Resolve conflicts.

svn path=/head/; revision=59194

crypto/openssl/apps/speed.c

@@ -240,16 +240,19 @@ static double Time_F(int s)
 #endif
 	}
 
+int MAIN(int, char **);
+
 int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
-	int ret=1;
+	int mret=1;
 #define ALGOR_NUM	14
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
 	long count,rsa_count;
-	int i,j,k,rsa_num,rsa_num2;
+	int i,j,k;
+	unsigned rsa_num,rsa_num2;
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
@@ -346,6 +349,7 @@ int MAIN(int argc, char **argv)
 	int pr_header=0;
 
 	apps_startup();
+	memset(results, 0, sizeof(results));
 #ifndef NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
@@ -423,18 +427,20 @@ int MAIN(int argc, char **argv)
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
 		else 
 #endif
-#ifndef NO_DEF
+#ifndef NO_DES
 			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
 		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
 		else
 #endif
 #ifndef NO_RSA
+#ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
 			RSA_set_default_method(RSA_PKCS1());
 			j--;
 			}
 		else
+#endif
 #endif /* !NO_RSA */
 		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
 		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
@@ -580,9 +586,9 @@ int MAIN(int argc, char **argv)
 #endif
 
 #ifndef NO_DES
-	des_set_key(&key,sch);
-	des_set_key(&key2,sch2);
-	des_set_key(&key3,sch3);
+	des_set_key_unchecked(&key,sch);
+	des_set_key_unchecked(&key2,sch2);
+	des_set_key_unchecked(&key3,sch3);
 #endif
 #ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
@@ -606,6 +612,7 @@ int MAIN(int argc, char **argv)
 	memset(rsa_c,0,sizeof(rsa_c));
 #endif
 #ifndef SIGALRM
+#ifndef NO_DES
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
@@ -697,10 +704,14 @@ int MAIN(int argc, char **argv)
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+#endif /* NO_DES */
+#else
 #define COND(c)	(run)
 #define COUNT(d) (count)
 	signal(SIGALRM,sig_done);
-#endif
+#endif /* SIGALRM */
 
 #ifndef NO_MD2
 	if (doit[D_MD2])
@@ -950,22 +961,22 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
-	RAND_bytes(buf,30);
+	RAND_pseudo_bytes(buf,36);
 #ifndef NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
+		int ret;
 		if (!rsa_doit[j]) continue;
-		rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
-			RSA_PKCS1_PADDING);
+		ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
 		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
 			RSA_SECONDS);
 /*		RSA_blinding_on(rsa_key[j],NULL); */
 		Time_F(START);
 		for (count=0,run=1; COND(rsa_c[j][0]); count++)
 			{
-			rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
-				RSA_PKCS1_PADDING);
-			if (rsa_num <= 0)
+			ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
+								 rsa_key[j]);
+			if (ret <= 0)
 				{
 				BIO_printf(bio_err,"RSA private encrypt failure\n");
 				ERR_print_errors(bio_err);
@@ -980,18 +991,17 @@ int MAIN(int argc, char **argv)
 		rsa_count=count;
 
 #if 1
-		rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
-			RSA_PKCS1_PADDING);
+		ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
 		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
 			RSA_SECONDS);
 		Time_F(START);
 		for (count=0,run=1; COND(rsa_c[j][1]); count++)
 			{
-			rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
-				RSA_PKCS1_PADDING);
-			if (rsa_num2 <= 0)
+			ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
+								rsa_key[j]);
+			if (ret <= 0)
 				{
-				BIO_printf(bio_err,"RSA public encrypt failure\n");
+				BIO_printf(bio_err,"RSA verify failure\n");
 				ERR_print_errors(bio_err);
 				count=1;
 				break;
@@ -1012,8 +1022,13 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
-	RAND_bytes(buf,20);
+	RAND_pseudo_bytes(buf,20);
 #ifndef NO_DSA
+	if (RAND_status() != 1)
+		{
+		RAND_seed(rnd_seed, sizeof rnd_seed);
+		rnd_fake = 1;
+		}
 	for (j=0; j<DSA_NUM; j++)
 		{
 		unsigned int kk;
@@ -1030,7 +1045,7 @@ int MAIN(int argc, char **argv)
 			{
 			rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
 				&kk,dsa_key[j]);
-			if (rsa_num <= 0)
+			if (rsa_num == 0)
 				{
 				BIO_printf(bio_err,"DSA sign failure\n");
 				ERR_print_errors(bio_err);
@@ -1053,7 +1068,7 @@ int MAIN(int argc, char **argv)
 			{
 			rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
 				kk,dsa_key[j]);
-			if (rsa_num2 <= 0)
+			if (rsa_num2 == 0)
 				{
 				BIO_printf(bio_err,"DSA verify failure\n");
 				ERR_print_errors(bio_err);
@@ -1073,6 +1088,7 @@ int MAIN(int argc, char **argv)
 				dsa_doit[j]=0;
 			}
 		}
+	if (rnd_fake) RAND_cleanup();
 #endif
 
