The rest of the merge in of the main trunk, a few conflicts resolved.

Configure

@@ -221,12 +221,21 @@ my %table=(
 #   crypto/sha/sha_lcl.h.
 #					<appro@fy.chalmers.se>
 #
-"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
 
+# More attempts at unified 10.X and 11.X targets for HP C compiler.
+#
+# Chris Ruemmler <ruemmler@cup.hp.com>
+# Kevin Steves <ks@hp.se>
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dl",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.

README

 
- OpenSSL 0.9.6-beta1 [engine] 11 Sep 2000
+ OpenSSL 0.9.6-beta2 [engine] 17 Sep 2000
 
  Copyright (c) 1998-2000 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

TABLE

@@ -1162,11 +1162,11 @@ $shared_cflag =
 
 *** hpux-parisc-cc
 $cc           = cc
-$cflags       = -Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
 $unistd       = 
-$thread_cflag = 
-$lflags       = -ldld
-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$thread_cflag = -D_REENTRANT
+$lflags       = -ldl
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -1220,6 +1220,46 @@ $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 
+*** hpux-parisc1_1-cc
+$cc           = cc
+$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$lflags       = -ldl
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= 
+$shared_cflag = 
+
+*** hpux-parisc2-cc
+$cc           = cc
+$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/pa-risc2.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= 
+$shared_cflag = 
+
 *** hpux10-brokencc
 $cc           = cc
 $cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
@@ -1320,6 +1360,26 @@ $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 
+*** hpux64-parisc2-cc
+$cc           = cc
+$cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/pa-risc2W.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= 
+$shared_cflag = 
+
 *** irix-cc
 $cc           = cc
 $cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN

apps/apps.c

@@ -662,7 +662,7 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
 
 	if      (format == FORMAT_PEM)
 		{
-		othercerts = sk_X509_new(NULL);
+		othercerts = sk_X509_new_null();
 		if(!othercerts)
 			{
 			sk_X509_free(othercerts);

apps/crl2p7.c

@@ -141,7 +141,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if(!certflst) certflst = sk_new(NULL);
+			if(!certflst) certflst = sk_new_null();
 			sk_push(certflst,*(++argv));
 			}
 		else
@@ -215,7 +215,7 @@ bad:
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
 
 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
+	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
@@ -223,7 +223,7 @@ bad:
 		crl=NULL; /* now part of p7 for OPENSSL_freeing */
 		}
 
-	if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
+	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
 	p7s->cert=cert_stack;
 
 	if(certflst) for(i = 0; i < sk_num(certflst); i++) {

apps/dgst.c

@@ -307,7 +307,7 @@ int MAIN(int argc, char **argv)
 		}
 		siglen = BIO_read(sigbio, sigbuf, siglen);
 		BIO_free(sigbio);
-		if(siglen <= 0) {
+		if(siglen == 0) {
 			BIO_printf(bio_err, "Error reading signature file %s\n",
 								sigfile);
 			ERR_print_errors(bio_err);

apps/nseq.c

@@ -123,7 +123,7 @@ int MAIN(int argc, char **argv)
 
 	if (toseq) {
 		seq = NETSCAPE_CERT_SEQUENCE_new();
-		seq->certs = sk_X509_new(NULL);
+		seq->certs = sk_X509_new_null();
 		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
 		    sk_X509_push(seq->certs,x509);
 

apps/pkcs12.c

@@ -200,7 +200,7 @@ int MAIN(int argc, char **argv)
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
-			if (!canames) canames = sk_new(NULL);
+			if (!canames) canames = sk_new_null();
 			sk_push(canames, *args);
 		    } else badarg = 1;
 		} else if (!strcmp (*args, "-in")) {
@@ -427,7 +427,7 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("reading certs from input");
 #endif
 
-	certs = sk_X509_new(NULL);
+	certs = sk_X509_new_null();
 
 	/* Load in all certs in input file */
 	if(!cert_load(in, certs)) {
@@ -459,7 +459,7 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("reading certs from certfile");
 #endif
 
-	bags = sk_PKCS12_SAFEBAG_new (NULL);
+	bags = sk_PKCS12_SAFEBAG_new_null ();
 
 	/* Add any more certificates asked for */
 	if (certsin) {
@@ -550,7 +550,7 @@ int MAIN(int argc, char **argv)
 		goto export_end;
 	}
 
