aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2006-07-29 19:10:21 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2006-07-29 19:10:21 +0000
commit3b4e3dcb9f42dc9f4f864acf804677d7a3e0c233 (patch)
tree213a0c4d5ba3869f66ecf970819532048fed4a9d
parenta37fa6607ab9ce4dac1c683442960508178fd371 (diff)
downloadsrc-3b4e3dcb9f42dc9f4f864acf804677d7a3e0c233.tar.gz
src-3b4e3dcb9f42dc9f4f864acf804677d7a3e0c233.zip
Vendor import of OpenSSL 0.9.8b
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=160814
-rw-r--r--crypto/openssl/CHANGES1080
-rw-r--r--crypto/openssl/ChangeLog.0_9_7-stable_not-in-head163
-rw-r--r--crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS1494
-rwxr-xr-xcrypto/openssl/Configure982
-rw-r--r--crypto/openssl/FAQ150
-rw-r--r--crypto/openssl/INSTALL32
-rw-r--r--crypto/openssl/LICENSE2
-rw-r--r--crypto/openssl/Makefile748
-rw-r--r--crypto/openssl/Makefile.org752
-rw-r--r--crypto/openssl/Makefile.shared603
-rw-r--r--crypto/openssl/NEWS121
-rw-r--r--crypto/openssl/PROBLEMS98
-rw-r--r--crypto/openssl/README29
-rwxr-xr-xcrypto/openssl/apps/CA.pl53
-rw-r--r--crypto/openssl/apps/CA.pl.in53
-rw-r--r--crypto/openssl/apps/CA.sh31
-rw-r--r--crypto/openssl/apps/Makefile1291
-rw-r--r--crypto/openssl/apps/apps.c456
-rw-r--r--crypto/openssl/apps/apps.h23
-rw-r--r--crypto/openssl/apps/asn1pars.c123
-rw-r--r--crypto/openssl/apps/ca.c389
-rw-r--r--crypto/openssl/apps/ciphers.c4
-rw-r--r--crypto/openssl/apps/crl.c12
-rw-r--r--crypto/openssl/apps/dgst.c77
-rw-r--r--crypto/openssl/apps/dh.c1
-rw-r--r--crypto/openssl/apps/dhparam.c25
-rw-r--r--crypto/openssl/apps/dsa.c2
-rw-r--r--crypto/openssl/apps/dsaparam.c86
-rw-r--r--crypto/openssl/apps/ec.c400
-rw-r--r--crypto/openssl/apps/ecparam.c728
-rw-r--r--crypto/openssl/apps/enc.c34
-rw-r--r--crypto/openssl/apps/engine.c25
-rw-r--r--crypto/openssl/apps/gendh.c24
-rw-r--r--crypto/openssl/apps/gendsa.c1
-rw-r--r--crypto/openssl/apps/genrsa.c34
-rw-r--r--crypto/openssl/apps/ocsp.c5
-rw-r--r--crypto/openssl/apps/openssl.c36
-rw-r--r--crypto/openssl/apps/openssl.cnf61
-rw-r--r--crypto/openssl/apps/passwd.c10
-rw-r--r--crypto/openssl/apps/pkcs12.c274
-rw-r--r--crypto/openssl/apps/prime.c50
-rw-r--r--crypto/openssl/apps/progs.h18
-rw-r--r--crypto/openssl/apps/progs.pl10
-rw-r--r--crypto/openssl/apps/rand.c2
-rw-r--r--crypto/openssl/apps/req.c228
-rw-r--r--crypto/openssl/apps/rsa.c4
-rw-r--r--crypto/openssl/apps/rsautl.c3
-rw-r--r--crypto/openssl/apps/s_apps.h10
-rw-r--r--crypto/openssl/apps/s_cb.c54
-rw-r--r--crypto/openssl/apps/s_client.c183
-rw-r--r--crypto/openssl/apps/s_server.c359
-rw-r--r--crypto/openssl/apps/s_socket.c120
-rw-r--r--crypto/openssl/apps/s_time.c18
-rw-r--r--crypto/openssl/apps/sess_id.c6
-rw-r--r--crypto/openssl/apps/smime.c551
-rw-r--r--crypto/openssl/apps/speed.c814
-rw-r--r--crypto/openssl/apps/spkac.c5
-rw-r--r--crypto/openssl/apps/timeouts.h67
-rw-r--r--crypto/openssl/apps/verify.c44
-rw-r--r--crypto/openssl/apps/version.c15
-rw-r--r--crypto/openssl/apps/x509.c63
-rw-r--r--crypto/openssl/certs/argena.pem39
-rw-r--r--crypto/openssl/certs/argeng.pem23
-rw-r--r--crypto/openssl/certs/demo/ca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/dsa-ca.pem43
-rw-r--r--crypto/openssl/certs/demo/dsa-pca.pem49
-rw-r--r--crypto/openssl/certs/demo/nortelCA.pem16
-rw-r--r--crypto/openssl/certs/demo/pca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/timCA.pem16
-rw-r--r--crypto/openssl/certs/demo/tjhCA.pem15
-rw-r--r--crypto/openssl/certs/demo/vsigntca.pem18
-rw-r--r--crypto/openssl/certs/expired/RegTP-4R.pem19
-rw-r--r--crypto/openssl/certs/expired/factory.pem15
-rw-r--r--crypto/openssl/certs/expired/rsa-cca.pem19
-rw-r--r--crypto/openssl/certs/expired/vsign2.pem18
-rw-r--r--crypto/openssl/certs/wellsfgo.pem23
-rwxr-xr-xcrypto/openssl/config280
-rw-r--r--crypto/openssl/crypto/LPdir_nyi.c42
-rw-r--r--crypto/openssl/crypto/LPdir_unix.c127
-rw-r--r--crypto/openssl/crypto/LPdir_vms.c199
-rw-r--r--crypto/openssl/crypto/LPdir_win.c155
-rw-r--r--crypto/openssl/crypto/LPdir_win32.c30
-rw-r--r--crypto/openssl/crypto/LPdir_wince.c31
-rw-r--r--crypto/openssl/crypto/Makefile179
-rw-r--r--crypto/openssl/crypto/aes/Makefile40
-rw-r--r--crypto/openssl/crypto/aes/aes.h10
-rw-r--r--crypto/openssl/crypto/aes/aes_cbc.c44
-rw-r--r--crypto/openssl/crypto/aes/aes_cfb.c67
-rw-r--r--crypto/openssl/crypto/aes/aes_core.c25
-rw-r--r--crypto/openssl/crypto/aes/aes_locl.h6
-rwxr-xr-xcrypto/openssl/crypto/aes/asm/aes-586.pl1531
-rw-r--r--crypto/openssl/crypto/aes/asm/aes-ia64.S1652
-rw-r--r--crypto/openssl/crypto/asn1/Makefile1298
-rw-r--r--crypto/openssl/crypto/asn1/a_bitstr.c21
-rw-r--r--crypto/openssl/crypto/asn1/a_bool.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_bytes.c22
-rw-r--r--crypto/openssl/crypto/asn1/a_d2i_fp.c32
-rw-r--r--crypto/openssl/crypto/asn1/a_digest.c9
-rw-r--r--crypto/openssl/crypto/asn1/a_dup.c18
-rw-r--r--crypto/openssl/crypto/asn1/a_enum.c14
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c14
-rw-r--r--crypto/openssl/crypto/asn1/a_hdr.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_i2d_fp.c8
-rw-r--r--crypto/openssl/crypto/asn1/a_int.c26
-rw-r--r--crypto/openssl/crypto/asn1/a_mbstr.c20
-rw-r--r--crypto/openssl/crypto/asn1/a_meth.c16
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c99
-rw-r--r--crypto/openssl/crypto/asn1/a_octet.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_print.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_set.c44
-rw-r--r--crypto/openssl/crypto/asn1/a_sign.c23
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c28
-rw-r--r--crypto/openssl/crypto/asn1/a_type.c7
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c13
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c18
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h238
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c365
-rw-r--r--crypto/openssl/crypto/asn1/asn1_gen.c848
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c64
-rw-r--r--crypto/openssl/crypto/asn1/asn1_mac.h39
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c58
-rw-r--r--crypto/openssl/crypto/asn1/asn1t.h100
-rw-r--r--crypto/openssl/crypto/asn1/asn_moid.c64
-rw-r--r--crypto/openssl/crypto/asn1/asn_pack.c26
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pr.c24
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pu.c19
-rw-r--r--crypto/openssl/crypto/asn1/evp_asn1.c10
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pr.c9
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pu.c7
-rw-r--r--crypto/openssl/crypto/asn1/n_pkey.c49
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbe.c39
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbev2.c6
-rw-r--r--crypto/openssl/crypto/asn1/t_bitst.c5
-rw-r--r--crypto/openssl/crypto/asn1/t_crl.c4
-rw-r--r--crypto/openssl/crypto/asn1/t_pkey.c548
-rw-r--r--crypto/openssl/crypto/asn1/t_req.c18
-rw-r--r--crypto/openssl/crypto/asn1/t_spki.c16
-rw-r--r--crypto/openssl/crypto/asn1/t_x509.c13
-rw-r--r--crypto/openssl/crypto/asn1/tasn_dec.c1107
-rw-r--r--crypto/openssl/crypto/asn1/tasn_enc.c515
-rw-r--r--crypto/openssl/crypto/asn1/tasn_fre.c149
-rw-r--r--crypto/openssl/crypto/asn1/tasn_new.c234
-rw-r--r--crypto/openssl/crypto/asn1/tasn_typ.c4
-rw-r--r--crypto/openssl/crypto/asn1/tasn_utl.c128
-rw-r--r--crypto/openssl/crypto/asn1/x_bignum.c6
-rw-r--r--crypto/openssl/crypto/asn1/x_crl.c1
-rw-r--r--crypto/openssl/crypto/asn1/x_long.c8
-rw-r--r--crypto/openssl/crypto/asn1/x_name.c31
-rw-r--r--crypto/openssl/crypto/asn1/x_pkey.c6
-rw-r--r--crypto/openssl/crypto/asn1/x_pubkey.c335
-rw-r--r--crypto/openssl/crypto/asn1/x_x509.c19
-rw-r--r--crypto/openssl/crypto/asn1/x_x509a.c29
-rw-r--r--crypto/openssl/crypto/bf/Makefile42
-rw-r--r--crypto/openssl/crypto/bf/bf_enc.c4
-rw-r--r--crypto/openssl/crypto/bf/bf_opts.c3
-rw-r--r--crypto/openssl/crypto/bf/bfspeed.c3
-rw-r--r--crypto/openssl/crypto/bf/bftest.c4
-rw-r--r--crypto/openssl/crypto/bio/Makefile127
-rw-r--r--crypto/openssl/crypto/bio/b_dump.c75
-rw-r--r--crypto/openssl/crypto/bio/b_print.c18
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c40
-rw-r--r--crypto/openssl/crypto/bio/bf_nbio.c4
-rw-r--r--crypto/openssl/crypto/bio/bio.h89
-rw-r--r--crypto/openssl/crypto/bio/bio_err.c131
-rw-r--r--crypto/openssl/crypto/bio/bio_lcl.h28
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c14
-rw-r--r--crypto/openssl/crypto/bio/bss_acpt.c4
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c12
-rw-r--r--crypto/openssl/crypto/bio/bss_dgram.c484
-rw-r--r--crypto/openssl/crypto/bio/bss_fd.c30
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c107
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c2
-rw-r--r--crypto/openssl/crypto/bio/bss_sock.c7
-rw-r--r--crypto/openssl/crypto/bn/Makefile273
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-586.pl86
-rw-r--r--crypto/openssl/crypto/bn/asm/ppc.pl2078
-rw-r--r--crypto/openssl/crypto/bn/asm/sparcv8plus.S16
-rw-r--r--crypto/openssl/crypto/bn/asm/x86_64-gcc.c54
-rw-r--r--crypto/openssl/crypto/bn/bn.h388
-rw-r--r--crypto/openssl/crypto/bn/bn_add.c96
-rw-r--r--crypto/openssl/crypto/bn/bn_asm.c30
-rw-r--r--crypto/openssl/crypto/bn/bn_blind.c243
-rwxr-xr-xcrypto/openssl/crypto/bn/bn_const.c402
-rw-r--r--crypto/openssl/crypto/bn/bn_ctx.c417
-rw-r--r--crypto/openssl/crypto/bn/bn_depr.c112
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c69
-rw-r--r--crypto/openssl/crypto/bn/bn_err.c104
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c353
-rw-r--r--crypto/openssl/crypto/bn/bn_exp2.c56
-rw-r--r--crypto/openssl/crypto/bn/bn_gcd.c3
-rw-r--r--crypto/openssl/crypto/bn/bn_gf2m.c1091
-rw-r--r--crypto/openssl/crypto/bn/bn_kron.c8
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h152
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c221
-rw-r--r--crypto/openssl/crypto/bn/bn_mod.c7
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c67
-rw-r--r--crypto/openssl/crypto/bn/bn_mpi.c1
-rw-r--r--crypto/openssl/crypto/bn/bn_mul.c534
-rw-r--r--crypto/openssl/crypto/bn/bn_nist.c775
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.c103
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.pl2
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c43
-rw-r--r--crypto/openssl/crypto/bn/bn_rand.c24
-rw-r--r--crypto/openssl/crypto/bn/bn_recp.c22
-rw-r--r--crypto/openssl/crypto/bn/bn_shift.c27
-rw-r--r--crypto/openssl/crypto/bn/bn_sqr.c18
-rw-r--r--crypto/openssl/crypto/bn/bn_sqrt.c76
-rw-r--r--crypto/openssl/crypto/bn/bn_word.c65
-rw-r--r--crypto/openssl/crypto/bn/bntest.c791
-rw-r--r--crypto/openssl/crypto/bn/expspeed.c2
-rw-r--r--crypto/openssl/crypto/bn/exptest.c21
-rw-r--r--crypto/openssl/crypto/buffer/Makefile22
-rw-r--r--crypto/openssl/crypto/buffer/buf_err.c19
-rw-r--r--crypto/openssl/crypto/buffer/buffer.c31
-rw-r--r--crypto/openssl/crypto/buffer/buffer.h17
-rw-r--r--crypto/openssl/crypto/cast/Makefile40
-rw-r--r--crypto/openssl/crypto/cast/cast.h2
-rw-r--r--crypto/openssl/crypto/cast/cast_lcl.h21
-rw-r--r--crypto/openssl/crypto/cast/cast_spd.c3
-rw-r--r--crypto/openssl/crypto/cast/castopts.c3
-rw-r--r--crypto/openssl/crypto/cast/casttest.c1
-rw-r--r--crypto/openssl/crypto/comp/Makefile50
-rw-r--r--crypto/openssl/crypto/comp/c_zlib.c271
-rw-r--r--crypto/openssl/crypto/comp/comp.h23
-rw-r--r--crypto/openssl/crypto/comp/comp_err.c10
-rw-r--r--crypto/openssl/crypto/comp/comp_lib.c6
-rw-r--r--crypto/openssl/crypto/conf/Makefile113
-rw-r--r--crypto/openssl/crypto/conf/conf.h5
-rw-r--r--crypto/openssl/crypto/conf/conf_def.c47
-rw-r--r--crypto/openssl/crypto/conf/conf_err.c80
-rw-r--r--crypto/openssl/crypto/conf/conf_lib.c2
-rw-r--r--crypto/openssl/crypto/conf/conf_mod.c4
-rw-r--r--crypto/openssl/crypto/cpt_err.c30
-rw-r--r--crypto/openssl/crypto/cryptlib.c371
-rw-r--r--crypto/openssl/crypto/cryptlib.h12
-rw-r--r--crypto/openssl/crypto/crypto.h133
-rw-r--r--crypto/openssl/crypto/cversion.c3
-rw-r--r--crypto/openssl/crypto/des/FILES02
-rw-r--r--crypto/openssl/crypto/des/Makefile288
-rw-r--r--crypto/openssl/crypto/des/asm/des_enc.m41980