 	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
@@ -1149,7 +1165,7 @@ int MAIN(int argc, char **argv)
 		fprintf(stdout,"\n");
 		}
 #endif
-	ret=0;
+	mret=0;
 end:
 	if (buf != NULL) Free(buf);
 	if (buf2 != NULL) Free(buf2);
@@ -1163,7 +1179,7 @@ int MAIN(int argc, char **argv)
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
 #endif
-	EXIT(ret);
+	EXIT(mret);
 	}
 
 static void print_message(char *s, long num, int length)

crypto/openssl/crypto/des/des.h

@@ -79,10 +79,7 @@ extern "C" {
 typedef unsigned char des_cblock[8];
 typedef /* const */ unsigned char const_des_cblock[8];
 /* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
- * and const_des_cblock * are incompatible pointer types.
- * I haven't seen that warning on other systems ... I'll look
- * what the standard says. */
-
+ * and const_des_cblock * are incompatible pointer types. */
 
 typedef struct des_ks_struct
 	{
@@ -142,8 +139,26 @@ void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
 		     int enc);
 void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
 		     des_key_schedule ks,int enc);
+
+/* 	This is the DES encryption function that gets called by just about
+	every other DES routine in the library.  You should not use this
+	function except to implement 'modes' of DES.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.  The characters are loaded 'little endian'.
+	Data is a pointer to 2 unsigned long's and ks is the
+	des_key_schedule to use.  enc, is non zero specifies encryption,
+	zero if decryption. */
 void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+
+/* 	This functions is the same as des_encrypt() except that the DES
+	initial permutation (IP) and final permutation (FP) have been left
+	out.  As for des_encrypt(), you should not use this function.
+	It is used by the routines in the library that implement triple DES.
+	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
+	as des_encrypt() des_encrypt() des_encrypt() except faster :-). */
 void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+
 void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
 	des_key_schedule ks2, des_key_schedule ks3);
 void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
@@ -187,18 +202,24 @@ void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
 DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
 			long length,int out_count,des_cblock *seed);
 void des_random_seed(des_cblock *key);
-void des_random_key(des_cblock *ret);
 int des_new_random_key(des_cblock *key);
 void des_init_random_number_generator(des_cblock *seed);
 void des_rand_data(unsigned char *data, int size);
+int des_random_key(des_cblock *ret);
 int des_read_password(des_cblock *key,const char *prompt,int verify);
 int des_read_2passwords(des_cblock *key1,des_cblock *key2,
 			const char *prompt,int verify);
 int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
 void des_set_odd_parity(des_cblock *key);
+int des_check_key_parity(const_des_cblock *key);
 int des_is_weak_key(const_des_cblock *key);
+/* des_set_key (= set_key = des_key_sched = key_sched) calls
+ * des_set_key_checked if global variable des_check_key is set,
+ * des_set_key_unchecked otherwise. */
 int des_set_key(const_des_cblock *key,des_key_schedule schedule);
 int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
+int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule);
+void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule);
 void des_string_to_key(const char *str,des_cblock *key);
 void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
 void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
@@ -208,9 +229,6 @@ void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
 		       des_key_schedule schedule,des_cblock *ivec,int *num);
 int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
 
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
-
 /* The following definitions provide compatibility with the MIT Kerberos
  * library. The des_key_schedule structure is not binary compatible. */
 
@@ -240,11 +258,11 @@ void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
 #  define xcbc_encrypt des_xcbc_encrypt
 #  define cbc_cksum des_cbc_cksum
 #  define quad_cksum des_quad_cksum
+#  define check_parity des_check_key_parity
 #endif
 
 typedef des_key_schedule bit_64;
 #define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
 
 #ifdef  __cplusplus
 }

crypto/openssl/crypto/err/err_all.c

@@ -78,6 +78,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/conf.h>
 #include <openssl/pkcs12.h>
+#include <openssl/rand.h>
 #include <openssl/err.h>
 
 void ERR_load_crypto_strings(void)
@@ -110,5 +111,6 @@ void ERR_load_crypto_strings(void)
 	ERR_load_CRYPTO_strings();
 	ERR_load_PKCS7_strings();
 	ERR_load_PKCS12_strings();
+	ERR_load_RAND_strings();
 #endif
 	}

crypto/openssl/crypto/evp/evp.h

@@ -148,7 +148,7 @@ extern "C" {
 
 /* Type needs to be a bit field
  * Sub-type needs to be for variations on the method, as in, can it do
- * arbitary encryption.... */
+ * arbitrary encryption.... */
 typedef struct evp_pkey_st
 	{
 	int type;
@@ -342,7 +342,7 @@ typedef struct evp_cipher_ctx_st
 	unsigned char buf[EVP_MAX_IV_LENGTH];	/* saved partial block */
 	int num;				/* used by cfb/ofb mode */
 
-	char *app_data;		/* aplication stuff */
+	char *app_data;		/* application stuff */
 	union	{
 #ifndef NO_RC4
 		struct
@@ -417,9 +417,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_MD_size(e)			((e)->md_size)
 #define EVP_MD_block_size(e)		((e)->block_size)
 
+#define EVP_MD_CTX_md(e)		((e)->digest)
 #define EVP_MD_CTX_size(e)		EVP_MD_size((e)->digest)
 #define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
-#define EVP_MD_CTX_type(e)		((e)->digest)
+#define EVP_MD_CTX_type(e)		EVP_MD_type((e)->digest)
 
