Merge from main trunk. No conflicts.

2000-09-21 07:38:47 +00:00
parent 5deb47f12a
commit a9c33b529e
15 changed files with 186 additions and 78 deletions
--- a/3
+++ b/3
@@ -265,6 +265,9 @@ my %table=(
 #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.
 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
 "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
--- a/Makefile.org
+++ b/Makefile.org
@@ -62,7 +62,7 @@ AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --norecurse
+TARFLAGS= --no-recursion
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
--- a/20
+++ b/20
@@ -140,6 +140,26 @@ $dso_scheme   =
 $shared_target= 
 $shared_cflag = 
 *** MPE/iX-gcc
 $cc           = gcc
 $cflags       = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
 $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** Mingw32
 $cc           = gcc
 $cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 #ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
 #endif
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -88,7 +88,7 @@
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
 # define TIMEB
 #endif
--- a/4
+++ b/4
@@ -71,6 +71,10 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
    MPE/iX:*)
 	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
 	echo "parisc-hp-MPE/iX"; exit 0
 	;;
    A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
 				}
 			c->state=BIO_CONN_S_CONNECT;
-#ifdef SO_KEEPALIVE
+#if defined(SO_KEEPALIVE) && !defined(MPE)
 			i=1;
 			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 			if (i < 0)
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -271,7 +271,9 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 #elif defined(MAC_OS_pre_X)
 	tty=stdin;
 #else
 #ifndef MPE
 	if ((tty=fopen("/dev/tty","r")) == NULL)
 #endif
 		tty=stdin;
 #endif
@@ -312,8 +314,12 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 #if defined(TTY_set) && !defined(VMS)
 	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
 #ifdef MPE 
 		; /* MPE lies -- echo really has been disabled */
 #else
 		return(-1);
 #endif
 #endif
 #ifdef VMS
 	tty_new[0] = tty_orig[0];
 	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -171,13 +171,16 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 #include <lmcons.h>
 #include <lmstats.h>
-#if 0 /* Some compilers use LMSTR, others (VC6, for example) use LPTSTR.
+#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
-       * This part is disabled until a fix is found.
+       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
       * was added to the Platform SDK to allow the NET API to be used in
       * non-Unicode applications provided that Unicode strings were still
       * used for input.  LMSTR is defined as LPWSTR.
       */
 typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
-        (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*);
+        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
 typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
-#endif /* 0 */
+#endif /* 1 */
 int RAND_poll(void)
 {
@@ -191,12 +194,20 @@ int RAND_poll(void)
 	CRYPTACQUIRECONTEXT acquire = 0;
 	CRYPTGENRANDOM gen = 0;
 	CRYPTRELEASECONTEXT release = 0;
-#if 0 /* This part is disabled until a fix for the problem with the
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
-       * definition of NETSTATGET is found.
+       * section is still experimental, but if all goes well, this conditional
       * will be removed
       */
 	NETSTATGET netstatget = 0;
 	NETFREE netfree = 0;
-#endif /* 0 */
+#endif /* 1 */
 	/* Determine the OS version we are on so we can turn off things 
 	 * that do not work properly.
 	 */
        OSVERSIONINFO osverinfo ;
        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
        GetVersionEx( &osverinfo ) ;
 	/* load functions dynamically - not available on all systems */
 	advapi = LoadLibrary("ADVAPI32.DLL");
@@ -204,9 +215,9 @@ int RAND_poll(void)
 	user = LoadLibrary("USER32.DLL");
 	netapi = LoadLibrary("NETAPI32.DLL");
-#if 0 /* This part is disabled until a fix for the problem with the
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
-       * definition of NETSTATGET is found.  Also, note that VC6 doesn't
+       * section is still experimental, but if all goes well, this conditional
-       * understand strings starting with L".
