merge openssl-0.9.7-beta3, tested on vax by miod@

19 files changed, 106 insertions, 13 deletions

diff --git a/lib/libssl/src/doc/apps/ciphers.pod b/lib/libssl/src/doc/apps/ciphers.pod
index 21077614a72..b7e577b24f8 100644
--- a/lib/libssl/src/doc/apps/ciphers.pod
+++ b/lib/libssl/src/doc/apps/ciphers.pod
@@ -108,10 +108,20 @@ the default cipher list. This is determined at compile time and is normally
 B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
 specified.
 
+=item B<COMPLEMENTOFDEFAULT>
+
+the ciphers included in B<ALL>, but not enabled by default. Currently
+this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
+not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
+
 =item B<ALL>
 
 all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
 
+=item B<COMPLEMENTOFALL>
+
+the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
+
 =item B<HIGH>
 
 "high" encryption cipher suites. This currently means those with key lengths larger
@@ -339,8 +349,22 @@ Include only 3DES ciphers and then place RSA ciphers last:
 
  openssl ciphers -v '3DES:+RSA'
 
+Include all RC4 ciphers but leave out those without authentication:
+
+ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+
+Include all chiphers with RSA authentication but leave out ciphers without
+encryption.
+
+ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+
 =head1 SEE ALSO
 
 L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
 
+=head1 HISTORY
+
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
+added in version 0.9.7.
+
 =cut
diff --git a/lib/libssl/src/doc/crypto/BN_zero.pod b/lib/libssl/src/doc/crypto/BN_zero.pod
index 3c64a65697b..b555ec39885 100644
--- a/lib/libssl/src/doc/crypto/BN_zero.pod
+++ b/lib/libssl/src/doc/crypto/BN_zero.pod
@@ -53,4 +53,7 @@ BN_zero(), BN_one() and BN_set_word() are available in all versions of
 SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
 SSLeay 0.8.
 
+BN_value_one() was changed to return a true const BIGNUM * in OpenSSL
+0.9.7.
+
 =cut
diff --git a/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index acd4d0167a5..58afd8f0b8f 100644
--- a/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -245,7 +245,12 @@ L<SHA1(3)|SHA1(3)>
 EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
 available in all versions of SSLeay and OpenSSL.
 
-EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex()
-were added in OpenSSL 0.9.7.
+EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
+EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
+and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+changed to return truely const EVP_MD * in OpenSSL 0.9.7.
 
 =cut
diff --git a/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index 371b6a2287e..75cceb1ca26 100644
--- a/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -501,4 +501,9 @@ L<evp(3)|evp(3)>
 
 =head1 HISTORY
 
+EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
+EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
+EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
+OpenSSL 0.9.7.
+
 =cut
diff --git a/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index b1ac1294305..e65e54ce522 100644
--- a/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -91,6 +91,6 @@ L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
 EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
 available in all versions of SSLeay and OpenSSL.
 
-EVP_SignInit_ex() was added in OpenSSL 0.9.7
+EVP_SignInit_ex() was added in OpenSSL 0.9.7.
 
 =cut
diff --git a/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
index 80c656fde8d..b6afaedee5b 100644
--- a/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod
@@ -74,7 +74,7 @@ L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
 L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/lib/libssl/src/doc/crypto/RSA_check_key.pod b/lib/libssl/src/doc/crypto/RSA_check_key.pod
index 1db6d736abc..a5198f3db5b 100644
--- a/lib/libssl/src/doc/crypto/RSA_check_key.pod
+++ b/lib/libssl/src/doc/crypto/RSA_check_key.pod
@@ -18,7 +18,9 @@ in fact prime, and that B<n = p*q>.
 It also checks that B<d*e = 1 mod (p-1*q-1)>,
 and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
 
-The key's public components may not be B<NULL>.
+As such, this function can not be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
+information.
 