 #define EVP_CIPHER_nid(e)		((e)->nid)
 #define EVP_CIPHER_block_size(e)	((e)->block_size)
@@ -517,15 +518,14 @@ void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
 void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
 		int *outl,unsigned char *in,int inl);
 void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int	EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+int	EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
 
 void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
 int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
 		unsigned char *in, int inl);
 int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
 		char *out, int *outl);
-int	EVP_DecodeBlock(unsigned char *t, unsigned
-		char *f, int n);
+int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 
 void	ERR_load_EVP_strings(void );
 
@@ -590,9 +590,12 @@ EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
 EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
 EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 
-void SSLeay_add_all_algorithms(void);
-void SSLeay_add_all_ciphers(void);
-void SSLeay_add_all_digests(void);
+void OpenSSL_add_all_algorithms(void);
+void OpenSSL_add_all_ciphers(void);
+void OpenSSL_add_all_digests(void);
+#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
+#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
+#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
 
 int EVP_add_cipher(EVP_CIPHER *cipher);
 int EVP_add_digest(EVP_MD *digest);
@@ -609,6 +612,18 @@ int		EVP_PKEY_type(int type);
 int		EVP_PKEY_bits(EVP_PKEY *pkey);
 int		EVP_PKEY_size(EVP_PKEY *pkey);
 int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+#ifndef NO_RSA
+int 		EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+RSA *		EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+#endif
+#ifndef NO_DSA
+int 		EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+DSA *		EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+#endif
+#ifndef NO_DH
+int 		EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+DH *		EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+#endif
 EVP_PKEY *	EVP_PKEY_new(void);
 void		EVP_PKEY_free(EVP_PKEY *pkey);
 EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
@@ -617,6 +632,8 @@ int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
 
 EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
 			long length);
+EVP_PKEY *	d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
+			long length);
 int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
 
 int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
@@ -673,6 +690,9 @@ void EVP_PBE_cleanup(void);
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
 #define EVP_F_EVP_PKEY_DECRYPT				 104
 #define EVP_F_EVP_PKEY_ENCRYPT				 105
+#define EVP_F_EVP_PKEY_GET1_DH				 119
+#define EVP_F_EVP_PKEY_GET1_DSA				 120
+#define EVP_F_EVP_PKEY_GET1_RSA				 121
 #define EVP_F_EVP_PKEY_NEW				 106
 #define EVP_F_EVP_SIGNFINAL				 107
 #define EVP_F_EVP_VERIFYFINAL				 108
@@ -689,10 +709,13 @@ void EVP_PBE_cleanup(void);
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
 #define EVP_R_ENCODE_ERROR				 115
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
+#define EVP_R_EXPECTING_AN_RSA_KEY			 127
+#define EVP_R_EXPECTING_A_DH_KEY			 128
+#define EVP_R_EXPECTING_A_DSA_KEY			 129
 #define EVP_R_INPUT_NOT_INITIALIZED			 111
 #define EVP_R_IV_TOO_LARGE				 102
 #define EVP_R_KEYGEN_FAILURE				 120
-#define EVP_R_MISSING_PARMATERS				 103
+#define EVP_R_MISSING_PARAMETERS			 103
 #define EVP_R_NO_DSA_PARAMETERS				 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105

crypto/openssl/crypto/rsa/rsa.h

@@ -92,6 +92,18 @@ typedef struct rsa_meth_st
 	int (*finish)(RSA *rsa);	/* called at free */
 	int flags;			/* RSA_METHOD_FLAG_* things */
 	char *app_data;			/* may be needed! */
+/* New sign and verify functions: some libraries don't allow arbitrary data
+ * to be signed/verified: this allows them to be used. Note: for this to work
+ * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
+ * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
+ * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+ * option is set in 'flags'.
+ */
+	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
+             unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
 	} RSA_METHOD;
 
 struct rsa_st
@@ -141,12 +153,16 @@ struct rsa_st
  */
 #define RSA_FLAG_EXT_PKEY		0x20
 
+/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
+ */
+#define RSA_FLAG_SIGN_VER		0x40
+
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
 #define RSA_PKCS1_OAEP_PADDING	4
 
-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,(char *)arg)
+#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
 RSA *	RSA_new(void);
@@ -179,6 +195,8 @@ int RSA_memory_lock(RSA *r);
 /* these are the actual SSLeay RSA functions */
 RSA_METHOD *RSA_PKCS1(void);
 
+RSA_METHOD *RSA_null_method(void);
+
 void	ERR_load_RSA_strings(void );
 
 RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
@@ -239,12 +257,11 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
 int RSA_padding_check_none(unsigned char *to,int tlen,
 	unsigned char *f,int fl,int rsa_len);
 
-int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
-int RSA_set_ex_data(RSA *r,int idx,char *arg);
-char *RSA_get_ex_data(RSA *r, int idx);
-
 int RSA_libversion();
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int RSA_set_ex_data(RSA *r,int idx,void *arg);
+void *RSA_get_ex_data(RSA *r, int idx);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -262,6 +279,7 @@ int RSA_libversion();
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
 #define RSA_F_RSA_GENERATE_KEY				 105
 #define RSA_F_RSA_NEW_METHOD				 106
+#define RSA_F_RSA_NULL					 124
 #define RSA_F_RSA_PADDING_ADD_NONE			 107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
@@ -292,10 +310,11 @@ int RSA_libversion();
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
 #define RSA_R_DATA_TOO_SMALL				 111
 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
+#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
+#define RSA_R_INVALID_MESSAGE_LENGTH			 131
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
@@ -304,6 +323,7 @@ int RSA_libversion();
 #define RSA_R_PADDING_CHECK_FAILED			 114
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
+#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
 #define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117

crypto/openssl/crypto/rsa/rsa_lib.c

@@ -68,7 +68,7 @@ const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
 static RSA_METHOD *default_RSA_meth=NULL;
 static int rsa_meth_num=0;
-static STACK *rsa_meth=NULL;
+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
 
