Merge from main trunk. No conflicts.

Configure

@@ -265,6 +265,9 @@ my %table=(
 #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.
 
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version

Makefile.org

@@ -62,7 +62,7 @@ AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --norecurse
+TARFLAGS= --no-recursion
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o

TABLE

@@ -140,6 +140,26 @@ $dso_scheme   =
 $shared_target= 
 $shared_cflag = 
 
+*** MPE/iX-gcc
+$cc           = gcc
+$cflags       = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
+$unistd       = 
+$thread_cflag = (unknown)
+$lflags       = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+
 *** Mingw32
 $cc           = gcc
 $cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall

apps/s_socket.c

@@ -209,9 +209,11 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 
+#ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
+#endif
 
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }

apps/speed.c

@@ -88,7 +88,7 @@
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
 # define TIMEB
 #endif
 

config

@@ -71,6 +71,10 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    MPE/iX:*)
+	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
+	echo "parisc-hp-MPE/iX"; exit 0
+	;;
     A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;

crypto/bio/bss_conn.c

@@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
 				}
 			c->state=BIO_CONN_S_CONNECT;
 
-#ifdef SO_KEEPALIVE
+#if defined(SO_KEEPALIVE) && !defined(MPE)
 			i=1;
 			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 			if (i < 0)

crypto/des/read_pwd.c

@@ -271,7 +271,9 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 #elif defined(MAC_OS_pre_X)
 	tty=stdin;
 #else
+#ifndef MPE
 	if ((tty=fopen("/dev/tty","r")) == NULL)
+#endif
 		tty=stdin;
 #endif
 
@@ -312,8 +314,12 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 
 #if defined(TTY_set) && !defined(VMS)
 	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+#ifdef MPE 
+		; /* MPE lies -- echo really has been disabled */
+#else
 		return(-1);
 #endif
+#endif
 #ifdef VMS
 	tty_new[0] = tty_orig[0];
 	tty_new[1] = tty_orig[1] | TT$M_NOECHO;

crypto/rand/rand_win.c

@@ -171,13 +171,16 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 
 #include <lmcons.h>
 #include <lmstats.h>
-#if 0 /* Some compilers use LMSTR, others (VC6, for example) use LPTSTR.
-       * This part is disabled until a fix is found.
+#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
+       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
+       * was added to the Platform SDK to allow the NET API to be used in
+       * non-Unicode applications provided that Unicode strings were still
+       * used for input.  LMSTR is defined as LPWSTR.
        */
 typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
-        (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*);
+        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
 typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
-#endif /* 0 */
+#endif /* 1 */
 
 int RAND_poll(void)
 {
@@ -191,12 +194,20 @@ int RAND_poll(void)
 	CRYPTACQUIRECONTEXT acquire = 0;
 	CRYPTGENRANDOM gen = 0;
 	CRYPTRELEASECONTEXT release = 0;
-#if 0 /* This part is disabled until a fix for the problem with the
-       * definition of NETSTATGET is found.
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
        */
 	NETSTATGET netstatget = 0;
 	NETFREE netfree = 0;
-#endif /* 0 */
+#endif /* 1 */
+
+	/* Determine the OS version we are on so we can turn off things 
+	 * that do not work properly.
+	 */
+        OSVERSIONINFO osverinfo ;
+        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
+        GetVersionEx( &osverinfo ) ;
 
 	/* load functions dynamically - not available on all systems */
 	advapi = LoadLibrary("ADVAPI32.DLL");
@@ -204,9 +215,9 @@ int RAND_poll(void)
 	user = LoadLibrary("USER32.DLL");
 	netapi = LoadLibrary("NETAPI32.DLL");
 
-#if 0 /* This part is disabled until a fix for the problem with the
-       * definition of NETSTATGET is found.  Also, note that VC6 doesn't
-       * understand strings starting with L".
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
        */
 	if (netapi)
 		{
@@ -217,57 +228,68 @@ int RAND_poll(void)
 	if (netstatget && netfree)
 		{
 		LPBYTE outbuf;
-		/* NetStatisticsGet() is a Unicode only function */
+		/* NetStatisticsGet() is a Unicode only function
+ 		 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+		 * contains 17 fields.  We treat each field as a source of
+		 * one byte of entropy.
+                 */
+
 		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
 			{
-			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 0);
+			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
 			netfree(outbuf);
 			}
 		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
 			{
-			RAND_add(outbuf, sizeof(STAT_SERVER_0), 0);
+			RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
 			netfree(outbuf);
 			}
 		}
 
