Merge from main trunk.

CHANGES

@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
 
   *) In ssl23_get_client_hello, generate an error message when faced
      with an initial SSL 3.0/TLS record that is too small to contain the
@@ -14,6 +14,9 @@
      by the Finished messages.
      [Bodo Moeller]
 
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
   *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
      not set then we don't setup the error code for issuer check errors
      to avoid possibly overwriting other errors which the callback does
@@ -63,6 +66,7 @@
 
   *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
      BIO_ctrl (for BIO pairs).
+     [Bodo M<>ller]
 
   *) Add DSO method for VMS.
      [Richard Levitte]
@@ -296,7 +300,7 @@
      [Steve Henson]
 
   *) Changes needed for Tandem NSK.
-     [Scott Uroff scott@xypro.com]
+     [Scott Uroff <scott@xypro.com>]
 
   *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
      RSA_padding_check_SSLv23(), special padding was never detected

FAQ

@@ -32,7 +32,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.5a was released on April 1st, 2000.
+OpenSSL 0.9.6 was released on September 24th, 2000.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:

INSTALL.W32

@@ -108,8 +108,8 @@
 
  * Compiler installation:
 
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
-   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
    <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
    make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
    C:\egcs-1.1.2\mingw32.bat to set the PATH.

NEWS

@@ -14,8 +14,8 @@
       o New 'rsautl' application, low level RSA utility.
       o MD4 now included.
       o Bugfix for SSL rollback padding check.
-      o Support for external crypto device[1].
-      o Enhanced EVP interafce.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
 
     [1] The support for external crypto devices is currently a separate
         distribution.  See the file README.ENGINE.

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.6-beta3 [engine] (Final beta) 21 Sep 2000
+ OpenSSL 0.9.6 [engine] 24 Sep 2000
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

README.ENGINE

@@ -52,3 +52,12 @@
   device, or the built-in crypto routines will be used, just as in the
   default OpenSSL distribution.
 
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with Cryptoswift on
+  Win32.  A quick test done right before the release showed that trying
+  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+  an attempt is made to write at memory address 0x00000002.
+

