on the underlying BIO. When using a
 non-blocking socket, nothing is to be done, but select() can be used to check
@@ -60,9 +72,9 @@ bytes actually written to the TLS/SSL connection.
 The write operation was not successful. Call SSL_get_error() with the return
 value B<ret> to find out, whether an error occurred.
 
-=item -1
+=item E<lt>0
 
-The read operation was not successful, because either an error occurred
+The write operation was not successful, because either an error occurred
 or action must be taken by the calling process. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
@@ -71,6 +83,9 @@ return value B<ret> to find out the reason.
 =head1 SEE ALSO
 
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
 L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
 
 =cut

doc/ssl/ssl.pod

@@ -13,6 +13,69 @@ The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
 Transport Layer Security (TLS v1) protocols. It provides a rich API which is
 documented here.
 
+At first the library must be initialized; see
+L<SSL_library_init(3)|SSL_library_init(3)>.
+
+Then an B<SSL_CTX> object is created as a framework to establish
+TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>).
+Various options regarding certificates, algorithms etc. can be set
+in this object.
+
+When a network connection has been created, it can be assigned to an
+B<SSL> object. After the B<SSL> object has been created using
+L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or
+L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network
+connection with the object.
+
+Then the TLS/SSL handshake is performed using
+L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)>
+respectively.
+L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used
+to read and write data on the TLS/SSL connection.
+L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the
+TLS/SSL connection.
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B<ssl> library functions deals with the following data
+structures:
+
+=over 4
+
+=item B<SSL_METHOD> (SSL Method)
+
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B<SSL_CTX>.
+
+=item B<SSL_CIPHER> (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+B<SSL_SESSION>.
+
+=item B<SSL_CTX> (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+
+=item B<SSL_SESSION> (SSL Session)
+
+This is a structure containing the current TLS/SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+
+=item B<SSL> (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+
 =head1 HEADER FILES
 
 Currently the OpenSSL B<ssl> library provides the following C header files
@@ -55,46 +118,6 @@ it's already included by ssl.h>.
 
 =back
 
-=head1 DATA STRUCTURES
-
-Currently the OpenSSL B<ssl> library functions deals with the following data
-structures:
-
-=over 4
-
-=item B<SSL_METHOD> (SSL Method)
-
-That's a dispatch structure describing the internal B<ssl> library
-methods/functions which implement the various protocol versions (SSLv1, SSLv2
-and TLSv1). It's needed to create an B<SSL_CTX>.
-
-=item B<SSL_CIPHER> (SSL Cipher)
-
-This structure holds the algorithm information for a particular cipher which
-are a core part of the SSL/TLS protocol. The available ciphers are configured
-on a B<SSL_CTX> basis and the actually used ones are then part of the
-B<SSL_SESSION>.
-
-=item B<SSL_CTX> (SSL Context)
-
-That's the global context structure which is created by a server or client
-once per program life-time and which holds mainly default values for the
-B<SSL> structures which are later created for the connections.
-
-=item B<SSL_SESSION> (SSL Session)
-
-This is a structure containing the current TLS/SSL session details for a
-connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
-
-=item B<SSL> (SSL Connection)
-
-That's the main SSL/TLS structure which is created by a server or client per
-established connection. This actually is the core structure in the SSL API.
-Under run-time the application usually deals with this structure which has
-links to mostly all other structures.
-
-=back
-
 =head1 API FUNCTIONS
 
 Currently the OpenSSL B<ssl> library exports 214 API functions.
@@ -521,11 +544,11 @@ connection defined in the B<SSL> structure.
 
 =item long B<SSL_num_renegotiations>(SSL *ssl);
 
-=item int B<SSL_peek>(SSL *ssl, char *buf, int num);
+=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
 
 =item int B<SSL_pending>(SSL *ssl);
 
-=item int B<SSL_read>(SSL *ssl, char *buf, int num);
+=item int B<SSL_read>(SSL *ssl, void *buf, int num);
 
 =item int B<SSL_renegotiate>(SSL *ssl);
 
@@ -617,7 +640,7 @@ connection defined in the B<SSL> structure.
 
 =item int B<SSL_want_x509_lookup>(s);
 
-=item int B<SSL_write>(SSL *ssl, char *buf, int num);
+=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
 
 =back
 
@@ -625,20 +648,53 @@ connection defined in the B<SSL> structure.
 