-	safes = sk_PKCS7_new (NULL);
+	safes = sk_PKCS7_new_null ();
 	sk_PKCS7_push (safes, authsafe);
 
 #ifdef CRYPTO_MDEBUG
@@ -566,7 +566,7 @@ int MAIN(int argc, char **argv)
 	p8 = NULL;
         if (name) PKCS12_add_friendlyname (bag, name, -1);
 	PKCS12_add_localkeyid (bag, keyid, keyidlen);
-	bags = sk_PKCS12_SAFEBAG_new(NULL);
+	bags = sk_PKCS12_SAFEBAG_new_null();
 	sk_PKCS12_SAFEBAG_push (bags, bag);
 
 #ifdef CRYPTO_MDEBUG

crypto/asn1/a_set.c

@@ -158,7 +158,7 @@ STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 	STACK *ret=NULL;
 
 	if ((a == NULL) || ((*a) == NULL))
-		{ if ((ret=sk_new(NULL)) == NULL) goto err; }
+		{ if ((ret=sk_new_null()) == NULL) goto err; }
 	else
 		ret=(*a);
 

crypto/bn/asm/README

@@ -15,9 +15,9 @@ On the 2 alpha C compilers I had access to, it was not possible to do
 were 64 bits).  So the hand assember gives access to the 128 bit result and
 a 2 times speedup :-).
 
-There are 2 versions of assember for the HP PA-RISC.
-pa-risc.s is the origional one which works fine.
-pa-risc2.s is a new version that often generates warnings but if the
-tests pass, it gives performance that is over 2 times faster than
-pa-risc.s.
-Both were generated using gcc :-)
+There are 3 versions of assember for the HP PA-RISC.
+
+pa-risc.s is the origional one which works fine and generated using gcc :-)
+
+pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
+by Chris Ruemmler from HP (with some help from the HP C compiler).

crypto/dso/dso_lib.c

@@ -107,8 +107,8 @@ DSO *DSO_new_method(DSO_METHOD *meth)
 		return(NULL);
 		}
 	memset(ret, 0, sizeof(DSO));
-	ret->meth_data = sk_new(NULL);
-	if((ret->meth_data = sk_new(NULL)) == NULL)
+	ret->meth_data = sk_new_null();
+	if((ret->meth_data = sk_new_null()) == NULL)
 		{
 		/* sk_new doesn't generate any errors so we do */
 		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);

crypto/opensslv.h

@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00906001L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6-beta1 [engine] 11 Sep 2000"
+#define OPENSSL_VERSION_NUMBER	0x00906002L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6-beta2 [engine] 17 Sep 2000"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 

crypto/pkcs12/p12_attr.c

@@ -87,13 +87,13 @@ int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name,
 		return 0;
 	}
 	attrib->object = OBJ_nid2obj(NID_localKeyID);
-	if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+	if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	sk_ASN1_TYPE_push (attrib->value.set,keyid);
 	attrib->set = 1;
-	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
+	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
@@ -129,14 +129,14 @@ int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage)
 		return 0;
 	}
 	attrib->object = OBJ_nid2obj(NID_key_usage);
-	if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+	if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
 		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	sk_ASN1_TYPE_push (attrib->value.set,keyid);
 	attrib->set = 1;
 	if (!p8->attributes
-	    && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) {
+	    && !(p8->attributes = sk_X509_ATTRIBUTE_new_null ())) {
 		PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
@@ -195,14 +195,14 @@ int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag,
 		return 0;
 	}
 	attrib->object = OBJ_nid2obj(NID_friendlyName);
-	if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) {
+	if (!(attrib->value.set = sk_ASN1_TYPE_new_null())) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME,
 							ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	sk_ASN1_TYPE_push (attrib->value.set,fname);
 	attrib->set = 1;
-	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) {
+	if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new_null ())) {
 		PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,
 							ERR_R_MALLOC_FAILURE);
 		return 0;

crypto/pkcs12/p12_crt.c

@@ -88,7 +88,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
 	if(!X509_check_private_key(cert, pkey)) return NULL;
 
-	if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {
+	if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -123,7 +123,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
 	if (!authsafe) return NULL;
 