 RSA *RSA_new(void)
 	{
@@ -106,7 +106,11 @@ RSA *RSA_new_method(RSA_METHOD *meth)
 
 	if (default_RSA_meth == NULL)
 		{
+#ifdef RSA_NULL
+		default_RSA_meth=RSA_null_method();
+#else
 		default_RSA_meth=RSA_PKCS1();
+#endif
 		}
 	ret=(RSA *)Malloc(sizeof(RSA));
 	if (ret == NULL)
@@ -143,7 +147,7 @@ RSA *RSA_new_method(RSA_METHOD *meth)
 		ret=NULL;
 		}
 	else
-		CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+		CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
 	return(ret);
 	}
 
@@ -166,7 +170,7 @@ void RSA_free(RSA *r)
 		}
 #endif
 
-	CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);
+	CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
 
 	if (r->meth->finish != NULL)
 		r->meth->finish(r);
@@ -184,20 +188,20 @@ void RSA_free(RSA *r)
 	Free(r);
 	}
 
-int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	     int (*dup_func)(), void (*free_func)())
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
 	rsa_meth_num++;
 	return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
 		&rsa_meth,argl,argp,new_func,dup_func,free_func));
         }
 
-int RSA_set_ex_data(RSA *r, int idx, char *arg)
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
 	{
 	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
 	}
 
-char *RSA_get_ex_data(RSA *r, int idx)
+void *RSA_get_ex_data(RSA *r, int idx)
 	{
 	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}
@@ -262,19 +266,19 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	if (rsa->blinding != NULL)
 		BN_BLINDING_free(rsa->blinding);
 
-	A= &(ctx->bn[0]);
-	ctx->tos++;
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
 	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
 	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
 	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
 	    goto err;
 	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
-	ctx->tos--;
 	rsa->flags|=RSA_FLAG_BLINDING;
 	BN_free(Ai);
 	ret=1;
 err:
+	BN_CTX_end(ctx);
 	if (ctx != p_ctx) BN_CTX_free(ctx);
 	return(ret);
 	}

crypto/openssl/rsaref/rsar_err.c

@@ -55,7 +55,8 @@
  */
 
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file.
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
 
 #include <stdio.h>

crypto/openssl/rsaref/rsaref.c

@@ -280,7 +280,8 @@ int RSA_ref_public_encrypt(int len, unsigned char *from, unsigned char *to,
 	R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
 	while (i > 0)
 		{
-		RAND_bytes(buf,16);
+		if (RAND_bytes(buf,16) <= 0)
+			goto err;
 		R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
 		i-=16;
 		}
@@ -299,4 +300,10 @@ int RSA_ref_public_encrypt(int len, unsigned char *from, unsigned char *to,
 	memset(&rnd,0,sizeof(rnd));
 	return(outlen);
 	}
+#else /* !NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
 #endif

crypto/openssl/ssl/s23_clnt.c

@@ -106,7 +106,7 @@ int ssl23_connect(SSL *s)
 	int ret= -1;
 	int new_state,state;
 
-	RAND_seed(&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -226,7 +226,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
 		p=s->s3->client_random;
-		RAND_bytes(p,SSL3_RANDOM_SIZE);
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
 
 		/* Do the message type and length last */
 		d= &(buf[2]);
@@ -287,7 +287,7 @@ static int ssl23_client_hello(SSL *s)
 			i=ch_len;
 		s2n(i,d);
 		memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-		RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+		RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		p+=i;
 
@@ -311,7 +311,7 @@ static int ssl23_get_server_hello(SSL *s)
 	{
 	char buf[8];
 	unsigned char *p;
-	int i,ch_len;
+	int i;
 	int n;
 
 	n=ssl23_read_bytes(s,7);
@@ -325,12 +325,13 @@ static int ssl23_get_server_hello(SSL *s)
 		(p[5] == 0x00) && (p[6] == 0x02))
 		{
 #ifdef NO_SSL2
-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-			goto err;
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+		goto err;
 #else
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3 setup and put in the
 		 * sslv2 stuff. */
+		int ch_len;
 
 		if (s->options & SSL_OP_NO_SSLv2)
 			{

crypto/openssl/ssl/s23_lib.c

@@ -69,7 +69,7 @@ static int ssl23_write(SSL *s, const void *buf, int len);
 static long ssl23_default_timeout(void );
 static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
+const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
 
 static SSL_METHOD SSLv23_data= {
 	TLS1_VERSION,
@@ -94,6 +94,9 @@ static SSL_METHOD SSLv23_data= {
 	ssl_bad_method,
 	ssl23_default_timeout,
 	&ssl3_undef_enc_method,
+	ssl_undefined_function,
+	ssl3_callback_ctrl,
+	ssl3_ctx_callback_ctrl,
 	};
 
 static long ssl23_default_timeout(void)
@@ -110,9 +113,9 @@ static int ssl23_num_ciphers(void)
 	{
 	return(ssl3_num_ciphers()
 #ifndef NO_SSL2
-	       +ssl2_num_ciphers()
+	       + ssl2_num_ciphers()
 #endif
-	       );
+	    );
 	}
 
 static SSL_CIPHER *ssl23_get_cipher(unsigned int u)

crypto/openssl/ssl/s23_srvr.c

@@ -105,7 +105,7 @@ int ssl23_accept(SSL *s)
 	int ret= -1;
 	int new_state,state;
 