 	if (netapi)
 		FreeLibrary(netapi);
-#endif /* 0 */
+#endif /* 1 */
  
-#if 0 /* It appears like this can cause an exception deep within ADVAPI32.DLL
-       * at random times.  Reported by Jeffrey Altman.
-       */
-	/* Read Performance Statistics from NT/2000 registry */
-	/* The size of the performance data can vary from call to call */
-	/* so we must guess the size of the buffer to use and increase */
-	/* its size if we get an ERROR_MORE_DATA return instead of     */
-	/* ERROR_SUCCESS.                                              */
-	{
-	LONG   rc=ERROR_MORE_DATA;
-	char * buf=NULL;
-	DWORD bufsz=0;
-	DWORD length;
-
-	while (rc == ERROR_MORE_DATA)
+        /* It appears like this can cause an exception deep within ADVAPI32.DLL
+         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+         * Only use it on NT.
+	 */
+        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+		osverinfo.dwMajorVersion < 5)
 		{
-		buf = realloc(buf,bufsz+8192);
-		if (!buf)
-			break;
-		bufsz += 8192;
+		/* Read Performance Statistics from NT/2000 registry
+		 * The size of the performance data can vary from call
+		 * to call so we must guess the size of the buffer to use
+		 * and increase its size if we get an ERROR_MORE_DATA
+		 * return instead of ERROR_SUCCESS.
+		 */
+		LONG   rc=ERROR_MORE_DATA;
+		char * buf=NULL;
+		DWORD bufsz=0;
+		DWORD length;
 
-		length = bufsz;
-		rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
-			NULL, NULL, buf, &length);
+		while (rc == ERROR_MORE_DATA)
+			{
+			buf = realloc(buf,bufsz+8192);
+			if (!buf)
+				break;
+			bufsz += 8192;
+
+			length = bufsz;
+			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+				NULL, NULL, buf, &length);
+			}
+		if (rc == ERROR_SUCCESS)
+			{
+                        /* For entropy count assume only least significant
+			 * byte of each DWORD is random.
+                         */
+			RAND_add(&length, sizeof(length), 0);
+			RAND_add(buf, length, length / 4.0);
+			}
+		if (buf)
+			free(buf);
 		}
-	if (rc == ERROR_SUCCESS)
-		{
-		RAND_add(&length, sizeof(length), 0);
-		RAND_add(buf, length, 0);
-		}
-	if (buf)
-		free(buf);
-	}
-#endif /* 0 */
 
 	if (advapi)
 		{
@@ -282,12 +304,13 @@ int RAND_poll(void)
 	if (acquire && gen && release)
 		{
 		/* poll the CryptoAPI PRNG */
+                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
 		if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
 			CRYPT_VERIFYCONTEXT))
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
-				RAND_add(buf, sizeof(buf), 0);
+				RAND_add(buf, sizeof(buf), sizeof(buf));
 #ifdef DEBUG
 				printf("randomness from PROV_RSA_FULL\n");
 #endif
@@ -300,7 +323,7 @@ int RAND_poll(void)
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
-				RAND_add(buf, sizeof(buf), 0);
+				RAND_add(buf, sizeof(buf), sizeof(buf));
 #ifdef DEBUG
 				printf("randomness from PROV_INTEL_SEC\n");
 #endif
@@ -321,7 +344,7 @@ int RAND_poll(void)
 
 	/* process ID */
 	w = GetCurrentProcessId();
-	RAND_add(&w, sizeof(w), 0);
+	RAND_add(&w, sizeof(w), 1);
 
 	if (user)
 		{
@@ -334,41 +357,37 @@ int RAND_poll(void)
 		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
 
 		if (win)
-		{
+			{
 			/* window handle */
 			h = win();
 			RAND_add(&h, sizeof(h), 0);
-		}
-
+			}
 		if (cursor)
 			{
 			/* unfortunately, its not safe to call GetCursorInfo()
 			 * on NT4 even though it exists in SP3 (or SP6) and
 			 * higher.
 			 */
-			OSVERSIONINFO osverinfo ;
-			osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
-			GetVersionEx( &osverinfo ) ;
-
 			if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
 				osverinfo.dwMajorVersion < 5)
 				cursor = 0;
 			}
-
 		if (cursor)
 			{
 			/* cursor position */
+                        /* assume 2 bytes of entropy */
 			CURSORINFO ci;
 			ci.cbSize = sizeof(CURSORINFO);
 			if (cursor(&ci))
-				RAND_add(&ci, ci.cbSize, 0);
+				RAND_add(&ci, ci.cbSize, 2);
 			}
 
 		if (queue)
 			{
 			/* message queue status */
+                        /* assume 1 byte of entropy */
 			w = queue(QS_ALLEVENTS);
-			RAND_add(&w, sizeof(w), 0);
+			RAND_add(&w, sizeof(w), 1);
 			}
 
 		FreeLibrary(user);
@@ -406,7 +425,7 @@ int RAND_poll(void)
 		MODULEENTRY32 m;
 
 		snap = (CREATETOOLHELP32SNAPSHOT)
-		  GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
 		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
 		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
 		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
@@ -425,11 +444,18 @@ int RAND_poll(void)
 			!= NULL)
 			{
 			/* heap list and heap walking */
+                        /* HEAPLIST32 contains 3 fields that will change with
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         * HEAPENTRY32 contains 5 fields that will change with 
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         */
 			hlist.dwSize = sizeof(HEAPLIST32);		
 			if (heaplist_first(handle, &hlist))
 				do
 					{
-					RAND_add(&hlist, hlist.dwSize, 0);
+					RAND_add(&hlist, hlist.dwSize, 3);
 					hentry.dwSize = sizeof(HEAPENTRY32);
 					if (heap_first(&hentry,
 						hlist.th32ProcessID,
@@ -438,7 +464,7 @@ int RAND_poll(void)
 						int entrycnt = 50;
 						do
 							RAND_add(&hentry,
-								hentry.dwSize, 0);
+								hentry.dwSize, 5);
 						while (heap_next(&hentry)
 							&& --entrycnt > 0);
 						}
@@ -446,24 +472,36 @@ int RAND_poll(void)
 						&hlist));
 			