-	if(!(safes = sk_PKCS7_new (NULL))
+	if(!(safes = sk_PKCS7_new_null ())
 	   || !sk_PKCS7_push(safes, authsafe)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;
@@ -137,7 +137,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 	PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
 	if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-	if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))
+	if(!(bags = sk_PKCS12_SAFEBAG_new_null())
 	   || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
 		PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
 		return NULL;

crypto/pkcs12/p12_npas.c

@@ -114,7 +114,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 	unsigned int maclen;
 
 	if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0;
-	if(!(newsafes = sk_PKCS7_new(NULL))) return 0;
+	if(!(newsafes = sk_PKCS7_new_null())) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value(asafes, i);
 		bagnid = OBJ_obj2nid(p7->type);

crypto/pkcs7/pk7_doit.c

@@ -909,7 +909,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
 
 	if (*sk == NULL)
 		{
-		*sk = sk_X509_ATTRIBUTE_new(NULL);
+		*sk = sk_X509_ATTRIBUTE_new_null();
 new_attrib:
 		attr=X509_ATTRIBUTE_create(nid,atrtype,value);
 		sk_X509_ATTRIBUTE_push(*sk,attr);

crypto/pkcs7/pk7_mime.c

@@ -372,7 +372,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 	part = 0;
 	state = 0;
 	first = 1;
-	parts = sk_BIO_new(NULL);
+	parts = sk_BIO_new_null();
 	*ret = parts;
 	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
 		state = mime_bound_check(linebuf, len, bound, blen);

crypto/pkcs7/pk7_smime.c

@@ -111,7 +111,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 		/* Add SMIMECapabilities */
 		if(!(flags & PKCS7_NOSMIMECAP))
 		{
-		if(!(smcap = sk_X509_ALGOR_new(NULL))) {
+		if(!(smcap = sk_X509_ALGOR_new_null())) {
 			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
 			return NULL;
 		}
@@ -285,7 +285,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
 		return NULL;
 	}
-	if(!(signers = sk_X509_new(NULL))) {
+	if(!(signers = sk_X509_new_null())) {
 		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}

crypto/rand/rand_win.c

@@ -169,6 +169,12 @@ typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
 typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
 typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 
+#include <lmcons.h>
+#include <lmstats.h>
+typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
+        (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*);
+typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
+
 int RAND_poll(void)
 {
 	MEMORYSTATUS m;
@@ -177,15 +183,71 @@ int RAND_poll(void)
 	DWORD w;
 	HWND h;
 
-	HMODULE advapi, kernel, user;
+	HMODULE advapi, kernel, user, netapi;
 	CRYPTACQUIRECONTEXT acquire;
 	CRYPTGENRANDOM gen;
 	CRYPTRELEASECONTEXT release;
+	NETSTATGET netstatget;
+	NETFREE netfree;
 
 	/* load functions dynamically - not available on all systems */
 	advapi = GetModuleHandle("ADVAPI32.DLL");
 	kernel = GetModuleHandle("KERNEL32.DLL");
 	user = GetModuleHandle("USER32.DLL");
+	netapi = GetModuleHandle("NETAPI32.DLL");
+
+	if (netapi)
+		{
+		netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
+		netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+		}
+
+	if (netstatget && netfree)
+		{
+		LPBYTE outbuf;
+		/* NetStatisticsGet() is a Unicode only function */
+		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
+			{
+			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 0);
+			netfree(outbuf);
+			}
+		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
+			{
+			RAND_add(outbuf, sizeof(STAT_SERVER_0), 0);
+			netfree(outbuf);
+			}
+		}
+
+	/* Read Performance Statistics from NT/2000 registry */
+	/* The size of the performance data can vary from call to call */
+	/* so we must guess the size of the buffer to use and increase */
+	/* its size if we get an ERROR_MORE_DATA return instead of     */
+	/* ERROR_SUCCESS.                                              */
+	{
+	LONG   rc=ERROR_MORE_DATA;
+	char * buf=NULL;
+	DWORD bufsz=0;
+	DWORD length;
+
+	while (rc == ERROR_MORE_DATA)
+		{
+		buf = realloc(buf,bufsz+8192);
+		if (!buf)
+			break;
+		bufsz += 8192;
+
+		length = bufsz;
+		rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+			NULL, NULL, buf, &length);
+		}
+	if (rc == ERROR_SUCCESS)
+		{
+		RAND_add(&length, sizeof(length), 0);
+		RAND_add(buf, length, 0);
+		}
+	if ( buf )
+		free(buf);
+	}
 
 	if (advapi)
 		{
@@ -255,17 +317,29 @@ int RAND_poll(void)
 			RAND_add(&h, sizeof(h), 0);
 		}
 
