Merge in the latest chanegs from 0.9.6-stable.

CHANGES

@@ -4,6 +4,11 @@
 
  Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
 
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
   *) Fix EVP_dsa_sha macro.
      [Nils Larsch]
 

Configure

@@ -154,7 +154,7 @@ my %table=(
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
 "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

FAQ

@@ -38,6 +38,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
+* What is special about OpenSSL on Redhat?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -215,8 +216,11 @@ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
-versions.  However, be warned that /dev/random is usually a blocking
-device, which may have some effects on OpenSSL.
+versions.  An official statement from Sun with respect to /dev/random
+support can be found at
+  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+However, be warned that /dev/random is usually a blocking device, which
+may have some effects on OpenSSL.
 
 
 * Why do I get an "unable to write 'random state'" error message?
@@ -451,6 +455,41 @@ under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.
 
 
+* What is special about OpenSSL on Redhat?
+
+Red Hat Linux 7.0 and following versions already have a limited version of
+openssl already installed. This may well apply to other Linux distributions
+also. This version does not have support for the IDEA, RC5 and MDC-2
+algorithms as these are patented within the United States. For information
+these patent numbers and expiry dates are:
+
+MDC-2: 4,908,861 13/03/2007
+IDEA:  5,214,703 25/05/2010
+RC5:   5,724,428 03/03/2015
+
+However, Europeans and other non-Americans may wish to install all the
+features.
+
+To do this you MUST ensure that you do not overwrite the openssl that is in
+/usr/bin on your Red Hat machine. Several packages depend on this file,
+including sendmail and ssh. /usr/local/bin is a good alternative choice. The
+libraries that come with Red Hat 7.0 onwards have different names and so are
+not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
+/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
+/lib/libcrypto.so.2 respectively).
+
+Please note that we have been advised by Red Hat attempting to recompile the
+openssl rpm with all the cryptography enabled will not work. All other
+packages depend on the original Red Hat supplied openssl package. It is also
+worth noting that due to the way Red Hat supplies its packages, updates to
+openssl on each distribution never change the package version, only the
+build number. For example, on Red Hat 7.1, the latest openssl package has
+version number 0.9.6 and build number 9 even though it contains all the
+relevant updates in packages up to and including 0.9.6b.
+
+A possible way around this is to persuade Red Hat to produce a non-US
+version of Red Hat Linux.
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?

INSTALL

@@ -131,8 +131,11 @@
      the failure that aren't problems in OpenSSL itself (like missing
      standard headers).  If it is a problem with OpenSSL itself, please
      report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be forwarded to a public mailing list).  Include the
-     output of "make report" in your message.
+     message will be recorded in the request tracker publicly readable
+     via http://www.openssl.org/rt2.html and will be forwarded to a public
+     mailing list). Include the output of "make report" in your message.
+     Please check out the request tracker. Maybe the bug was already
+     reported or has already been fixed.
 
      [If you encounter assembler error messages, try the "no-asm"
      configuration option as an immediate fix.]
@@ -150,7 +153,8 @@
      try removing any compiler optimization flags from the CFLAGS line
      in Makefile.ssl and run "make clean; make". Please send a bug
      report to <openssl-bugs@openssl.org>, including the output of
-     "make report".
+     "make report" in order to be added to the request tracker at
+     http://www.openssl.org/rt2.html.
 
   4. If everything tests ok, install OpenSSL with
 

INSTALL.W32

@@ -94,6 +94,18 @@
  You can also build a static version of the library using the Makefile
  ms\nt.mak
 
+ Borland C++ builder 5
+ ---------------------
+
+ * Configure for building with Borland Builder:
+   > perl Configure BC-32
+
+ * Create the appropriate makefile
+   > ms\do_nasm
+
+ * Build
+   > make -f ms\bcb.mak
+
  Borland C++ builder 3 and 4
  ---------------------------
 

NEWS

@@ -56,7 +56,7 @@
       o Bug fixes for Win32, HP/UX and Irix.
       o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
         memory checking routines.
-      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes for RSA operations in threaded environments.
       o Bug fixes in misc. openssl applications.
       o Remove a few potential memory leaks.
       o Add tighter checks of BIGNUM routines.