+       * will be removed
       */
 	if (netapi)
 		{
@@ -217,57 +228,68 @@ int RAND_poll(void)
 	if (netstatget && netfree)
 		{
 		LPBYTE outbuf;
-		/* NetStatisticsGet() is a Unicode only function */
+		/* NetStatisticsGet() is a Unicode only function
 		 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
 		 * contains 17 fields.  We treat each field as a source of
 		 * one byte of entropy.
                 */
 		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
 			{
-			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 0);
+			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
 			netfree(outbuf);
 			}
 		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
 			{
-			RAND_add(outbuf, sizeof(STAT_SERVER_0), 0);
+			RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
 			netfree(outbuf);
 			}
 		}
 	if (netapi)
 		FreeLibrary(netapi);
-#endif /* 0 */
+#endif /* 1 */
-#if 0 /* It appears like this can cause an exception deep within ADVAPI32.DLL
+        /* It appears like this can cause an exception deep within ADVAPI32.DLL
-       * at random times.  Reported by Jeffrey Altman.
+         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
-       */
+         * Only use it on NT.
-	/* Read Performance Statistics from NT/2000 registry */
+	 */
-	/* The size of the performance data can vary from call to call */
+        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
-	/* so we must guess the size of the buffer to use and increase */
+		osverinfo.dwMajorVersion < 5)
 	/* its size if we get an ERROR_MORE_DATA return instead of     */
 	/* ERROR_SUCCESS.                                              */
 	{
 	LONG   rc=ERROR_MORE_DATA;
 	char * buf=NULL;
 	DWORD bufsz=0;
 	DWORD length;
 	while (rc == ERROR_MORE_DATA)
 		{
-		buf = realloc(buf,bufsz+8192);
+		/* Read Performance Statistics from NT/2000 registry
-		if (!buf)
+		 * The size of the performance data can vary from call
-			break;
+		 * to call so we must guess the size of the buffer to use
-		bufsz += 8192;
+		 * and increase its size if we get an ERROR_MORE_DATA
 		 * return instead of ERROR_SUCCESS.
 		 */
 		LONG   rc=ERROR_MORE_DATA;
 		char * buf=NULL;
 		DWORD bufsz=0;
 		DWORD length;
-		length = bufsz;
+		while (rc == ERROR_MORE_DATA)
-		rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+			{
-			NULL, NULL, buf, &length);
+			buf = realloc(buf,bufsz+8192);
 			if (!buf)
 				break;
 			bufsz += 8192;
 			length = bufsz;
 			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
 				NULL, NULL, buf, &length);
 			}
 		if (rc == ERROR_SUCCESS)
 			{
                        /* For entropy count assume only least significant
 			 * byte of each DWORD is random.
                         */
 			RAND_add(&length, sizeof(length), 0);
 			RAND_add(buf, length, length / 4.0);
 			}
 		if (buf)
 			free(buf);
 		}
 	if (rc == ERROR_SUCCESS)
 		{
 		RAND_add(&length, sizeof(length), 0);
 		RAND_add(buf, length, 0);
 		}
 	if (buf)
 		free(buf);
 	}
 #endif /* 0 */
 	if (advapi)
 		{
@@ -282,12 +304,13 @@ int RAND_poll(void)
 	if (acquire && gen && release)
 		{
 		/* poll the CryptoAPI PRNG */
                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
 		if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
 			CRYPT_VERIFYCONTEXT))
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
-				RAND_add(buf, sizeof(buf), 0);
+				RAND_add(buf, sizeof(buf), sizeof(buf));
 #ifdef DEBUG
 				printf("randomness from PROV_RSA_FULL\n");
 #endif
@@ -300,7 +323,7 @@ int RAND_poll(void)
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
-				RAND_add(buf, sizeof(buf), 0);
+				RAND_add(buf, sizeof(buf), sizeof(buf));
 #ifdef DEBUG
 				printf("randomness from PROV_INTEL_SEC\n");
 #endif
@@ -321,7 +344,7 @@ int RAND_poll(void)
 	/* process ID */
 	w = GetCurrentProcessId();
-	RAND_add(&w, sizeof(w), 0);
+	RAND_add(&w, sizeof(w), 1);
 	if (user)
 		{
@@ -334,41 +357,37 @@ int RAND_poll(void)
 		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
 		if (win)
-		{
+			{
 			/* window handle */
 			h = win();
 			RAND_add(&h, sizeof(h), 0);
-		}
+			}
 		if (cursor)
 			{
 			/* unfortunately, its not safe to call GetCursorInfo()
 			 * on NT4 even though it exists in SP3 (or SP6) and
 			 * higher.