-rw-r--r--crypto/openssl/crypto/des/cfb64ede.c5
-rw-r--r--crypto/openssl/crypto/des/cfb_enc.c71
-rw-r--r--crypto/openssl/crypto/des/des.h8
-rw-r--r--crypto/openssl/crypto/des/des_enc.c8
-rw-r--r--crypto/openssl/crypto/des/des_locl.h4
-rw-r--r--crypto/openssl/crypto/des/des_old.c2
-rw-r--r--crypto/openssl/crypto/des/des_old.h10
-rw-r--r--crypto/openssl/crypto/des/des_opts.c4
-rw-r--r--crypto/openssl/crypto/des/destest.c18
-rw-r--r--crypto/openssl/crypto/des/ecb3_enc.c4
-rw-r--r--crypto/openssl/crypto/des/ede_cbcm_enc.c2
-rw-r--r--crypto/openssl/crypto/des/fcrypt.c3
-rw-r--r--crypto/openssl/crypto/des/read2pwd.c1
-rw-r--r--crypto/openssl/crypto/des/set_key.c8
-rw-r--r--crypto/openssl/crypto/des/speed.c4
-rw-r--r--crypto/openssl/crypto/des/str2key.c1
-rw-r--r--crypto/openssl/crypto/dh/Makefile48
-rw-r--r--crypto/openssl/crypto/dh/dh.h64
-rw-r--r--crypto/openssl/crypto/dh/dh_check.c28
-rw-r--r--crypto/openssl/crypto/dh/dh_depr.c83
-rw-r--r--crypto/openssl/crypto/dh/dh_err.c28
-rw-r--r--crypto/openssl/crypto/dh/dh_gen.c49
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c81
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c32
-rw-r--r--crypto/openssl/crypto/dsa/Makefile107
-rw-r--r--crypto/openssl/crypto/dsa/dsa.h55
-rw-r--r--crypto/openssl/crypto/dsa/dsa_depr.c106
-rw-r--r--crypto/openssl/crypto/dsa/dsa_err.c42
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c132
-rw-r--r--crypto/openssl/crypto/dsa/dsa_key.c29
-rw-r--r--crypto/openssl/crypto/dsa/dsa_lib.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c153
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c12
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c8
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c44
-rw-r--r--crypto/openssl/crypto/dso/Makefile50
-rw-r--r--crypto/openssl/crypto/dso/dso.h52
-rw-r--r--crypto/openssl/crypto/dso/dso_dl.c73
-rw-r--r--crypto/openssl/crypto/dso/dso_dlfcn.c84
-rw-r--r--crypto/openssl/crypto/dso/dso_err.c107
-rw-r--r--crypto/openssl/crypto/dso/dso_lib.c29
-rw-r--r--crypto/openssl/crypto/dso/dso_null.c2
-rw-r--r--crypto/openssl/crypto/ebcdic.c15
-rw-r--r--crypto/openssl/crypto/ec/Makefile165
-rw-r--r--crypto/openssl/crypto/ec/ec.h311
-rw-r--r--crypto/openssl/crypto/ec/ec2_mult.c380
-rw-r--r--crypto/openssl/crypto/ec/ec2_smpl.c971
-rw-r--r--crypto/openssl/crypto/ec/ec2_smpt.c141
-rw-r--r--crypto/openssl/crypto/ec/ec_asn1.c1379
-rw-r--r--crypto/openssl/crypto/ec/ec_check.c123
-rw-r--r--crypto/openssl/crypto/ec/ec_curve.c1270
-rw-r--r--crypto/openssl/crypto/ec/ec_cvt.c76
-rw-r--r--crypto/openssl/crypto/ec/ec_err.c209
-rw-r--r--crypto/openssl/crypto/ec/ec_key.c465
-rw-r--r--crypto/openssl/crypto/ec/ec_lcl.h241
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c678
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c645
-rw-r--r--crypto/openssl/crypto/ec/ec_print.c195
-rw-r--r--crypto/openssl/crypto/ec/ecp_mont.c151
-rw-r--r--crypto/openssl/crypto/ec/ecp_nist.c180
-rw-r--r--crypto/openssl/crypto/ec/ecp_smpl.c335
-rw-r--r--crypto/openssl/crypto/ec/ectest.c801
-rw-r--r--crypto/openssl/crypto/ecdh/Makefile111
-rw-r--r--crypto/openssl/crypto/ecdh/ecdh.h123
-rw-r--r--crypto/openssl/crypto/ecdh/ecdhtest.c368
-rw-r--r--crypto/openssl/crypto/ecdh/ech_err.c101
-rw-r--r--crypto/openssl/crypto/ecdh/ech_key.c83
-rw-r--r--crypto/openssl/crypto/ecdh/ech_lib.c247
-rw-r--r--crypto/openssl/crypto/ecdh/ech_locl.h94
-rw-r--r--crypto/openssl/crypto/ecdh/ech_ossl.c213
-rw-r--r--crypto/openssl/crypto/ecdsa/Makefile125
-rw-r--r--crypto/openssl/crypto/ecdsa/ecdsa.h270
-rw-r--r--crypto/openssl/crypto/ecdsa/ecdsatest.c500
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_asn1.c67
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_err.c106
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_lib.c261
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_locl.h107
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_ossl.c442
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_sign.c104
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_vrf.c96
-rw-r--r--crypto/openssl/crypto/engine/Makefile534
-rw-r--r--crypto/openssl/crypto/engine/eng_all.c31
-rw-r--r--crypto/openssl/crypto/engine/eng_cnf.c9
-rw-r--r--crypto/openssl/crypto/engine/eng_cryptodev.c1133
-rw-r--r--crypto/openssl/crypto/engine/eng_ctrl.c12
-rw-r--r--crypto/openssl/crypto/engine/eng_dyn.c108
-rw-r--r--crypto/openssl/crypto/engine/eng_err.c159
-rw-r--r--crypto/openssl/crypto/engine/eng_fat.c26
-rw-r--r--crypto/openssl/crypto/engine/eng_init.c5
-rw-r--r--crypto/openssl/crypto/engine/eng_int.h9
-rw-r--r--crypto/openssl/crypto/engine/eng_lib.c18
-rw-r--r--crypto/openssl/crypto/engine/eng_list.c43
-rw-r--r--crypto/openssl/crypto/engine/eng_openssl.c25
-rw-r--r--crypto/openssl/crypto/engine/eng_padlock.c268
-rw-r--r--crypto/openssl/crypto/engine/eng_pkey.c3
-rw-r--r--crypto/openssl/crypto/engine/eng_table.c94
-rw-r--r--crypto/openssl/crypto/engine/engine.h158
-rw-r--r--crypto/openssl/crypto/engine/enginetest.c2
-rw-r--r--crypto/openssl/crypto/engine/tb_cipher.c2
-rw-r--r--crypto/openssl/crypto/engine/tb_dh.c2
-rw-r--r--crypto/openssl/crypto/engine/tb_digest.c2
-rw-r--r--crypto/openssl/crypto/engine/tb_dsa.c4
-rw-r--r--crypto/openssl/crypto/engine/tb_ecdh.c133
-rw-r--r--crypto/openssl/crypto/engine/tb_ecdsa.c118
-rw-r--r--crypto/openssl/crypto/engine/tb_rand.c2
-rw-r--r--crypto/openssl/crypto/engine/tb_rsa.c2
-rw-r--r--crypto/openssl/crypto/engine/tb_store.c123
-rw-r--r--crypto/openssl/crypto/err/Makefile61
-rw-r--r--crypto/openssl/crypto/err/err.c75
-rw-r--r--crypto/openssl/crypto/err/err.h25
-rw-r--r--crypto/openssl/crypto/err/err_all.c17
-rw-r--r--crypto/openssl/crypto/err/err_prn.c9
-rw-r--r--crypto/openssl/crypto/err/openssl.ec5
-rw-r--r--crypto/openssl/crypto/evp/Makefile1251
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c2
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c6
-rw-r--r--crypto/openssl/crypto/evp/bio_md.c8
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c60
-rw-r--r--crypto/openssl/crypto/evp/c_all.c6
-rw-r--r--crypto/openssl/crypto/evp/c_alld.c13
-rw-r--r--crypto/openssl/crypto/evp/digest.c16
-rw-r--r--crypto/openssl/crypto/evp/e_aes.c2
-rw-r--r--crypto/openssl/crypto/evp/e_bf.c2
-rw-r--r--crypto/openssl/crypto/evp/e_cast.c4
-rw-r--r--crypto/openssl/crypto/evp/e_des.c38
-rw-r--r--crypto/openssl/crypto/evp/e_des3.c65
-rw-r--r--crypto/openssl/crypto/evp/e_idea.c4
-rw-r--r--crypto/openssl/crypto/evp/e_null.c3
-rw-r--r--crypto/openssl/crypto/evp/e_old.c19
-rw-r--r--crypto/openssl/crypto/evp/e_rc2.c12
-rw-r--r--crypto/openssl/crypto/evp/e_rc4.c7
-rw-r--r--crypto/openssl/crypto/evp/e_rc5.c5
-rw-r--r--crypto/openssl/crypto/evp/e_xcbc_d.c5
-rw-r--r--crypto/openssl/crypto/evp/encode.c12
-rw-r--r--crypto/openssl/crypto/evp/evp.h203
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c64
-rw-r--r--crypto/openssl/crypto/evp/evp_err.c159
-rw-r--r--crypto/openssl/crypto/evp/evp_key.c5
-rw-r--r--crypto/openssl/crypto/evp/evp_lib.c16
-rw-r--r--crypto/openssl/crypto/evp/evp_pbe.c5
-rw-r--r--crypto/openssl/crypto/evp/evp_pkey.c492
-rw-r--r--crypto/openssl/crypto/evp/evp_test.c47
-rw-r--r--crypto/openssl/crypto/evp/evptests.txt107
-rw-r--r--crypto/openssl/crypto/evp/m_dss.c6
-rw-r--r--crypto/openssl/crypto/evp/m_dss1.c9
-rw-r--r--crypto/openssl/crypto/evp/m_ecdsa.c148
-rw-r--r--crypto/openssl/crypto/evp/m_md2.c9
-rw-r--r--crypto/openssl/crypto/evp/m_md4.c9
-rw-r--r--crypto/openssl/crypto/evp/m_md5.c9
-rw-r--r--crypto/openssl/crypto/evp/m_mdc2.c7
-rw-r--r--crypto/openssl/crypto/evp/m_null.c2
-rw-r--r--crypto/openssl/crypto/evp/m_ripemd.c9
-rw-r--r--crypto/openssl/crypto/evp/m_sha.c9
-rw-r--r--crypto/openssl/crypto/evp/m_sha1.c113
-rw-r--r--crypto/openssl/crypto/evp/names.c8
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt.c14
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt2.c32
-rw-r--r--crypto/openssl/crypto/evp/p_dec.c2
-rw-r--r--crypto/openssl/crypto/evp/p_enc.c2
-rw-r--r--crypto/openssl/crypto/evp/p_lib.c177
-rw-r--r--crypto/openssl/crypto/evp/p_open.c10
-rw-r--r--crypto/openssl/crypto/evp/p_seal.c2
-rw-r--r--crypto/openssl/crypto/evp/p_verify.c2
-rw-r--r--crypto/openssl/crypto/ex_data.c8
-rw-r--r--crypto/openssl/crypto/hmac/Makefile36
-rw-r--r--crypto/openssl/crypto/hmac/hmac.c10
-rw-r--r--crypto/openssl/crypto/hmac/hmac.h8
-rw-r--r--crypto/openssl/crypto/ia64cpuid.S121
-rw-r--r--crypto/openssl/crypto/idea/Makefile11
-rw-r--r--crypto/openssl/crypto/idea/i_skey.c5
-rw-r--r--crypto/openssl/crypto/idea/idea.h5
-rw-r--r--crypto/openssl/crypto/idea/idea_spd.c3
-rw-r--r--crypto/openssl/crypto/idea/ideatest.c3
-rw-r--r--crypto/openssl/crypto/krb5/Makefile14
-rw-r--r--crypto/openssl/crypto/krb5/krb5_asn.h2
-rw-r--r--crypto/openssl/crypto/lhash/Makefile21
-rw-r--r--crypto/openssl/crypto/lhash/lhash.c18
-rw-r--r--crypto/openssl/crypto/lhash/lhash.h17
-rw-r--r--crypto/openssl/crypto/md2/Makefile22
-rw-r--r--crypto/openssl/crypto/md2/md2.h8
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c6
-rw-r--r--crypto/openssl/crypto/md2/md2_one.c5
-rw-r--r--crypto/openssl/crypto/md2/md2test.c6
-rw-r--r--crypto/openssl/crypto/md32_common.h124
-rw-r--r--crypto/openssl/crypto/md4/Makefile28
-rw-r--r--crypto/openssl/crypto/md4/md4.h6
-rw-r--r--crypto/openssl/crypto/md4/md4_dgst.c4
-rw-r--r--crypto/openssl/crypto/md4/md4_locl.h8
-rw-r--r--crypto/openssl/crypto/md4/md4_one.c5
-rw-r--r--crypto/openssl/crypto/md4/md4test.c2
-rw-r--r--crypto/openssl/crypto/md5/Makefile66
-rwxr-xr-xcrypto/openssl/crypto/md5/asm/md5-x86_64.pl245
-rw-r--r--crypto/openssl/crypto/md5/md5.h6
-rw-r--r--crypto/openssl/crypto/md5/md5_dgst.c4
-rw-r--r--crypto/openssl/crypto/md5/md5_locl.h18
-rw-r--r--crypto/openssl/crypto/md5/md5_one.c5
-rw-r--r--crypto/openssl/crypto/md5/md5test.c6
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile27
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2.h6
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2_one.c5
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2dgst.c21
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2test.c3
-rw-r--r--crypto/openssl/crypto/mem.c10
-rw-r--r--crypto/openssl/crypto/mem_clr.c2
-rw-r--r--crypto/openssl/crypto/mem_dbg.c10
-rw-r--r--crypto/openssl/crypto/o_dir.c83
-rw-r--r--crypto/openssl/crypto/o_dir.h53
-rw-r--r--crypto/openssl/crypto/o_dir_test.c70
-rw-r--r--crypto/openssl/crypto/o_str.c30
-rw-r--r--crypto/openssl/crypto/o_str.h1
-rw-r--r--crypto/openssl/crypto/objects/Makefile62
-rw-r--r--crypto/openssl/crypto/objects/o_names.c13
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c265
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.h645
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.pl4
-rw-r--r--crypto/openssl/crypto/objects/obj_err.c26
-rw-r--r--crypto/openssl/crypto/objects/obj_lib.c3
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.h433
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.num97
-rw-r--r--crypto/openssl/crypto/objects/objects.h9
-rw-r--r--crypto/openssl/crypto/objects/objects.txt142
-rw-r--r--crypto/openssl/crypto/ocsp/Makefile274
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp.h25
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_cl.c2
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_err.c104
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_ext.c35
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_lib.c4
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_prn.c4
-rw-r--r--crypto/openssl/crypto/opensslconf.h22
-rw-r--r--crypto/openssl/crypto/opensslconf.h.in1
-rw-r--r--crypto/openssl/crypto/opensslv.h10
-rw-r--r--crypto/openssl/crypto/ossl_typ.h52
-rw-r--r--crypto/openssl/crypto/pem/Makefile322
-rw-r--r--crypto/openssl/crypto/pem/pem.h131
-rw-r--r--crypto/openssl/crypto/pem/pem_all.c233
-rw-r--r--crypto/openssl/crypto/pem/pem_err.c91
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c56
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c41
-rw-r--r--crypto/openssl/crypto/pem/pem_oth.c7
-rw-r--r--crypto/openssl/crypto/pem/pem_pk8.c7