STATUS

@@ -1,135 +1,10 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/09/24 09:50:28 $
+  ______________                           $Date: 2000/09/24 16:04:33 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.6:  Under development (in release cycle)...
-                       Proposed release date September 24, 2000
-                       0.9.6-beta1 is available:
-			OpenBSD-x86 2.7			- failed
-				ftime not supported [FIXED]
-			hpux-parisc-cc 10.20		- passed
-			hpux-parisc-gcc 10.20		- passed
-			hpux-parisc-gcc 11.00		- passed
-			hpux-gcc			- passed
-			hpux-brokengcc			- failed
-				BN_sqr fails in test
-			linux-elf			- passed
-			linux-sparcv7			- passed
-			linux-ppc			- passed
-			Solaris [engine]		- failed
-				speed cswift gives odd errors [FIXED]
-			solaris-sparcv8-gcc		- passed
-			solaris-sparcv9-gcc		- passed
-			solaris-sparcv9-cc		- passed
-			solaris64-sparcv9-cc		- passed
-			sco5-gcc			- passed
-			sco5-cc				- passed
-			FreeBSD				- passed
-			Win32 VC++			- failed
-				PCURSORINFO not defined unless Win2000 [FIXED]
-				RAND_poll() problem on Win2000 [FIXED]
-				DSO method always DSO_METHOD_null [FIXED]
-			CygWin32			- test failed
-			MingW32				- failed
-				thelp32.h
-			aix-gcc (AIX 4.3.2)		- passed
-			VMS/Alpha			- failed
-				Some things were missing [FIXED]
-                       0.9.6-beta2 is available:
-			linux/openbsd (all platforms?)		- mod_exp bug
-			sunos-gcc				- passed
-			aix-gcc					- passed
-			Win32 w/ VC6 or Mingw32			- failed
-				RAND_poll(), a few uninitialised vars [FIXED]
-				RAND_poll() should used LoadLibrary instead of
-					GetModuleHandle [FIXED]
-				Major compilation problem with VC6 on NT.
-					[FIXED]
-				Mingw32 says "175: parse error before `DWORD'"
-					[FIXED?]
-			Win32 w/ CygWin				- success?
-			VMS/Alpha 7.1 (CPQ C 5.6-003, TCP/IP 5.0) - success
-				Just a small warning in dso_vms.c [FIXED]
-			VMS/Alpha 7.2-1 (CPQ 5.6-003, TCP/IP 5.0A) - success
-			VMS/VAX 7.2-1 (CPQ 5.2-003, TCP/IP 5.0) - success
-			hpux-parisc-cc (HP-UX B.11.00)		- success
-			hpux-parisc2-cc	(11.00)			- success
-			hpux64-parisc2-cc (11.00)		- success
-			hpux-parisc1_1-cc (11.00)		- success
-			hpux-parisc-cc (10.20 w/ -ldld)		- success
-			hpux-parisc-gcc (10.20 w/ -ldld)	- success
-			hpux-parisc-cc [engine] (10.20 w/ -ldld)- success
-			hpux-parisc-gcc [endine] (10.20 w/ -ldld)- success
-				All hpux 10.20 targets succeeded provided -ldl
-					has been changed to -ldld.
-			solaris-sparcv9-gcc (2.6/ultra5)	- success
-			[ solaris-sparcv9-cc (SunOS 5.7 SC3.0)	- failed      ]
-			[	Complaints about a number of -x parameters to ]
-			[		the compiler and failed to compile an ]
-			[		assembler file.  Maybe a too old      ]
-			[		compiler? (Yes, apparently:)          ]
-			solaris-sparcv9-cc (SunOS 5.6 SC4.2)	- success
-			FreeBSD (2.2.5-RELEASE)			- success
-			alpha-cc [engine] (OSF1 5.0A)		- success
-			irix-mips3-cc [engine] (Irix 6.2)	- success
-				One has to do the same as for OpenBSD in
-					speed.c [FIXED]
-			aix-cc (3.2.5, cc 1.3.0.44)		- success
-			aix-gcc (3.2.5, gcc 2.8.1)		- success
-				Both first failed to compiled due to ftime().
-					[FIXED]
-			alpha-cc (V4.0E)			- success
-			alpha-gcc (V4.0E, gcc 2.8.1)		- success
-			ultrix-cc (V4.5)			- success
-			ultrix-gcc (V4.5, gcc 2.8.1)		- success
-                       0.9.6-beta3 is available:
-			aix-cc (4.3)				- success
-			aix-cc [engine] (4.3)			- success
-			linux-elf (RedHat 5.2, gcc 2.7.2.3)	- success
-			linux-elf (RedHat 6.2)			- success
-			linux-elf [engine] (RedHat 6.2)		- success
-			solaris-sparcv9-gcc (5.7, gcc 2.95.2)	- success
-			solaris-sparcv9-gcc (5.6, gcc 2.95.2)	- success
-			solaris-sparcv9-cc (5.6, SunWS C 4.2)	- success
-			solaris-sparcv9-cc [engine] (5.6, SunWS C 4.2)- success
-			VC-WIN32 (NT4 SP6, VC6 SP2)		- success
-			VC-WIN32 (NT4 SP6, Cygwin)		- success
-				The files used for testing must have CR/LF
-					as line endings.
-			VC-WIN32 (NT4 SP6, Mingw32)		- failed
-				mingw32a.mak contains a few lines that
-					generate an error.
-			VC-NT static libs (NT4 SP6, VC6 SP4)	- failed
-				Complains about unresolved external symbol
-					__imp__RegQueryValueEx.  This only
-					happens when building the static
-					libraries.  Tests pass as soon as
-					you make sure advapi32.lib gets
-					linked in. [FIXED]
-			VC-NT dynamic libs (NT4 SP6, VC6 SP4)	- success
-			VC-WIN32 (W2K Pro SP1, VC6 SP3, PSDK Jul2000)- success
-			hpux-parisc-gcc (B.10.20, gcc 2.95.2)	- success
-			hpux-parisc-cc (B.10.20, cc A.10.32.30)	- success
-			hpux-parisc-gcc [engine] (B.10.20, gcc 2.95.2)- success
-			hpux-parisc-cc [engine] (B.10.20, cc A.10.32.30)- success
-			hpux-parisc2-cc (B.11.11)		- success
-			hpux64-parisc2-cc (B.11.11)		- success
-				Kevin Steves also mentions that "All the new
-				targets look good on my end with hp-ux 11.0."
-			MPE/iX-gcc				- success
-			FreeBSD (2.2.5)				- failed
-				Only having USE_TOD made speed.c issue an
-					error. [FIXED]
-			FreeBSD-alpha (4.1, gcc 2.95.2)		- success
-				The USE_TOD fix needed to be applied.
-				There were warnings about -O3 triggering
-					known optimizer bugs on that
-					platform. [FIXED]
-			OpenBSD-x86 (2.7, gcc 2.95.2)		- success
-			alpha-cc (OSF1 V4.0)			- success
-			solaris-x86-gcc (5.8, gcc 2.95.2)	- success
+    o  OpenSSL 0.9.6:  Released on September 24th, 2000
     o  OpenSSL 0.9.5a: Released on April      1st, 2000
     o  OpenSSL 0.9.5:  Released on February  28th, 2000
     o  OpenSSL 0.9.4:  Released on August    09th, 1999

