Merge in recent changes from OpenSSL_0_9_6-stable.

diff --git a/Makefile.org b/Makefile.org
index 55581041b95fa4bbb4f2a712a648848262f78439..1ad6f3b76b59a863dce16d594f36955e0b626858 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -664,7 +664,7 @@ install: all install_docs
                        (       echo installing $$i; \
                                if [ "$(PLATFORM)" != "Cygwin" ]; then \
                                        cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-                                       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+                                       chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
                                else \
                                        c=`echo $$i | sed 's/^lib/cyg/'`; \
                                        cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \

diff --git a/TABLE b/TABLE
index 73fb17babe9fb542ae922c1114039b4e2cee1231..3a3174888354830a9b9f5a8d7d160c47f69a9f7e 100644 (file)
--- a/TABLE
+++ b/TABLE
@@ -1106,7 +1106,7 @@ $ranlib       =
 
 *** darwin-ppc-cc
 $cc           = cc
-$cflags       = -O3 -D_DARWIN -DB_ENDIAN
+$cflags       = -O3 -D_DARWIN -DB_ENDIAN -fno-common
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = 
@@ -3124,7 +3124,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
+$shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 

diff --git a/apps/apps.c b/apps/apps.c
index be00a89b91c10503777e7a9a6be1ea7c0fc5d295..0aaacc04e4117b52df8724c4597e840f1d5441b0 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -764,7 +764,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-       char buf[256];
+       char *buf;
        char mline = 0;
        int indent = 0;
        if(title) BIO_puts(out, title);
@@ -773,9 +773,10 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
                indent = 4;
        }
        if(lflags == XN_FLAG_COMPAT) {
-               X509_NAME_oneline(nm,buf,256);
-               BIO_puts(out,buf);
+               buf = X509_NAME_oneline(nm, 0, 0);
+               BIO_puts(out, buf);
                BIO_puts(out, "\n");
+               OPENSSL_free(buf);
        } else {
                if(mline) BIO_puts(out, "\n");
                X509_NAME_print_ex(out, nm, indent, lflags);

diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
index 3d824a07f570130f158c0e7e569e5ac5e9dc7d04..d2db47e9787d85c68033a86dc54d9f14205cbabf 100644 (file)
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -37,25 +37,6 @@ and public exponent elements populated. It performs integrity checks on all
 the RSA key material, so the RSA key structure must contain all the private
 key data too.
 
-Unlike most other RSA functions, this function does B<not> work
-transparently with any underlying ENGINE implementation because it uses the
-key data in the RSA structure directly. An ENGINE implementation can
-override the way key data is stored and handled, and can even provide
-support for HSM keys - in which case the RSA structure may contain B<no>
-key data at all! If the ENGINE in question is only being used for
-acceleration or analysis purposes, then in all likelihood the RSA key data
-is complete and untouched, but this can't be assumed in the general case.
-
-=head1 BUGS
-
-A method of verifying the RSA key using opaque RSA API functions might need
-to be considered. Right now RSA_check_key() simply uses the RSA structure
-elements directly, bypassing the RSA_METHOD table altogether (and
-completely violating encapsulation and object-orientation in the process).
-The best fix will probably be to introduce a "check_key()" handler to the
-RSA_METHOD function table so that alternative implementations can also
-provide their own verifiers.
-
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<err(3)|err(3)>

diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
index ac6caf9baafc8cd514bdf2a91d3917202fd6f73f..a673edba8532723a022a018c89d8e4c38211ca09 100644 (file)
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -69,6 +69,7 @@ to find out the reason.
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut

diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
index 766f1876aafc408158232a4f0ece6488bac24c81..8426310c0d268e975700cc75aab77140613c00b3 100644 (file)
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -66,6 +66,7 @@ to find out the reason.
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut

diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod
index 7adf8adfed10d4abcf0c951e5eb59a1bdba96555..d88a057deffa48f2aca19e56f5e7560428f1d9fd 100644 (file)
--- a/doc/ssl/SSL_set_connect_state.pod
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -49,6 +49,7 @@ information.
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
 L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
 
 =cut

diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
index dfa42e9aeef8794a5679e510877e27d9016ff442..e013c12d5254b0d4d08bb0d6ef47972994b72ada 100644 (file)
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -65,6 +65,9 @@ When an SSL_write() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
 with the same arguments.
 
+When calling SSL_write() with num=0 bytes to be sent the behaviour is
+undefined.
+
 =head1 RETURN VALUES
 
 The following return values can occur:

diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 79b19d9eb136f49ca5c88d96587397fe4b25bf23..2dcee0385a4014c524d4f25e965f44811eb780fd 100644 (file)
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -682,6 +682,7 @@ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
 L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
 L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
 L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
 L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
 L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 370306ba2bcf7b832534aae6705f498e96a21432..0c2044fa8c26f0bd9a92c49c5a0a8fb93c790c58 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -372,8 +372,6 @@ typedef struct ssl_session_st
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless */
 #define SSL_OP_ALL                                     0x000FFFFFL
 
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION  0x00010000L
 /* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE                           0x00100000L
 /* Set to also use the tmp_rsa key when doing RSA operations. */