-rw-r--r--crypto/openssl/crypto/pem/pem_pkey.c11
-rw-r--r--crypto/openssl/crypto/pem/pem_seal.c2
-rw-r--r--crypto/openssl/crypto/pem/pem_xaux.c1
-rw-r--r--crypto/openssl/crypto/perlasm/cbc.pl4
-rwxr-xr-xcrypto/openssl/crypto/perlasm/x86_64-xlate.pl506
-rw-r--r--crypto/openssl/crypto/perlasm/x86asm.pl25
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl103
-rw-r--r--crypto/openssl/crypto/perlasm/x86nasm.pl157
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl263
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile439
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_add.c17
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crpt.c22
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crt.c328
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_decr.c13
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_init.c14
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_key.c2
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_kiss.c38
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mutl.c25
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_npas.c37
-rw-r--r--crypto/openssl/crypto/pkcs12/pk12err.c108
-rw-r--r--crypto/openssl/crypto/pkcs12/pkcs12.h21
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile192
-rw-r--r--crypto/openssl/crypto/pkcs7/bio_ber.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/example.c8
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_asn1.c41
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_attr.c3
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c315
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_lib.c119
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_mime.c77
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_smime.c77
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7.h15
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7err.c152
-rw-r--r--crypto/openssl/crypto/pqueue/Makefile84
-rw-r--r--crypto/openssl/crypto/pqueue/pq_compat.h147
-rw-r--r--crypto/openssl/crypto/pqueue/pq_test.c95
-rw-r--r--crypto/openssl/crypto/pqueue/pqueue.c236
-rw-r--r--crypto/openssl/crypto/pqueue/pqueue.h95
-rw-r--r--crypto/openssl/crypto/rand/Makefile145
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c15
-rw-r--r--crypto/openssl/crypto/rand/rand.h15
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c10
-rw-r--r--crypto/openssl/crypto/rand/rand_err.c22
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c12
-rw-r--r--crypto/openssl/crypto/rand/rand_nw.c176
-rw-r--r--crypto/openssl/crypto/rand/rand_unix.c44
-rw-r--r--crypto/openssl/crypto/rand/rand_vms.c5
-rw-r--r--crypto/openssl/crypto/rand/rand_win.c101
-rw-r--r--crypto/openssl/crypto/rand/randfile.c6
-rw-r--r--crypto/openssl/crypto/rand/randtest.c5
-rw-r--r--crypto/openssl/crypto/rc2/Makefile11
-rw-r--r--crypto/openssl/crypto/rc2/rc2.h2
-rw-r--r--crypto/openssl/crypto/rc2/rc2_skey.c7
-rw-r--r--crypto/openssl/crypto/rc2/rc2speed.c9
-rw-r--r--crypto/openssl/crypto/rc2/rc2test.c3
-rw-r--r--crypto/openssl/crypto/rc4/Makefile67
-rw-r--r--crypto/openssl/crypto/rc4/asm/rc4-586.pl115
-rw-r--r--crypto/openssl/crypto/rc4/asm/rc4-ia64.S160
-rwxr-xr-xcrypto/openssl/crypto/rc4/asm/rc4-x86_64.pl240
-rw-r--r--crypto/openssl/crypto/rc4/rc4.c3
-rw-r--r--crypto/openssl/crypto/rc4/rc4.h3
-rw-r--r--crypto/openssl/crypto/rc4/rc4_enc.c4
-rw-r--r--crypto/openssl/crypto/rc4/rc4_locl.h1
-rw-r--r--crypto/openssl/crypto/rc4/rc4_skey.c47
-rw-r--r--crypto/openssl/crypto/rc4/rc4speed.c3
-rw-r--r--crypto/openssl/crypto/rc4/rc4test.c51
-rw-r--r--crypto/openssl/crypto/rc5/Makefile51
-rw-r--r--crypto/openssl/crypto/rc5/rc5.h2
-rw-r--r--crypto/openssl/crypto/rc5/rc5_locl.h2
-rw-r--r--crypto/openssl/crypto/rc5/rc5speed.c3
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile50
-rw-r--r--crypto/openssl/crypto/ripemd/ripemd.h6
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_dgst.c8
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_locl.h12
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_one.c5
-rw-r--r--crypto/openssl/crypto/ripemd/rmdtest.c2
-rw-r--r--crypto/openssl/crypto/rsa/Makefile130
-rw-r--r--crypto/openssl/crypto/rsa/rsa.h117
-rw-r--r--crypto/openssl/crypto/rsa/rsa_asn1.c8
-rw-r--r--crypto/openssl/crypto/rsa/rsa_chk.c4
-rw-r--r--crypto/openssl/crypto/rsa/rsa_depr.c101
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c601
-rw-r--r--crypto/openssl/crypto/rsa/rsa_err.c144
-rw-r--r--crypto/openssl/crypto/rsa/rsa_gen.c138
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c120
-rw-r--r--crypto/openssl/crypto/rsa/rsa_null.c15
-rw-r--r--crypto/openssl/crypto/rsa/rsa_oaep.c21
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pss.c269
-rw-r--r--crypto/openssl/crypto/rsa/rsa_saos.c10
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c13
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c9
-rw-r--r--crypto/openssl/crypto/rsa/rsa_x931.c177
-rw-r--r--crypto/openssl/crypto/sha/Makefile102
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-586.pl71
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-ia64.pl549
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/sha512-ia64.pl432
-rw-r--r--crypto/openssl/crypto/sha/asm/sha512-sse2.pl404
-rw-r--r--crypto/openssl/crypto/sha/sha.h86
-rw-r--r--crypto/openssl/crypto/sha/sha1_one.c5
-rw-r--r--crypto/openssl/crypto/sha/sha1dgst.c9
-rw-r--r--crypto/openssl/crypto/sha/sha1test.c6
-rw-r--r--crypto/openssl/crypto/sha/sha256.c319
-rw-r--r--crypto/openssl/crypto/sha/sha256t.c147
-rw-r--r--crypto/openssl/crypto/sha/sha512.c496
-rw-r--r--crypto/openssl/crypto/sha/sha512t.c184
-rw-r--r--crypto/openssl/crypto/sha/sha_dgst.c1
-rw-r--r--crypto/openssl/crypto/sha/sha_locl.h151
-rw-r--r--crypto/openssl/crypto/sha/sha_one.c5
-rw-r--r--crypto/openssl/crypto/sha/shatest.c10
-rw-r--r--crypto/openssl/crypto/sparccpuid.S239
-rw-r--r--crypto/openssl/crypto/stack/Makefile22
-rw-r--r--crypto/openssl/crypto/stack/safestack.h281
-rw-r--r--crypto/openssl/crypto/stack/stack.c27
-rw-r--r--crypto/openssl/crypto/stack/stack.h1
-rw-r--r--crypto/openssl/crypto/store/Makefile112
-rw-r--r--crypto/openssl/crypto/store/README95
-rw-r--r--crypto/openssl/crypto/store/store.h554
-rw-r--r--crypto/openssl/crypto/store/str_err.c214
-rw-r--r--crypto/openssl/crypto/store/str_lib.c1824
-rw-r--r--crypto/openssl/crypto/store/str_locl.h124
-rw-r--r--crypto/openssl/crypto/store/str_mem.c357
-rw-r--r--crypto/openssl/crypto/store/str_meth.c250
-rw-r--r--crypto/openssl/crypto/symhacks.h112
-rw-r--r--crypto/openssl/crypto/threads/mttest.c115
-rw-r--r--crypto/openssl/crypto/threads/th-lock.c2
-rw-r--r--crypto/openssl/crypto/tmdiff.c45
-rw-r--r--crypto/openssl/crypto/tmdiff.h22
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile18
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.c21
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.h5
-rw-r--r--crypto/openssl/crypto/ui/Makefile40
-rw-r--r--crypto/openssl/crypto/ui/ui.h20
-rw-r--r--crypto/openssl/crypto/ui/ui_err.c48
-rw-r--r--crypto/openssl/crypto/ui/ui_lib.c8
-rw-r--r--crypto/openssl/crypto/ui/ui_locl.h5
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c48
-rw-r--r--crypto/openssl/crypto/ui/ui_util.c2
-rw-r--r--crypto/openssl/crypto/uid.c2
-rw-r--r--crypto/openssl/crypto/x509/Makefile712
-rw-r--r--crypto/openssl/crypto/x509/by_dir.c15
-rw-r--r--crypto/openssl/crypto/x509/by_file.c4
-rw-r--r--crypto/openssl/crypto/x509/x509.h133
-rw-r--r--crypto/openssl/crypto/x509/x509_att.c12
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c91
-rw-r--r--crypto/openssl/crypto/x509/x509_err.c142
-rw-r--r--crypto/openssl/crypto/x509/x509_lu.c30
-rw-r--r--crypto/openssl/crypto/x509/x509_r2x.c12
-rw-r--r--crypto/openssl/crypto/x509/x509_req.c44
-rw-r--r--crypto/openssl/crypto/x509/x509_trs.c4
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c19
-rw-r--r--crypto/openssl/crypto/x509/x509_v3.c10
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c550
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.h150
-rw-r--r--crypto/openssl/crypto/x509/x509_vpm.c420
-rw-r--r--crypto/openssl/crypto/x509/x509cset.c1
-rw-r--r--crypto/openssl/crypto/x509/x509name.c10
-rw-r--r--crypto/openssl/crypto/x509/x509spki.c3
-rw-r--r--crypto/openssl/crypto/x509/x509type.c6
-rw-r--r--crypto/openssl/crypto/x509/x_all.c138
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile863
-rw-r--r--crypto/openssl/crypto/x509v3/ext_dat.h11
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_cache.c287
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_data.c123
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_int.h223
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_lib.c167
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_map.c186
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_node.c158
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_tree.c682
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akey.c190
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c287
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bitst.c17
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c73
-rw-r--r--crypto/openssl/crypto/x509v3/v3_cpols.c31
-rw-r--r--crypto/openssl/crypto/x509v3/v3_extku.c4
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ia5.c5
-rw-r--r--crypto/openssl/crypto/x509v3/v3_info.c13
-rw-r--r--crypto/openssl/crypto/x509v3/v3_int.c13
-rw-r--r--crypto/openssl/crypto/x509v3/v3_lib.c7
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ncons.c220
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ocsp.c8
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pci.c313
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pcia.c55
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pcons.c136
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pmaps.c153
-rw-r--r--crypto/openssl/crypto/x509v3/v3_prn.c5
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c83
-rw-r--r--crypto/openssl/crypto/x509v3/v3_skey.c8
-rw-r--r--crypto/openssl/crypto/x509v3/v3_sxnet.c4
-rw-r--r--crypto/openssl/crypto/x509v3/v3_utl.c318
-rw-r--r--crypto/openssl/crypto/x509v3/v3err.c215
-rw-r--r--crypto/openssl/crypto/x509v3/x509v3.h127
-rw-r--r--crypto/openssl/crypto/x86_64cpuid.pl138
-rw-r--r--crypto/openssl/crypto/x86cpuid.pl197
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.c4
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.c4
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh98
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ECCcertgen.sh164
-rw-r--r--crypto/openssl/demos/ssltest-ecc/README15
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/RSAcertgen.sh121
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ssltest.sh188
-rwxr-xr-xcrypto/openssl/demos/tunala/autoungunk.sh10
-rw-r--r--crypto/openssl/demos/tunala/cb.c10
-rw-r--r--crypto/openssl/demos/tunala/configure.in1
-rwxr-xr-xcrypto/openssl/demos/tunala/test.sh107
-rw-r--r--crypto/openssl/demos/tunala/tunala.c28
-rw-r--r--crypto/openssl/demos/tunala/tunala.h1
-rw-r--r--crypto/openssl/doc/HOWTO/certificates.txt11
-rw-r--r--crypto/openssl/doc/HOWTO/keys.txt6
-rw-r--r--crypto/openssl/doc/HOWTO/proxy_certificates.txt322
-rw-r--r--crypto/openssl/doc/apps/CA.pl.pod2
-rw-r--r--crypto/openssl/doc/apps/asn1parse.pod44
-rw-r--r--crypto/openssl/doc/apps/ca.pod78
-rw-r--r--crypto/openssl/doc/apps/config.pod7
-rw-r--r--crypto/openssl/doc/apps/dgst.pod6
-rw-r--r--crypto/openssl/doc/apps/ec.pod190
-rw-r--r--crypto/openssl/doc/apps/ecparam.pod179
-rw-r--r--crypto/openssl/doc/apps/enc.pod16
-rw-r--r--crypto/openssl/doc/apps/errstr.pod39
-rw-r--r--crypto/openssl/doc/apps/req.pod10
-rw-r--r--crypto/openssl/doc/apps/s_client.pod16
-rw-r--r--crypto/openssl/doc/apps/s_server.pod23
-rw-r--r--crypto/openssl/doc/apps/x509.pod20
-rw-r--r--crypto/openssl/doc/apps/x509v3_config.pod456
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod6
-rw-r--r--crypto/openssl/doc/crypto/ASN1_generate_nconf.pod253
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_base64.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_BLINDING_new.pod109