 L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
 L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
+L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
 L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
+L<SSL_get_fd(3)|SSL_get_fd(3)>,
 L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
 L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
 L<SSL_get_session(3)|SSL_get_session(3)>,
 L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_get_version(3)|SSL_get_version(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>,
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+L<SSL_new(3)|SSL_new(3)>,
 L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
 L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
 L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
+L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
 
 =head1 HISTORY
 

doc/ssleay.txt

@@ -5743,7 +5743,7 @@ strucutre but also the private key and certificate associated with
 
 EXAMPLES.
 
-So lets play at being a wierd SSL server.
+So lets play at being a weird SSL server.
 
 /* setup a context */
 ctx=SSL_CTX_new();

ms/test.bat

@@ -1,4 +1,4 @@
-@echo=off
+@echo off
 
 set test=..\ms
 set opath=%PATH%

rsaref/Makefile.ssl

@@ -39,7 +39,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

ssl/Makefile.ssl

@@ -55,7 +55,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

ssl/s23_lib.c

@@ -63,6 +63,7 @@
 static int ssl23_num_ciphers(void );
 static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
 static int ssl23_read(SSL *s, void *buf, int len);
+static int ssl23_peek(SSL *s, void *buf, int len);
 static int ssl23_write(SSL *s, const void *buf, int len);
 static long ssl23_default_timeout(void );
 static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
@@ -77,7 +78,7 @@ static SSL_METHOD SSLv23_data= {
 	ssl_undefined_function,
 	ssl_undefined_function,
 	ssl23_read,
-	(int (*)(struct ssl_st *, char *, int))ssl_undefined_function,
+	ssl23_peek,
 	ssl23_write,
 	ssl_undefined_function,
 	ssl_undefined_function,
@@ -169,13 +170,6 @@ static int ssl23_read(SSL *s, void *buf, int len)
 	{
 	int n;
 
-#if 0
-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-		{
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-#endif
 	clear_sys_error();
 	if (SSL_in_init(s) && (!s->in_handshake))
 		{
@@ -195,17 +189,33 @@ static int ssl23_read(SSL *s, void *buf, int len)
 		}
 	}
 
+static int ssl23_peek(SSL *s, void *buf, int len)
+	{
+	int n;
+
+	clear_sys_error();
+	if (SSL_in_init(s) && (!s->in_handshake))
+		{
+		n=s->handshake_func(s);
+		if (n < 0) return(n);
+		if (n == 0)
+			{
+			SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		return(SSL_peek(s,buf,len));
+		}
+	else
+		{
+		ssl_undefined_function(s);
+		return(-1);
+		}
+	}
+
 static int ssl23_write(SSL *s, const void *buf, int len)
 	{
 	int n;
 
-#if 0
-	if (s->shutdown & SSL_SENT_SHUTDOWN)
-		{
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-#endif
 	clear_sys_error();
 	if (SSL_in_init(s) && (!s->in_handshake))
 		{

ssl/s23_meth.c

@@ -64,7 +64,7 @@ static SSL_METHOD *ssl23_get_method(int ver);
 static SSL_METHOD *ssl23_get_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
-		return(SSLv23_method());
+		return(SSLv2_method());
 	else if (ver == SSL3_VERSION)
 		return(SSLv3_method());
 	else if (ver == TLS1_VERSION)

ssl/s2_clnt.c

@@ -921,6 +921,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 		goto err;
 		}
 	ERR_clear_error(); /* but we keep s->verify_result */
+	s->session->verify_result = s->verify_result;
 
 	/* server's cert for this session */
 	sc=ssl_sess_cert_new();

ssl/s2_lib.c

@@ -260,7 +260,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 
 int ssl2_pending(SSL *s)
 	{
-	return(s->s2->ract_data_length);
+	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
 	}
 
 int ssl2_new(SSL *s)
@@ -270,10 +270,16 @@ int ssl2_new(SSL *s)
 	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
 	memset(s2,0,sizeof *s2);
 