-	RAND_seed(&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -190,23 +190,39 @@ int ssl23_accept(SSL *s)
 
 int ssl23_get_client_hello(SSL *s)
 	{
-	char buf_space[8];
+	char buf_space[11]; /* Request this many bytes in initial read.
+	                     * We can detect SSL 3.0/TLS 1.0 Client Hellos
+	                     * ('type == 3') correctly only when the following
+	                     * is in a single record, which is not guaranteed by
+	                     * the protocol specification:
+	                     * Byte  Content
+	                     *  0     type            \
+	                     *  1/2   version          > record header
+	                     *  3/4   length          /
+	                     *  5     msg_type        \
+	                     *  6-8   length           > Client Hello message
+	                     *  9/10  client_version  /
+	                     */
 	char *buf= &(buf_space[0]);
 	unsigned char *p,*d,*dd;
 	unsigned int i;
 	unsigned int csl,sil,cl;
-	int n=0,j,tls1=0;
-	int type=0,use_sslv2_strong=0;
+	int n=0,j;
+	int type=0;
 	int v[2];
+#ifndef NO_RSA
+	int use_sslv2_strong=0;
+#endif
 
-	/* read the initial header */
-	v[0]=v[1]=0;
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
+		/* read the initial header */
+		v[0]=v[1]=0;
+
 		if (!ssl3_setup_buffers(s)) goto err;
 
-		n=ssl23_read_bytes(s,7);
-		if (n != 7) return(n); /* n == -1 || n == 0 */
+		n=ssl23_read_bytes(s, sizeof buf_space);
+		if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
 
 		p=s->packet;
 
@@ -214,7 +230,9 @@ int ssl23_get_client_hello(SSL *s)
 
 		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
 			{
-			/* SSLv2 header */
+			/*
+			 * SSLv2 header
+			 */
 			if ((p[3] == 0x00) && (p[4] == 0x02))
 				{
 				v[0]=p[3]; v[1]=p[4];
@@ -230,11 +248,14 @@ int ssl23_get_client_hello(SSL *s)
 					{
 					if (!(s->options & SSL_OP_NO_TLSv1))
 						{
-						tls1=1;
+						s->version=TLS1_VERSION;
+						/* type=2; */ /* done later to survive restarts */
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
 					else if (!(s->options & SSL_OP_NO_SSLv3))
 						{
+						s->version=SSL3_VERSION;
+						/* type=2; */
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
 					else if (!(s->options & SSL_OP_NO_SSLv2))
@@ -243,12 +264,26 @@ int ssl23_get_client_hello(SSL *s)
 						}
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
+					{
+					s->version=SSL3_VERSION;
+					/* type=2; */
 					s->state=SSL23_ST_SR_CLNT_HELLO_B;
+					}
 				else if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;
 
 				if (s->options & SSL_OP_NON_EXPORT_FIRST)
+					/* Not only utterly confusing, but broken
+					 * ('fractured programming'?) -- the details
+					 * of this block nearly make it work
+					 * as intended in this environment, but on one
+					 * of the fine points (w.r.t. restarts) it fails.
+					 * The obvious fix would be even more devastating
+					 * to program structure; if you want the functionality,
+					 * throw this away and implement it in a way
+					 * that makes sense */
 					{
+#if 0
 					STACK_OF(SSL_CIPHER) *sk;
 					SSL_CIPHER *c;
 					int ne2,ne3;
@@ -298,27 +333,51 @@ int ssl23_get_client_hello(SSL *s)
 							goto next_bit;
 							}
 						}
+#else
+					SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
+					goto err;
+#endif
 					}
 				}
 			}
 		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 			 (p[1] == SSL3_VERSION_MAJOR) &&
-			 (p[5] == SSL3_MT_CLIENT_HELLO))
+			 (p[5] == SSL3_MT_CLIENT_HELLO) &&
+			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
+				|| (p[9] == p[1])))
 			{
-			v[0]=p[1]; v[1]=p[2];
-			/* true SSLv3 or tls1 */
-			if (p[2] >= TLS1_VERSION_MINOR)
+			/*
+			 * SSLv3 or tls1 header
+			 */
+			
+			v[0]=p[1]; /* major version */
+			/* We must look at client_version inside the Client Hello message
+			 * to get the correct minor version: */
+			v[1]=p[10];
+			/* However if we have only a pathologically small fragment of the
+			 * Client Hello message, we simply use the version from the
+			 * record header -- this is incorrect but unlikely to fail in
+			 * practice */
+			if (p[3] == 0 && p[4] < 6)
+				v[1]=p[2];
+			if (v[1] >= TLS1_VERSION_MINOR)
 				{
 				if (!(s->options & SSL_OP_NO_TLSv1))
 					{
+					s->version=TLS1_VERSION;
 					type=3;
-					tls1=1;
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
+					{
+					s->version=SSL3_VERSION;
 					type=3;
+					}
 				}
 			else if (!(s->options & SSL_OP_NO_SSLv3))
+				{
+				s->version=SSL3_VERSION;
 				type=3;
+				}
 			}
 		else if ((strncmp("GET ", (char *)p,4) == 0) ||
 			 (strncmp("POST ",(char *)p,5) == 0) ||
@@ -335,12 +394,16 @@ int ssl23_get_client_hello(SSL *s)
 			}
 		}
 