-#if 0
+		if (cursor)
+			{
+			/* unfortunately, its not safe to call GetCursorInfo()
+			 * on NT4 even though it exists in SP3 (or SP6) and
+			 * higher.
+			 */
+			OSVERSIONINFO osverinfo ;
+			osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
+			GetVersionEx( &osverinfo ) ;
+
+			if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+				osverinfo.dwMajorVersion < 5)
+				cursor = 0;
+			}
+
 		if (cursor)
 			{
 			/* cursor position */
-                        PCURSORINFO p = (PCURSORINFO) buf;
-                        p->cbSize = sizeof(CURSORINFO);
-			if (cursor(p))
-				RAND_add(p+sizeof(p->cbSize),
-					p->cbSize-sizeof(p->cbSize), 0);
+			CURSORINFO ci;
+			ci.cbSize = sizeof(CURSORINFO);
+			if (cursor(&ci))
+				RAND_add(&ci, ci.cbSize, 0);
 			}
-#endif
 
 		if (queue)
 			{
@@ -277,7 +351,7 @@ int RAND_poll(void)
 
 	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
 	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
-	 * (Win 9x only, not available on NT)
+	 * (Win 9x and 2000 only, not available on NT)
 	 *
 	 * This seeding method was proposed in Peter Gutmann, Software
 	 * Generation of Practically Strong Random Numbers,

crypto/x509v3/v3_akey.c

@@ -224,7 +224,7 @@ if((issuer && !ikeyid) || (issuer == 2)) {
 if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
 
 if(isname) {
-	if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new())
+	if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
 		|| !sk_GENERAL_NAME_push(gens, gen)) {
 		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
 		goto err;

crypto/x509v3/v3_alt.c

@@ -160,7 +160,7 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
 	STACK_OF(GENERAL_NAME) *gens = NULL;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+	if(!(gens = sk_GENERAL_NAME_new_null())) {
 		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -225,7 +225,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
 	STACK_OF(GENERAL_NAME) *gens = NULL;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+	if(!(gens = sk_GENERAL_NAME_new_null())) {
 		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -304,7 +304,7 @@ STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 	STACK_OF(GENERAL_NAME) *gens = NULL;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+	if(!(gens = sk_GENERAL_NAME_new_null())) {
 		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}

crypto/x509v3/v3_crld.c

@@ -109,7 +109,7 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 	GENERAL_NAME *gen = NULL;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
+	if(!(crld = sk_DIST_POINT_new_null())) goto merr;
 	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
 		DIST_POINT *point;
 		cnf = sk_CONF_VALUE_value(nval, i);

crypto/x509v3/v3_extku.c

@@ -129,7 +129,7 @@ ASN1_OBJECT *objtmp;
 CONF_VALUE *val;
 int i;
 
-if(!(extku = sk_ASN1_OBJECT_new(NULL))) {
+if(!(extku = sk_ASN1_OBJECT_new_null())) {
 	X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
 	return NULL;
 }

crypto/x509v3/v3_genn.c

@@ -220,7 +220,7 @@ void GENERAL_NAME_free(GENERAL_NAME *a)
 
 STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
 {
-	return sk_GENERAL_NAME_new(NULL);
+	return sk_GENERAL_NAME_new_null();
 }
 
 void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)

crypto/x509v3/v3_info.c

@@ -119,7 +119,7 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
 	ACCESS_DESCRIPTION *acc;
 	int i, objlen;
 	char *objtmp, *ptmp;
-	if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
+	if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
 		X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
@@ -209,7 +209,7 @@ void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
 
 STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
 {
-	return sk_ACCESS_DESCRIPTION_new(NULL);
+	return sk_ACCESS_DESCRIPTION_new_null();
 }
 
 void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)

crypto/x509v3/v3_utl.c

@@ -80,7 +80,7 @@ int X509V3_add_value(const char *name, const char *value,
 	if(name && !(tname = BUF_strdup(name))) goto err;
 	if(value && !(tvalue = BUF_strdup(value))) goto err;;
 	if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
-	if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err;
+	if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
 	vtmp->section = NULL;
 	vtmp->name = tname;
 	vtmp->value = tvalue;

doc/crypto/BIO_s_fd.pod

@@ -20,6 +20,20 @@ BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
 BIO_s_fd() returns the file descriptor BIO method. This is a wrapper
 round the platforms file descriptor routines such as read() and write().
 