+#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
+#  error "assertion failed"
+#endif
+
 	if ((s2->rbuf=OPENSSL_malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+	/* wbuf needs one byte more because when using two-byte headers,
+	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
 	if ((s2->wbuf=OPENSSL_malloc(
-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
 	s->s2=s2;
 
 	ssl2_clear(s);

ssl/s2_pkt.c

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include "ssl_locl.h"
 #ifndef NO_SSL2
@@ -66,23 +119,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
 static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
 static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
-int ssl2_peek(SSL *s, char *buf, int len)
-	{
-	int ret;
 
-	ret=ssl2_read(s,buf,len);
-	if (ret > 0)
-	        {
-		s->s2->ract_data_length+=ret;
-		s->s2->ract_data-=ret;
-		}
-	return(ret);
-	}
 
-/* SSL_read -
+/* SSL 2.0 imlementation for SSL_read/SSL_peek -
  * This routine will return 0 to len bytes, decrypted etc if required.
  */
-int ssl2_read(SSL *s, void *buf, int len)
+static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
 	{
 	int n;
 	unsigned char mac[MAX_MAC_SIZE];
@@ -90,14 +132,14 @@ int ssl2_read(SSL *s, void *buf, int len)
 	int i;
 	unsigned int mac_size=0;
 
-ssl2_read_again:
+ ssl2_read_again:
 	if (SSL_in_init(s) && !s->in_handshake)
 		{
 		n=s->handshake_func(s);
 		if (n < 0) return(n);
 		if (n == 0)
 			{
-			SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
 			return(-1);
 			}
 		}
@@ -114,13 +156,22 @@ ssl2_read_again:
 			n=len;
 
 		memcpy(buf,s->s2->ract_data,(unsigned int)n);
-		s->s2->ract_data_length-=n;
+		if (!peek)
-		s->s2->ract_data+=n;
+			{
-		if (s->s2->ract_data_length == 0)
+			s->s2->ract_data_length-=n;
-			s->rstate=SSL_ST_READ_HEADER;
+			s->s2->ract_data+=n;
+			if (s->s2->ract_data_length == 0)
+				s->rstate=SSL_ST_READ_HEADER;
+			}
+
 		return(n);
 		}
 
+	/* s->s2->ract_data_length == 0
+	 * 
+	 * Fill the buffer, then goto ssl2_read_again.
+	 */
+
 	if (s->rstate == SSL_ST_READ_HEADER)
 		{
 		if (s->first_packet)
@@ -133,7 +184,7 @@ ssl2_read_again:
 				(p[2] == SSL2_MT_CLIENT_HELLO) ||
 				(p[2] == SSL2_MT_SERVER_HELLO))))
 				{
-				SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
 				return(-1);
 				}
 			}
@@ -211,48 +262,49 @@ ssl2_read_again:
 				(unsigned int)mac_size) != 0) ||
 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
 				{
-				SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
 				return(-1);
 				}
 			}
 		INC32(s->s2->read_sequence); /* expect next number */
 		/* s->s2->ract_data is now available for processing */
 
-#if 1
+		/* Possibly the packet that we just read had 0 actual data bytes.
-		/* How should we react when a packet containing 0
+		 * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
-		 * bytes is received?  (Note that SSLeay/OpenSSL itself
+		 * In this case, returning 0 would be interpreted by the caller
-		 * never sends such packets; see ssl2_write.)
+		 * as indicating EOF, so it's not a good idea.  Instead, we just
-		 * Returning 0 would be interpreted by the caller as
+		 * continue reading; thus ssl2_read_internal may have to process
-		 * indicating EOF, so it's not a good idea.
+		 * multiple packets before it can return.
-		 * Instead, we just continue reading.  Note that using
+		 *
-		 * select() for blocking sockets *never* guarantees
+		 * [Note that using select() for blocking sockets *never* guarantees
 		 * that the next SSL_read will not block -- the available
-		 * data may contain incomplete packets, and except for SSL 2
+		 * data may contain incomplete packets, and except for SSL 2,
-		 * renegotiation can confuse things even more. */
+		 * renegotiation can confuse things even more.] */
 