-next_bit:
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
-		/* we have a SSLv3/TLSv1 in a SSLv2 header */
+		/* we have SSLv3/TLSv1 in an SSLv2 header
+		 * (other cases skip this state) */
+
 		type=2;
 		p=s->packet;
+		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
+		v[1] = p[4];
+
 		n=((p[0]&0x7f)<<8)|p[1];
 		if (n > (1024*4))
 			{
@@ -365,14 +428,11 @@ int ssl23_get_client_hello(SSL *s)
 			goto err;
 			}
 
-		*(d++)=SSL3_VERSION_MAJOR;
-		if (tls1)
-			*(d++)=TLS1_VERSION_MINOR;
-		else
-			*(d++)=SSL3_VERSION_MINOR;
+		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+		*(d++) = v[1];
 
 		/* lets populate the random area */
-		/* get the chalenge_length */
+		/* get the challenge_length */
 		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
 		memset(d,0,SSL3_RANDOM_SIZE);
 		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
@@ -406,11 +466,14 @@ int ssl23_get_client_hello(SSL *s)
 		s->s3->tmp.message_size=i;
 		}
 
+	/* imaginary new state (for program structure): */
+	/* s->state = SSL23_SR_CLNT_HELLO_C */
+
 	if (type == 1)
 		{
 #ifdef NO_SSL2
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
-			goto err;
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+		goto err;
 #else
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3/TLSv1 setup and put in the
@@ -439,7 +502,7 @@ int ssl23_get_client_hello(SSL *s)
 		else
 			s->s2->ssl2_rollback=1;
 
-		/* setup the 5 bytes we have read so we get them from
+		/* setup the n bytes we have read so we get them from
 		 * the sslv2 buffer */
 		s->rstate=SSL_ST_READ_HEADER;
 		s->packet_length=n;
@@ -455,7 +518,7 @@ int ssl23_get_client_hello(SSL *s)
 
 	if ((type == 2) || (type == 3))
 		{
-		/* we have SSLv3/TLSv1 */
+		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
 
 		if (!ssl_init_wbio_buffer(s,1)) goto err;
 
@@ -480,17 +543,13 @@ int ssl23_get_client_hello(SSL *s)
 			s->s3->rbuf.offset=0;
 			}
 
-		if (tls1)
-			{
-			s->version=TLS1_VERSION;
-			s->method=TLSv1_server_method();
-			}
+		if (s->version == TLS1_VERSION)
+			s->method = TLSv1_server_method();
 		else
-			{
-			s->version=SSL3_VERSION;
-			s->method=SSLv3_server_method();
-			}
+			s->method = SSLv3_server_method();
+#if 0 /* ssl3_get_client_hello does this */
 		s->client_version=(v[0]<<8)|v[1];
+#endif
 		s->handshake_func=s->method->ssl_accept;
 		}
 	
@@ -509,4 +568,3 @@ int ssl23_get_client_hello(SSL *s)
 	if (buf != buf_space) Free(buf);
 	return(-1);
 	}
-

crypto/openssl/ssl/s2_clnt.c

@@ -58,12 +58,12 @@
  * $FreeBSD$
  */
 
+#include "ssl_locl.h"
 #ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
 #include <openssl/evp.h>
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
@@ -110,7 +110,7 @@ int ssl2_connect(SSL *s)
 	void (*cb)()=NULL;
 	int new_state,state;
 
-	RAND_seed(&l,sizeof(l));
+	RAND_add(&l,sizeof(l),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -247,7 +247,7 @@ int ssl2_connect(SSL *s)
 		/*	ERR_clear_error();*/
 
 			/* If we want to cache session-ids in the client
-			 * and we sucessfully add the session-id to the
+			 * and we successfully add the session-id to the
 			 * cache, and there is a callback, then pass it out.
 			 * 26/11/96 - eay - only add if not a re-used session.
 			 */
@@ -312,7 +312,13 @@ static int get_server_hello(SSL *s)
 					SSL_R_PEER_ERROR);
 			return(-1);
 			}
+#ifdef __APPLE_CC__
+		/* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
+		 * workaround. <appro@fy.chalmers.se> */
+		s->hit=(i=*(p++))?1:0;
+#else
 		s->hit=(*(p++))?1:0;
+#endif
 		s->s2->tmp.cert_type= *(p++);
 		n2s(p,i);
 		if (i < s->version) s->version=i;
@@ -364,7 +370,7 @@ static int get_server_hello(SSL *s)
 		*/
 #endif
 
-		/* we need to do this incase we were trying to reuse a 
+		/* we need to do this in case we were trying to reuse a 
 		 * client session but others are already reusing it.
 		 * If this was a new 'blank' session ID, the session-id
 		 * length will still be 0 */
@@ -414,7 +420,7 @@ static int get_server_hello(SSL *s)
 