+BIO_read() and BIO_write() read or write the underlying descriptor.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then then close() is called on the underlying
+file descriptor when the BIO is freed.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using lseek(fd, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using lseek(fd, ofs, 0).
+
+BIO_tell() returns the current file position by calling lseek(fd, 0, 1).
+
 BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
 flag to B<c>.
 
@@ -31,15 +45,6 @@ BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
 
 =head1 NOTES
 
-If the close flag is set then then close() is called on the underlying
-file descriptor when the BIO is freed.
-
-BIO_reset() attempts to change the file pointer to the start of file
-using lseek(fd, 0, 0).
-
-BIO_read() and BIO_write() read or write the underlying descriptor.
-BIO_puts() is supported but BIO_gets() is not.
-
 The behaviour of BIO_read() and BIO_write() depends on the behavior of the
 platforms read() and write() calls on the descriptor. If the underlying 
 file descriptor is in a non blocking mode then the BIO will behave in the
@@ -53,6 +58,11 @@ instead.
 
 BIO_s_fd() returns the file descriptor BIO method.
 
+BIO_reset() returns zero for success and -1 if an error occurred.
+BIO_seek() and BIO_tell() return the current file position or -1
+is an error occurred. These values reflect the underlying lseek()
+behaviour.
+
 BIO_set_fd() always returns 1.
 
 BIO_get_fd() returns the file descriptor or -1 if the BIO has not

doc/crypto/BIO_s_file.pod

@@ -28,6 +28,23 @@ BIO_s_file() returns the BIO file method. As its name implies it
 is a wrapper round the stdio FILE structure and it is a
 source/sink BIO.
 
+Calls to BIO_read() and BIO_write() read and write data to the
+underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.
+
+BIO_flush() on a file BIO calls the fflush() function on the wrapped
+stream.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using fseek(stream, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using lseek(stream, ofs, 0).
+
+BIO_eof() calls feof().
+
+Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO
+is freed.
+
 BIO_new_file() creates a new file BIO with mode B<mode> the meaning
 of B<mode> is the same as the stdio function fopen(). The BIO_CLOSE
 flag is set on the returned BIO.
@@ -42,26 +59,17 @@ meaning as in BIO_new_fp(), it is a macro.
 
 BIO_get_fp() retrieves the fp of a file BIO, it is a macro.
 
+BIO_seek() is a macro that sets the position pointer to B<offset> bytes
+from the start of file.
+
+BIO_tell() returns the value of the position pointer.
+
 BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
 BIO_rw_filename() set the file BIO B<b> to use file B<name> for
 reading, writing, append or read write respectively.
 
 =head1 NOTES
 
-Calls to BIO_read() and BIO_write() read and write data to the
-underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.
-
-BIO_flush() on a file BIO calls the fflush() function on the wrapped
-stream.
-
-BIO_reset() on a file BIO calls fseek() to reset the position indicator
-to the start of the file.
-
-BIO_eof() calls feof().
-
-Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO
-is freed.
-
 When wrapping stdout, stdin or stderr the underlying stream should not
 normally be closed so the BIO_NOCLOSE flag should be set.
 
@@ -111,6 +119,11 @@ occurred.
 BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
 (although the current implementation never return 0).
 
+BIO_seek() returns the same value as the underlying fseek() function:
+0 for success or -1 for failure.
+
+BIO_tell() returns the current file position.
+
 BIO_read_filename(), BIO_write_filename(),  BIO_append_filename() and
 BIO_rw_filename() return 1 for success or 0 for failure.
 

ssl/ssl_cert.c

@@ -589,7 +589,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 	X509_NAME *xn=NULL;
 	STACK_OF(X509_NAME) *ret,*sk;
 
-	ret=sk_X509_NAME_new(NULL);
+	ret=sk_X509_NAME_new_null();
 	sk=sk_X509_NAME_new(xname_cmp);
 
 	in=BIO_new(BIO_s_file_internal());

ssl/ssl_ciph.c

@@ -799,7 +799,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 * Allocate new "cipherstack" for the result, return with error
 	 * if we cannot get one.
 	 */
-	if ((cipherstack = sk_SSL_CIPHER_new(NULL)) == NULL)
+	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
 		{
 		OPENSSL_free(list);
 		return(NULL);

ssl/ssl_lib.c

@@ -1036,7 +1036,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
 		return(NULL);
 		}
 	if ((skp == NULL) || (*skp == NULL))
-		sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
+		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
 	else
 		{
 		sk= *skp;