-rw-r--r--crypto/openssl/doc/crypto/BN_add_word.pod10
-rw-r--r--crypto/openssl/doc/crypto/BN_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/ERR_error_string.pod2
-rw-r--r--crypto/openssl/doc/crypto/ERR_set_mark.pod38
-rw-r--r--crypto/openssl/doc/crypto/EVP_BytesToKey.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_DigestInit.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod8
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod5
-rw-r--r--crypto/openssl/doc/crypto/EVP_SignInit.pod9
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_Applink.pod21
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_config.pod2
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod35
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_create.pod18
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_sign.pod24
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_verify.pod2
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign.pod4
-rw-r--r--crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod14
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod6
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod6
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_print_ex.pod4
-rw-r--r--crypto/openssl/doc/crypto/blowfish.pod2
-rw-r--r--crypto/openssl/doc/crypto/bn.pod25
-rw-r--r--crypto/openssl/doc/crypto/bn_internal.pod14
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509.pod6
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_CRL.pod2
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_REQ.pod2
-rw-r--r--crypto/openssl/doc/crypto/des_modes.pod2
-rw-r--r--crypto/openssl/doc/crypto/ecdsa.pod210
-rw-r--r--crypto/openssl/doc/crypto/engine.pod206
-rw-r--r--crypto/openssl/doc/crypto/hmac.pod2
-rw-r--r--crypto/openssl/doc/crypto/threads.pod25
-rw-r--r--crypto/openssl/doc/crypto/x509.pod64
-rw-r--r--crypto/openssl/doc/fingerprints.txt57
-rw-r--r--crypto/openssl/doc/openssl.txt27
-rw-r--r--crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod6
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod12
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_options.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod16
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod8
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ciphers.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_current_cipher.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_default_timeout.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_error.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_fd.pod6
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_session.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_verify_result.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_version.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_pending.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_shutdown.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_shutdown.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_state_string.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_want.pod10
-rw-r--r--crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod2
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod110
-rw-r--r--crypto/openssl/doc/ssleay.txt2
-rw-r--r--crypto/openssl/doc/standards.txt4
-rw-r--r--crypto/openssl/e_os.h97
-rw-r--r--crypto/openssl/e_os2.h23
-rw-r--r--crypto/openssl/engines/Makefile249
-rw-r--r--crypto/openssl/engines/axp.opt1
-rw-r--r--crypto/openssl/engines/e_4758cca.c994
-rw-r--r--crypto/openssl/engines/e_4758cca.ec1
-rw-r--r--crypto/openssl/engines/e_4758cca_err.c153
-rw-r--r--crypto/openssl/engines/e_4758cca_err.h93
-rw-r--r--crypto/openssl/engines/e_aep.c1137
-rw-r--r--crypto/openssl/engines/e_aep.ec1
-rw-r--r--crypto/openssl/engines/e_aep_err.c161
-rw-r--r--crypto/openssl/engines/e_aep_err.h101
-rw-r--r--crypto/openssl/engines/e_atalla.c607
-rw-r--r--crypto/openssl/engines/e_atalla.ec1
-rw-r--r--crypto/openssl/engines/e_atalla_err.c149
-rw-r--r--crypto/openssl/engines/e_atalla_err.h89
-rw-r--r--crypto/openssl/engines/e_chil.c1374
-rw-r--r--crypto/openssl/engines/e_chil.ec1
-rw-r--r--crypto/openssl/engines/e_chil_err.c161
-rw-r--r--crypto/openssl/engines/e_chil_err.h101
-rw-r--r--crypto/openssl/engines/e_cswift.c1131
-rw-r--r--crypto/openssl/engines/e_cswift.ec1
-rw-r--r--crypto/openssl/engines/e_cswift_err.c154
-rw-r--r--crypto/openssl/engines/e_cswift_err.h94
-rw-r--r--crypto/openssl/engines/e_gmp.c435
-rw-r--r--crypto/openssl/engines/e_gmp.ec1
-rw-r--r--crypto/openssl/engines/e_gmp_err.c141
-rw-r--r--crypto/openssl/engines/e_gmp_err.h81
-rw-r--r--crypto/openssl/engines/e_nuron.c434
-rw-r--r--crypto/openssl/engines/e_nuron.ec1
-rw-r--r--crypto/openssl/engines/e_nuron_err.c146
-rw-r--r--crypto/openssl/engines/e_nuron_err.h86
-rw-r--r--crypto/openssl/engines/e_sureware.c1057
-rw-r--r--crypto/openssl/engines/e_sureware.ec1
-rw-r--r--crypto/openssl/engines/e_sureware_err.c158
-rw-r--r--crypto/openssl/engines/e_sureware_err.h98
-rw-r--r--crypto/openssl/engines/e_ubsec.c1070
-rw-r--r--crypto/openssl/engines/e_ubsec.ec1
-rw-r--r--crypto/openssl/engines/e_ubsec_err.c157
-rw-r--r--crypto/openssl/engines/e_ubsec_err.h97
-rw-r--r--crypto/openssl/engines/engine_vector.mar24
-rw-r--r--crypto/openssl/engines/vax.opt9
-rw-r--r--crypto/openssl/engines/vendor_defns/aep.h178
-rw-r--r--crypto/openssl/engines/vendor_defns/atalla.h48
-rw-r--r--crypto/openssl/engines/vendor_defns/cswift.h234
-rw-r--r--crypto/openssl/engines/vendor_defns/hw_4758_cca.h149
-rw-r--r--crypto/openssl/engines/vendor_defns/hw_ubsec.h100
-rw-r--r--crypto/openssl/engines/vendor_defns/hwcryptohook.h486
-rw-r--r--crypto/openssl/engines/vendor_defns/sureware.h239
-rw-r--r--crypto/openssl/openssl.spec7
-rw-r--r--crypto/openssl/ssl/Makefile1558
-rw-r--r--crypto/openssl/ssl/bio_ssl.c6
-rw-r--r--crypto/openssl/ssl/d1_both.c1263
-rw-r--r--crypto/openssl/ssl/d1_clnt.c1143
-rw-r--r--crypto/openssl/ssl/d1_enc.c281
-rw-r--r--crypto/openssl/ssl/d1_lib.c190
-rw-r--r--crypto/openssl/ssl/d1_meth.c77
-rw-r--r--crypto/openssl/ssl/d1_pkt.c1770
-rw-r--r--crypto/openssl/ssl/d1_srvr.c1130
-rw-r--r--crypto/openssl/ssl/dtls1.h212
-rw-r--r--crypto/openssl/ssl/kssl.c31
-rw-r--r--crypto/openssl/ssl/kssl.h6
-rw-r--r--crypto/openssl/ssl/s23_clnt.c251
-rw-r--r--crypto/openssl/ssl/s23_lib.c62
-rw-r--r--crypto/openssl/ssl/s23_meth.c39
-rw-r--r--crypto/openssl/ssl/s23_srvr.c35
-rw-r--r--crypto/openssl/ssl/s2_clnt.c42
-rw-r--r--crypto/openssl/ssl/s2_enc.c2
-rw-r--r--crypto/openssl/ssl/s2_lib.c129
-rw-r--r--crypto/openssl/ssl/s2_meth.c26
-rw-r--r--crypto/openssl/ssl/s2_srvr.c46
-rw-r--r--crypto/openssl/ssl/s3_both.c41
-rw-r--r--crypto/openssl/ssl/s3_clnt.c749
-rw-r--r--crypto/openssl/ssl/s3_enc.c32
-rw-r--r--crypto/openssl/ssl/s3_lib.c1059
-rw-r--r--crypto/openssl/ssl/s3_meth.c26
-rw-r--r--crypto/openssl/ssl/s3_pkt.c43
-rw-r--r--crypto/openssl/ssl/s3_srvr.c687
-rw-r--r--crypto/openssl/ssl/ssl.h366
-rw-r--r--crypto/openssl/ssl/ssl3.h31
-rw-r--r--crypto/openssl/ssl/ssl_algs.c11
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c26
-rw-r--r--crypto/openssl/ssl/ssl_cert.c241
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c276
-rw-r--r--crypto/openssl/ssl/ssl_err.c783
-rw-r--r--crypto/openssl/ssl/ssl_lib.c431
-rw-r--r--crypto/openssl/ssl/ssl_locl.h426
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c112
-rw-r--r--crypto/openssl/ssl/ssl_sess.c28
-rw-r--r--crypto/openssl/ssl/ssl_txt.c10
-rw-r--r--crypto/openssl/ssl/ssltest.c740
-rw-r--r--crypto/openssl/ssl/t1_clnt.c26
-rw-r--r--crypto/openssl/ssl/t1_enc.c51
-rw-r--r--crypto/openssl/ssl/t1_lib.c42
-rw-r--r--crypto/openssl/ssl/t1_meth.c28
-rw-r--r--crypto/openssl/ssl/t1_srvr.c26
-rw-r--r--crypto/openssl/ssl/tls1.h81
-rw-r--r--crypto/openssl/test/CAss.cnf51
-rw-r--r--crypto/openssl/test/Makefile837
-rw-r--r--crypto/openssl/test/P1ss.cnf37
-rw-r--r--crypto/openssl/test/P2ss.cnf45
-rw-r--r--crypto/openssl/test/Uss.cnf8
-rwxr-xr-xcrypto/openssl/test/bctest2
-rw-r--r--crypto/openssl/test/evptests.txt107
-rw-r--r--crypto/openssl/test/tcrl9
-rw-r--r--crypto/openssl/test/testca7
-rw-r--r--crypto/openssl/test/testenc2
-rw-r--r--crypto/openssl/test/testgen6
-rw-r--r--crypto/openssl/test/testss86
-rw-r--r--crypto/openssl/test/testssl14
-rw-r--r--crypto/openssl/test/testsslproxy10
-rw-r--r--crypto/openssl/test/tpkcs79
-rw-r--r--crypto/openssl/test/tpkcs7d9
-rw-r--r--crypto/openssl/test/treq11
-rw-r--r--crypto/openssl/test/trsa11
-rw-r--r--crypto/openssl/test/tsid9
-rw-r--r--crypto/openssl/test/tx5099
-rw-r--r--crypto/openssl/tools/Makefile9
-rwxr-xr-xcrypto/openssl/util/ck_errf.pl13
-rw-r--r--crypto/openssl/util/copy.pl59
-rwxr-xr-xcrypto/openssl/util/domd2
-rw-r--r--crypto/openssl/util/extract-section.pl12
-rwxr-xr-xcrypto/openssl/util/libeay.num621
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl482
-rwxr-xr-xcrypto/openssl/util/mkdef.pl117
-rwxr-xr-xcrypto/openssl/util/mkdir-p.pl1
-rw-r--r--crypto/openssl/util/mkerr.pl154
-rwxr-xr-xcrypto/openssl/util/mkfiles.pl12
-rwxr-xr-xcrypto/openssl/util/mklink.pl7
-rwxr-xr-xcrypto/openssl/util/mkstack.pl1
-rwxr-xr-xcrypto/openssl/util/opensslwrap.sh22
-rw-r--r--crypto/openssl/util/pl/BC-32.pl27
-rw-r--r--crypto/openssl/util/pl/Mingw32.pl13
-rw-r--r--crypto/openssl/util/pl/OS2-EMX.pl12
-rw-r--r--crypto/openssl/util/pl/VC-32.pl207
-rw-r--r--crypto/openssl/util/pl/linux.pl11
-rw-r--r--crypto/openssl/util/pl/netware.pl341
-rw-r--r--crypto/openssl/util/pl/ultrix.pl11
-rw-r--r--crypto/openssl/util/pl/unix.pl9
-rwxr-xr-xcrypto/openssl/util/pod2man.pl1
-rw-r--r--crypto/openssl/util/selftest.pl26
-rwxr-xr-xcrypto/openssl/util/shlib_wrap.sh70
-rwxr-xr-xcrypto/openssl/util/ssleay.num13
915 files changed, 98999 insertions, 20663 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 048349e502ee..ce9de568caac 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,1058 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8a and 0.9.8b [04 May 2006]
+
+ *) When applying a cipher rule check to see if string match is an explicit
+ cipher suite and only match that one cipher suite if it is.
+ [Steve Henson]
+
+ *) Link in manifests for VC++ if needed.
+ [Austin Ziegler <halostatue@gmail.com>]
+
+ *) Update support for ECC-based TLS ciphersuites according to
+ draft-ietf-tls-ecc-12.txt with proposed changes (but without
+ TLS extensions, which are supported starting with the 0.9.9
+ branch, not in the OpenSSL 0.9.8 branch).
+ [Douglas Stebila]
+
+ *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+ opaque EVP_CIPHER_CTX handling.
+ [Steve Henson]
+
+ *) Fixes and enhancements to zlib compression code. We now only use
+ "zlib1.dll" and use the default __cdecl calling convention on Win32
+ to conform with the standards mentioned here:
+ http://www.zlib.net/DLL_FAQ.txt
+ Static zlib linking now works on Windows and the new --with-zlib-include
+ --with-zlib-lib options to Configure can be used to supply the location
+ of the headers and library. Gracefully handle case where zlib library
+ can't be loaded.
+ [Steve Henson]
+
+ *) Several fixes and enhancements to the OID generation code. The old code
+ sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+ handle numbers larger than ULONG_MAX, truncated printing and had a
+ non standard OBJ_obj2txt() behaviour.
+ [Steve Henson]
+
+ *) Add support for building of engines under engine/ as shared libraries
+ under VC++ build system.
+ [Steve Henson]
+
+ *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+ Hopefully, we will not see any false combination of paths any more.
+ [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Add two function to clear and return the verify parameter flags.
+ [Steve Henson]
+
+ *) Keep cipherlists sorted in the source instead of sorting them at
+ runtime, thus removing the need for a lock.
+ [Nils Larsch]
+
+ *) Avoid some small subgroup attacks in Diffie-Hellman.
+ [Nick Mathewson and Ben Laurie]
+
+ *) Add functions for well-known primes.