TABLE

@@ -102,7 +102,7 @@ $shared_cflag =
 
 *** FreeBSD-alpha
 $cc           = gcc
-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$cflags       = -DTERMIOS -O -fomit-frame-pointer
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = 

crypto/opensslv.h

@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00906003L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6-beta3 [engine] 21 Sep 2000"
+#define OPENSSL_VERSION_NUMBER	0x0090600fL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6 [engine] 24 Sep 2000"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 

doc/crypto/EVP_OpenInit.pod

@@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>
 

doc/crypto/EVP_SealInit.pod

@@ -67,7 +67,7 @@ with B<type> set to NULL.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_OpenInit(3)|EVP_OpenInit(3)>
 

doc/crypto/EVP_VerifyInit.pod

@@ -57,6 +57,7 @@ might.
 
 =head1 SEE ALSO
 
+L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,

doc/ssl/ssl.pod

@@ -625,12 +625,17 @@ connection defined in the B<SSL> structure.
 
 L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
 L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
 L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
-L<SSL_get_session(3)|SSL_get_session(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>,
 L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
-L<SSL_set_fd(3)|SSL_set_fd(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
 L<SSL_set_session(3)|SSL_set_session(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>

ms/mingw32.bat

@@ -76,6 +76,8 @@ rem Create files -- this can be skipped if using the GNU file utilities
 make -f ms/mingw32f.mak
 echo You can ignore the error messages above
 
+copy ms\tlhelp32.h outinc
+
 echo Building the libraries
 make -f ms/mingw32a.mak
 if errorlevel 1 goto end

openssl.spec

@@ -22,9 +22,9 @@ BuildRoot:   /var/tmp/%{name}-%{version}-root
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
 documentation. 
 
 OpenSSL is based on the excellent SSLeay library developed from Eric A.
@@ -43,9 +43,9 @@ Requires: openssl-engine
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
 documentation. 
 
 OpenSSL is based on the excellent SSLeay library developed from Eric A.
@@ -64,9 +64,9 @@ Requires: openssl-engine
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
 documentation. 
 
 OpenSSL is based on the excellent SSLeay library developed from Eric A.

util/pl/BC-32.pl

@@ -19,7 +19,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";

util/pl/Mingw32.pl

@@ -17,9 +17,9 @@ $mkdir='gmkdir';
 
 $cc='gcc';
 if ($debug)
-	{ $cflags="-DL_ENDIAN -g2 -ggdb"; }
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
 else
-	{ $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; }
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; }
 
 if ($gaswin and !$no_asm)
 	{

util/pl/Mingw32f.pl

@@ -11,9 +11,9 @@ $rm='del';
 
 $cc='gcc';
 if ($debug)
-	{ $cflags="-g2 -ggdb"; }
+	{ $cflags="-g2 -ggdb -DDSO_WIN32"; }
 else
-	{ $cflags="-O3 -fomit-frame-pointer"; }
+	{ $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; }
 
 $obj='.o';
 $ofile='-o ';

util/pl/VC-32.pl

@@ -12,7 +12,7 @@ $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -22,7 +22,7 @@ $inc_def="inc32";
 
 if ($debug)
 	{
-	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}