 =head1 RETURN VALUE
 
@@ -28,12 +30,38 @@ RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
 If the key is invalid or an error occurred, the reason code can be
 obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
 
+=head1 NOTES
+
+This function does not work on RSA public keys that have only the modulus
+and public exponent elements populated. It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+
+Unlike most other RSA functions, this function does B<not> work
+transparently with any underlying ENGINE implementation because it uses the
+key data in the RSA structure directly. An ENGINE implementation can
+override the way key data is stored and handled, and can even provide
+support for HSM keys - in which case the RSA structure may contain B<no>
+key data at all! If the ENGINE in question is only being used for
+acceleration or analysis purposes, then in all likelihood the RSA key data
+is complete and untouched, but this can't be assumed in the general case.
+
+=head1 BUGS
+
+A method of verifying the RSA key using opaque RSA API functions might need
+to be considered. Right now RSA_check_key() simply uses the RSA structure
+elements directly, bypassing the RSA_METHOD table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a "check_key()" handler to the
+RSA_METHOD function table so that alternative implementations can also
+provide their own verifiers.
+
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
 
 =head1 HISTORY
 
-RSA_check() appeared in OpenSSL 0.9.4.
+RSA_check_key() appeared in OpenSSL 0.9.4.
 
 =cut
diff --git a/lib/libssl/src/doc/crypto/err.pod b/lib/libssl/src/doc/crypto/err.pod
index 264e30103d6..6f729554d2a 100644
--- a/lib/libssl/src/doc/crypto/err.pod
+++ b/lib/libssl/src/doc/crypto/err.pod
@@ -172,7 +172,7 @@ ERR_get_string_table(void) respectively.
 =head1 SEE ALSO
 
 L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
-L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
+L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
 L<ERR_get_error(3)|ERR_get_error(3)>,
 L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
 L<ERR_clear_error(3)|ERR_clear_error(3)>,
diff --git a/lib/libssl/src/doc/crypto/hmac.pod b/lib/libssl/src/doc/crypto/hmac.pod
index 3cc29dfc83f..b1f5f368ed9 100644
--- a/lib/libssl/src/doc/crypto/hmac.pod
+++ b/lib/libssl/src/doc/crypto/hmac.pod
@@ -96,4 +96,7 @@ L<SHA1(3)|SHA1(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup()
 are available since SSLeay 0.9.0.
 
+HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available
+since OpenSSL 0.9.7.
+
 =cut
diff --git a/lib/libssl/src/doc/crypto/lhash.pod b/lib/libssl/src/doc/crypto/lhash.pod
index 0bac11421ea..dcdbb43a8ed 100644
--- a/lib/libssl/src/doc/crypto/lhash.pod
+++ b/lib/libssl/src/doc/crypto/lhash.pod
@@ -286,4 +286,9 @@ lh_error() was added in SSLeay 0.9.1b.
 
 This manpage is derived from the SSLeay documentation.
 
+In OpenSSL 0.9.7, all lhash functions that were passed function pointers
+were changed for better type safety, and the function types LHASH_COMP_FN_TYPE,
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE 
+became available.
+
 =cut
diff --git a/lib/libssl/src/doc/crypto/rsa.pod b/lib/libssl/src/doc/crypto/rsa.pod
index 09ad30cab15..2b93a12b654 100644
--- a/lib/libssl/src/doc/crypto/rsa.pod
+++ b/lib/libssl/src/doc/crypto/rsa.pod
@@ -110,7 +110,7 @@ L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
 L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
 L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
 L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
+L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
 L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
 
 =cut
diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod
index 6e0ef00632a..7c0b2baf6c5 100644
--- a/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+++ b/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod
@@ -79,7 +79,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
 
 L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
 L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
 
 =cut
diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index c10055c6e7a..f5e2ec35550 100644
--- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -35,7 +35,7 @@ operation (|). Options can only be added but can never be reset.
 SSL_CTX_set_options() and SSL_set_options() affect the (external)
 protocol behaviour of the SSL library. The (internal) behaviour of
 the API can be changed by using the similar
-L<SSL_CTX_set_modes(3)|SSL_CTX_set_modes(3)> and SSL_set_modes() functions.
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
 
 During a handshake, the option settings of the SSL object are used. When
 a new SSL object is created from a context using SSL_new(), the current
@@ -100,14 +100,22 @@ doing a re-connect, always takes the first cipher in the cipher list.
 
