I almost forgot...

I know it's earlier than announced.  The high amount of problems in
beta1 warants this, however.

CHANGES

@@ -4,6 +4,13 @@
 
  Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]
 
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
   *) des_quad_cksum() byte order bug fix.
      [Ulf M<>ller, using the problem description in krb4-0.9.7, where
       the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]

Configure

@@ -158,7 +158,7 @@ my %table=(
 
 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
 
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.

FAQ

@@ -9,6 +9,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why do I get a "PRNG not seeded" error message?
 * Why does the linker complain about undefined symbols?
 * Where can I get a compiled version of OpenSSL?
+* Why can't the OpenSSH configure script detect OpenSSL?
 
 
 * Which is the current version of OpenSSL?
@@ -150,3 +151,43 @@ a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
 
 A number of Linux and *BSD distributions include OpenSSL.
+
+
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+There is a problem with OpenSSH 1.2.2p1, in that the configure script
+can't find the installed OpenSSL libraries.  The problem is actually
+a small glitch that is easily solved with the following patch to be
+applied to the OpenSSH distribution:
+
+--- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
++++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
+@@ -152,10 +152,10 @@
+ AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
+ for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+ 	if test ! -z "$ssldir" ; then
+-		LIBS="$saved_LIBS -L$ssldir"
++		LIBS="$saved_LIBS -L$ssldir/lib"
+ 		CFLAGS="$CFLAGS -I$ssldir/include"
+ 		if test "x$need_dash_r" = "x1" ; then
+-			LIBS="$LIBS -R$ssldir"
++			LIBS="$LIBS -R$ssldir/lib"
+ 		fi
+ 	fi
+ 	LIBS="$LIBS -lcrypto"
+--- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
++++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
+@@ -1890,10 +1890,10 @@
+ echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
+ for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+ 	if test ! -z "$ssldir" ; then
+-		LIBS="$saved_LIBS -L$ssldir"
++		LIBS="$saved_LIBS -L$ssldir/lib"
+ 		CFLAGS="$CFLAGS -I$ssldir/include"
+ 		if test "x$need_dash_r" = "x1" ; then
+-			LIBS="$LIBS -R$ssldir"
++			LIBS="$LIBS -R$ssldir/lib"
+ 		fi
+ 	fi
+ 	LIBS="$LIBS -lcrypto"
+

NEWS

@@ -5,6 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
   Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
 
       o S/MIME support in new 'smime' command

README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.5a-beta1  20 Mar 2000
+ OpenSSL 0.9.5a-beta2  23 Mar 2000
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,10 +1,19 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/03/06 14:24:25 $
+  ______________                           $Date: 2000/03/21 20:42:35 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.5a: Under development...
+                       0.9.5a-beta1 is available.
+                        sunos-gcc                       - failed (ssize_t)
+                        ultrix-gcc, ultrix-cc           - failed (ssize_t)
+                        sco5-cc                         - bc fails in test
+			VC-Win32 (MSVC6SP3, nasm)       - failed (fixed) 
+			FreeBSD-elf (i686-pc-freebsd3.2)- failed (fixed)
+			HPUX (hpux-parisc-cc w/ +02)	- passed
+			OpenBSD-x86			- passed
+			solaris-sparcv9-cc		- passed
     o  OpenSSL 0.9.5:  Released on February 28th, 2000
     o  OpenSSL 0.9.4:  Released on August   09th, 1999
     o  OpenSSL 0.9.3a: Released on May      29th, 1999

TABLE

@@ -1685,7 +1685,7 @@ $rc5_obj      =
 
 *** sunos-gcc
 $cc           = gcc
-$cflags       = -O3 -mv8
+$cflags       = -O3 -mv8 -Dssize_t=int
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = 

crypto/Makefile.ssl

@@ -40,7 +40,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
 SRC= $(LIBSRC)
 
 EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
-HEADER=	cryptlib.h buildinf.h $(EXHEADER)
+HEADER=	cryptlib.h buildinf.h md32_common.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 

crypto/asn1/x_pubkey.c

@@ -183,8 +183,10 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 
 	Free(s);
 
