remerge local tweaks, update per-arch configuration headers, update

Makefiles, crank shlib_version

8 files changed, 30 insertions, 28 deletions

diff --git a/lib/libssl/src/apps/s_apps.h b/lib/libssl/src/apps/s_apps.h
index 023faa84679..0b461083ebe 100644
--- a/lib/libssl/src/apps/s_apps.h
+++ b/lib/libssl/src/apps/s_apps.h
@@ -156,7 +156,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
-int init_client(int *sock, char *server, int port, int type, int af);
+int init_client(int *sock, char *server, char *port, int type, int af);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,char **p);
diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c
index f01017ba488..3a52853c82f 100644
--- a/lib/libssl/src/apps/s_client.c
+++ b/lib/libssl/src/apps/s_client.c
@@ -319,7 +319,6 @@ int MAIN(int argc, char **argv)
 	int sock_type=SOCK_STREAM;
 	BIO *sbio;
 	char *inrand=NULL;
-	int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
diff --git a/lib/libssl/src/apps/s_socket.c b/lib/libssl/src/apps/s_socket.c
index 981650bddd2..7e47d5118db 100644
--- a/lib/libssl/src/apps/s_socket.c
+++ b/lib/libssl/src/apps/s_socket.c
@@ -226,18 +226,16 @@ static int ssl_sock_init(void)
 	return(1);
 	}
 
-int init_client(int *sock, char *host, int port, int type, int af)
+int init_client(int *sock, char *host, char *port, int type, int af)
 	{
 	struct addrinfo hints, *ai_top, *ai;
 	int i, s;
-	char port_s[NI_MAXSERV];
 
 	memset(&hints, '\0', sizeof(hints));
 	hints.ai_family = af;
 	hints.ai_socktype = type;
 
-	snprintf(port_s, sizeof(port_s), "%d", port);
-	if ((i = getaddrinfo(host, port_s, &hints, &ai_top)) != 0 ||
+	if ((i = getaddrinfo(host, port, &hints, &ai_top)) != 0 ||
 	    ai_top == NULL || ai_top->ai_addr == NULL)
 		{
 		BIO_printf(bio_err,"getaddrinfo: %s\n", gai_strerror(i));
@@ -246,7 +244,7 @@ int init_client(int *sock, char *host, int port, int type, int af)
 
 	for (ai = ai_top; ai != NULL; ai = ai->ai_next)
 		{
-		s=socket(ai->ai_addr->sa_family, SOCK_STREAM, SOCKET_PROTOCOL);
+		s=socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
 		if (s == INVALID_SOCKET) { continue; }
 #ifndef OPENSSL_SYS_MPE
 	if (type == SOCK_STREAM)
@@ -256,7 +254,7 @@ int init_client(int *sock, char *host, int port, int type, int af)
 		if (i < 0) { perror("keepalive"); return(0); }
 		}
 #endif
-		if ((i = connect(s, ai->ai_addr, ai->ai_addr->sa_len)) == 0)
+		if ((i = connect(s, ai->ai_addr, ai->ai_addrlen)) == 0)
 			{ *sock=s; freeaddrinfo(ai_top); return (1);}
 
 		close(s);
diff --git a/lib/libssl/src/crypto/des/des_enc.c b/lib/libssl/src/crypto/des/des_enc.c
index 53705b9f5be..0fe4e0b2adc 100644
--- a/lib/libssl/src/crypto/des/des_enc.c
+++ b/lib/libssl/src/crypto/des/des_enc.c
@@ -58,6 +58,8 @@
 
 #include "des_locl.h"
 
+#ifndef OPENBSD_DES_ASM
+
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
@@ -246,7 +248,8 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
 	data[1]=ROTATE(r,3)&0xffffffffL;
 	l=r=t=u=0;
 	}
-#endif
+
+#endif /* OPENBSD_DES_ASM */
 