+ [Nick Mathewson]
+
+ *) Extended Windows CE support.
+ [Satoshi Nakamura and Andy Polyakov]
+
+ *) Initialize SSL_METHOD structures at compile time instead of during
+ runtime, thus removing the need for a lock.
+ [Steve Henson]
+
+ *) Make PKCS7_decrypt() work even if no certificate is supplied by
+ attempting to decrypt each encrypted key in turn. Add support to
+ smime utility.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
+
+ *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+ [Richard Levitte]
+
+ *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+ key into the same file any more.
+ [Richard Levitte]
+
+ *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+ [Andy Polyakov]
+
+ *) Add -utf8 command line and config file option to 'ca'.
+ [Stefan <stf@udoma.org]
+
+ *) Removed the macro des_crypt(), as it seems to conflict with some
+ libraries. Use DES_crypt().
+ [Richard Levitte]
+
+ *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+ involves renaming the source and generated shared-libs for
+ both. The engines will accept the corrected or legacy ids
+ ('ncipher' and '4758_cca' respectively) when binding. NB,
+ this only applies when building 'shared'.
+ [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
+
+ *) Add attribute functions to EVP_PKEY structure. Modify
+ PKCS12_create() to recognize a CSP name attribute and
+ use it. Make -CSP option work again in pkcs12 utility.
+ [Steve Henson]
+
+ *) Add new functionality to the bn blinding code:
+ - automatic re-creation of the BN_BLINDING parameters after
+ a fixed number of uses (currently 32)
+ - add new function for parameter creation
+ - introduce flags to control the update behaviour of the
+ BN_BLINDING parameters
+ - hide BN_BLINDING structure
+ Add a second BN_BLINDING slot to the RSA structure to improve
+ performance when a single RSA object is shared among several
+ threads.
+ [Nils Larsch]
+
+ *) Add support for DTLS.
+ [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
+
+ *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+ to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+ [Walter Goulet]
+
+ *) Remove buggy and incompletet DH cert support from
+ ssl/ssl_rsa.c and ssl/s3_both.c
+ [Nils Larsch]
+
+ *) Use SHA-1 instead of MD5 as the default digest algorithm for
+ the apps/openssl applications.
+ [Nils Larsch]
+
+ *) Compile clean with "-Wall -Wmissing-prototypes
+ -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+ DEBUG_SAFESTACK must also be set.
+ [Ben Laurie]
+
+ *) Change ./Configure so that certain algorithms can be disabled by default.
+ The new counterpiece to "no-xxx" is "enable-xxx".
+
+ The patented RC5 and MDC2 algorithms will now be disabled unless
+ "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+ (IDEA remains enabled despite being patented. This is because IDEA
+ is frequently required for interoperability, and there is no license
+ fee for non-commercial use. As before, "no-idea" can be used to
+ avoid this algorithm.)
+
+ [Bodo Moeller]
+
+ *) Add processing of proxy certificates (see RFC 3820). This work was
+ sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+ EGEE (Enabling Grids for E-science in Europe).
+ [Richard Levitte]
+
+ *) RC4 performance overhaul on modern architectures/implementations, such
+ as Intel P4, IA-64 and AMD64.
+ [Andy Polyakov]
+
+ *) New utility extract-section.pl. This can be used specify an alternative
+ section number in a pod file instead of having to treat each file as
+ a separate case in Makefile. This can be done by adding two lines to the
+ pod file:
+
+ =for comment openssl_section:XXX
+
+ The blank line is mandatory.
+
+ [Steve Henson]
+
+ *) New arguments -certform, -keyform and -pass for s_client and s_server
+ to allow alternative format key and certificate files and passphrase
+ sources.
+ [Steve Henson]
+
+ *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+ update associated structures and add various utility functions.
+
+ Add new policy related verify parameters, include policy checking in
+ standard verify code. Enhance 'smime' application with extra parameters
+ to support policy checking and print out.
+ [Steve Henson]
+
+ *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+ Nehemiah processors. These extensions support AES encryption in hardware
+ as well as RNG (though RNG support is currently disabled).
+ [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
+
+ *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+ [Geoff Thorpe]
+
+ *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+ [Andy Polyakov and a number of other people]
+
+ *) Improved PowerPC platform support. Most notably BIGNUM assembler
+ implementation contributed by IBM.
+ [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+ *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+ exponent rather than 'unsigned long'. There is a corresponding change to
+ the new 'rsa_keygen' element of the RSA_METHOD structure.
+ [Jelte Jansen, Geoff Thorpe]
+
+ *) Functionality for creating the initial serial number file is now
+ moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+ (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+ number file to 1, which is bound to cause problems. To avoid
+ the problems while respecting compatibility between different 0.9.7
+ patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
+ CA.pl for serial number initialization. With the new release 0.9.8,
+ we can fix the problem directly in the 'ca' utility.)
+ [Steve Henson]
+
+ *) Reduced header interdepencies by declaring more opaque objects in
+ ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+ give fewer recursive includes, which could break lazy source code - so
+ this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+ developers should define this symbol when building and using openssl to
+ ensure they track the recommended behaviour, interfaces, [etc], but
+ backwards-compatible behaviour prevails when this isn't defined.
+ [Geoff Thorpe]
+
+ *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+ [Steve Henson]
+
+ *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+ This will generate a random key of the appropriate length based on the
+ cipher context. The EVP_CIPHER can provide its own random key generation
+ routine to support keys of a specific form. This is used in the des and
+ 3des routines to generate a key of the correct parity. Update S/MIME
+ code to use new functions and hence generate correct parity DES keys.
+ Add EVP_CHECK_DES_KEY #define to return an error if the key is not
+ valid (weak or incorrect parity).
+ [Steve Henson]
+
+ *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+ as looking them up. This is useful when the verified structure may contain
+ CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+ present unless the new PKCS7_NO_CRL flag is asserted.
+ [Steve Henson]
+
+ *) Extend ASN1 oid configuration module. It now additionally accepts the
+ syntax:
+
+ shortName = some long name, 1.2.3.4
+ [Steve Henson]
+
+ *) Reimplemented the BN_CTX implementation. There is now no more static
+ limitation on the number of variables it can handle nor the depth of the
+ "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+ information can now expand as required, and rather than having a single
+ static array of bignums, BN_CTX now uses a linked-list of such arrays
+ allowing it to expand on demand whilst maintaining the usefulness of
+ BN_CTX's "bundling".
+ [Geoff Thorpe]
+
+ *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+ to allow all RSA operations to function using a single BN_CTX.
+ [Geoff Thorpe]
+
+ *) Preliminary support for certificate policy evaluation and checking. This
+ is initially intended to pass the tests outlined in "Conformance Testing
+ of Relying Party Client Certificate Path Processing Logic" v1.07.
+ [Steve Henson]
+
+ *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+ remained unused and not that useful. A variety of other little bignum
+ tweaks and fixes have also been made continuing on from the audit (see
+ below).
+ [Geoff Thorpe]
+
+ *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+ associated ASN1, EVP and SSL functions and old ASN1 macros.
+ [Richard Levitte]
+
+ *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+ and this should never fail. So the return value from the use of
+ BN_set_word() (which can fail due to needless expansion) is now deprecated;
+ if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+ [Geoff Thorpe]
+
+ *) BN_CTX_get() should return zero-valued bignums, providing the same
+ initialised value as BN_new().
+ [Geoff Thorpe, suggested by Ulf Möller]
+
+ *) Support for inhibitAnyPolicy certificate extension.
+ [Steve Henson]
+
+ *) An audit of the BIGNUM code is underway, for which debugging code is
+ enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+ is considered valid when processing BIGNUMs, and causes execution to
+ assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+ further steps are taken to deliberately pollute unused data in BIGNUM
+ structures to try and expose faulty code further on. For now, openssl will
+ (in its default mode of operation) continue to tolerate the inconsistent
+ forms that it has tolerated in the past, but authors and packagers should
+ consider trying openssl and their own applications when compiled with
+ these debugging symbols defined. It will help highlight potential bugs in
+ their own code, and will improve the test coverage for OpenSSL itself. At
+ some point, these tighter rules will become openssl's default to improve
+ maintainability, though the assert()s and other overheads will remain only
+ in debugging configurations. See bn.h for more details.
+ [Geoff Thorpe, Nils Larsch, Ulf Möller]
+
+ *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+ that can only be obtained through BN_CTX_new() (which implicitly
+ initialises it). The presence of this function only made it possible
+ to overwrite an existing structure (and cause memory leaks).
+ [Geoff Thorpe]
+
+ *) Because of the callback-based approach for implementing LHASH as a
+ template type, lh_insert() adds opaque objects to hash-tables and
+ lh_doall() or lh_doall_arg() are typically used with a destructor callback
+ to clean up those corresponding objects before destroying the hash table
+ (and losing the object pointers). So some over-zealous constifications in
+ LHASH have been relaxed so that lh_insert() does not take (nor store) the
+ objects as "const" and the lh_doall[_arg] callback wrappers are not
+ prototyped to have "const" restrictions on the object pointers they are
+ given (and so aren't required to cast them away any more).
+ [Geoff Thorpe]
+
+ *) The tmdiff.h API was so ugly and minimal that our own timing utility
+ (speed) prefers to use its own implementation. The two implementations
+ haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+ its object type properly exposed (MS_TM) instead of casting to/from "char
+ *". This may still change yet if someone realises MS_TM and "ms_time_***"
+ aren't necessarily the greatest nomenclatures - but this is what was used
+ internally to the implementation so I've used that for now.
+ [Geoff Thorpe]
+
+ *) Ensure that deprecated functions do not get compiled when
+ OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+ the self-tests were still using deprecated key-generation functions so
+ these have been updated also.
+ [Geoff Thorpe]
+
+ *) Reorganise PKCS#7 code to separate the digest location functionality
+ into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
+ New function PKCS7_set_digest() to set the digest type for PKCS#7
+ digestedData type. Add additional code to correctly generate the
+ digestedData type and add support for this type in PKCS7 initialization
+ functions.
+ [Steve Henson]
+
+ *) New function PKCS7_set0_type_other() this initializes a PKCS7
+ structure of type "other".
+ [Steve Henson]
+
+ *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+ sure the loop does correctly stop and breaking ("division by zero")
+ modulus operations are not performed. The (pre-generated) prime
+ table crypto/bn/bn_prime.h was already correct, but it could not be
+ re-generated on some platforms because of the "division by zero"
+ situation in the script.
+ [Ralf S. Engelschall]
+
+ *) Update support for ECC-based TLS ciphersuites according to
+ draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+ SHA-1 now is only used for "small" curves (where the
+ representation of a field element takes up to 24 bytes); for
+ larger curves, the field element resulting from ECDH is directly
+ used as premaster secret.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+ curve secp160r1 to the tests.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add the possibility to load symbols globally with DSO.
+ [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
+
+ *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+ control of the error stack.
+ [Richard Levitte]
+
+ *) Add support for STORE in ENGINE.
+ [Richard Levitte]
+
+ *) Add the STORE type. The intention is to provide a common interface
+ to certificate and key stores, be they simple file-based stores, or
+ HSM-type store, or LDAP stores, or...
+ NOTE: The code is currently UNTESTED and isn't really used anywhere.
+ [Richard Levitte]
+
+ *) Add a generic structure called OPENSSL_ITEM. This can be used to
+ pass a list of arguments to any function as well as provide a way
+ for a function to pass data back to the caller.
+ [Richard Levitte]
+
+ *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
+ works like BUF_strdup() but can be used to duplicate a portion of
+ a string. The copy gets NUL-terminated. BUF_memdup() duplicates
+ a memory area.
+ [Richard Levitte]
+
+ *) Add the function sk_find_ex() which works like sk_find(), but will
+ return an index to an element even if an exact match couldn't be
+ found. The index is guaranteed to point at the element where the
+ searched-for key would be inserted to preserve sorting order.
+ [Richard Levitte]
+
+ *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+ takes an extra flags argument for optional functionality. Currently,
+ the following flags are defined:
+
+ OBJ_BSEARCH_VALUE_ON_NOMATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns a negative or zero
+ number.
+
+ OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns zero. This is useful
+ if there are more than one element where the comparing function
+ returns zero.
+ [Richard Levitte]
+
+ *) Make it possible to create self-signed certificates with 'openssl ca'
+ in such a way that the self-signed certificate becomes part of the
+ CA database and uses the same mechanisms for serial number generation
+ as all other certificate signing. The new flag '-selfsign' enables
+ this functionality. Adapt CA.sh and CA.pl.in.
+ [Richard Levitte]
+
+ *) Add functionality to check the public key of a certificate request
+ against a given private. This is useful to check that a certificate
+ request can be signed by that key (self-signing).
+ [Richard Levitte]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) Generate muti valued AVAs using '+' notation in config files for
+ req and dirName.
+ [Steve Henson]
+
+ *) Support for nameConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyMappings certificate extension.
+ [Steve Henson]
+
+ *) Make sure the default DSA_METHOD implementation only uses its
+ dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+ and change its own handlers to be NULL so as to remove unnecessary
+ indirection. This lets alternative implementations fallback to the
+ default implementation more easily.
+ [Geoff Thorpe]
+
+ *) Support for directoryName in GeneralName related extensions
+ in config files.
+ [Steve Henson]
+
+ *) Make it possible to link applications using Makefile.shared.
+ Make that possible even when linking against static libraries!
+ [Richard Levitte]
+
+ *) Support for single pass processing for S/MIME signing. This now
+ means that S/MIME signing can be done from a pipe, in addition
+ cleartext signing (multipart/signed type) is effectively streaming
+ and the signed data does not need to be all held in memory.
+
+ This is done with a new flag PKCS7_STREAM. When this flag is set
+ PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+ is done after the data is output (and digests calculated) in
+ SMIME_write_PKCS7().
+ [Steve Henson]
+
+ *) Add full support for -rpath/-R, both in shared libraries and
+ applications, at least on the platforms where it's known how
+ to do it.
+ [Richard Levitte]
+
+ *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+ precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+ will now compute a table of multiples of the generator that
+ makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+ faster (notably in the case of a single point multiplication,
+ scalar * generator).
+ [Nils Larsch, Bodo Moeller]
+
+ *) IPv6 support for certificate extensions. The various extensions
+ which use the IP:a.b.c.d can now take IPv6 addresses using the
+ formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+ correctly.
+ [Steve Henson]
+
+ *) Added an ENGINE that implements RSA by performing private key
+ exponentiations with the GMP library. The conversions to and from
+ GMP's mpz_t format aren't optimised nor are any montgomery forms
+ cached, and on x86 it appears OpenSSL's own performance has caught up.