 			 */
 			OSVERSIONINFO osverinfo ;
 			osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
 			GetVersionEx( &osverinfo ) ;
 			if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
 				osverinfo.dwMajorVersion < 5)
 				cursor = 0;
 			}
 		if (cursor)
 			{
 			/* cursor position */
                        /* assume 2 bytes of entropy */
 			CURSORINFO ci;
 			ci.cbSize = sizeof(CURSORINFO);
 			if (cursor(&ci))
-				RAND_add(&ci, ci.cbSize, 0);
+				RAND_add(&ci, ci.cbSize, 2);
 			}
 		if (queue)
 			{
 			/* message queue status */
                        /* assume 1 byte of entropy */
 			w = queue(QS_ALLEVENTS);
-			RAND_add(&w, sizeof(w), 0);
+			RAND_add(&w, sizeof(w), 1);
 			}
 		FreeLibrary(user);
@@ -406,7 +425,7 @@ int RAND_poll(void)
 		MODULEENTRY32 m;
 		snap = (CREATETOOLHELP32SNAPSHOT)
-		  GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
 		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
 		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
 		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
@@ -425,11 +444,18 @@ int RAND_poll(void)
 			!= NULL)
 			{
 			/* heap list and heap walking */
                        /* HEAPLIST32 contains 3 fields that will change with
                         * each entry.  Consider each field a source of 1 byte
                         * of entropy.
                         * HEAPENTRY32 contains 5 fields that will change with 
                         * each entry.  Consider each field a source of 1 byte
                         * of entropy.
                         */
 			hlist.dwSize = sizeof(HEAPLIST32);		
 			if (heaplist_first(handle, &hlist))
 				do
 					{
-					RAND_add(&hlist, hlist.dwSize, 0);
+					RAND_add(&hlist, hlist.dwSize, 3);
 					hentry.dwSize = sizeof(HEAPENTRY32);
 					if (heap_first(&hentry,
 						hlist.th32ProcessID,
@@ -438,34 +464,46 @@ int RAND_poll(void)
 						int entrycnt = 50;
 						do
 							RAND_add(&hentry,
-								hentry.dwSize, 0);
+								hentry.dwSize, 5);
 						while (heap_next(&hentry)
 							&& --entrycnt > 0);
 						}
 					} while (heaplist_next(handle,
 						&hlist));
-
+			
 			/* process walking */
                        /* PROCESSENTRY32 contains 9 fields that will change
                         * with each entry.  Consider each field a source of
                         * 1 byte of entropy.
                         */
 			p.dwSize = sizeof(PROCESSENTRY32);
 			if (process_first(handle, &p))
 				do
-					RAND_add(&p, p.dwSize, 0);
+					RAND_add(&p, p.dwSize, 9);
 				while (process_next(handle, &p));
-			
+
 			/* thread walking */
                        /* THREADENTRY32 contains 6 fields that will change
                         * with each entry.  Consider each field a source of
                         * 1 byte of entropy.
                         */
 			t.dwSize = sizeof(THREADENTRY32);
 			if (thread_first(handle, &t))
 				do
-					RAND_add(&t, t.dwSize, 0);
+					RAND_add(&t, t.dwSize, 6);
 				while (thread_next(handle, &t));
-			
+
 			/* module walking */
                        /* MODULEENTRY32 contains 9 fields that will change
                         * with each entry.  Consider each field a source of
                         * 1 byte of entropy.