+#if 0
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 	pk->pkey=pkey;
+#endif
 
 	if (*x != NULL)
 		X509_PUBKEY_free(*x);

crypto/bn/Makefile.ssl

@@ -5,6 +5,7 @@
 DIR=	bn
 TOP=	../..
 CC=	cc
+CPP=    $(CC) -E
 INCLUDES= -I.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=

crypto/des/destest.c

@@ -709,7 +709,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 
 	printf("Doing quad_cksum\n");
 	cs=quad_cksum(cbc_data,(des_cblock *)lqret,
-		(long)strlen(cbc_data),2,(des_cblock *)cbc_iv);
+		(long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
 	if (cs != 0x70d7a63aL)
 		{
 		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",

crypto/opensslv.h

@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00905811L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.5a-beta1 20 Mar 2000"
+#define OPENSSL_VERSION_NUMBER	0x00905812L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.5a-beta2 23 Mar 2000"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 #endif /* HEADER_OPENSSLV_H */

crypto/pkcs12/p12_crt.c

@@ -61,7 +61,7 @@
 #include <openssl/pkcs12.h>
 
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-	     STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+	     STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
 	     int keytype)
 {
 	PKCS12 *p12;
@@ -103,8 +103,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	
 	/* Add all other certificates */
 	if(ca) {
-		for(i = 0; i < sk_num(ca); i++) {
-			tcert = (X509 *)sk_value(ca, i);
+		for(i = 0; i < sk_X509_num(ca); i++) {
+			tcert = sk_X509_value(ca, i);
 			if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
 			if(!sk_push(bags, (char *)bag)) {
 				PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);

crypto/pkcs12/p12_kiss.c

@@ -62,9 +62,17 @@
 
 /* Simplified PKCS#12 routines */
 
-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca);
-static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
+		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+static int parse_bags( STACK *bags, const char *pass, int passlen,
+		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+		ASN1_OCTET_STRING **keyid, char *keymatch);
+
+static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+			ASN1_OCTET_STRING **keyid, char *keymatch);
+
 /* Parse and decrypt a PKCS#12 structure returning user key, user cert
  * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
  * or it should point to a valid STACK structure. pkey and cert can be
@@ -72,7 +80,7 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PK
  */
 
 int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-	     STACK **ca)
+	     STACK_OF(X509) **ca)
 {
 
 	/* Check for NULL PKCS12 structure */
@@ -86,7 +94,7 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 	/* Allocate stack for ca certificates if needed */
 	if ((ca != NULL) && (*ca == NULL))
 		{
-		if (!(*ca = sk_new(NULL)))
+		if (!(*ca = sk_X509_new(NULL)))
 			{
 			PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
 			return 0;
@@ -116,7 +124,7 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
 	if (pkey && *pkey) EVP_PKEY_free (*pkey);
 	if (cert && *cert) X509_free (*cert);
-	if (ca) sk_pop_free (*ca, X509_free);
+	if (ca) sk_X509_pop_free (*ca, X509_free);
 	return 0;
 
 }
@@ -124,7 +132,7 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 /* Parse the outer PKCS#12 structure */
 
 static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
-	     EVP_PKEY **pkey, X509 **cert, STACK **ca)
+	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
 	STACK *asafes, *bags;
 	int i, bagnid;
@@ -159,7 +167,7 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
 
 
 static int parse_bags (STACK *bags, const char *pass, int passlen,
-		       EVP_PKEY **pkey, X509 **cert, STACK **ca,
+		       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
 		       ASN1_OCTET_STRING **keyid, char *keymatch)
 {
 	int i;
@@ -176,7 +184,7 @@ static int parse_bags (STACK *bags, const char *pass, int passlen,
 #define MATCH_ALL  0x3
 