+ However there are likely to be other architectures where GMP could
+ provide a boost. This ENGINE is not built in by default, but it can be
+ specified at Configure time and should be accompanied by the necessary
+ linker additions, eg;
+ ./config -DOPENSSL_USE_GMP -lgmp
+ [Geoff Thorpe]
+
+ *) "openssl engine" will not display ENGINE/DSO load failure errors when
+ testing availability of engines with "-t" - the old behaviour is
+ produced by increasing the feature's verbosity with "-tt".
+ [Geoff Thorpe]
+
+ *) ECDSA routines: under certain error conditions uninitialized BN objects
+ could be freed. Solution: make sure initialization is performed early
+ enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
+ via PR#459)
+ [Lutz Jaenicke]
+
+ *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+ and DH_METHOD (eg. by ENGINE implementations) to override the normal
+ software implementations. For DSA and DH, parameter generation can
+ also be overriden by providing the appropriate method callbacks.
+ [Geoff Thorpe]
+
+ *) Change the "progress" mechanism used in key-generation and
+ primality testing to functions that take a new BN_GENCB pointer in
+ place of callback/argument pairs. The new API functions have "_ex"
+ postfixes and the older functions are reimplemented as wrappers for
+ the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+ declarations of the old functions to help (graceful) attempts to
+ migrate to the new functions. Also, the new key-generation API
+ functions operate on a caller-supplied key-structure and return
+ success/failure rather than returning a key or NULL - this is to
+ help make "keygen" another member function of RSA_METHOD etc.
+
+ Example for using the new callback interface:
+
+ int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+ void *my_arg = ...;
+ BN_GENCB my_cb;
+
+ BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+ return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+ /* For the meaning of a, b in calls to my_callback(), see the
+ * documentation of the function that calls the callback.
+ * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+ * my_callback should return 1 if it wants BN_is_prime_ex()
+ * to continue, or 0 to stop.
+ */
+
+ [Geoff Thorpe]
+
+ *) Change the ZLIB compression method to be stateful, and make it
+ available to TLS with the number defined in
+ draft-ietf-tls-compression-04.txt.
+ [Richard Levitte]
+
+ *) Add the ASN.1 structures and functions for CertificatePair, which
+ is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+ CertificatePair ::= SEQUENCE {
+ forward [0] Certificate OPTIONAL,
+ reverse [1] Certificate OPTIONAL,
+ -- at least one of the pair shall be present -- }
+
+ Also implement the PEM functions to read and write certificate
+ pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+ This needed to be defined, mostly for the sake of the LDAP
+ attribute crossCertificatePair, but may prove useful elsewhere as
+ well.
+ [Richard Levitte]
+
+ *) Make it possible to inhibit symlinking of shared libraries in
+ Makefile.shared, for Cygwin's sake.
+ [Richard Levitte]
+
+ *) Extend the BIGNUM API by creating a function
+ void BN_set_negative(BIGNUM *a, int neg);
+ and a macro that behave like
+ int BN_is_negative(const BIGNUM *a);
+
+ to avoid the need to access 'a->neg' directly in applications.
+ [Nils Larsch]
+
+ *) Implement fast modular reduction for pseudo-Mersenne primes
+ used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+ EC_GROUP_new_curve_GFp() will now automatically use this
+ if applicable.
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Add new lock type (CRYPTO_LOCK_BN).
+ [Bodo Moeller]
+
+ *) Change the ENGINE framework to automatically load engines
+ dynamically from specific directories unless they could be
+ found to already be built in or loaded. Move all the
+ current engines except for the cryptodev one to a new
+ directory engines/.
+ The engines in engines/ are built as shared libraries if
+ the "shared" options was given to ./Configure or ./config.
+ Otherwise, they are inserted in libcrypto.a.
+ /usr/local/ssl/engines is the default directory for dynamic
+ engines, but that can be overriden at configure time through
+ the usual use of --prefix and/or --openssldir, and at run
+ time with the environment variable OPENSSL_ENGINES.
+ [Geoff Thorpe and Richard Levitte]
+
+ *) Add Makefile.shared, a helper makefile to build shared
+ libraries. Addapt Makefile.org.
+ [Richard Levitte]
+
+ *) Add version info to Win32 DLLs.
+ [Peter 'Luna' Runestig" <peter@runestig.com>]
+
+ *) Add new 'medium level' PKCS#12 API. Certificates and keys
+ can be added using this API to created arbitrary PKCS#12
+ files while avoiding the low level API.
+
+ New options to PKCS12_create(), key or cert can be NULL and
+ will then be omitted from the output file. The encryption
+ algorithm NIDs can be set to -1 for no encryption, the mac
+ iteration count can be set to 0 to omit the mac.
+
+ Enhance pkcs12 utility by making the -nokeys and -nocerts
+ options work when creating a PKCS#12 file. New option -nomac
+ to omit the mac, NONE can be set for an encryption algorithm.
+ New code is modified to use the enhanced PKCS12_create()
+ instead of the low level API.
+ [Steve Henson]
+
+ *) Extend ASN1 encoder to support indefinite length constructed
+ encoding. This can output sequences tags and octet strings in
+ this form. Modify pk7_asn1.c to support indefinite length
+ encoding. This is experimental and needs additional code to
+ be useful, such as an ASN1 bio and some enhanced streaming
+ PKCS#7 code.
+
+ Extend template encode functionality so that tagging is passed
+ down to the template encoder.
+ [Steve Henson]
+
+ *) Let 'openssl req' fail if an argument to '-newkey' is not
+ recognized instead of using RSA as a default.
+ [Bodo Moeller]
+
+ *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+ As these are not official, they are not included in "ALL";
+ the "ECCdraft" ciphersuite group alias can be used to select them.
+ [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+ *) Add ECDH engine support.
+ [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add ECDH in new directory crypto/ecdh/.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Let BN_rand_range() abort with an error after 100 iterations
+ without success (which indicates a broken PRNG).
+ [Bodo Moeller]
+
+ *) Change BN_mod_sqrt() so that it verifies that the input value
+ is really the square of the return value. (Previously,
+ BN_mod_sqrt would show GIGO behaviour.)
+ [Bodo Moeller]
+
+ *) Add named elliptic curves over binary fields from X9.62, SECG,
+ and WAP/WTLS; add OIDs that were still missing.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Extend the EC library for elliptic curves over binary fields
+ (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+ New EC_METHOD:
+
+ EC_GF2m_simple_method
+
+ New API functions:
+
+ EC_GROUP_new_curve_GF2m
+ EC_GROUP_set_curve_GF2m
+ EC_GROUP_get_curve_GF2m
+ EC_POINT_set_affine_coordinates_GF2m
+ EC_POINT_get_affine_coordinates_GF2m
+ EC_POINT_set_compressed_coordinates_GF2m
+
+ Point compression for binary fields is disabled by default for
+ patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+ enable it).
+
+ As binary polynomials are represented as BIGNUMs, various members
+ of the EC_GROUP and EC_POINT data structures can be shared
+ between the implementations for prime fields and binary fields;
+ the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+ are essentially identical to their ..._GFp counterparts.
+ (For simplicity, the '..._GFp' prefix has been dropped from
+ various internal method names.)
+
+ An internal 'field_div' method (similar to 'field_mul' and
+ 'field_sqr') has been added; this is used only for binary fields.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+ through methods ('mul', 'precompute_mult').
+
+ The generic implementations (now internally called 'ec_wNAF_mul'
+ and 'ec_wNAF_precomputed_mult') remain the default if these
+ methods are undefined.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) New function EC_GROUP_get_degree, which is defined through
+ EC_METHOD. For curves over prime fields, this returns the bit
+ length of the modulus.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) New functions EC_GROUP_dup, EC_POINT_dup.
+ (These simply call ..._new and ..._copy).
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+ Polynomials are represented as BIGNUMs (where the sign bit is not
+ used) in the following functions [macros]:
+
+ BN_GF2m_add
+ BN_GF2m_sub [= BN_GF2m_add]
+ BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
+ BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
+ BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
+ BN_GF2m_mod_inv
+ BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
+ BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
+ BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
+ BN_GF2m_cmp [= BN_ucmp]
+
+ (Note that only the 'mod' functions are actually for fields GF(2^m).
+ BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+ For some functions, an the irreducible polynomial defining a
+ field can be given as an 'unsigned int[]' with strictly
+ decreasing elements giving the indices of those bits that are set;
+ i.e., p[] represents the polynomial
+ f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ where
+ p[0] > p[1] > ... > p[k] = 0.
+ This applies to the following functions:
+
+ BN_GF2m_mod_arr
+ BN_GF2m_mod_mul_arr
+ BN_GF2m_mod_sqr_arr
+ BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
+ BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
+ BN_GF2m_mod_exp_arr
+ BN_GF2m_mod_sqrt_arr
+ BN_GF2m_mod_solve_quad_arr
+ BN_GF2m_poly2arr
+ BN_GF2m_arr2poly
+
+ Conversion can be performed by the following functions:
+
+ BN_GF2m_poly2arr
+ BN_GF2m_arr2poly
+
+ bntest.c has additional tests for binary polynomial arithmetic.
+
+ Two implementations for BN_GF2m_mod_div() are available.
+ The default algorithm simply uses BN_GF2m_mod_inv() and
+ BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
+ if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+ copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Add new error code 'ERR_R_DISABLED' that can be used when some
+ functionality is disabled at compile-time.
+ [Douglas Stebila <douglas.stebila@sun.com>]
+
+ *) Change default behaviour of 'openssl asn1parse' so that more
+ information is visible when viewing, e.g., a certificate:
+
+ Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+ mode the content of non-printable OCTET STRINGs is output in a
+ style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+ avoid the appearance of a printable string.
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+ functions
+ EC_GROUP_set_asn1_flag()
+ EC_GROUP_get_asn1_flag()
+ EC_GROUP_set_point_conversion_form()
+ EC_GROUP_get_point_conversion_form()
+ These control ASN1 encoding details:
+ - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+ has been set to OPENSSL_EC_NAMED_CURVE.
+ - Points are encoded in uncompressed form by default; options for
+ asn1_for are as for point2oct, namely
+ POINT_CONVERSION_COMPRESSED
+ POINT_CONVERSION_UNCOMPRESSED
+ POINT_CONVERSION_HYBRID
+
+ Also add 'seed' and 'seed_len' members to EC_GROUP with access
+ functions
+ EC_GROUP_set_seed()
+ EC_GROUP_get0_seed()
+ EC_GROUP_get_seed_len()
+ This is used only for ASN1 purposes (so far).
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Add 'field_type' member to EC_METHOD, which holds the NID
+ of the appropriate field type OID. The new function
+ EC_METHOD_get_field_type() returns this value.
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Add functions
+ EC_POINT_point2bn()
+ EC_POINT_bn2point()
+ EC_POINT_point2hex()
+ EC_POINT_hex2point()
+ providing useful interfaces to EC_POINT_point2oct() and
+ EC_POINT_oct2point().
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Change internals of the EC library so that the functions
+ EC_GROUP_set_generator()
+ EC_GROUP_get_generator()
+ EC_GROUP_get_order()
+ EC_GROUP_get_cofactor()
+ are implemented directly in crypto/ec/ec_lib.c and not dispatched
+ to methods, which would lead to unnecessary code duplication when
+ adding different types of curves.
+ [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
+
+ *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+ arithmetic, and such that modified wNAFs are generated
+ (which avoid length expansion in many cases).
+ [Bodo Moeller]
+
+ *) Add a function EC_GROUP_check_discriminant() (defined via
+ EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+ Add a function EC_GROUP_check() that makes some sanity tests
+ on a EC_GROUP, its generator and order. This includes
+ EC_GROUP_check_discriminant().
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Add ECDSA in new directory crypto/ecdsa/.
+
+ Add applications 'openssl ecparam' and 'openssl ecdsa'
+ (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+ ECDSA support is also included in various other files across the
+ library. Most notably,
+ - 'openssl req' now has a '-newkey ecdsa:file' option;
+ - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+ - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+ d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+ them suitable for ECDSA where domain parameters must be
+ extracted before the specific public key;
+ - ECDSA engine support has been added.
+ [Nils Larsch <nla@trustcenter.de>]
+
+ *) Include some named elliptic curves, and add OIDs from X9.62,
+ SECG, and WAP/WTLS. Each curve can be obtained from the new
+ function
+ EC_GROUP_new_by_curve_name(),
+ and the list of available named curves can be obtained with
+ EC_get_builtin_curves().
+ Also add a 'curve_name' member to EC_GROUP objects, which can be
+ accessed via
+ EC_GROUP_set_curve_name()
+ EC_GROUP_get_curve_name()
+ [Nils Larsch <larsch@trustcenter.de, Bodo Moeller]
+
+ *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+ was actually never needed) and in BN_mul(). The removal in BN_mul()
+ required a small change in bn_mul_part_recursive() and the addition
+ of the functions bn_cmp_part_words(), bn_sub_part_words() and
+ bn_add_part_words(), which do the same thing as bn_cmp_words(),
+ bn_sub_words() and bn_add_words() except they take arrays with
+ differing sizes.
+ [Richard Levitte]
+
+ Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
+
+ *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+ The value now differs depending on if you build for FIPS or not.
+ BEWARE! A program linked with a shared FIPSed libcrypto can't be
+ safely run with a non-FIPSed libcrypto, as it may crash because of
+ the difference induced by this change.
+ [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Minimal support for X9.31 signatures and PSS padding modes. This is
+ mainly for FIPS compliance and not fully integrated at this stage.
+ [Steve Henson]
+
+ *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+ the exponentiation using a fixed-length exponent. (Otherwise,
+ the information leaked through timing could expose the secret key
+ after many signatures; cf. Bleichenbacher's attack on DSA with
+ biased k.)
+ [Bodo Moeller]
+
+ *) Make a new fixed-window mod_exp implementation the default for
+ RSA, DSA, and DH private-key operations so that the sequence of
+ squares and multiplies and the memory access pattern are
+ independent of the particular secret key. This will mitigate
+ cache-timing and potential related attacks.
+
+ BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+ and this is automatically used by BN_mod_exp_mont() if the new flag
+ BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
+ will use this BN flag for private exponents unless the flag
+ RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+ DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+ [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+ *) Change the client implementation for SSLv23_method() and
+ SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+ Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+ (Previously, the SSL 2.0 backwards compatible Client Hello
+ message format would be used even with SSL_OP_NO_SSLv2.)
+ [Bodo Moeller]
+
+ *) Add support for smime-type MIME parameter in S/MIME messages which some
+ clients need.
+ [Steve Henson]
+
+ *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+ a threadsafe manner. Modify rsa code to use new function and add calls
+ to dsa and dh code (which had race conditions before).