 		/* In theory we could have ciphers sent back that we
 		 * don't want to use but that does not matter since we
-		 * will check against the list we origionally sent and
+		 * will check against the list we originally sent and
 		 * for performance reasons we should not bother to match
 		 * the two lists up just to check. */
 		for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
@@ -431,26 +437,28 @@ static int get_server_hello(SSL *s)
 			return(-1);
 			}
 		s->session->cipher=sk_SSL_CIPHER_value(cl,i);
+
+
+		if (s->session->peer != NULL) /* can't happen*/
+			{
+			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+			return(-1);
+			}
+
+		s->session->peer = s->session->sess_cert->peer_key->x509;
+		/* peer_key->x509 has been set by ssl2_set_certificate. */
+		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
 		}
 
-	if (s->session->peer != NULL)
-		X509_free(s->session->peer);
-
-#if 0 /* What is all this meant to accomplish?? */
-	/* hmmm, can we have the problem of the other session with this
-	 * cert, Free's it before we increment the reference count. */
-	CRYPTO_w_lock(CRYPTO_LOCK_X509);
-	s->session->peer=s->session->sess_cert->key->x509;
-	/* Shouldn't do this: already locked */
-	/*CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);*/
-	s->session->peer->references++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-#else
-	s->session->peer = s->session->sess_cert->peer_key->x509;
-    /* peer_key->x509 has been set by ssl2_set_certificate. */
-	CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
-#endif
-
+	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+		/* can't happen */
+		{
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+		return(-1);
+		}
+		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
@@ -511,7 +519,7 @@ static int client_hello(SSL *s)
 		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
 		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
 		/*challenge id data*/
-		RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		d+=SSL2_CHALLENGE_LENGTH;
 
@@ -553,12 +561,19 @@ static int client_master_key(SSL *s)
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
-		if (i > 0) RAND_bytes(sess->key_arg,i);
+		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
 		i=EVP_CIPHER_key_length(c);
 		sess->master_key_length=i;
-		if (i > 0) RAND_bytes(sess->master_key,i);
+		if (i > 0)
+			{
+			if (RAND_bytes(sess->master_key,i) <= 0)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				return(-1);
+				}
+			}
 
 		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 			enc=8;
@@ -755,7 +770,7 @@ static int client_certificate(SSL *s)
 			{
 			/* this is not good.  If things have failed it
 			 * means there so something wrong with the key.
-			 * We will contiune with a 0 length signature
+			 * We will continue with a 0 length signature
 			 */
 			}
 		memset(&ctx,0,sizeof(ctx));
@@ -970,4 +985,10 @@ static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
 	EVP_PKEY_free(pkey);
 	return(i);
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
 #endif

crypto/openssl/ssl/s2_enc.c

@@ -58,10 +58,9 @@
  * $FreeBSD$
  */
 
-#ifndef NO_SSL2
-
-#include <stdio.h>
 #include "ssl_locl.h"
+#ifndef NO_SSL2
+#include <stdio.h>
 
 int ssl2_enc_init(SSL *s, int client)
 	{
@@ -181,5 +180,10 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
 	EVP_DigestFinal(&c,md,NULL);
 	/* some would say I should zero the md context */
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
 #endif

crypto/openssl/ssl/s2_lib.c

@@ -58,12 +58,12 @@
  * $FreeBSD$
  */
 
+#include "ssl_locl.h"
 #ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/md5.h>
-#include "ssl_locl.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -77,9 +77,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40,
+	0,
 	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 #endif
 /* RC4_128_EXPORT40_WITH_MD5 */
@@ -87,63 +90,91 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
 	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40,
 	SSL2_CF_5_BYTE_ENC,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC4_128_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_RC4_128_WITH_MD5,
 	SSL2_CK_RC4_128_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40,
 	SSL2_CF_5_BYTE_ENC,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC2_128_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_RC2_128_CBC_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* IDEA_128_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
 	SSL2_CK_IDEA_128_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* DES_64_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_DES_64_CBC_WITH_MD5,
 	SSL2_CK_DES_64_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* DES_192_EDE3_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
 	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC4_64_WITH_MD5 */
 #if 1
@@ -151,9 +182,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_64_WITH_MD5,
 	SSL2_CK_RC4_64_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_LOW,
 	SSL2_CF_8_BYTE_ENC,
+	64,
+	64,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 #endif
 /* NULL SSLeay (testing) */
@@ -163,7 +198,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL,
 	SSL2_CK_NULL,
 	0,
+	0,
+	0,
+	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 #endif
 
@@ -193,6 +232,9 @@ static SSL_METHOD SSLv2_data= {
 	ssl_bad_method,
 	ssl2_default_timeout,
 	&ssl3_undef_enc_method,
+	ssl_undefined_function,
+	ssl2_callback_ctrl,	/* local */
+	ssl2_ctx_callback_ctrl,	/* local */
 	};
 
 static long ssl2_default_timeout(void)
@@ -225,14 +267,14 @@ int ssl2_pending(SSL *s)
 
 int ssl2_new(SSL *s)
 	{
-	SSL2_CTX *s2;
+	SSL2_STATE *s2;
 
-	if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;
-	memset(s2,0,sizeof(SSL2_CTX));
+	if ((s2=Malloc(sizeof *s2)) == NULL) goto err;
+	memset(s2,0,sizeof *s2);
 