 		goto ssl2_read_again; /* This should really be
-				       * "return ssl2_read(s,buf,len)",
+		                       * "return ssl2_read(s,buf,len)",
-				       * but that would allow for
+		                       * but that would allow for
-				       * denial-of-service attacks if a
+		                       * denial-of-service attacks if a
-				       * C compiler is used that does not
+		                       * C compiler is used that does not
-				       * recognize end-recursion. */
+		                       * recognize end-recursion. */
-#else
-		/* If a 0 byte packet was sent, return 0, otherwise
-		 * we play havoc with people using select with
-		 * blocking sockets.  Let them handle a packet at a time,
-		 * they should really be using non-blocking sockets. */
-		if (s->s2->ract_data_length == 0)
-			return(0);
-		return(ssl2_read(s,buf,len));
-#endif
 		}
 	else
 		{
-		SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
+		SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
 			return(-1);
 		}
 	}
 
+int ssl2_read(SSL *s, void *buf, int len)
+	{
+	return ssl2_read_internal(s, buf, len, 0);
+	}
+
+int ssl2_peek(SSL *s, void *buf, int len)
+	{
+	return ssl2_read_internal(s, buf, len, 1);
+	}
+
 static int read_n(SSL *s, unsigned int n, unsigned int max,
 	     unsigned int extend)
 	{
@@ -483,6 +535,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 		{
 		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
 		j=len+mac_size;
+		/* Two-byte headers allow for a larger record length than
+		 * three-byte headers, but we can't use them if we need
+		 * padding or if we have to set the escape bit. */
 		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
 			(!s->s2->escape))
 			{
@@ -498,25 +553,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		else if ((bs <= 1) && (!s->s2->escape))
 			{
-			/* len=len; */
+			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
 			s->s2->three_byte_header=0;
 			p=0;
 			}
-		else /* 3 byte header */
+		else /* we may have to use a 3 byte header */
 			{
-			/*len=len; */
+			/* If s->s2->escape is not set, then
+			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
 			p=(j%bs);
 			p=(p == 0)?0:(bs-p);
 			if (s->s2->escape)
+				{
 				s->s2->three_byte_header=1;
+				if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+					j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
+				}
 			else
 				s->s2->three_byte_header=(p == 0)?0:1;
 			}
 		}
+
+	/* Now
+	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+	 * holds, and if s->s2->three_byte_header is set, then even
+	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
+	 */
+
 	/* mac_size is the number of MAC bytes
 	 * len is the number of data bytes we are going to send
 	 * p is the number of padding bytes
-	 * if p == 0, it is a 2 byte header */
+	 * (if it is a two-byte header, then p == 0) */
 
 	s->s2->wlength=len;
 	s->s2->padding=p;

ssl/s3_both.c

@@ -365,7 +365,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 			while (s->init_num < 4)
 				{
 				i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
-					4 - s->init_num);
+					4 - s->init_num, 0);
 				if (i <= 0)
 					{
 					s->rwstate=SSL_READING;
@@ -434,7 +434,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	n=s->s3->tmp.message_size;
 	while (n > 0)
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
 		if (i <= 0)
 			{
 			s->rwstate=SSL_READING;

ssl/s3_clnt.c

@@ -815,6 +815,7 @@ static int ssl3_get_server_certificate(SSL *s)
 		X509_free(s->session->peer);
 	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	s->session->peer=x;
+	s->session->verify_result = s->verify_result;
 
 	x=NULL;
 	ret=1;

ssl/s3_lib.c

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <openssl/md5.h>
@@ -638,10 +691,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 		return(NULL);
 	}
 
-/* The problem is that it may not be the correct record type */
 int ssl3_pending(SSL *s)
 	{
-	return(s->s3->rrec.length);
+	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
 	}
 
 int ssl3_new(SSL *s)
@@ -1189,7 +1241,7 @@ int ssl3_shutdown(SSL *s)
 	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
 		{
 		/* If we are waiting for a close from our peer, we are closed */
-		ssl3_read_bytes(s,0,NULL,0);
+		ssl3_read_bytes(s,0,NULL,0,0);
 		}
 
 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -1252,14 +1304,14 @@ int ssl3_write(SSL *s, const void *buf, int len)
 	return(ret);
 	}
 