 ...
 
+=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
+vulnerability affecting CBC ciphers, which cannot be handled by some
+broken SSL implementations.  This option has no effect for connections
+using other ciphers.
+
 =item SSL_OP_ALL
 
 All of the above bug workarounds.
 
 =back
 
-It is safe and recommended to use B<SSL_OP_ALL> to enable the bug workaround
-options.
+It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
+options if compatibility with somewhat broken implementations is
+desired.
 
 The following B<modifying> options are available:
 
@@ -219,4 +227,9 @@ B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
 enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
 and must be explicitly set.
 
+B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
+Versions up to OpenSSL 0.9.6c do not include the countermeasure that
+can be disabled with this option (in OpenSSL 0.9.6d, it was always
+enabled).
+
 =cut
diff --git a/lib/libssl/src/doc/ssl/SSL_accept.pod b/lib/libssl/src/doc/ssl/SSL_accept.pod
index ac6caf9baaf..a673edba853 100644
--- a/lib/libssl/src/doc/ssl/SSL_accept.pod
+++ b/lib/libssl/src/doc/ssl/SSL_accept.pod
@@ -69,6 +69,7 @@ to find out the reason.
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut
diff --git a/lib/libssl/src/doc/ssl/SSL_connect.pod b/lib/libssl/src/doc/ssl/SSL_connect.pod
index 766f1876aaf..8426310c0d2 100644
--- a/lib/libssl/src/doc/ssl/SSL_connect.pod
+++ b/lib/libssl/src/doc/ssl/SSL_connect.pod
@@ -66,6 +66,7 @@ to find out the reason.
 L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
 L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_new(3)|SSL_CTX_new(3)>
 
 =cut
diff --git a/lib/libssl/src/doc/ssl/SSL_get_error.pod b/lib/libssl/src/doc/ssl/SSL_get_error.pod
index f700bf0ace5..fe28dd942ae 100644
--- a/lib/libssl/src/doc/ssl/SSL_get_error.pod
+++ b/lib/libssl/src/doc/ssl/SSL_get_error.pod
@@ -13,7 +13,7 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation
 =head1 DESCRIPTION
 
 SSL_get_error() returns a result code (suitable for the C "switch"
-statement) for a preceding call to SSL_connect(), SSL_accept(),
+statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
 SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
 that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
 B<ret>.
diff --git a/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod b/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod
index 7adf8adfed1..d88a057deff 100644
--- a/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod
+++ b/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod
@@ -49,6 +49,7 @@ information.
 L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
 L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
 L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
 
 =cut
diff --git a/lib/libssl/src/doc/ssl/SSL_write.pod b/lib/libssl/src/doc/ssl/SSL_write.pod
index dfa42e9aeef..e013c12d525 100644
--- a/lib/libssl/src/doc/ssl/SSL_write.pod
+++ b/lib/libssl/src/doc/ssl/SSL_write.pod
@@ -65,6 +65,9 @@ When an SSL_write() operation has to be repeated because of
 B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
 with the same arguments.
 
+When calling SSL_write() with num=0 bytes to be sent the behaviour is
+undefined.
+
 =head1 RETURN VALUES
 
 The following return values can occur:
diff --git a/lib/libssl/src/doc/ssl/ssl.pod b/lib/libssl/src/doc/ssl/ssl.pod
index ce41b3e17d2..ac4b573a7af 100644
--- a/lib/libssl/src/doc/ssl/ssl.pod
+++ b/lib/libssl/src/doc/ssl/ssl.pod
@@ -693,6 +693,7 @@ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
 L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
 L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
 L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
 L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
 L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
 L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,