-	if ((s2->rbuf=(unsigned char *)Malloc(
+	if ((s2->rbuf=Malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
-	if ((s2->wbuf=(unsigned char *)Malloc(
+	if ((s2->wbuf=Malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
 	s->s2=s2;
 
@@ -250,7 +292,7 @@ int ssl2_new(SSL *s)
 
 void ssl2_free(SSL *s)
 	{
-	SSL2_CTX *s2;
+	SSL2_STATE *s2;
 
 	if(s == NULL)
 	    return;
@@ -258,14 +300,14 @@ void ssl2_free(SSL *s)
 	s2=s->s2;
 	if (s2->rbuf != NULL) Free(s2->rbuf);
 	if (s2->wbuf != NULL) Free(s2->wbuf);
-	memset(s2,0,sizeof(SSL2_CTX));
+	memset(s2,0,sizeof *s2);
 	Free(s2);
 	s->s2=NULL;
 	}
 
 void ssl2_clear(SSL *s)
 	{
-	SSL2_CTX *s2;
+	SSL2_STATE *s2;
 	unsigned char *rbuf,*wbuf;
 
 	s2=s->s2;
@@ -273,7 +315,7 @@ void ssl2_clear(SSL *s)
 	rbuf=s2->rbuf;
 	wbuf=s2->wbuf;
 
-	memset(s2,0,sizeof(SSL2_CTX));
+	memset(s2,0,sizeof *s2);
 
 	s2->rbuf=rbuf;
 	s2->wbuf=wbuf;
@@ -298,11 +340,21 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
 	return(ret);
 	}
 
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+	{
+	return(0);
+	}
+
 long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 	{
 	return(0);
 	}
 
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+	{
+	return(0);
+	}
+
 /* This function needs to check if the ciphers required are actually
  * available */
 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
@@ -374,7 +426,7 @@ void ssl2_generate_key_material(SSL *s)
 		MD5_Init(&ctx);
 
 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
-		MD5_Update(&ctx,(unsigned char *)&c,1);
+		MD5_Update(&ctx,&c,1);
 		c++;
 		MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
 		MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
@@ -423,4 +475,10 @@ int ssl2_shutdown(SSL *s)
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
 #endif

crypto/openssl/ssl/s2_meth.c

@@ -58,10 +58,10 @@
  * $FreeBSD$
  */
 
+#include "ssl_locl.h"
 #ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *ssl2_get_method(int ver);
 static SSL_METHOD *ssl2_get_method(int ver)
@@ -88,4 +88,10 @@ SSL_METHOD *SSLv2_method(void)
 		}
 	return(&SSLv2_data);
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
 #endif

crypto/openssl/ssl/s2_pkt.c

@@ -58,12 +58,11 @@
  * $FreeBSD$
  */
 
+#include "ssl_locl.h"
 #ifndef NO_SSL2
-
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
-#include "ssl_locl.h"
 
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
 static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
@@ -642,5 +641,10 @@ static int ssl_mt_error(int n)
 		}
 	return(ret);
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
 #endif

crypto/openssl/ssl/s2_srvr.c

@@ -58,12 +58,12 @@
  * $FreeBSD$
  */
 
+#include "ssl_locl.h"
 #ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/bio.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
 #include <openssl/evp.h>
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
@@ -111,7 +111,7 @@ int ssl2_accept(SSL *s)
 	void (*cb)()=NULL;
 	int new_state,state;
 
-	RAND_seed(&l,sizeof(l));
+	RAND_add(&l,sizeof(l),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -417,7 +417,7 @@ static int get_client_master_key(SSL *s)
 			i=ek;
 		else
 			i=EVP_CIPHER_key_length(c);
-		RAND_bytes(p,i);
+		RAND_pseudo_bytes(p,i);
 		}
 #else
 	if (i < 0)
@@ -682,7 +682,7 @@ static int server_hello(SSL *s)
 		/* make and send conn_id */
 		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */
 		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
-		RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+		RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
 		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
 		d+=SSL2_CONNECTION_ID_LENGTH;
 
@@ -691,7 +691,7 @@ static int server_hello(SSL *s)
 		s->init_off=0;
 		}
 	/* SSL2_ST_SEND_SERVER_HELLO_B */
- 	/* If we are using TCP/IP, the performace is bad if we do 2
+ 	/* If we are using TCP/IP, the performance is bad if we do 2
  	 * writes without a read between them.  This occurs when
  	 * Session-id reuse is used, so I will put in a buffering module
  	 */
@@ -800,7 +800,7 @@ static int request_certificate(SSL *s)
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
 		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-		RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+		RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
 		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
@@ -900,7 +900,7 @@ static int request_certificate(SSL *s)
 		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
 		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
-		buf2=(unsigned char *)Malloc((unsigned int)i);
+		buf2=Malloc((unsigned int)i);
 		if (buf2 == NULL)
 			{
 			SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@ -923,6 +923,7 @@ static int request_certificate(SSL *s)
 				X509_free(s->session->peer);
 			s->session->peer=x509;
 			CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+			s->session->verify_result = s->verify_result;
 			ret=1;
 			goto end;
 			}
@@ -967,4 +968,10 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
 	return(i);
 	}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
 #endif