Merge from main trunk.

specifically ask for them.

Fix typo in docs.

CHANGES

@@ -2,7 +2,40 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
 
   *) On VMS, stdout may very well lead to a file that is written to
      in a record-oriented fashion.  That means that every write() will
@@ -33,6 +66,7 @@
 
   *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
      BIO_ctrl (for BIO pairs).
+     [Bodo M<>ller]
 
   *) Add DSO method for VMS.
      [Richard Levitte]
@@ -266,7 +300,7 @@
      [Steve Henson]
 
   *) Changes needed for Tandem NSK.
-     [Scott Uroff scott@xypro.com]
+     [Scott Uroff <scott@xypro.com>]
 
   *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
      RSA_padding_check_SSLv23(), special padding was never detected

Configure

@@ -274,7 +274,7 @@ my %table=(
 "alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
 "alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
 "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
-"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
 
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:

FAQ

@@ -32,7 +32,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.5a was released on April 1st, 2000.
+OpenSSL 0.9.6 was released on September 24th, 2000.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:

INSTALL.W32

@@ -108,8 +108,8 @@
 
  * Compiler installation:
 
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
-   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
    <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
    make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
    C:\egcs-1.1.2\mingw32.bat to set the PATH.

NEWS

@@ -14,7 +14,8 @@
       o New 'rsautl' application, low level RSA utility.
       o MD4 now included.
       o Bugfix for SSL rollback padding check.
-      o Support for external crypto device[1].
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
 
     [1] The support for external crypto devices is currently a separate
         distribution.  See the file README.ENGINE.

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.6-beta3 [engine] (Final beta) 21 Sep 2000
+ OpenSSL 0.9.6 [engine] 24 Sep 2000
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

README.ENGINE

@@ -52,3 +52,12 @@
   device, or the built-in crypto routines will be used, just as in the
   default OpenSSL distribution.
 
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with Cryptoswift on
+  Win32.  A quick test done right before the release showed that trying
+  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+  an attempt is made to write at memory address 0x00000002.
+