PROBLEMS

@@ -1,11 +1,5 @@
 * System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-
-
-    NOTE: The problem described here only applies when OpenSSL isn't built
-    with shared library support (i.e. without the "shared" configuration
-    option).  If you build with shared library support, you will have no
-    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
-
+[NOTE: This is currently undergoing tests, and may be removed soon]
 
 This is really a misfeature in ld, which seems to look for .dylib libraries
 along the whole library path before it bothers looking for .a libraries.  This

README

@@ -146,11 +146,13 @@
     - Problem Description (steps that will reproduce the problem, if known)
     - Stack Traceback (if the application dumps core)
 
- Report the bug to the OpenSSL project at:
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/rt2.html) by mail to:
 
     openssl-bugs@openssl.org
 
- Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
  mailing list. Confidential mail may be sent to openssl-security@openssl.org
  (PGP key available from the key servers).
 

apps/pkcs7.c

@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=0;
+	int ret=1;
 	char *engine=NULL;
 
 	apps_startup();

apps/smime.c

@@ -500,9 +500,9 @@ int MAIN(int argc, char **argv)
 	} else if(operation == SMIME_PK7OUT) {
 		PEM_write_bio_PKCS7(out, p7);
 	} else {
-		if(to) BIO_printf(out, "To: %s\n", to);
-		if(from) BIO_printf(out, "From: %s\n", from);
-		if(subject) BIO_printf(out, "Subject: %s\n", subject);
+		if(to) BIO_printf(out, "To: %s\r\n", to);
+		if(from) BIO_printf(out, "From: %s\r\n", from);
+		if(subject) BIO_printf(out, "Subject: %s\r\n", subject);
 		if(outformat == FORMAT_SMIME) 
 			SMIME_write_PKCS7(out, p7, in, flags);
 		else if(outformat == FORMAT_PEM) 

crypto/ebcdic.c

@@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
 }
 
 #else /*CHARSET_EBCDIC*/
-#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
+#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
 static void *dummy=&dummy;
 #endif
 #endif

crypto/pem/pem2.h

@@ -61,7 +61,9 @@
 extern "C" {
 #endif
 
+#ifndef HEADER_PEM_H
 void ERR_load_PEM_strings(void);
+#endif
 
 #ifdef __cplusplus
 }

crypto/perlasm/x86nasm.pl

@@ -209,7 +209,7 @@ sub using486
 
 sub main'file
 	{
-	push(@out, "segment .text\n");
+	push(@out, "segment .text use32\n");
 	}
 
 sub main'function_begin

crypto/pkcs12/pkcs12.h

@@ -141,8 +141,8 @@ union {
 #define PKCS12_ERROR	0
 #define PKCS12_OK	1
 
-#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
-#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
+#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
 #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
 
 #define M_PKCS12_x5092certbag(x509) \

doc/apps/crl2pkcs7.pod

@@ -6,12 +6,13 @@ crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
 
 =head1 SYNOPSIS
 
-B<openssl> B<pkcs7>
+B<openssl> B<crl2pkcs7>
 [B<-inform PEM|DER>]
 [B<-outform PEM|DER>]
 [B<-in filename>]
 [B<-out filename>]
-[B<-print_certs>]
+[B<-certfile filename>]
+[B<-nocrl>]
 
 =head1 DESCRIPTION
 

doc/crypto/DH_get_ex_new_index.pod

@@ -26,7 +26,7 @@ as described in L<RSA_get_ex_new_index(3)>.
 
 =head1 SEE ALSO
 
-L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
 
 =head1 HISTORY
 

doc/crypto/EVP_DigestInit.pod

@@ -192,7 +192,7 @@ in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
 
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
 L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 

doc/crypto/EVP_SignInit.pod

@@ -75,7 +75,7 @@ L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
 L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 

doc/crypto/EVP_VerifyInit.pod

@@ -62,7 +62,7 @@ L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
 L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 

doc/crypto/err.pod

@@ -172,7 +172,7 @@ ERR_get_string_table(void) respectively.
 =head1 SEE ALSO
 
 L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
-L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
+L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
 L<ERR_get_error(3)|ERR_get_error(3)>,
 L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
 L<ERR_clear_error(3)|ERR_clear_error(3)>,

doc/crypto/rsa.pod

@@ -111,7 +111,7 @@ L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
 L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
 L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
 L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
+L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
 L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
 
 =cut

doc/ssl/SSL_CTX_sess_set_cache_size.pod

@@ -27,7 +27,7 @@ case is the size 0, which is used for unlimited size.
 
 When the maximum number of sessions is reached, no more new sessions are
 added to the cache. New space may be added by calling
-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> to remove
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove
 expired sessions.
 