 			/* process walking */
+                        /* PROCESSENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
 			p.dwSize = sizeof(PROCESSENTRY32);
 			if (process_first(handle, &p))
 				do
-					RAND_add(&p, p.dwSize, 0);
+					RAND_add(&p, p.dwSize, 9);
 				while (process_next(handle, &p));
 
 			/* thread walking */
+                        /* THREADENTRY32 contains 6 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
 			t.dwSize = sizeof(THREADENTRY32);
 			if (thread_first(handle, &t))
 				do
-					RAND_add(&t, t.dwSize, 0);
+					RAND_add(&t, t.dwSize, 6);
 				while (thread_next(handle, &t));
 
 			/* module walking */
+                        /* MODULEENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
 			m.dwSize = sizeof(MODULEENTRY32);
 			if (module_first(handle, &m))
 				do
-					RAND_add(&m, m.dwSize, 1);
+					RAND_add(&m, m.dwSize, 9);
 				while (module_next(handle, &m));
 
 			CloseHandle(handle);

doc/ssl/SSL_accept.pod

@@ -14,8 +14,11 @@ SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
 
 SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
 The communication channel must already have been set and assigned to the
-B<ssl> by setting an underlying B<BIO>. The behaviour of SSL_accept() depends
-on the underlying BIO. 
+B<ssl> by setting an underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_accept() depends on the underlying BIO. 
 
 If the underlying BIO is B<blocking>, SSL_accept() will only return once the
 handshake has been finished or an error occurred, except for SGC (Server

doc/ssl/SSL_connect.pod

@@ -14,8 +14,11 @@ SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
 
 SSL_connect() initiates the TLS/SSL handshake with a server. The communication
 channel must already have been set and assigned to the B<ssl> by setting an
-underlying B<BIO>. The behaviour of SSL_connect() depends on the underlying
-BIO. 
+underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_connect() depends on the underlying BIO. 
 
 If the underlying BIO is B<blocking>, SSL_connect() will only return once the
 handshake has been finished or an error occurred.

doc/ssl/SSL_read.pod

@@ -13,7 +13,11 @@ SSL_read - read bytes from a TLS/SSL connection.
 =head1 DESCRIPTION
 
 SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
-buffer B<buf>. If necessary, SSL_read() will negotiate a TLS/SSL session, if
+buffer B<buf>.
+
+=head1 NOTES
+
+If necessary, SSL_read() will negotiate a TLS/SSL session, if
 not already explicitly performed by SSL_connect() or SSL_accept(). If the
 peer requests a re-negotiation, it will be performed transparently during
 the SSL_read() operation. The behaviour of SSL_read() depends on the
@@ -34,6 +38,12 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 
+=head1 IMPORTANT
+
+When an SSL_read() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
 =head1 RETURN VALUES
 
 The following return values can occur:

doc/ssl/SSL_write.pod

@@ -13,7 +13,11 @@ SSL_read - write bytes to a TLS/SSL connection.
 =head1 DESCRIPTION
 
 SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
-B<ssl>. If necessary, SSL_write() will negotiate a TLS/SSL session, if
+B<ssl> connection.
+
+=head1 NOTES
+
+If necessary, SSL_write() will negotiate a TLS/SSL session, if
 not already explicitly performed by SSL_connect() or SSL_accept(). If the
 peer requests a re-negotiation, it will be performed transparently during
 the SSL_write() operation. The behaviour of SSL_write() depends on the
@@ -34,6 +38,12 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 
+=head1 IMPORTANT
+
+When an SSL_write() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
 =head1 RETURN VALUES
 
 The following return values can occur:

e_os.h

@@ -275,6 +275,9 @@ extern "C" {
 #    define NO_SYS_PARAM_H
 #  else
      /* !defined VMS */
+#    ifdef MPE
+#      define NO_SYS_PARAM_H
+#    endif
 #    ifdef OPENSSL_UNISTD
 #      include OPENSSL_UNISTD
 #    else
@@ -344,7 +347,9 @@ extern HINSTANCE _hInstance;
 #    ifndef NO_SYS_PARAM_H
 #      include <sys/param.h>
 #    endif
-#    include <sys/time.h> /* Needed under linux for FD_XXX */
+#    ifndef MPE
+#      include <sys/time.h> /* Needed under linux for FD_XXX */
+#    endif
 
 #    include <netdb.h>
 #    if defined(VMS) && !defined(__DECC)

ssl/ssl2.h

@@ -133,7 +133,11 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
+#ifdef MPE
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)29998
+#else
 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)32767 
+#endif
 #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /**/
 
 #define SSL2_CHALLENGE_LENGTH	16