STATUS

@@ -1,96 +1,17 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/09/20 16:40:09 $
+  ______________                           $Date: 2000/09/24 16:04:33 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 0.9.6:  Under development (in release cycle)...
-                       Proposed release date September 24, 2000
-                       0.9.6-beta1 is available:
-			OpenBSD-x86 2.7			- failed
-				ftime not supported [FIXED]
-			hpux-parisc-cc 10.20		- passed
-			hpux-parisc-gcc 10.20		- passed
-			hpux-parisc-gcc 11.00		- passed
-			hpux-gcc			- passed
-			hpux-brokengcc			- failed
-				BN_sqr fails in test
-			linux-elf			- passed
-			linux-sparcv7			- passed
-			linux-ppc			- passed
-			Solaris [engine]		- failed
-				speed cswift gives odd errors [FIXED]
-			solaris-sparcv8-gcc		- passed
-			solaris-sparcv9-gcc		- passed
-			solaris-sparcv9-cc		- passed
-			solaris64-sparcv9-cc		- passed
-			sco5-gcc			- passed
-			sco5-cc				- passed
-			FreeBSD				- passed
-			Win32 VC++			- failed
-				PCURSORINFO not defined unless Win2000 [FIXED]
-				RAND_poll() problem on Win2000 [FIXED]
-				DSO method always DSO_METHOD_null [FIXED]
-			CygWin32			- test failed
-			MingW32				- failed
-				thelp32.h
-			aix-gcc (AIX 4.3.2)		- passed
-			VMS/Alpha			- failed
-				Some things were missing [FIXED]
-                       0.9.6-beta2 is available:
-			linux/openbsd (all platforms?)		- mod_exp bug
-			sunos-gcc				- passed
-			aix-gcc					- passed
-			Win32 w/ VC6 or Mingw32			- failed
-				RAND_poll(), a few uninitialised vars [FIXED]
-				RAND_poll() should used LoadLibrary instead of
-					GetModuleHandle [FIXED]
-				Major compilation problem with VC6 on NT.
-					[FIXED]
-				Mingw32 says "175: parse error before `DWORD'"
-					[FIXED?]
-			Win32 w/ CygWin				- success?
-			VMS/Alpha 7.1 (CPQ C 5.6-003, TCP/IP 5.0) - success
-				Just a small warning in dso_vms.c [FIXED]
-			VMS/Alpha 7.2-1 (CPQ 5.6-003, TCP/IP 5.0A) - success
-			VMS/VAX 7.2-1 (CPQ 5.2-003, TCP/IP 5.0) - success
-			hpux-parisc-cc (HP-UX B.11.00)		- success
-			hpux-parisc2-cc	(11.00)			- success
-			hpux64-parisc2-cc (11.00)		- success
-			hpux-parisc1_1-cc (11.00)		- success
-			hpux-parisc-cc (10.20 w/ -ldld)		- success
-			hpux-parisc-gcc (10.20 w/ -ldld)	- success
-			hpux-parisc-cc [engine] (10.20 w/ -ldld)- success
-			hpux-parisc-gcc [endine] (10.20 w/ -ldld)- success
-				All hpux 10.20 targets succeeded provided -ldl
-					has been changed to -ldld.
-			solaris-sparcv9-gcc (2.6/ultra5)	- success
-			[ solaris-sparcv9-cc (SunOS 5.7 SC3.0)	- failed      ]
-			[	Complaints about a number of -x parameters to ]
-			[		the compiler and failed to compile an ]
-			[		assembler file.  Maybe a too old      ]
-			[		compiler? (Yes, apparently:)          ]
-			solaris-sparcv9-cc (SunOS 5.6 SC4.2)	- success
-			FreeBSD (2.2.5-RELEASE)			- success
-			alpha-cc [engine] (OSF1 5.0A)		- success
-			irix-mips3-cc [engine] (Irix 6.2)	- success
-				One has to do the same as for OpenBSD in
-					speed.c [FIXED]
-			aix-cc (3.2.5, cc 1.3.0.44)		- success
-			aix-gcc (3.2.5, gcc 2.8.1)		- success
-				Both first failed to compiled due to ftime().
-					[FIXED]
-			alpha-cc (V4.0E)			- success
-			alpha-gcc (V4.0E, gcc 2.8.1)		- success
-			ultrix-cc (V4.5)			- success
-			ultrix-gcc (V4.5, gcc 2.8.1)		- success
-    o  OpenSSL 0.9.5a: Released on April     1st, 2000
-    o  OpenSSL 0.9.5:  Released on February 28th, 2000
-    o  OpenSSL 0.9.4:  Released on August   09th, 1999
-    o  OpenSSL 0.9.3a: Released on May      29th, 1999
-    o  OpenSSL 0.9.3:  Released on May      25th, 1999
-    o  OpenSSL 0.9.2b: Released on March    22th, 1999
-    o  OpenSSL 0.9.1c: Released on December 23th, 1998
+    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+    o  OpenSSL 0.9.5a: Released on April      1st, 2000
+    o  OpenSSL 0.9.5:  Released on February  28th, 2000
+    o  OpenSSL 0.9.4:  Released on August    09th, 1999
+    o  OpenSSL 0.9.3a: Released on May       29th, 1999
+    o  OpenSSL 0.9.3:  Released on May       25th, 1999
+    o  OpenSSL 0.9.2b: Released on March     22th, 1999
+    o  OpenSSL 0.9.1c: Released on December  23th, 1998
 
   RELEASE SHOWSTOPPERS
 

TABLE

@@ -102,7 +102,7 @@ $shared_cflag =
 
 *** FreeBSD-alpha
 $cc           = gcc
-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$cflags       = -DTERMIOS -O -fomit-frame-pointer
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = 

apps/speed.c

@@ -116,7 +116,7 @@
 #include <sys/timeb.h>
 #endif
 
-#if !defined(TIMES) && !defined(TIMEB)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
 

crypto/asn1/a_type.c

@@ -123,6 +123,8 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
+	case V_ASN1_OTHER:
+	default:
 		if (a->value.set == NULL)
 			r=0;
 		else
@@ -159,6 +161,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 
 	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
 	if (inf & 0x80) goto err;
+	/* If not universal tag we've no idea what it is */
+	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
 	