 If the size of the session cache is reduced and more sessions are already
@@ -46,6 +46,6 @@ SSL_CTX_sess_get_cache_size() returns the currently valid size.
 L<ssl(3)|ssl(3)>,
 L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
 L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
 
 =cut

doc/ssl/SSL_CTX_sess_set_get_cb.pod

@@ -79,7 +79,7 @@ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
 
 L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
 L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
 
 =cut

doc/ssl/SSL_CTX_set_options.pod

@@ -35,7 +35,7 @@ operation (|). Options can only be added but can never be reset.
 SSL_CTX_set_options() and SSL_set_options() affect the (external)
 protocol behaviour of the SSL library. The (internal) behaviour of
 the API can be changed by using the similar
-L<SSL_CTX_set_modes(3)|SSL_CTX_set_modes(3)> and SSL_set_modes() functions.
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
 
 During a handshake, the option settings of the SSL object are used. When
 a new SSL object is created from a context using SSL_new(), the current

ms/do_masm.bat

@@ -3,54 +3,54 @@ echo Generating x86 for MASM assember
 
 echo Bignum
 cd crypto\bn\asm
-perl x86.pl win32 > bn-win32.asm
+perl x86.pl win32 > bn_win32.asm
 cd ..\..\..
 
 echo DES
 cd crypto\des\asm
-perl des-586.pl win32 > d-win32.asm
+perl des-586.pl win32 > d_win32.asm
 cd ..\..\..
 
 echo "crypt(3)"
 
 cd crypto\des\asm
-perl crypt586.pl win32 > y-win32.asm
+perl crypt586.pl win32 > y_win32.asm
 cd ..\..\..
 
 echo Blowfish
 
 cd crypto\bf\asm
-perl bf-586.pl win32 > b-win32.asm
+perl bf-586.pl win32 > b_win32.asm
 cd ..\..\..
 
 echo CAST5
 cd crypto\cast\asm
-perl cast-586.pl win32 > c-win32.asm
+perl cast-586.pl win32 > c_win32.asm
 cd ..\..\..
 
 echo RC4
 cd crypto\rc4\asm
-perl rc4-586.pl win32 > r4-win32.asm
+perl rc4-586.pl win32 > r4_win32.asm
 cd ..\..\..
 
 echo MD5
 cd crypto\md5\asm
-perl md5-586.pl win32 > m5-win32.asm
+perl md5-586.pl win32 > m5_win32.asm
 cd ..\..\..
 
 echo SHA1
 cd crypto\sha\asm
-perl sha1-586.pl win32 > s1-win32.asm
+perl sha1-586.pl win32 > s1_win32.asm
 cd ..\..\..
 
 echo RIPEMD160
 cd crypto\ripemd\asm
-perl rmd-586.pl win32 > rm-win32.asm
+perl rmd-586.pl win32 > rm_win32.asm
 cd ..\..\..
 
 echo RC5\32
 cd crypto\rc5\asm
-perl rc5-586.pl win32 > r5-win32.asm
+perl rc5-586.pl win32 > r5_win32.asm
 cd ..\..\..
 
 echo on

ms/do_nasm.bat

@@ -4,54 +4,54 @@ echo Generating x86 for NASM assember
 
 echo Bignum
 cd crypto\bn\asm
-perl x86.pl win32n > bn-win32.asm
+perl x86.pl win32n > bn_win32.asm
 cd ..\..\..
 
 echo DES
 cd crypto\des\asm
-perl des-586.pl win32n > d-win32.asm
+perl des-586.pl win32n > d_win32.asm
 cd ..\..\..
 
 echo "crypt(3)"
 
 cd crypto\des\asm
-perl crypt586.pl win32n > y-win32.asm
+perl crypt586.pl win32n > y_win32.asm
 cd ..\..\..
 
 echo Blowfish
 
 cd crypto\bf\asm
-perl bf-586.pl win32n > b-win32.asm
+perl bf-586.pl win32n > b_win32.asm
 cd ..\..\..
 
 echo CAST5
 cd crypto\cast\asm
-perl cast-586.pl win32n > c-win32.asm
+perl cast-586.pl win32n > c_win32.asm
 cd ..\..\..
 
 echo RC4
 cd crypto\rc4\asm
-perl rc4-586.pl win32n > r4-win32.asm
+perl rc4-586.pl win32n > r4_win32.asm
 cd ..\..\..
 
 echo MD5
 cd crypto\md5\asm
-perl md5-586.pl win32n > m5-win32.asm
+perl md5-586.pl win32n > m5_win32.asm
 cd ..\..\..
 
 echo SHA1
 cd crypto\sha\asm
-perl sha1-586.pl win32n > s1-win32.asm
+perl sha1-586.pl win32n > s1_win32.asm
 cd ..\..\..
 
 echo RIPEMD160
 cd crypto\ripemd\asm
-perl rmd-586.pl win32n > rm-win32.asm
+perl rmd-586.pl win32n > rm_win32.asm
 cd ..\..\..
 
 echo RC5\32
 cd crypto\rc5\asm
-perl rc5-586.pl win32n > r5-win32.asm
+perl rc5-586.pl win32n > r5_win32.asm
 cd ..\..\..
 