-int ssl3_read(SSL *s, void *buf, int len)
+static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
 	{
 	int ret;
 	
 	clear_sys_error();
 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
 	s->s3->in_read_app_data=1;
-	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
 	if ((ret == -1) && (s->s3->in_read_app_data == 0))
 		{
 		/* ssl3_read_bytes decided to call s->handshake_func, which
@@ -1269,7 +1321,7 @@ int ssl3_read(SSL *s, void *buf, int len)
 		 * by resetting 'in_read_app_data', strangely); so disable
 		 * handshake processing and try to read application data again. */
 		s->in_handshake++;
-		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
 		s->in_handshake--;
 		}
 	else
@@ -1278,26 +1330,14 @@ int ssl3_read(SSL *s, void *buf, int len)
 	return(ret);
 	}
 
-int ssl3_peek(SSL *s, char *buf, int len)
+int ssl3_read(SSL *s, void *buf, int len)
 	{
-	SSL3_RECORD *rr;
+	return ssl3_read_internal(s, buf, len, 0);
-	int n;
+	}
 
-	rr= &(s->s3->rrec);
+int ssl3_peek(SSL *s, void *buf, int len)
-	if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
+	{
-		{
+	return ssl3_read_internal(s, buf, len, 1);
-		n=ssl3_read(s,buf,1);
-		if (n <= 0) return(n);
-		rr->length++;
-		rr->off--;
-		}
-
-	if ((unsigned int)len > rr->length)
-		n=rr->length;
-	else
-		n=len;
-	memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
-	return(n);
 	}
 
 int ssl3_renegotiate(SSL *s)

ssl/s3_pkt.c

@@ -704,7 +704,7 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
  *     Application data protocol
  *             none of our business
  */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 	{
 	int al,i,j,ret;
 	unsigned int n;
@@ -715,7 +715,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 		if (!ssl3_setup_buffers(s))
 			return(-1);
 
-	if ((type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type)
+	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
 		{
 		SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
 		return -1;
@@ -728,6 +729,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 		unsigned char *dst = buf;
 		unsigned int k;
 
+		/* peek == 0 */
 		n = 0;
 		while ((len > 0) && (s->s3->handshake_fragment_len > 0))
 			{
@@ -763,7 +765,7 @@ start:
 	 * s->s3->rrec.length,  - number of bytes. */
 	rr = &(s->s3->rrec);
 
-	/* get new packet */
+	/* get new packet if necessary */
 	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
 		{
 		ret=ssl3_get_record(s);
@@ -781,7 +783,8 @@ start:
 		goto err;
 		}
 
-	/* If the other end has shutdown, throw anything we read away */
+	/* If the other end has shut down, throw anything we read away
+	 * (even in 'peek' mode) */
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		rr->length=0;
@@ -810,12 +813,15 @@ start:
 			n = (unsigned int)len;
 
 		memcpy(buf,&(rr->data[rr->off]),n);
-		rr->length-=n;
+		if (!peek)
-		rr->off+=n;
-		if (rr->length == 0)
 			{
-			s->rstate=SSL_ST_READ_HEADER;
+			rr->length-=n;
-			rr->off=0;
+			rr->off+=n;
+			if (rr->length == 0)
+				{
+				s->rstate=SSL_ST_READ_HEADER;
+				rr->off=0;
+				}
 			}
 		return(n);
 		}

ssl/s3_srvr.c

@@ -1414,6 +1414,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
+		memset(p,0,i);
 		}
 	else
 #endif

ssl/ssl.h

@@ -206,7 +206,7 @@ typedef struct ssl_method_st
 	int (*ssl_accept)(SSL *s);
 	int (*ssl_connect)(SSL *s);
 	int (*ssl_read)(SSL *s,void *buf,int len);
-	int (*ssl_peek)(SSL *s,char *buf,int len);
+	int (*ssl_peek)(SSL *s,void *buf,int len);
 	int (*ssl_write)(SSL *s,const void *buf,int len);
 	int (*ssl_shutdown)(SSL *s);
 	int (*ssl_renegotiate)(SSL *s);
@@ -1061,9 +1061,9 @@ int SSL_set_trust(SSL *s, int trust);
 void	SSL_free(SSL *ssl);
 int 	SSL_accept(SSL *ssl);
 int 	SSL_connect(SSL *ssl);
-int 	SSL_read(SSL *ssl,char *buf,int num);
+int 	SSL_read(SSL *ssl,void *buf,int num);
-int 	SSL_peek(SSL *ssl,char *buf,int num);
+int 	SSL_peek(SSL *ssl,void *buf,int num);
-int 	SSL_write(SSL *ssl,const char *buf,int num);
+int 	SSL_write(SSL *ssl,const void *buf,int num);
 long	SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
 long	SSL_callback_ctrl(SSL *, int, void (*)());
 long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
@@ -1178,7 +1178,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 #define SSL_CTX_get_read_ahead(ctx) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
 #define SSL_CTX_set_read_ahead(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
 