 	ASN1_TYPE_component_free(ret);
 
@@ -245,6 +249,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
+	case V_ASN1_OTHER:
+	default:
 		/* Sets and sequences are left complete */
 		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
 		ret->value.set->type=tag;
@@ -252,9 +258,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
 		p+=len;
 		break;
-	default:
-		ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
-		goto err;
 		}
 
 	ret->type=tag;
@@ -312,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 		case V_ASN1_OBJECT:
 			ASN1_OBJECT_free(a->value.object);
 			break;
+		case V_ASN1_NULL:
+			break;
 		case V_ASN1_INTEGER:
 		case V_ASN1_NEG_INTEGER:
 		case V_ASN1_ENUMERATED:
@@ -333,10 +338,9 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 		case V_ASN1_UNIVERSALSTRING:
 		case V_ASN1_BMPSTRING:
 		case V_ASN1_UTF8STRING:
-			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-			break;
+		case V_ASN1_OTHER:
 		default:
-			/* MEMORY LEAK */
+			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
 			break;
 			}
 		a->type=0;

crypto/asn1/asn1.h

@@ -83,6 +83,7 @@ extern "C" {
 #define V_ASN1_PRIMATIVE_TAG		0x1f
 
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
+#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
 
 #define V_ASN1_NEG			0x100	/* negative flag */
 

crypto/opensslv.h

@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00906003L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6-beta3 [engine] 21 Sep 2000"
+#define OPENSSL_VERSION_NUMBER	0x0090600fL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6 [engine] 24 Sep 2000"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 

crypto/x509/x509_vfy.c

@@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 	ret = X509_check_issued(issuer, x);
 	if (ret == X509_V_OK)
 		return 1;
-	else
-		{
-		ctx->error = ret;
-		ctx->current_cert = x;
-		ctx->current_issuer = issuer;
-		if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
-			return ctx->verify_cb(0, ctx);
-		else
-			return 0;
-		}
+	/* If we haven't asked for issuer errors don't set ctx */
+	if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+		return 0;
+
+	ctx->error = ret;
+	ctx->current_cert = x;
+	ctx->current_issuer = issuer;
+	if (ctx->verify_cb)
+		return ctx->verify_cb(0, ctx);
 	return 0;
 }
 

doc/apps/smime.pod

@@ -325,7 +325,7 @@ Send encrypted mail using triple DES:
 Sign and encrypt mail:
 
  openssl smime -sign -in ml.txt -signer my.pem -text \
-	| openssl -encrypt -out mail.msg \
+	| openssl smime -encrypt -out mail.msg \
 	-from steve@openssl.org -to someone@somewhere \
 	-subject "Signed and Encrypted message" -des3 user.pem
 

doc/crypto/EVP_OpenInit.pod

@@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>
 

doc/crypto/EVP_SealInit.pod

@@ -67,7 +67,7 @@ with B<type> set to NULL.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
 L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 L<EVP_OpenInit(3)|EVP_OpenInit(3)>
 

doc/crypto/EVP_VerifyInit.pod

@@ -57,6 +57,7 @@ might.
 
 =head1 SEE ALSO
 
+L<evp(3)|evp(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,

doc/crypto/blowfish.pod

@@ -24,7 +24,7 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
 
  void BF_encrypt(BF_LONG *data,const BF_KEY *key);
  void BF_decrypt(BF_LONG *data,const BF_KEY *key);
- 
+
 =head1 DESCRIPTION
 
 This library implements the Blowfish cipher, which is invented and described

doc/crypto/evp.pod

@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+evp - high-level cryptographic functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+=head1 DESCRIPTION
+
+The EVP library provided a high-level interface to cryptographic
+functions.
+
+B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+and decryption to implement digital "envelopes".
+
+The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+digital signatures.
+
+Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+functions.  The B<EVP_Digest>I<...> functions provide message digests.
+
+Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+
+=cut

doc/ssl/SSL_library_init.pod

@@ -24,7 +24,7 @@ for SSL_library_init().
 
