Changes from 1.0.0-stable.

diff --git a/CHANGES b/CHANGES
index f17154b8e345f201907010e0b8454be04dbb1961..e8f1748ac7222d7fa752f2358dbfcea48309a210 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -772,6 +772,9 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists@netbauds.net>]
+
   *) Add 2.5.4.* OIDs
      [Ilya O. <vrghost@gmail.com>]
 

diff --git a/Configure b/Configure
index ae8ce89e30c792276be9e9a8fa980763166b0f75..8f9f2ded4a78511347f6f483c9f60dd863a3c06a 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -1218,7 +1218,14 @@ if ($zlib)
        $cflags = "-DZLIB $cflags";
        if (defined($disabled{"zlib-dynamic"}))
                {
-               $lflags = "$lflags -lz";
+               if (defined($withargs{"zlib-lib"}))
+                       {
+                       $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
+                       }
+               else
+                       {
+                       $lflags = "$lflags -lz";
+                       }
                }
        else
                {

diff --git a/Makefile.org b/Makefile.org
index 69be0f6ccaa8f6f0b606bc6753985344f5c62704..f60b7a15ce373c34a9053f4ace812b9f7cd7d333 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -188,6 +188,7 @@ BUILDENV=   PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
                MAKEDEPPROG='$(MAKEDEPPROG)'                    \
                SHARED_LDFLAGS='$(SHARED_LDFLAGS)'              \
                KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'   \
+               ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'     \
                EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'       \
                SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
                PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'     \

diff --git a/crypto/Makefile b/crypto/Makefile
index b730fa45d7bfa8915130d632e247398ee253ed8e..c1033f6d7765a9a92d38cac65e3e6c8e944a3360 100644 (file)
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -5,9 +5,9 @@
 DIR=           crypto
 TOP=           ..
 CC=            cc
-INCLUDE=       -I. -I$(TOP) -I../include
+INCLUDE=       -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=      -I.. -I../.. -I../asn1 -I../evp -I../../include
+INCLUDES=      -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=         -g
 MAKEDEPPROG=   makedepend
 MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)

diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
index 3fa584036e1e13cb430c742ec08620a4ba1c786f..731d3ae22c2745928648f0602ba2732c292a9b7e 100644 (file)
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -54,10 +54,13 @@ my @srt2 = sort
 
        return $ap2 - $bp2;
        } @xrkeys;
-       
+
+my $pname = $0;
+
+$pname =~ s|^.[^/]/||;
 
 print <<EOF;
-/* AUTOGENERATED BY $0, DO NOT EDIT */
+/* AUTOGENERATED BY $pname, DO NOT EDIT */
 
 typedef struct
        {

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 550ad955f0c193ea1f56e2cc3d62cc35462058f6..e9ead3a529688fd2c49a95b6871240d24ac6d70d 100644 (file)
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -133,7 +133,50 @@
 # define FD_SETSIZE (8*sizeof(fd_set))
 #endif
 
-#ifdef __OpenBSD__
+#ifdef __VOS__
+int RAND_poll(void)
+{
+       unsigned char buf[ENTROPY_NEEDED];
+       pid_t curr_pid;
+       uid_t curr_uid;
+       static int first=1;
+       int i;
+       long rnd = 0;
+       struct timespec ts;
+       unsigned seed;
+
+/* The VOS random() function starts from a static seed so its
+   initial value is predictable.  If random() returns the
+   initial value, reseed it with dynamic data.  The VOS
+   real-time clock has a granularity of 1 nsec so it should be
+   reasonably difficult to predict its exact value.  Do not
+   gratuitously reseed the PRNG because other code in this
+   process or thread may be using it.  */
+
+       if (first) {
+               first = 0;
+               rnd = random ();
+               if (rnd == 1804289383) {
+                       clock_gettime (CLOCK_REALTIME, &ts);
+                       curr_pid = getpid();
+                       curr_uid = getuid();
+                       seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
+                       srandom (seed);
+               }
+       }
+
+       for (i = 0; i < sizeof(buf); i++) {
+               if (i % 4 == 0)
+                       rnd = random();
+               buf[i] = rnd;
+               rnd >>= 8;
+       }
+       RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+       memset(buf, 0, sizeof(buf));
+
+       return 1;
+}
+#elif defined __OpenBSD__
 int RAND_poll(void)
 {
        u_int32_t rnd = 0, i;

diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod
index 279b29c873c05b0251a69241e1aef839ded73d34..aa6078bcf6b7adf81d3289033b7c5196f4e4f970 100644 (file)
--- a/doc/crypto/d2i_RSAPublicKey.pod
+++ b/doc/crypto/d2i_RSAPublicKey.pod
@@ -11,21 +11,21 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
  #include <openssl/rsa.h>
  #include <openssl/x509.h>
 
- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
 
  int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
 
- RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
 
  int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
 
- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
 
  int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
 
  int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
 
- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 
 =head1 DESCRIPTION
 

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 727827f91d3e68df6a8f1fe859ac4e46d0a6a82b..73a573ee29f31216d02207fd03db76192461509a 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3138,6 +3138,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 int ssl3_shutdown(SSL *s)
        {
+       int ret;
 
        /* Don't do anything much if we have not done the handshake or
         * we don't want to send messages :-) */
@@ -3155,18 +3156,32 @@ int ssl3_shutdown(SSL *s)
 #endif
                /* our shutdown alert has been sent now, and if it still needs
                 * to be written, s->s3->alert_dispatch will be true */
+               if (s->s3->alert_dispatch)
+                       return(-1);     /* return WANT_WRITE */
                }
        else if (s->s3->alert_dispatch)
                {
                /* resend it if not sent */
 #if 1
-               s->method->ssl_dispatch_alert(s);
+               ret=s->method->ssl_dispatch_alert(s);
+               if(ret == -1)
+                       {
+                       /* we only get to return -1 here the 2nd/Nth
+                        * invocation, we must  have already signalled
+                        * return 0 upon a previous invoation,
+                        * return WANT_WRITE */
+                       return(ret);
+                       }
 #endif
                }
        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
                {
                /* If we are waiting for a close from our peer, we are closed */
                s->method->ssl_read_bytes(s,0,NULL,0,0);
+               if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
+                       {
+                       return(-1);     /* return WANT_READ */
+                       }
                }
 
        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index ce7dc366fb413508cbc28ec0374919c409882f78..c04401a88dc424d860623d73d44ed7d7ccd47595 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1350,13 +1350,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
        return(1);
        }
 
-void ssl3_send_alert(SSL *s, int level, int desc)
+int ssl3_send_alert(SSL *s, int level, int desc)
        {
        /* Map tls/ssl alert value to correct one */
        desc=s->method->ssl3_enc->alert_value(desc);
        if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
                desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
-       if (desc < 0) return;
+       if (desc < 0) return -1;
        /* If a fatal one, remove from cache */
        if ((level == 2) && (s->session != NULL))
                SSL_CTX_remove_session(s->ctx,s->session);
@@ -1365,9 +1365,10 @@ void ssl3_send_alert(SSL *s, int level, int desc)
        s->s3->send_alert[0]=level;
        s->s3->send_alert[1]=desc;
        if (s->s3->wbuf.left == 0) /* data still being written out? */
-               s->method->ssl_dispatch_alert(s);
+               return s->method->ssl_dispatch_alert(s);
        /* else data is still being written out, we will get written
         * some time in the future */
+       return -1;
        }
 
 int ssl3_dispatch_alert(SSL *s)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 039ee6b28ebbfae6beffaf8d2c4d09992ffcde97..9b6aadd9504dc7e84c984686fb5003eee77db564 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -857,7 +857,7 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
 int ssl3_change_cipher_state(SSL *s,int which);
 void ssl3_cleanup_key_block(SSL *s);
 int ssl3_do_write(SSL *s,int type);
-void ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_send_alert(SSL *s,int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
        unsigned char *p, int len);
 int ssl3_get_req_cert_type(SSL *s,unsigned char *p);