      /* NB: the keylength is only applicable when is_export is true */
 #ifndef NO_RSA
@@ -1209,6 +1209,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
+void ERR_load_SSL_strings(void);
 
 /* Error codes for the SSL functions. */
 
@@ -1233,12 +1234,15 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL23_CONNECT				 117
 #define SSL_F_SSL23_GET_CLIENT_HELLO			 118
 #define SSL_F_SSL23_GET_SERVER_HELLO			 119
+#define SSL_F_SSL23_PEEK				 237
 #define SSL_F_SSL23_READ				 120
 #define SSL_F_SSL23_WRITE				 121
 #define SSL_F_SSL2_ACCEPT				 122
 #define SSL_F_SSL2_CONNECT				 123
 #define SSL_F_SSL2_ENC_INIT				 124
+#define SSL_F_SSL2_PEEK					 234
 #define SSL_F_SSL2_READ					 125
+#define SSL_F_SSL2_READ_INTERNAL			 236
 #define SSL_F_SSL2_SET_CERTIFICATE			 126
 #define SSL_F_SSL2_WRITE				 127
 #define SSL_F_SSL3_ACCEPT				 128
@@ -1263,6 +1267,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL3_GET_SERVER_DONE			 145
 #define SSL_F_SSL3_GET_SERVER_HELLO			 146
 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
+#define SSL_F_SSL3_PEEK					 235
 #define SSL_F_SSL3_READ_BYTES				 148
 #define SSL_F_SSL3_READ_N				 149
 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
@@ -1559,4 +1564,3 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 }
 #endif
 #endif
-

ssl/ssl2.h

@@ -134,11 +134,11 @@ extern "C" {
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
 #ifdef MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)29998
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u
 #else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)32767 
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
 #endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /**/
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */
 
 #define SSL2_CHALLENGE_LENGTH	16
 /*#define SSL2_CHALLENGE_LENGTH	32 */

ssl/ssl_algs.c

@@ -88,9 +88,13 @@ int SSL_library_init(void)
 #ifndef NO_SHA
 	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
 	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #endif
 #if !defined(NO_SHA) && !defined(NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
 
 	/* If you want support for phased out ciphers, add the following */

ssl/ssl_err.c

@@ -86,12 +86,15 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),	"SSL23_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0),	"SSL23_GET_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0),	"SSL23_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_PEEK,0),	"SSL23_PEEK"},
 {ERR_PACK(0,SSL_F_SSL23_READ,0),	"SSL23_READ"},
 {ERR_PACK(0,SSL_F_SSL23_WRITE,0),	"SSL23_WRITE"},
 {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),	"SSL2_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),	"SSL2_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),	"SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_PEEK,0),	"SSL2_PEEK"},
 {ERR_PACK(0,SSL_F_SSL2_READ,0),	"SSL2_READ"},
+{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),	"SSL2_READ_INTERNAL"},
 {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0),	"SSL2_SET_CERTIFICATE"},
 {ERR_PACK(0,SSL_F_SSL2_WRITE,0),	"SSL2_WRITE"},
 {ERR_PACK(0,SSL_F_SSL3_ACCEPT,0),	"SSL3_ACCEPT"},
@@ -116,6 +119,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0),	"SSL3_GET_SERVER_DONE"},
 {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0),	"SSL3_GET_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0),	"SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL3_PEEK,0),	"SSL3_PEEK"},
 {ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0),	"SSL3_READ_BYTES"},
 {ERR_PACK(0,SSL_F_SSL3_READ_N,0),	"SSL3_READ_N"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0),	"SSL3_SEND_CERTIFICATE_REQUEST"},

ssl/ssl_lib.c

@@ -119,7 +119,9 @@ int SSL_clear(SSL *s)
 	s->client_version=s->version;
 	s->rwstate=SSL_NOTHING;
 	s->rstate=SSL_ST_READ_HEADER;
+#if 0
 	s->read_ahead=s->ctx->read_ahead;
+#endif
 
 	if (s->init_buf != NULL)
 		{
@@ -229,6 +231,7 @@ SSL *SSL_new(SSL_CTX *ctx)
 	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
 	s->options=ctx->options;
 	s->mode=ctx->mode;
+	s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
 	SSL_clear(s);
 