 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
 		  DES_key_schedule *ks2, DES_key_schedule *ks3)
diff --git a/lib/libssl/src/crypto/des/fcrypt_b.c b/lib/libssl/src/crypto/des/fcrypt_b.c
index 1390138787f..c56b461e91b 100644
--- a/lib/libssl/src/crypto/des/fcrypt_b.c
+++ b/lib/libssl/src/crypto/des/fcrypt_b.c
@@ -68,6 +68,8 @@
 #include "des_locl.h"
 #undef DES_FCRYPT
 
+#ifndef OPENBSD_DES_ASM
+
 #undef PERM_OP
 #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
 	(b)^=(t),\
@@ -143,3 +145,4 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
 	out[1]=l;
 	}
 
+#endif /* OPENBSD_DES_ASM */
diff --git a/lib/libssl/src/crypto/dso/dso_dlfcn.c b/lib/libssl/src/crypto/dso/dso_dlfcn.c
index f734c1c6b77..656cd496f84 100644
--- a/lib/libssl/src/crypto/dso/dso_dlfcn.c
+++ b/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -269,6 +269,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
 	const char *filespec2)
 	{
 	char *merged;
+	size_t len;
 
 	if(!filespec1 && !filespec2)
 		{
@@ -280,18 +281,20 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
 	   same goes if the second file specification is missing. */
 	if (!filespec2 || filespec1[0] == '/')
 		{
-		merged = OPENSSL_malloc(strlen(filespec1) + 1);
+		len = strlen(filespec1) + 1;
+		merged = OPENSSL_malloc(len);
 		if(!merged)
 			{
 			DSOerr(DSO_F_DLFCN_MERGER,
 				ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
-		strcpy(merged, filespec1);
+		strlcpy(merged, filespec1, len);
 		}
 	/* If the first file specification is missing, the second one rules. */
 	else if (!filespec1)
 		{
+		len = strlen(filespec2) + 1;
 		merged = OPENSSL_malloc(strlen(filespec2) + 1);
 		if(!merged)
 			{
@@ -299,7 +302,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
 				ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
-		strcpy(merged, filespec2);
+		strlcpy(merged, filespec2, len);
 		}
 	else
 		/* This part isn't as trivial as it looks.  It assumes that
@@ -325,9 +328,9 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
 				ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
-		strcpy(merged, filespec2);
+		strlcpy(merged, filespec2, len + 2);
 		merged[spec2len] = '/';
-		strcpy(&merged[spec2len + 1], filespec1);
+		strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len);
 		}
 	return(merged);
 	}
diff --git a/lib/libssl/src/crypto/engine/hw_cryptodev.c b/lib/libssl/src/crypto/engine/hw_cryptodev.c
index a98f5d7e578..4af40cdfc34 100644
--- a/lib/libssl/src/crypto/engine/hw_cryptodev.c
+++ b/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -114,8 +114,9 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-    RSA *rsa);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+    RSA *rsa, BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+    BN_CTX *ctx);
 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
@@ -978,19 +979,14 @@ err:
 }
 
 static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+    BN_CTX *ctx)
 {
-	int r;
-	BN_CTX *ctx;
-
-	ctx = BN_CTX_new();
-	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-	BN_CTX_free(ctx);
-	return (r);
+	return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx);
 }
 
 static int
-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
 	struct crypt_kop kop;
 	int ret = 1;
@@ -1019,7 +1015,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 
 	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
 		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa);
+		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
 	}
 err:
 	zapparams(&kop);
diff --git a/lib/libssl/src/crypto/x509v3/v3_alt.c b/lib/libssl/src/crypto/x509v3/v3_alt.c
index bb2f5bc54eb..ac3139d1e65 100644
--- a/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -147,9 +147,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 				BIO_snprintf(htmp, sizeof htmp,
 					     "%X", p[0] << 8 | p[1]);
 				p += 2;
-				strcat(oline, htmp);
+				strlcat(oline, htmp, sizeof oline);
 				if (i != 7)
-					strcat(oline, ":");
+					strlcat(oline, ":", sizeof oline);
 				}
 			}
 		else