 echo on
@@ -62,6 +62,7 @@ rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
 perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak
 perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak
 perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak
+perl util\mk1mf.pl nasm BC-NT >ms\bcb.mak
 
 perl util\mkdef.pl 16 libeay > ms\libeay16.def
 perl util\mkdef.pl 32 libeay > ms\libeay32.def

ssl/s2_lib.c

@@ -76,7 +76,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
+	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+	0,
 	0,
 	0,
 	SSL_ALL_CIPHERS,
@@ -196,6 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL,
 	SSL2_CK_NULL,
 	0,
+	SSL_STRONG_NONE,
 	0,
 	0,
 	0,

ssl/s3_enc.c

@@ -368,11 +368,17 @@ int ssl3_setup_key_block(SSL *s)
 		 */
 		s->s3->need_empty_fragments = 1;
 
+ 		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+ 				s->s3->need_empty_fragments = 0;
+ 			
 #ifndef NO_RC4
-		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
+ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
  				s->s3->need_empty_fragments = 0;
 #endif
  			}
+ 		}
 		
 	return(1);
 err:

ssl/s3_lib.c

@@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_RSA_NULL_MD5,
 	SSL3_CK_RSA_NULL_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_RSA_NULL_SHA,
 	SSL3_CK_RSA_NULL_SHA,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_NULL_SHA,
 	SSL3_CK_FZA_DMS_NULL_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_FZA_SHA,
 	SSL3_CK_FZA_DMS_FZA_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,

ssl/ssl_locl.h

@@ -283,16 +283,17 @@
 #define SSL_NOT_EXP		0x00000001L
 #define SSL_EXPORT		0x00000002L
 
-#define SSL_STRONG_MASK		0x0000007cL
-#define SSL_EXP40		0x00000004L
+#define SSL_STRONG_MASK		0x000000fcL
+#define SSL_STRONG_NONE		0x00000004L
+#define SSL_EXP40		0x00000008L
 #define SSL_MICRO		(SSL_EXP40)
-#define SSL_EXP56		0x00000008L
+#define SSL_EXP56		0x00000010L
 #define SSL_MINI		(SSL_EXP56)
-#define SSL_LOW			0x00000010L
-#define SSL_MEDIUM		0x00000020L
-#define SSL_HIGH		0x00000040L
+#define SSL_LOW			0x00000020L
+#define SSL_MEDIUM		0x00000040L
+#define SSL_HIGH		0x00000080L
 
-/* we have used 0000007f - 25 bits left to go */
+/* we have used 000000ff - 24 bits left to go */
 
 /*
  * Macros to check the export status and cipher strength for export ciphers.

ssl/t1_enc.c

@@ -440,11 +440,17 @@ printf("\nkey block\n");
 		 */
 		s->s3->need_empty_fragments = 1;
 
+		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+				s->s3->need_empty_fragments = 0;
+			
 #ifndef NO_RC4
-		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
 				s->s3->need_empty_fragments = 0;
 #endif
 			}
+		}
 		
 	return(1);
 err:

util/mk1mf.pl

@@ -98,7 +98,7 @@ $out_def="out";
 $inc_def="outinc";
 $tmp_def="tmp";
 
-$mkdir="mkdir";
+$mkdir="-mkdir";
 
 ($ssl,$crypto)=("ssl","crypto");
 $RSAglue="RSAglue";

util/pl/BC-32.pl

@@ -65,24 +65,24 @@ $bf_enc_src='';
 
 if (!$no_asm)
 	{
-	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
-	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
-	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
-	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
-	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
-	$bf_enc_src='crypto\bf\asm\b-win32.asm';
-	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
-	$cast_enc_src='crypto\cast\asm\c-win32.asm';
-	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
-	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
-	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
-	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
-	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
-	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
-	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
-	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
-	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
-	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
+	$bn_mulw_src='crypto\bn\asm\bn_win32.asm';
+	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
 	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
 	}
 

util/pl/VC-32.pl

@@ -67,24 +67,24 @@ $bf_enc_src='';
 
 if (!$no_asm)
 	{
-	$bn_asm_obj='crypto\bn\asm\bn-win32.obj';
-	$bn_asm_src='crypto\bn\asm\bn-win32.asm';
-	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
-	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
-	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
-	$bf_enc_src='crypto\bf\asm\b-win32.asm';
-	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
-	$cast_enc_src='crypto\cast\asm\c-win32.asm';
-	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
-	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
-	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
-	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
-	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
-	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
-	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
-	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
-	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
-	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$bn_asm_obj='crypto\bn\asm\bn_win32.obj';
+	$bn_asm_src='crypto\bn\asm\bn_win32.asm';
+	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
 	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
 	}