+ [Steve Henson]
+
+ *) Include the fixed error library code in the C error file definitions
+ instead of fixing them up at runtime. This keeps the error code
+ structures constant.
+ [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
+
+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
+ *) Fixes for newer kerberos headers. NB: the casts are needed because
+ the 'length' field is signed on one version and unsigned on another
+ with no (?) obvious way to tell the difference, without these VC++
+ complains. Also the "definition" of FAR (blank) is no longer included
+ nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+ some needed definitions.
+ [Steve Henson]
+
+ *) Undo Cygwin change.
+ [Ulf Möller]
+
+ *) Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f [22 Mar 2005]
+
+ *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+ server and client random values. Previously
+ (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+ less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+ This change has negligible security impact because:
+
+ 1. Server and client random values still have 24 bytes of pseudo random
+ data.
+
+ 2. Server and client random values are sent in the clear in the initial
+ handshake.
+
+ 3. The master secret is derived using the premaster secret (48 bytes in
+ size for static RSA ciphersuites) as well as client server and random
+ values.
+
+ The OpenSSL team would like to thank the UK NISCC for bringing this issue
+ to our attention.
+
+ [Stephen Henson, reported by UK NISCC]
+
+ *) Use Windows randomness collection on Cygwin.
+ [Ulf Möller]
+
+ *) Fix hang in EGD/PRNGD query when communication socket is closed
+ prematurely by EGD/PRNGD.
+ [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
+
+ *) Prompt for pass phrases when appropriate for PKCS12 input format.
+ [Steve Henson]
+
+ *) Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ [Andy Polyakov]
+
+ *) Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
+
+ *) Add new -passin argument to dgst.
+ [Steve Henson]
+
+ *) Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ [Steve Henson]
+
+ *) Make an explicit check during certificate validation to see that
+ the CA setting in each certificate on the chain is correct. As a
+ side effect always do the following basic checks on extensions,
+ not just when there's an associated purpose to the check:
+
+ - if there is an unhandled critical extension (unless the user
+ has chosen to ignore this fault)
+ - if the path length has been exceeded (if one is set at all)
+ - that certain extensions fit the associated purpose (if one has
+ been given)
+ [Richard Levitte]
+
Changes between 0.9.7d and 0.9.7e [25 Oct 2004]
*) Avoid a race condition when CRLs are checked in a multi threaded
@@ -29,11 +1081,11 @@
Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
[Joe Orton, Steve Henson]
*) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
- (CAN-2004-0112)
+ (CVE-2004-0112)
[Joe Orton, Steve Henson]
*) Make it possible to have multiple active certificates with the same
@@ -76,9 +1128,9 @@
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+ Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
@@ -163,7 +1215,7 @@
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
+ between bad padding and a MAC verification error. (CVE-2003-0078)
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -380,7 +1432,7 @@
Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized master key in Kerberos-enabled versions.
- (CAN-2002-0657)
+ (CVE-2002-0657)
[Ben Laurie (CHATS)]
*) Change the SSL kerb5 codes to match RFC 2712.
@@ -2064,7 +3116,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
[Joe Orton, Steve Henson]
Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
@@ -2072,7 +3124,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Fix additional bug revealed by the NISCC test suite:
Stop bug triggering large recursion when presented with
- certain ASN.1 tags (CAN-2003-0851)
+ certain ASN.1 tags (CVE-2003-0851)
[Steve Henson]
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
@@ -2080,7 +3132,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
@@ -2132,7 +3184,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
+ between bad padding and a MAC verification error. (CVE-2003-0078)
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -2265,7 +3317,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
- supplied buffer. (CAN-2002-0659)
+ supplied buffer. (CVE-2002-0659)
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
@@ -2273,15 +3325,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Ben Laurie (CHATS)]
*) Various temporary buffers to hold ASCII versions of integers were
- too small for 64 bit platforms. (CAN-2002-0655)
+ too small for 64 bit platforms. (CVE-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
*) Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized session ID to a client. (CAN-2002-0656)
+ supply an oversized session ID to a client. (CVE-2002-0656)
[Ben Laurie (CHATS)]
*) Remote buffer overflow in SSL2 protocol - an attacker could
- supply an oversized client master key. (CAN-2002-0656)
+ supply an oversized client master key. (CVE-2002-0656)
[Ben Laurie (CHATS)]
Changes between 0.9.6c and 0.9.6d [9 May 2002]
diff --git a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head
new file mode 100644
index 000000000000..1203a22158a8
--- /dev/null
+++ b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head
@@ -0,0 +1,163 @@
+This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS,
+provides a collection of those CVS change log entries for the
+0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in
+0.9.8-dev (CVS head).
+
+ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes
+ChangeLog.0_9_7-stable_not-in-head - everything else
+
+Some obvious false positives have been eliminated: e.g., we do not
+care about a simple "make update"; and we don't care about changes
+identified to the 0.9.7 branch that were explicitly identified as
+backports from head.
+
+Eliminating all other entries (and finally this file and its
+compantion), either as false positives or as things that should go
+into 0.9.8, remains to be done. Any additional changes to 0.9.7 that
+are not immediately put into 0.9.8, but belong there as well, should
+be added to the end of this file.
+
+
+2002-11-04 17:33 levitte
+
+ Changed:
+ Configure (1.314.2.38), "Exp", lines: +4 -2
+
+ Return my normal debug targets to something not so extreme, and
+ make the extreme ones special (or 'extreme', if you will :-)).
+
+2002-12-16 19:17 appro
+
+ Changed:
+ crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0
+ crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445
+
+ This is rollback to 0.9.6h bn_mul.c to address problem reported in
+ RT#272.
+
+2003-07-27 15:46 ben
+
+ Changed:
+ crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0
+ crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0
+
+ Add untested CFB-r mode. Will be tested soon.
+
+2003-07-28 17:07 ben
+
+ Changed:
+ Makefile.org (1.154.2.69), "Exp", lines: +5 -1
+ crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0
+ crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0
+ crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2
+ crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16
+ crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0
+ crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1
+ crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2
+ crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11
+ crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2
+ crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5
+ crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0
+ crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0
+ crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0
+ fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0
+ fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1
+ fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1
+ test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43
+
+ Add support for partial CFB modes, make tests work, update
+ dependencies.
+
+2003-07-29 12:56 ben
+
+ Changed:
+ crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6
+ crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0
+ crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8
+ crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1
+
+ Working CFB1 and test vectors.
+
+2003-07-29 15:24 ben
+
+ Changed:
+ crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0
+ crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5
+ crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0
+ crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0
+ crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0
+ fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1
+ fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19
+
+ The rest of the keysizes for CFB1, working AES AVS test for CFB1.
+
+2003-07-29 19:05 ben
+
+ Changed:
+ crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0
+ crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0
+ crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0
+ crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9
+ crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0
+ crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5
+ crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0
+ crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0
+ crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0
+ fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0
+
+ AES CFB8.
+
+2003-07-30 20:30 ben
+
+ Changed:
+ Makefile.org (1.154.2.70), "Exp", lines: +16 -5
+ crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1
+ crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0
+ crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14
+ crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1
+ crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0
+ crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0
+ crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23
+ crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6
+ crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0
+ crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6
+ fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1
+ fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0
+ fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1
+ fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
+ fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0
+ fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
+ fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0
+ fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0
+ fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0
+
+ Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
+
+2003-08-01 12:25 ben
+
+ Changed:
+ crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36
+ crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0
+ crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3
+ crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0
+
+ Fix DES CFB-r.
+
+2003-08-01 12:31 ben
+
+ Changed:
+ crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0
+
+ DES CFB8 test.
+
+2005-04-19 16:21 appro
+
+ Changed:
+ Configure (1.314.2.117), "Exp", lines: +24 -21
+ Makefile.org (1.154.2.100), "Exp", lines: +1 -11
+ TABLE (1.99.2.52), "Exp", lines: +20 -20
+ apps/Makefile (1.1.4.15), "Exp", lines: +1 -1
+ test/Makefile (1.1.4.12), "Exp", lines: +1 -1
+
+ Enable shared link on HP-UX.
+
diff --git a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS
new file mode 100644
index 000000000000..1e6c88f77abf
--- /dev/null
+++ b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS
@@ -0,0 +1,1494 @@
+See file ChangeLog.0_9_7-stable_not-in-head for explanations.
+This is the "FIPS"-related part.
+
+
+
+2003-07-27 19:00 ben
+
+ Changed:
+ Configure (1.314.2.85), "Exp", lines: +2 -0
+ Makefile.org (1.154.2.67), "Exp", lines: +12 -3
+ crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0
+ crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0
+ crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1
+ crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0
+ crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1
+ crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1
+ crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2
+ crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3
+ crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4
+ crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0
+ crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0
+ crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0
+ crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0
+ crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0
+ crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0
+ crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0
+ crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7
+ crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0
+ crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4
+ crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1
+ crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0
+ crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1
+ crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4
+ crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4
+ crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15
+ crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0
+ crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0
+ crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1
+ crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0
+ crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2
+ crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6
+ fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
+ fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0
+ fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
+ fips/fips.c (1.1.2.1), "Exp", lines: +74 -0
+ fips/fips.h (1.1.2.1), "Exp", lines: +85 -0
+ fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0
+ fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0
+ fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0
+ fips/lib (1.1.2.1), "Exp", lines: +0 -0
+ fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0
+ fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
+ fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
+ fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0
+ fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0
+ fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0
+ fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
+ fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
+ fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0
+ fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0
+ fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0
+ fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
+ fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
+ fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
+ fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0
+ fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0
+ fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0
+ fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
+ fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
+ fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
+ fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0
+ fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0
+ fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0
+ fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0
+ fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0
+ fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0
+ test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13
+ util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1
+
+ Unfinished FIPS stuff for review/improvement.
+
+2003-07-27 19:19 ben
+
+ Changed:
+ fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1
+
+ Use unified diff.
+
+2003-07-27 19:23 ben
+
+ Changed:
+ fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3
+ fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1
+ fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1
+
+ Build in non-FIPS mode.
+
+2003-07-27 23:13 ben
+
+ Changed:
+ Makefile.org (1.154.2.68), "Exp", lines: +1 -1
+ fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1
+ fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0
+ fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0
+ fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1
+ fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
+ fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1
+ fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0
+ fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1
+
+ Build when not FIPS.
+
+2003-07-28 11:56 ben
+
+ Changed:
+ fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
+ fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1
+
+ New fingerprints.
+
+2003-07-29 16:06 ben
+
+ Changed:
+ fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303
+
+ Reformat.
+
+2003-07-29 16:34 ben
+
+ Changed:
+ fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17
+
+ MMT for CFB1
+
+2003-07-29 17:17 ben
+
+ Changed:
+ fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0
+ fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0
+ fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0
+
+ Missing files.
+
+2003-07-31 23:30 levitte
+
+ Changed:
+ Makefile.org (1.154.2.71), "Exp", lines: +2 -0
+
+ If FDIRS is to be treated like SDIRS, let's not forget to
+ initialize it in Makefile.org.
+
+2003-07-31 23:41 levitte
+
+ Changed:
+ fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3
+
+ No C++ comments in C programs!
+
+2003-08-01 15:07 steve
+
+ Changed:
+ fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3
+
+ Replace C++ style comments.
+
+2003-08-03 14:22 ben
+
+ Changed:
+ fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37
+
+ Make tests work (CFB1 still doesn't produce the right answers,
+ strangely).
+
+2003-08-08 12:08 levitte
+
+ Changed:
+ fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0
+
+ Avoid clashing with the regular DES functions when not compiling
+ with -DFIPS. This is basically only visible when building with
+ shared library supoort...
+
+2003-08-11 11:36 levitte
+
+ Deleted:
+ fips/sha1/.cvsignore (1.1.2.2)
+ fips/sha1/Makefile.ssl (1.1.2.3)
+ fips/sha1/fingerprint.sha1 (1.1.2.3)
+ fips/sha1/fips_md32_common.h (1.1.2.2)
+ fips/sha1/fips_sha1dgst.c (1.1.2.3)
+ fips/sha1/fips_sha1test.c (1.1.2.3)
+ fips/sha1/fips_sha_locl.h (1.1.2.2)
+ fips/sha1/fips_standalone_sha1.c (1.1.2.3)
+ fips/sha1/sha1hashes.txt (1.1.2.2)
+ fips/sha1/sha1vectors.txt (1.1.2.2)
+ fips/sha1/standalone.sha1 (1.1.2.4)
+ fips/dsa/.cvsignore (1.1.2.2)
+ fips/dsa/Makefile.ssl (1.1.2.2)
+ fips/dsa/fingerprint.sha1 (1.1.2.3)
+ fips/dsa/fips_dsa_ossl.c (1.1.2.3)
+ fips/dsa/fips_dsatest.c (1.1.2.3)
+ fips/rand/.cvsignore (1.1.2.2)
+ fips/rand/Makefile.ssl (1.1.2.2)
+ fips/rand/fingerprint.sha1 (1.1.2.2)
+ fips/rand/fips_rand.c (1.1.2.2)
+ fips/rand/fips_rand.h (1.1.2.2)
+ fips/rand/fips_randtest.c (1.1.2.2)
+ fips/des/.cvsignore (1.1.2.2)
+ fips/des/Makefile.ssl (1.1.2.3)
+ fips/des/fingerprint.sha1 (1.1.2.2)
+ fips/des/fips_des_enc.c (1.1.2.3)
+ fips/des/fips_des_locl.h (1.1.2.2)
+ fips/des/fips_desmovs.c (1.1.2.3)
+ fips/aes/.cvsignore (1.1.2.2)
+ fips/aes/Makefile.ssl (1.1.2.5)
+ fips/aes/fingerprint.sha1 (1.1.2.2)
+ fips/aes/fips_aes_core.c (1.1.2.2)
+ fips/aes/fips_aes_locl.h (1.1.2.2)
+ fips/aes/fips_aesavs.c (1.1.2.9)
+ fips/.cvsignore (1.1.2.2)
+ fips/Makefile.ssl (1.1.2.6)
+ fips/fingerprint.sha1 (1.1.2.3)
+ fips/fips.c (1.1.2.2)
+ fips/fips.h (1.1.2.2)
+ fips/fips_check_sha1 (1.1.2.4)
+ fips/fips_err.c (1.1.2.2)
+ fips/fips_err_wrapper.c (1.1.2.2)
+ fips/fips_make_sha1 (1.1.2.4)
+ fips/lib (1.1.2.2)
+ Changed:
+ util/libeay.num (1.173.2.16), "Exp", lines: +11 -38
+ util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2
+ test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180
+ crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7
+ crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16
+ crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17
+ crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9
+ crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2
+ crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3
+ crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11
+ crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27
+ crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32
+ crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8
+ crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11
+ crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7
+ crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7
+ crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8
+ crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4
+ crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22
+ crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43
+ crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3
+ crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36
+ crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3
+ crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24
+ crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11
+ crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17
+ crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106
+ crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10
+ crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2
+ crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12
+ crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8
+ crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17
+ crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2
+ crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4
+ crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1
+ crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1
+ crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4
+ crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1
+ crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2
+ crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1
+ crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2
+ crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9
+ crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93
+ crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4
+ crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5
+ crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11
+ Configure (1.314.2.86), "Exp", lines: +0 -2
+ Makefile.org (1.154.2.72), "Exp", lines: +8 -34
+ TABLE (1.99.2.30), "Exp", lines: +0 -50
+
+ A new branch for FIPS-related changes has been created with the
+ name OpenSSL-fips-0_9_7-stable.
