Merge in fixes from 0.9.6-stable.

11 files changed, 110 insertions, 70 deletions

diff --git a/CHANGES b/CHANGES
index 96fbadd4d8..13c729abb3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
 
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     [Bodo Moeller]
+
   *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
      with des_encrypt() defined on some operating systems, like Solaris
      and UnixWare.
@@ -29,6 +33,10 @@
      (but broken) behaviour.
      [Steve Henson]
 
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
   *) Fix memory leaks in err.c: free err_data string if necessary;
      don't write to the wrong index in ERR_set_error_data.
      [Bodo Moeller]
diff --git a/NEWS b/NEWS
index 794f903822..b9ea61239f 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@
       o Security fix: prevent Bleichenbacher's DSA attack.
       o Security fix: Zero the premaster secret after deriving the
         master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
       o Compatibility fix: the function des_encrypt() renamed to
         des_encrypt1() to avoid clashes with some Unixen libc.
       o Bug fixes for Win32, HP/UX and Irix.
@@ -26,7 +27,7 @@
       o Add tighter checks of BIGNUM routines.
       o Shared library support has been reworked for generality.
       o More documentation.
-      o New function BN_rand_range()
+      o New function BN_rand_range().
       o Add "-rand" option to openssl s_client and s_server.
 
   Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
diff --git a/apps/s_server.c b/apps/s_server.c
index e545e4d225..eb275e2b6d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1386,15 +1386,30 @@ static int www_body(char *hostname, int s, unsigned char *context)
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 0:
+					dot = (e[0] == '/') ? 1 : 0;
+					break;
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 585a375c48..1885d699ef 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -141,11 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 			}
 		size+=i2d_X509_NAME_ENTRY(ne,NULL);
 		}
-	/* If empty no extra SET OF needed */
-	if (ret)
-		ret+=ASN1_object_size(1,size,V_ASN1_SET);
 	if (fe != NULL)
+		{
+		/* SET OF needed only if entries is non empty */
+		ret+=ASN1_object_size(1,size,V_ASN1_SET);
 		fe->size=size;
+		}
 
 	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
 
diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl
index f054071077..c890766bc9 100644
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
@@ -20,11 +20,11 @@ $L="edi";
 $R="esi";
 
 &external_label("des_SPtrans");
-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);
 &des_encrypt3("des_encrypt3",1);
 &des_encrypt3("des_decrypt3",0);
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
 &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
 
 &asm_finish();
diff --git a/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl
index 77dc5b51cd..84c3e85438 100644
--- a/crypto/des/asm/des686.pl
+++ b/crypto/des/asm/des686.pl
@@ -46,7 +46,7 @@ EOF
 $L="edi";
 $R="esi";
 
-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);
 
 &des_encrypt3("des_encrypt3",1);
diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
index f8529d9307..1beafe253b 100644
--- a/crypto/des/asm/readme
+++ b/crypto/des/asm/readme
@@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-).
 