 SSL_library_init() must be called before any other action takes place.
 
-=head1 IMPORTANT
+=head1 WARNING
 
 SSL_library_init() only registers ciphers. Another important initialization
 is the seeding of the PRNG (Pseudo Random Number Generator), which has to

doc/ssl/SSL_read.pod

@@ -38,7 +38,7 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 
-=head1 IMPORTANT
+=head1 WARNING
 
 When an SSL_read() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated

doc/ssl/SSL_write.pod

@@ -38,7 +38,7 @@ non-blocking socket, nothing is to be done, but select() can be used to check
 for the required condition. When using a buffering BIO, like a BIO pair, data
 must be written into or retrieved out of the BIO before being able to continue.
 
-=head1 IMPORTANT
+=head1 WARNING
 
 When an SSL_write() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated

doc/ssl/ssl.pod

@@ -625,12 +625,17 @@ connection defined in the B<SSL> structure.
 
 L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
 L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
 L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
-L<SSL_get_session(3)|SSL_get_session(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>,
 L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
-L<SSL_set_fd(3)|SSL_set_fd(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
 L<SSL_set_session(3)|SSL_set_session(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>

ms/mingw32.bat

@@ -76,6 +76,8 @@ rem Create files -- this can be skipped if using the GNU file utilities
 make -f ms/mingw32f.mak
 echo You can ignore the error messages above
 
+copy ms\tlhelp32.h outinc
+
 echo Building the libraries
 make -f ms/mingw32a.mak
 if errorlevel 1 goto end

