Recent changes from 0.9.6-stable.

diff --git a/FAQ b/FAQ
index 360101a2bbd9c9b17505db2f2d6926ab61d9b1b5..e4ce5bde5bf862a0fb89d4d8dc8bd7722ebb662d 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -223,6 +223,8 @@ support can be found at
   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
 However, be warned that /dev/random is usually a blocking device, which
 may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+  http://www.cosy.sbg.ac.at/~andi/
 
 
 * Why do I get an "unable to write 'random state'" error message?

diff --git a/INSTALL b/INSTALL
index 1e6ebb8b7cfa128e14822583f0ae2031fd755da3..44e32817a4ae8804a53f19e6fa4ed22b7e00495c 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -288,3 +288,15 @@
  targets for shared library creation, like linux-shared.  Those targets
  can currently be used on their own just as well, but this is expected
  to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.

diff --git a/Makefile.org b/Makefile.org
index cd686a04d2c0dcb7bd64be8b72092efedbf1418c..ca1b7a743062200c6332efca173b2f6f6c8a2017 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -608,6 +608,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
 tar:
+       find . -type d -print | xargs chmod 755
+       find . -type f -print | xargs chmod a+r
+       find . -type f -perm -0100 -print | xargs chmod a+x
        find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
        $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
        tardy --user_number=0  --user_name=openssl \

diff --git a/apps/req.c b/apps/req.c
index cc284e4f378be3e9306dec0fb7f07e85b55dc933..9d80dd3b231285c75bb4938d3ce5a27e2d8d77e1 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -431,7 +431,7 @@ bad:
 
        if (template != NULL)
                {
-               long errline;
+               long errline = -1;
 
                BIO_printf(bio_err,"Using configuration from %s\n",template);
                req_conf=CONF_load(NULL,template,&errline);

diff --git a/apps/x509.c b/apps/x509.c
index 802e079dc7e9d7615c432df214866cd94239e034..a0e4e3564c85bc12cb3f48be4cdeaec6b7c44251 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -474,7 +474,7 @@ bad:
 
        if (extfile)
                {
-               long errorline;
+               long errorline = -1;
                X509V3_CTX ctx2;
                if (!(extconf=CONF_load(NULL,extfile,&errorline)))
                        {

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 1a7691d2a85f0e1a470c60250a9cf3950baa5504..792781009820efd68cd48f2562b31042003cb463 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>