 	CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
@@ -705,7 +708,7 @@ long SSL_get_default_timeout(SSL *s)
 	return(s->method->get_timeout());
 	}
 
-int SSL_read(SSL *s,char *buf,int num)
+int SSL_read(SSL *s,void *buf,int num)
 	{
 	if (s->handshake_func == 0)
 		{
@@ -721,8 +724,14 @@ int SSL_read(SSL *s,char *buf,int num)
 	return(s->method->ssl_read(s,buf,num));
 	}
 
-int SSL_peek(SSL *s,char *buf,int num)
+int SSL_peek(SSL *s,void *buf,int num)
 	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		return(0);
@@ -730,7 +739,7 @@ int SSL_peek(SSL *s,char *buf,int num)
 	return(s->method->ssl_peek(s,buf,num));
 	}
 
-int SSL_write(SSL *s,const char *buf,int num)
+int SSL_write(SSL *s,const void *buf,int num)
 	{
 	if (s->handshake_func == 0)
 		{

ssl/ssl_locl.h

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef HEADER_SSL_LOCL_H
 #define HEADER_SSL_LOCL_H
@@ -463,7 +516,7 @@ void	ssl2_free(SSL *s);
 int	ssl2_accept(SSL *s);
 int	ssl2_connect(SSL *s);
 int	ssl2_read(SSL *s, void *buf, int len);
-int	ssl2_peek(SSL *s, char *buf, int len);
+int	ssl2_peek(SSL *s, void *buf, int len);
 int	ssl2_write(SSL *s, const void *buf, int len);
 int	ssl2_shutdown(SSL *s);
 void	ssl2_clear(SSL *s);
@@ -494,7 +547,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl); 
 int ssl3_renegotiate_check(SSL *ssl); 
 int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
 	const char *sender, int slen,unsigned char *p);
@@ -511,7 +564,7 @@ void	ssl3_free(SSL *s);
 int	ssl3_accept(SSL *s);
 int	ssl3_connect(SSL *s);
 int	ssl3_read(SSL *s, void *buf, int len);
-int	ssl3_peek(SSL *s,char *buf, int len);
+int	ssl3_peek(SSL *s, void *buf, int len);
 int	ssl3_write(SSL *s, const void *buf, int len);
 int	ssl3_shutdown(SSL *s);
 void	ssl3_clear(SSL *s);

ssl/ssl_sess.c

@@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
 		if (s->session != NULL)
 			SSL_SESSION_free(s->session);
 		s->session=session;
+		s->verify_result = s->session->verify_result;
 		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
 		ret=1;
 		}

test/Makefile.ssl

@@ -192,7 +192,7 @@ test_bn:
 	@./$(BNTEST) >tmp.bntest
 	@echo quit >>tmp.bntest
 	@echo "running bc"
-	@bc tmp.bntest 2>&1 | $(PERL) -e 'while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} print STDERR "."; $$i++;} print STDERR "\n$$i tests passed\n"'
+	@<tmp.bntest sh -c "`sh ./bctest`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
 	@echo 'test a^b%c implementations'
 	./$(EXPTEST)
 