ms/tlhelp32.h

@@ -0,0 +1,136 @@
+/*
+	tlhelp32.h - Include file for Tool help functions.
+
+	Written by Mumit Khan <khan@nanotech.wisc.edu>
+
+	This file is part of a free library for the Win32 API. 
+
+	This library is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+*/
+#ifndef _TLHELP32_H
+#define _TLHELP32_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+#define HF32_DEFAULT	1
+#define HF32_SHARED	2
+#define LF32_FIXED	0x1
+#define LF32_FREE	0x2
+#define LF32_MOVEABLE	0x4
+#define MAX_MODULE_NAME32	255
+#define TH32CS_SNAPHEAPLIST	0x1
+#define TH32CS_SNAPPROCESS	0x2
+#define TH32CS_SNAPTHREAD	0x4
+#define TH32CS_SNAPMODULE	0x8
+#define TH32CS_SNAPALL	(TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)
+#define TH32CS_INHERIT	0x80000000
+typedef struct tagHEAPLIST32 {
+	DWORD dwSize;
+	DWORD th32ProcessID;
+	DWORD th32HeapID;
+	DWORD dwFlags;
+} HEAPLIST32,*PHEAPLIST32,*LPHEAPLIST32;
+typedef struct tagHEAPENTRY32 {
+	DWORD dwSize;
+	HANDLE hHandle;
+	DWORD dwAddress;
+	DWORD dwBlockSize;
+	DWORD dwFlags;
+	DWORD dwLockCount;
+	DWORD dwResvd;
+	DWORD th32ProcessID;
+	DWORD th32HeapID;
+} HEAPENTRY32,*PHEAPENTRY32,*LPHEAPENTRY32;
+typedef struct tagPROCESSENTRY32W {
+	DWORD dwSize;
+	DWORD cntUsage;
+	DWORD th32ProcessID;
+	DWORD th32DefaultHeapID;
+	DWORD th32ModuleID;
+	DWORD cntThreads;
+	DWORD th32ParentProcessID;
+	LONG pcPriClassBase;
+	DWORD dwFlags;
+	WCHAR szExeFile[MAX_PATH];
+} PROCESSENTRY32W,*PPROCESSENTRY32W,*LPPROCESSENTRY32W;
+typedef struct tagPROCESSENTRY32 {
+	DWORD dwSize;
+	DWORD cntUsage;
+	DWORD th32ProcessID;
+	DWORD th32DefaultHeapID;
+	DWORD th32ModuleID;
+	DWORD cntThreads;
+	DWORD th32ParentProcessID;
+	LONG pcPriClassBase;
+	DWORD dwFlags;
+	CHAR  szExeFile[MAX_PATH];
+} PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32;
+typedef struct tagTHREADENTRY32 {
+	DWORD dwSize;
+	DWORD cntUsage;
+	DWORD th32ThreadID;
+	DWORD th32OwnerProcessID;
+	LONG tpBasePri;
+	LONG tpDeltaPri;
+	DWORD dwFlags;
+} THREADENTRY32,*PTHREADENTRY32,*LPTHREADENTRY32;
+typedef struct tagMODULEENTRY32W {
+	DWORD dwSize;
+	DWORD th32ModuleID;
+	DWORD th32ProcessID;
+	DWORD GlblcntUsage;
+	DWORD ProccntUsage;
+	BYTE *modBaseAddr;
+	DWORD modBaseSize;
+	HMODULE hModule; 
+	WCHAR szModule[MAX_MODULE_NAME32 + 1];
+	WCHAR szExePath[MAX_PATH];
+} MODULEENTRY32W,*PMODULEENTRY32W,*LPMODULEENTRY32W;
+typedef struct tagMODULEENTRY32 {
+	DWORD dwSize;
+	DWORD th32ModuleID;
+	DWORD th32ProcessID;
+	DWORD GlblcntUsage;
+	DWORD ProccntUsage;
+	BYTE *modBaseAddr;
+	DWORD modBaseSize;
+	HMODULE hModule;
+	char szModule[MAX_MODULE_NAME32 + 1];
+	char szExePath[MAX_PATH];
+} MODULEENTRY32,*PMODULEENTRY32,*LPMODULEENTRY32;
+BOOL WINAPI Heap32First(LPHEAPENTRY32,DWORD,DWORD);
+BOOL WINAPI Heap32ListFirst(HANDLE,LPHEAPLIST32);
+BOOL WINAPI Heap32ListNext(HANDLE,LPHEAPLIST32);
+BOOL WINAPI Heap32Next(LPHEAPENTRY32);
+BOOL WINAPI Module32First(HANDLE,LPMODULEENTRY32);
+BOOL WINAPI Module32FirstW(HANDLE,LPMODULEENTRY32W);
+BOOL WINAPI Module32Next(HANDLE,LPMODULEENTRY32);
+BOOL WINAPI Module32NextW(HANDLE,LPMODULEENTRY32W);
+BOOL WINAPI Process32First(HANDLE,LPPROCESSENTRY32);
+BOOL WINAPI Process32FirstW(HANDLE,LPPROCESSENTRY32W);
+BOOL WINAPI Process32Next(HANDLE,LPPROCESSENTRY32);
+BOOL WINAPI Process32NextW(HANDLE,LPPROCESSENTRY32W);
+BOOL WINAPI Thread32First(HANDLE,LPTHREADENTRY32);
+BOOL WINAPI Thread32Next(HANDLE,LPTHREADENTRY32);
+BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD,LPCVOID,LPVOID,DWORD,LPDWORD);
+HANDLE WINAPI CreateToolhelp32Snapshot(DWORD,DWORD);
+#ifdef UNICODE
+#define LPMODULEENTRY32 LPMODULEENTRY32W
+#define LPPROCESSENTRY32 LPPROCESSENTRY32W
+#define MODULEENTRY32 MODULEENTRY32W
+#define Module32First Module32FirstW
+#define Module32Next Module32NextW
+#define PMODULEENTRY32 PMODULEENTRY32W
+#define PPROCESSENTRY32 PPROCESSENTRY32W
+#define PROCESSENTRY32 PROCESSENTRY32W
+#define Process32First Process32FirstW
+#define Process32Next Process32NextW
+#endif /* UNICODE */
+#ifdef __cplusplus
+}
+#endif
+#endif /* _TLHELP32_H */
+

openssl.spec

@@ -22,9 +22,9 @@ BuildRoot:   /var/tmp/%{name}-%{version}-root
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
 documentation. 
 