 The file to implement in assembler is des_enc.c.  Replace the following
 4 functions
-des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
 des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c
index 82b3f29b9b..138ee1c6b4 100644
--- a/crypto/des/des_opts.c
+++ b/crypto/des/des_opts.c
@@ -118,7 +118,7 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt1 des_encrypt_u4_cisc_idx
 #define des_encrypt2 des_encrypt2_u4_cisc_idx
 #define des_encrypt3 des_encrypt3_u4_cisc_idx
 #define des_decrypt3 des_decrypt3_u4_cisc_idx
@@ -130,11 +130,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt1 des_encrypt_u16_cisc_idx
 #define des_encrypt2 des_encrypt2_u16_cisc_idx
 #define des_encrypt3 des_encrypt3_u16_cisc_idx
 #define des_decrypt3 des_decrypt3_u16_cisc_idx
@@ -146,11 +146,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt1 des_encrypt_u4_risc1_idx
 #define des_encrypt2 des_encrypt2_u4_risc1_idx
 #define des_encrypt3 des_encrypt3_u4_risc1_idx
 #define des_decrypt3 des_decrypt3_u4_risc1_idx
@@ -166,11 +166,11 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt1 des_encrypt_u4_risc2_idx
 #define des_encrypt2 des_encrypt2_u4_risc2_idx
 #define des_encrypt3 des_encrypt3_u4_risc2_idx
 #define des_decrypt3 des_decrypt3_u4_risc2_idx
@@ -182,11 +182,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt1 des_encrypt_u16_risc1_idx
 #define des_encrypt2 des_encrypt2_u16_risc1_idx
 #define des_encrypt3 des_encrypt3_u16_risc1_idx
 #define des_decrypt3 des_decrypt3_u16_risc1_idx
@@ -198,11 +198,11 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt1 des_encrypt_u16_risc2_idx
 #define des_encrypt2 des_encrypt2_u16_risc2_idx
 #define des_encrypt3 des_encrypt3_u16_risc2_idx
 #define des_decrypt3 des_decrypt3_u16_risc2_idx
@@ -218,11 +218,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt1 des_encrypt_u4_cisc_ptr
 #define des_encrypt2 des_encrypt2_u4_cisc_ptr
 #define des_encrypt3 des_encrypt3_u4_cisc_ptr
 #define des_decrypt3 des_decrypt3_u4_cisc_ptr
@@ -234,11 +234,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt1 des_encrypt_u16_cisc_ptr
 #define des_encrypt2 des_encrypt2_u16_cisc_ptr
 #define des_encrypt3 des_encrypt3_u16_cisc_ptr
 #define des_decrypt3 des_decrypt3_u16_cisc_ptr
@@ -250,11 +250,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt1 des_encrypt_u4_risc1_ptr
 #define des_encrypt2 des_encrypt2_u4_risc1_ptr
 #define des_encrypt3 des_encrypt3_u4_risc1_ptr
 #define des_decrypt3 des_decrypt3_u4_risc1_ptr
@@ -270,11 +270,11 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt1 des_encrypt_u4_risc2_ptr
 #define des_encrypt2 des_encrypt2_u4_risc2_ptr
 #define des_encrypt3 des_encrypt3_u4_risc2_ptr
 #define des_decrypt3 des_decrypt3_u4_risc2_ptr
@@ -286,11 +286,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt1 des_encrypt_u16_risc1_ptr
 #define des_encrypt2 des_encrypt2_u16_risc1_ptr
 #define des_encrypt3 des_encrypt3_u16_risc1_ptr
 #define des_decrypt3 des_decrypt3_u16_risc1_ptr
@@ -302,11 +302,11 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt1 des_encrypt_u16_risc2_ptr
 #define des_encrypt2 des_encrypt2_u16_risc2_ptr
 #define des_encrypt3 des_encrypt3_u16_risc2_ptr
 #define des_decrypt3 des_decrypt3_u16_risc2_ptr
diff --git a/crypto/des/dess.cpp b/crypto/des/dess.cpp
index 753e67ad9b..5549bab90a 100644
--- a/crypto/des/dess.cpp
+++ b/crypto/des/dess.cpp
@@ -45,19 +45,19 @@ void main(int argc,char *argv[])
 		{
 		for (i=0; i<1000; i++) /**/
 			{
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(s1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e1);
 			GetTSC(s2);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e2);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			}
 
 		printf("des %d %d (%d)\n",
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index cd8fcb67cf..f9cd4f27ce 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -245,7 +245,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
 
 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
diff --git a/test/bctest b/test/bctest
index 6fa0663bb0..b9ef95bf82 100755
--- a/test/bctest
+++ b/test/bctest
@@ -11,8 +11,9 @@
 # running) bc.
 
 
-# Test for SunOS 5.[78] bc bug (or missing bc)
-if [ 0 != "`bc <<\EOF
+# Test for SunOS 5.[78] bc bug
+SunOStest() {
+${1} >tmp.bctest <<\EOF
 obase=16
 ibase=16
 a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
@@ -26,17 +27,18 @@ b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
 8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
 3ED0E2017D60A68775B75481449
 (a/b)*b + (a%b) - a
-EOF`" ]
+EOF
+if [ 0 != "`cat tmp.bctest`" ]
 then
-  echo "bc does not work.  Consider installing GNU bc." >&2
-  echo "cat >/dev/null"
-  exit 1
+  # failure
+  return 1
 fi
+}
 
 
 # Test for SCO bc bug.
-if [ "0
-0" != "`bc <<\EOF
+SCOtest() {
+${1} >tmp.bctest <<\EOF
 obase=16
 ibase=16
 -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
@@ -62,23 +64,36 @@ F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
 9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
 D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
 5296964
-EOF`" ]
+EOF
+if [ "0
+0" != "`cat tmp.bctest`" ]
 then
-  echo "bc does not work.  Consider installing GNU bc." >&2
-  echo "cat >/dev/null"
-  exit 1
+  # failure
+  return 1
 fi
+}
 
 
-# bc works, good.
-# Now check if it knows the 'print' command.
-if [ "OK" = "`bc 2>/dev/null <<\EOF
-print \"OK\"
-EOF`" ]
-then
-    echo "bc"
-else
-    echo "sed 's/print.*//' | bc"
-fi
+IFS=:
+for dir in $PATH; do
+    bc="$dir/bc"
+
+    if [ -x "$bc" -a ! -d "$bc" ]; then
+        if SunOStest "$bc" && SCOtest "$bc"; then
+            # bc works; now check if it knows the 'print' command.
+            if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
+            then
+                echo "$bc"
+            else
+                echo "sed 's/print.*//' | $bc"
+            fi
+            exit 0
+        fi
+
+        echo "$bc does not work properly.  Looking for another bc ..." >&2
+    fi
+done
 
-exit 0
+echo "No working bc found.  Consider installing GNU bc." >&2
+echo "cat >/dev/null"
+exit 1