util/libeay.num

@@ -301,8 +301,8 @@ EVP_des_ede_cfb                         308	EXIST::FUNCTION:DES
 EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
 EVP_des_ofb                             310	EXIST::FUNCTION:DES
 EVP_desx_cbc                            311	EXIST::FUNCTION:DES
-EVP_dss                                 312	EXIST::FUNCTION:DSA
+EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
-EVP_dss1                                313	EXIST::FUNCTION:DSA
+EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
 EVP_enc_null                            314	EXIST::FUNCTION:
 EVP_get_cipherbyname                    315	EXIST::FUNCTION:
 EVP_get_digestbyname                    316	EXIST::FUNCTION:
@@ -926,7 +926,7 @@ PKCS7_add_signature                     938	EXIST::FUNCTION:
 PKCS7_cert_from_signer_info             939	EXIST::FUNCTION:
 PKCS7_get_signer_info                   940	EXIST::FUNCTION:
 EVP_delete_alias                        941	NOEXIST::FUNCTION:
-EVP_mdc2                                942	EXIST::FUNCTION:
+EVP_mdc2                                942	EXIST::FUNCTION:MDC2
 PEM_read_bio_RSAPublicKey               943	EXIST::FUNCTION:RSA
 PEM_write_bio_RSAPublicKey              944	EXIST::FUNCTION:RSA
 d2i_RSAPublicKey_bio                    945	EXIST::FUNCTION:RSA

util/mkdef.pl

@@ -119,7 +119,7 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-rc4$/)      { $no_rc4=1; }
 	elsif (/^no-rc5$/)      { $no_rc5=1; }
 	elsif (/^no-idea$/)     { $no_idea=1; }
-	elsif (/^no-des$/)      { $no_des=1; }
+	elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
 	elsif (/^no-bf$/)       { $no_bf=1; }
 	elsif (/^no-cast$/)     { $no_cast=1; }
 	elsif (/^no-md2$/)      { $no_md2=1; }
@@ -705,7 +705,8 @@ EOF
 		} else {
 			(my $n, my $i) = split /\\/, $nums{$s};
 			my %pf = ();
-			my @p = split(/,/, ($i =~ /^.*?:(.*?):/,$1));
+			my @p = split(/,/, ($i =~ /^[^:]*:([^:]*):/,$1));
+			my @a = split(/,/, ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1));
 			# @p_purged must contain hardware platforms only
 			my @p_purged = ();
 			foreach $ptmp (@p) {
@@ -727,7 +728,26 @@ EOF
 				|| (!$negatives
 				    && ($rsaref || !grep(/^RSAREF$/,@p)))
 				|| ($negatives
-				    && (!$rsaref || !grep(/^!RSAREF$/,@p))))) {
+				    && (!$rsaref || !grep(/^!RSAREF$/,@p))))
+			    && (!@a || (!$no_rc2 || !grep(/^RC2$/,@a)))
+			    && (!@a || (!$no_rc4 || !grep(/^RC4$/,@a)))
+			    && (!@a || (!$no_rc5 || !grep(/^RC5$/,@a)))
+			    && (!@a || (!$no_idea || !grep(/^IDEA$/,@a)))
+			    && (!@a || (!$no_des || !grep(/^DES$/,@a)))
+			    && (!@a || (!$no_bf || !grep(/^BF$/,@a)))
+			    && (!@a || (!$no_cast || !grep(/^CAST$/,@a)))
+			    && (!@a || (!$no_md2 || !grep(/^MD2$/,@a)))
+			    && (!@a || (!$no_md4 || !grep(/^MD4$/,@a)))
+			    && (!@a || (!$no_md5 || !grep(/^MD5$/,@a)))
+			    && (!@a || (!$no_sha || !grep(/^SHA$/,@a)))
+			    && (!@a || (!$no_ripemd || !grep(/^RIPEMD$/,@a)))
+			    && (!@a || (!$no_mdc2 || !grep(/^MDC2$/,@a)))
+			    && (!@a || (!$no_rsa || !grep(/^RSA$/,@a)))
+			    && (!@a || (!$no_dsa || !grep(/^DSA$/,@a)))
+			    && (!@a || (!$no_dh || !grep(/^DH$/,@a)))
+			    && (!@a || (!$no_hmac || !grep(/^HMAC$/,@a)))
+			    && (!@a || (!$no_fp_api || !grep(/^FP_API$/,@a)))
+			    ) {
 				printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$s,$n;
 #			} else {
 #				print STDERR "DEBUG: \"$sym\" (@p):",

util/pod2man.pl

@@ -416,6 +416,8 @@ if ($name ne 'something') {
 			warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
 		    }
 		    else {
+			$n[0] =~ s/\n/ /;
+			$n[1] =~ s/\n/ /;
 			%namedesc = @n;
 		    }
 		}