 OpenSSL is based on the excellent SSLeay library developed from Eric A.
@@ -43,9 +43,9 @@ Requires: openssl-engine
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
 documentation. 
 
 OpenSSL is based on the excellent SSLeay library developed from Eric A.
@@ -64,9 +64,9 @@ Requires: openssl-engine
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
 documentation. 
 
 OpenSSL is based on the excellent SSLeay library developed from Eric A.

ssl/s23_srvr.c

@@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
 			 * SSLv3 or tls1 header
 			 */
 			
-			v[0]=p[1]; /* major version */
+			v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
 			/* We must look at client_version inside the Client Hello message
-			 * to get the correct minor version: */
-			v[1]=p[10];
-			/* However if we have only a pathologically small fragment of the
-			 * Client Hello message, we simply use the version from the
-			 * record header -- this is incorrect but unlikely to fail in
-			 * practice */
+			 * to get the correct minor version.
+			 * However if we have only a pathologically small fragment of the
+			 * Client Hello message, this would be difficult, we'd have
+			 * to read at least one additional record to find out.
+			 * This doesn't usually happen in real life, so we just complain
+			 * for now.
+			 */
 			if (p[3] == 0 && p[4] < 6)
-				v[1]=p[2];
+				{
+				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+				goto err;
+				}
+			v[1]=p[10]; /* minor version according to client_version */
 			if (v[1] >= TLS1_VERSION_MINOR)
 				{
 				if (!(s->options & SSL_OP_NO_TLSv1))

ssl/ssl.h

@@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_READ_WRONG_PACKET_TYPE			 212
 #define SSL_R_RECORD_LENGTH_MISMATCH			 213
 #define SSL_R_RECORD_TOO_LARGE				 214
+#define SSL_R_RECORD_TOO_SMALL				 1093
 #define SSL_R_REQUIRED_CIPHER_MISSING			 215
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217

ssl/ssl_err.c

@@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
 {SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
 {SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_RECORD_TOO_SMALL                  ,"record too small"},
 {SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
 {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
 {SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},

util/mk1mf.pl

@@ -366,10 +366,6 @@ all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
 banner:
 $banner
 
-# Generate perlasm output files
-%.cpp:
-	(cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F))
-
 \$(TMP_D):
 	\$(MKDIR) \$(TMP_D)
 # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
@@ -617,6 +613,14 @@ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPT
 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 
 print $defs;
+
+if ($platform eq "linux-elf") {
+    print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+	(cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F))
+EOF
+}
 print "###################################################################\n";
 print $rules;
 

util/pl/BC-32.pl

@@ -19,7 +19,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";

util/pl/Mingw32.pl

@@ -17,9 +17,9 @@ $mkdir='gmkdir';
 
 $cc='gcc';
 if ($debug)
-	{ $cflags="-DL_ENDIAN -g2 -ggdb"; }
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
 else
-	{ $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; }
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; }
 
 if ($gaswin and !$no_asm)
 	{

util/pl/Mingw32f.pl

@@ -11,9 +11,9 @@ $rm='del';
 
 $cc='gcc';
 if ($debug)
-	{ $cflags="-g2 -ggdb"; }
+	{ $cflags="-g2 -ggdb -DDSO_WIN32"; }
 else
-	{ $cflags="-O3 -fomit-frame-pointer"; }
+	{ $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; }
 
 $obj='.o';
 $ofile='-o ';

util/pl/VC-32.pl

@@ -12,7 +12,7 @@ $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -22,7 +22,7 @@ $inc_def="inc32";
 
 if ($debug)
 	{
-	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}
@@ -112,7 +112,8 @@ sub do_lib_rule
 	if (!$shlib)
 		{
 #		$ret.="\t\$(RM) \$(O_$Name)\n";
-		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+		$ex =' advapi32.lib';
+		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
 		}
 	else
 		{