or bogus DH parameters can be used for launching DOS attacks

explicitely noted that 64-bit SPARCv9 ABI is not officially supported
by GCC 3.0 (support is scheduled for 3.1 release), but it appears to
work, at the very least 'make test' passes...

Submitted by: Travis Vitek <vitek@roguewave.com>

  possible problems.
- New file breakage.c handles (so far) missing functions.
- Get rid of some signed/unsigned/const warnings thanks to solaris-cc
- Add autoconf/automake input files, and helper scripts to populate missing
  (but auto-generated) files.

This change adds a configure.in and Makefile.am to build everything using
autoconf, automake, and libtool - and adds "gunk" scripts to generate the
various files those things need (and clean then up again after). This means
that "autogunk.sh" needs to be run first on a system with the autotools,
but the resulting directory should be "configure"able and compilable on
systems without those tools.

OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).

His comments are:

This patch fixes the problem of modern Kerberos using "derived keys"
to encrypt the authenticator by disabling the authenticator check
for all derived keys enctypes.

I think I've got all the bugfixes that Jeffrey and I discussed rolled
into this.  There were some problems with Jeffrey's code to convert
the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900;
it helps to have an actual decryptable authenticator to play with).
So I've shamelessly pushed in my code, while stealing some bits from
Jeffrey.

does not contain more bytes than the RSA modulus 'n' - it does not check
that the input is strictly *less* than 'n'. Whether this should be the
case or not is open to debate - however, due to security problems with
returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
rsa_eay.c now performs a public-key exponentiation to verify the CRT result
and in the event of an error will instead recalculate and return a non-CRT
(more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
to the mod_exp of 'I mod n', and the verify result is automatically between
0 and n-1 inclusive, the verify only matches the input if 'I' was less than
'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
they differ by a multiple of 'n'). Rather than rejecting correct
calculations and doing redundant and slower ones instead, this changes the
equality check in the verification code to a congruence check.

Allow OCSP server to handle multiple requests.

Document new OCSP options.

Initial OCSP server support, using index.txt format.

This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.

Submitted by Jeffrey Altman <jaltman@columbia.edu>

decompression.  It can be set up to link at link time or to load the
zlib library at run-time.

certificate so need to match its subject with the certificate IDs in the
response.

Note that since some private kssl functions were exported, the
simplest way to rebuild the number table was to toss everything that
was new since OpenSSL 0.9.6b.  This is safe, since those functions
have not yet been exported in an OpenSSL release.  Beware, people who
trust intermediary snapshots!

them to one that won't get exported.

His comments are:

 . adds use of replay cache to protect against replay attacks

 . adds functions kssl_tgt_is_available() and
   kssl_keytab_is_available() which are used within s3_lib.c
   and ssl_lib.c to determine at runtime whether or not
   KRB5 ciphers can be supported during the current session.

things), especially as the RSA keys are fixed. However, DSA only fixes the
DSA parameters and then generates the public and private components on the
fly each time - this commit hard-codes some sampled key values so that this
is no longer the case.