                         */
 			m.dwSize = sizeof(MODULEENTRY32);
 			if (module_first(handle, &m))
 				do
-					RAND_add(&m, m.dwSize, 1);
+					RAND_add(&m, m.dwSize, 9);
 				while (module_next(handle, &m));
-			
+
 			CloseHandle(handle);
 			}
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -14,8 +14,11 @@ SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
 SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
 The communication channel must already have been set and assigned to the
-B<ssl> by setting an underlying B<BIO>. The behaviour of SSL_accept() depends
+B<ssl> by setting an underlying B<BIO>.
-on the underlying BIO. 
+
 =head1 NOTES
 The behaviour of SSL_accept() depends on the underlying BIO. 
 If the underlying BIO is B<blocking>, SSL_accept() will only return once the
 handshake has been finished or an error occurred, except for SGC (Server
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -14,8 +14,11 @@ SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
 SSL_connect() initiates the TLS/SSL handshake with a server. The communication
 channel must already have been set and assigned to the B<ssl> by setting an
-underlying B<BIO>. The behaviour of SSL_connect() depends on the underlying
+underlying B<BIO>.
-BIO. 
+
 =head1 NOTES
 The behaviour of SSL_connect() depends on the underlying BIO. 
 If the underlying BIO is B<blocking>, SSL_connect() will only return once the
 handshake has been finished or an error occurred.
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
@@ -13,7 +13,11 @@ SSL_read - read bytes from a TLS/SSL connection.
 =head1 DESCRIPTION
 SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
-buffer B<buf>. If necessary, SSL_read() will negotiate a TLS/SSL session, if
+buffer B<buf>.
 =head1 NOTES
 If necessary, SSL_read() will negotiate a TLS/SSL session, if
 not already explicitly performed by SSL_connect() or SSL_accept(). If the
 peer requests a re-negotiation, it will be performed transparently during
 the SSL_read() operation. The behaviour of SSL_read() depends on the
@@ -34,6 +38,12 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 =head1 IMPORTANT
 When an SSL_read() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
 with the same arguments.
 =head1 RETURN VALUES
 The following return values can occur:
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -13,7 +13,11 @@ SSL_read - write bytes to a TLS/SSL connection.
 =head1 DESCRIPTION
 SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
-B<ssl>. If necessary, SSL_write() will negotiate a TLS/SSL session, if
+B<ssl> connection.
 =head1 NOTES
 If necessary, SSL_write() will negotiate a TLS/SSL session, if
 not already explicitly performed by SSL_connect() or SSL_accept(). If the
 peer requests a re-negotiation, it will be performed transparently during
 the SSL_write() operation. The behaviour of SSL_write() depends on the
@@ -34,6 +38,12 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 =head1 IMPORTANT
 When an SSL_write() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
 with the same arguments.
 =head1 RETURN VALUES
 The following return values can occur:
--- a/e_os.h
+++ b/e_os.h
@@ -275,6 +275,9 @@ extern "C" {
 #    define NO_SYS_PARAM_H
 #  else
     /* !defined VMS */
 #    ifdef MPE
 #      define NO_SYS_PARAM_H
 #    endif
 #    ifdef OPENSSL_UNISTD
 #      include OPENSSL_UNISTD
 #    else
@@ -344,7 +347,9 @@ extern HINSTANCE _hInstance;
 #    ifndef NO_SYS_PARAM_H
 #      include <sys/param.h>
 #    endif
-#    include <sys/time.h> /* Needed under linux for FD_XXX */
+#    ifndef MPE
 #      include <sys/time.h> /* Needed under linux for FD_XXX */
 #    endif
 #    include <netdb.h>
 #    if defined(VMS) && !defined(__DECC)
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -133,7 +133,11 @@ extern "C" {
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
 #ifdef MPE
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)29998
 #else
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)32767 
 #endif
 #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /**/
 #define SSL2_CHALLENGE_LENGTH	16