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-		      EVP_PKEY **pkey, X509 **cert, STACK **ca,
+		      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
 		      ASN1_OCTET_STRING **keyid,
 	     char *keymatch)
 {
@@ -226,7 +234,10 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 		if (lkey) {
 			*keymatch |= MATCH_CERT;
 			if (cert) *cert = x509;
-		} else if (ca) sk_push (*ca, (char *)x509);
+		} else {
+			if(ca) sk_X509_push (*ca, x509);
+			else X509_free(x509);
+		}
 	break;
 
 	case NID_safeContentsBag:

crypto/pkcs12/pkcs12.h

@@ -265,9 +265,9 @@ void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
 void ERR_load_PKCS12_strings(void);
 void PKCS12_PBE_add(void);
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-		 STACK **ca);
+		 STACK_OF(X509) **ca);
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-			 STACK *ca, int nid_key, int nid_cert, int iter,
+			 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
 						 int mac_iter, int keytype);
 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);

crypto/pkcs7/README

@@ -1,5 +0,0 @@
-WARNING
-
-Everything in this directory is experimental and is subject to change.
-
-Do not rely on the stuff in here not changing in the next release

crypto/pkcs7/pk7_doit.c

@@ -699,6 +699,7 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
 	if (i <= 0) 
 		{
 		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+		X509_STORE_CTX_cleanup(ctx);
 		goto err;
 		}
 	X509_STORE_CTX_cleanup(ctx);

crypto/rc4/Makefile.ssl

@@ -5,6 +5,7 @@
 DIR=	rc4
 TOP=	../..
 CC=	cc
+CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
 INSTALL_PREFIX=

crypto/sha/Makefile.ssl

@@ -5,6 +5,7 @@
 DIR=    sha
 TOP=    ../..
 CC=     cc
+CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
 INSTALL_PREFIX=

doc/apps/openssl.pod

@@ -12,6 +12,10 @@ I<command>
 [ I<command_opts> ]
 [ I<command_args> ]
 
+B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> ]
+
+B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
+
 =head1 DESCRIPTION
 
 OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
@@ -35,6 +39,22 @@ The B<openssl> program provides a rich variety of commands (I<command> in the
 SYNOPSIS above), each of which often has a wealth of options and arguments
 (I<command_opts> and I<command_args> in the SYNOPSIS).
 
+The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>,
+and B<list-cipher-commands> output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present B<openssl> utility.
+
+The pseudo-command B<no->I<XXX> tests whether a command of the
+specified name is available.  If no command named I<XXX> exists, it
+returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
+and prints I<XXX>.  In both cases, the output goes to B<stdout> and
+nothing is printed to B<stderr>.  Additional command line arguments
+are always ignored.  Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is
+not able to detect pseudo-commands such as B<quit>,
+B<list->I<...>B<-commands>, or B<no->I<XXX> itself.)
+
 =head2 STANDARD COMMANDS
 
 =over 10
@@ -296,7 +316,10 @@ L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
 
 =head1 HISTORY
 
-The openssl(1) document appeared in OpenSSL 0.9.2
+The openssl(1) document appeared in OpenSSL 0.9.2.
+The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3;
+the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a.
+For notes on the availability of other commands, see their individual
+manual pages.
 
 =cut
-

doc/apps/x509.pod

@@ -212,9 +212,10 @@ clears all the prohibited or rejected uses of the certificate.
 
 =item B<-addtrust arg>
 
-adds a trusted certificate use. Currently acceptable values
-are B<all> (any purpose), B<sslclient> (SSL client use), B<sslserver>
-(SSL server use) B<email> (S/MIME email) and B<objsign> (Object signing).
+adds a trusted certificate use. Any object name can be used here
+but currently only B<clientAuth> (SSL client use), B<serverAuth>
+(SSL server use) and B<emailProtection> (S/MIME email) are used.
+Other OpenSSL applications may define additional uses.
 
 =item B<-addreject arg>
 

doc/crypto/RAND_add.pod

@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-RAND_add, RAND_seed, RAND_status, RAND_screen - add entropy to the PRNG
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
 
 =head1 SYNOPSIS
 
@@ -14,6 +15,7 @@ RAND_add, RAND_seed, RAND_status, RAND_screen - add entropy to the PRNG
 
  int  RAND_status(void);
 
+ int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
  void RAND_screen(void);
 
 =head1 DESCRIPTION
@@ -40,17 +42,24 @@ or L<RAND_load_file(3)|RAND_load_file(3)>.
 
 RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
 
+RAND_event() collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the PRNG. The program can then
+process the messages as usual.
+
 The RAND_screen() function is available for the convenience of Windows
 programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG with
-the parameters of B<WM_MOUSEMOVE> events is a significantly better
-source of randomness. It should be noted that both methods cannot be
-used on servers that run without user interaction.
+For applications that can catch Windows events, seeding the PRNG by
+calling RAND_event() is a significantly better source of
+randomness. It should be noted that both methods cannot be used on
+servers that run without user interaction.
 
 =head1 RETURN VALUES
 
-RAND_status() returns 1 if the PRNG has been seeded with enough data,
-0 otherwise.
+RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+with enough data, 0 otherwise.
 
 The other functions do not return values.
 
@@ -63,6 +72,6 @@ L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
 
 RAND_seed() and RAND_screen() are available in all versions of SSLeay
 and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
-0.9.5.
+0.9.5, RAND_event() in OpenSSL 0.9.5a.
 
 =cut

doc/crypto/blowfish.pod

@@ -57,28 +57,31 @@ everything after the first 64 bits is ignored.
 
 The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
 all operate on variable length data.  They all take an initialisation vector
-B<ivec> which must be initially filled with zeros, but then just need to be
-passed along into the next call of the same function for the same message. 
+B<ivec> which needs to be passed along into the next call of the same function 
+for the same message.  B<ivec> may be initialised with anything, but the
+recipient needs to know what it was initialised with, or it won't be able
+to decrypt.  Some programs and protocols simplify this, like SSH, where
+B<ivec> is simply initialised to zero.
 BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while
 BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
 number of bytes (the amount does not have to be an exact multiple of 8).  The
 purpose of the latter two is to simulate stream ciphers, and therefore, they
 need the parameter B<num>, which is a pointer to an integer where the current
 offset in B<ivec> is stored between calls.  This integer must be initialised
-to zero when B<ivec> is filled with zeros.
+to zero when B<ivec> is initialised.
 
 BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.  It
 encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
 putting the result in B<out>.  B<enc> decides if encryption (BF_ENCRYPT) or
 decryption (BF_DECRYPT) shall be performed.  B<ivec> must point at an 8 byte
-long initialisation vector, which must be initially filled with zeros.
+long initialisation vector.
 
 BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
 It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
 putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
 or decryption (B<BF_DECRYPT>) shall be performed.  B<ivec> must point at an
-8 byte long initialisation vector, which must be initially filled with zeros.
-B<num> must point at an integer which must be initially zero.
+8 byte long initialisation vector. B<num> must point at an integer which must
+be initially zero.
 
 BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
 It uses the same parameters as BF_cfb64_encrypt(), which must be initialised

e_os.h

@@ -194,9 +194,7 @@ extern "C" {
 #  include <io.h>
 #  include <fcntl.h>
 
-#  ifdef __MINGW32__
-#    define ssize_t long
-#  endif
+#  define ssize_t long
 
 #  if defined (__BORLANDC__)
 #    define _setmode setmode
@@ -392,6 +390,12 @@ extern HINSTANCE _hInstance;
 #  endif
 #endif
 
+#if defined(__ultrix)
+#  ifndef ssize_t
+#    define ssize_t int 
+#  endif
+#endif
+
 #if defined(THREADS) || defined(sun)
 #ifndef _REENTRANT
 #define _REENTRANT

util/selftest.pl

@@ -83,7 +83,7 @@ if (open(TEST,">cctest.c")) {
 	print OUT "Compiler doesn't work.\n";
 	goto err;
     }
-    system("ar r cctest.a");
+    system("ar r cctest.a /dev/null");
     if (not -f "cctest.a") {
 	print OUT "Check your archive tool (ar).\n";
 	goto err;