+
+ Since the 0.9.7-stable branch is supposed to be in freeze
+ and should only contain bug corrections, this change removes the
+ FIPS changes from that branch.
+
+2004-05-11 14:44 ben
+
+ Deleted:
+ apps/Makefile.ssl (1.100.2.27)
+ crypto/Makefile.ssl (1.84.2.12)
+ crypto/aes/Makefile.ssl (1.4.2.9)
+ crypto/asn1/Makefile.ssl (1.77.2.7)
+ crypto/bf/Makefile.ssl (1.25.2.6)
+ crypto/bio/Makefile.ssl (1.52.2.4)
+ crypto/bn/Makefile.ssl (1.65.2.9)
+ crypto/buffer/Makefile.ssl (1.32.2.4)
+ crypto/cast/Makefile.ssl (1.31.2.6)
+ crypto/comp/Makefile.ssl (1.32.2.4)
+ crypto/conf/Makefile.ssl (1.38.2.8)
+ crypto/des/Makefile.ssl (1.61.2.13)
+ crypto/dh/Makefile.ssl (1.43.2.5)
+ crypto/dsa/Makefile.ssl (1.49.2.9)
+ crypto/dso/Makefile.ssl (1.11.2.4)
+ crypto/ec/Makefile.ssl (1.7.2.4)
+ crypto/engine/Makefile.ssl (1.30.2.13)
+ crypto/err/Makefile.ssl (1.48.2.7)
+ crypto/evp/Makefile.ssl (1.64.2.12)
+ crypto/hmac/Makefile.ssl (1.33.2.6)
+ crypto/idea/Makefile.ssl (1.20.2.4)
+ crypto/krb5/Makefile.ssl (1.5.2.6)
+ crypto/lhash/Makefile.ssl (1.28.2.4)
+ crypto/md2/Makefile.ssl (1.29.2.5)
+ crypto/md4/Makefile.ssl (1.6.2.7)
+ crypto/md5/Makefile.ssl (1.33.2.10)
+ crypto/mdc2/Makefile.ssl (1.30.2.4)
+ crypto/objects/Makefile.ssl (1.46.2.6)
+ crypto/ocsp/Makefile.ssl (1.19.2.7)
+ crypto/pem/Makefile.ssl (1.51.2.5)
+ crypto/pkcs12/Makefile.ssl (1.37.2.5)
+ crypto/pkcs7/Makefile.ssl (1.47.2.5)
+ crypto/rand/Makefile.ssl (1.56.2.8)
+ crypto/rc2/Makefile.ssl (1.20.2.4)
+ crypto/rc4/Makefile.ssl (1.25.2.6)
+ crypto/rc5/Makefile.ssl (1.22.2.6)
+ crypto/ripemd/Makefile.ssl (1.25.2.9)
+ crypto/rsa/Makefile.ssl (1.53.2.6)
+ crypto/sha/Makefile.ssl (1.26.2.9)
+ crypto/stack/Makefile.ssl (1.28.2.4)
+ crypto/txt_db/Makefile.ssl (1.26.2.4)
+ crypto/ui/Makefile.ssl (1.10.2.6)
+ crypto/x509/Makefile.ssl (1.56.2.5)
+ crypto/x509v3/Makefile.ssl (1.62.2.5)
+ ssl/Makefile.ssl (1.53.2.11)
+ test/Makefile.ssl (1.84.2.36)
+ tools/Makefile.ssl (1.9.2.4)
+ Changed:
+ .cvsignore (1.7.6.2), "Exp", lines: +2 -1
+ Configure (1.314.2.92), "Exp", lines: +38 -8
+ FAQ (1.61.2.31), "Exp", lines: +1 -1
+ INSTALL (1.45.2.9), "Exp", lines: +2 -2
+ INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4
+ Makefile.org (1.154.2.78), "Exp", lines: +51 -19
+ PROBLEMS (1.4.2.10), "Exp", lines: +2 -2
+ e_os.h (1.56.2.17), "Exp", lines: +20 -1
+ apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0
+ apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0
+ apps/apps.c (1.49.2.27), "Exp", lines: +0 -10
+ apps/ca.c (1.102.2.31), "Exp", lines: +0 -10
+ apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11
+ apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0
+ crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0
+ crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0
+ crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1
+ crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0
+ crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0
+ crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0
+ crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0
+ crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0
+ crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0
+ crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0
+ crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0
+ crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0
+ crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0
+ crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1
+ crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0
+ crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0
+ crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0
+ crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0
+ crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0
+ crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0
+ crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0
+ crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1
+ crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0
+ crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1
+ crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2
+ crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3
+ crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0
+ crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0
+ crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0
+ crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1
+ crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0
+ crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0
+ crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0
+ crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0
+ crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0
+ crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0
+ crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0
+ crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2
+ crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0
+ crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0
+ crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0
+ crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0
+ crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0
+ crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0
+ crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0
+ crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4
+ crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3
+ crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4
+ crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11
+ crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1
+ crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0
+ crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2
+ crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8
+ crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1
+ crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0
+ crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0
+ crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0
+ crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0
+ crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0
+ crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0
+ crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0
+ crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0
+ crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0
+ crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3
+ crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0
+ crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0
+ crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0
+ crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0
+ crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0
+ crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0
+ crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0
+ crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0
+ crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0
+ crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0
+ crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1
+ crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0
+ crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0
+ crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0
+ crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0
+ crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0
+ crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0
+ crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1
+ crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0
+ crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0
+ crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0
+ crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0
+ crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0
+ crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0
+ crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0
+ crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0
+ fips/Makefile (1.1.4.1), "Exp", lines: +202 -0
+ fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4
+ fips/fips.c (1.1.2.3), "Exp", lines: +120 -5
+ fips/fips.h (1.1.2.3), "Exp", lines: +42 -2
+ fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2
+ fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0
+ fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2
+ fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0
+ fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6
+ fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0
+ fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0
+ fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0
+ fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2
+ fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2
+ fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0
+ fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0
+ fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6
+ fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0
+ fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2
+ fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3
+ fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1
+ fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0
+ fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79
+ fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0
+ fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0
+ fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0
+ fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1
+ fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0
+ fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3
+ fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0
+ fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6
+ fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0
+ fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0
+ fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2
+ fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10
+ fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1
+ fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10
+ fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0
+ fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0
+ fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0
+ fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0
+ fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0
+ fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2
+ fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0
+ fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3
+ fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0
+ fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0
+ fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4
+ fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0
+ fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0
+ fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7
+ fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0
+ fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0
+ fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4
+ fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0
+ ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10
+ ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11
+ ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11
+ ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4
+ shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3
+ ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0
+ ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0
+ ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0
+ ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0
+ ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1
+ ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1
+ ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1
+ test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0
+ test/Makefile (1.1.4.1), "Exp", lines: +941 -0
+ test/bctest (1.14.2.1), "Exp", lines: +1 -1
+ test/testenc (1.3.8.1), "Exp", lines: +1 -1
+ test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0
+ tools/Makefile (1.1.4.1), "Exp", lines: +61 -0
+ util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3
+ util/domd (1.6.2.3), "Exp", lines: +5 -5
+ util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3
+ util/libeay.num (1.173.2.19), "Exp", lines: +55 -11
+ util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4
+ util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4
+ util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1
+ util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1
+ util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1
+ util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2
+ util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1
+ util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1
+ util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1
+ util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1
+ util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2
+ util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2
+ util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1
+ util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1
+
+ Pull FIPS back into stable.
+
+2004-05-12 10:27 levitte
+
+ Changed:
+ apps/Makefile (1.1.4.2), "Exp", lines: +3 -1
+
+ Only check for FIPS signatures when FIPS is enabled.
+
+2004-05-12 10:28 levitte
+
+ Changed:
+ crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1
+
+ Makefile.ssl changed name to Makefile.
+
+2004-05-12 10:28 levitte
+
+ Changed:
+ fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1
+
+ Only really build this file when OPENSSL_FIPS is defined. And oh,
+ let's keep internal variables static.
+
+2004-05-12 10:42 levitte
+
+ Changed:
+ fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
+
+ I forgot to modify the signature for fips_rand.c...
+
+2004-05-12 10:46 levitte
+
+ Changed:
+ fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0
+ fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1
+ fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3
+ fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2
+ fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
+ fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
+
+ Ignore the 'lib' timestamp file.
+
+2004-05-12 12:07 levitte
+
+ Changed:
+ fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
+ fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
+ fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
+ fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
+ fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
+ fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0
+ fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
+
+ Ignore 'Makefile.save'
+
+2004-05-12 16:11 ben
+
+ Changed:
+ crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0
+ crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0
+ fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
+ fips/fips.c (1.1.2.4), "Exp", lines: +5 -1
+ fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
+ fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0
+
+ Blow up in people's faces if they don't reseed.
+
+2004-05-15 19:51 ben
+
+ Changed:
+ crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0
+ crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1
+ crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0
+ fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3
+ fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1
+ fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
+ fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1
+ fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0
+ fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
+ fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0
+ fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1
+
+ Fix self-tests, ban some things in FIPS mode, fix copyrights.
+
+2004-05-17 06:28 levitte
+
+ Changed:
+ util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2
+ util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4
+ util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3
+ util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2
+ util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2
+ util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2
+ util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2
+ util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2
+ util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2
+ util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2
+ util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2
+
+ Generate SHA1 files on Windows and other platforms supported by
+ mk1mf.pl, when building in FIPS mode.
+
+ Note: UNTESTED!
+
+2004-05-17 06:30 levitte
+
+ Changed:
+ apps/apps.h (1.44.2.14), "Exp", lines: +3 -0
+ apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5
+
+ Make sure the applications know when we are running in FIPS mode.
+ We can't use the variable in libcrypto, since it's supposedly
+ unknown.
+
+ Note: currently only supported in MONOLITH mode.
+
+2004-05-17 06:31 levitte
+
+ Changed:
+ apps/enc.c (1.35.2.9), "Exp", lines: +10 -1
+
+ When in FIPS mode, use SHA1 to digest the key, rather than MD5, as
+ MD5 isn't a FIPS-approved algorithm.
+
+ Note: this means the user needs to keep track of this, and
+ we need to add support for that...
+
+2004-05-19 16:16 levitte
+
+ Changed:
+ fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2
+ fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8
+ fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1
+ fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
+ fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2
+ fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4
+ fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
+ fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5
+ crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0
+ crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0
+ crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0
+
+ Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation
+ for size_t-ification of those algorithms in future version of
+ OpenSSL...
+
+2004-05-27 11:33 levitte
+
+ Changed:
+ makevms.com (1.35.2.3), "Exp", lines: +27 -0
+
+ Copy the FIPS files to the temporary openssl include directory.
+
+2004-05-27 12:04 levitte
+
+ Changed:
+ fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0
+ makevms.com (1.35.2.4), "Exp", lines: +8 -0
+
+ Compile the FIPS directory on VMS as well. fips-lib.com is
+ essentially a copy of crypto-lib.com, with just a few edits.
+
+2004-05-27 12:07 levitte
+
+ Changed:
+ fips/install.com (1.1.2.1), "Exp", lines: +55 -0
+ install.com (1.4.2.2), "Exp", lines: +6 -6
+
+ Run an installation of FIPS stuff as well.
+
+2004-05-27 12:19 levitte
+
+ Changed:
+ test/maketests.com (1.13.2.5), "Exp", lines: +3 -3
+ apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3
+
+ Make sure o_str.h is reachable.
+
+2004-06-19 15:15 ben
+
+ Changed:
+ Makefile.org (1.154.2.80), "Exp", lines: +1 -1
+ crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1
+ crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0
+ crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1
+ crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9
+ crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0
+ fips/Makefile (1.1.4.2), "Exp", lines: +13 -14
+ fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
+ fips/fips.h (1.1.2.4), "Exp", lines: +1 -0
+ fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0
+ fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0
+ fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9
+ fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2
+
+ The version that was actually submitted for FIPS testing.
+
+2004-06-19 15:16 ben
+
+ Changed:
+ fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0
+ fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
+ fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0
+ fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0
+ fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0
+
+ Add Diffie-Hellman to FIPS.
+
+2004-06-19 15:18 ben
+
+ Changed:
+ fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0
+ fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
+
+ Update ignores.
+
+2004-06-21 11:07 levitte
+
+ Changed:
+ fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5
+ fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5
+ fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6
+ fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
+ fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
+ fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5
+
+ Make sure we don't try to loop over an empty EXHEADER. In the
+ Makefiles where this was fixed by commenting away code, change it
+ to check for an empty EXHEADER instead, so we have less hassle in a
+ future where EXHEADER changes.
+
+ PR: 900
+
+2004-06-21 20:05 levitte
+
+ Changed:
+ Makefile.org (1.154.2.82), "Exp", lines: +3 -1
+
+ Standard sh doesn't tolerate ! as part of the conditional command.
+
+ PR: 900
+
+2004-06-28 22:33 levitte
+
+ Changed:
+ fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0
+ fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2
+ fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0
+
+ Make sure the FIPS stuff is only really compiled when in FIPS mode.
+
+2004-07-12 19:59 ben
+
+ Changed:
+ fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6
+ fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3
+
+ Corrected test program.
+
+2004-07-17 14:48 appro
+
+ Changed:
+ fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1
+
+ Eliminate enforced -g from CFLAGS. It switches off optimization
+ with some compilers, e.g. DEC C.
+
+2004-07-21 19:41 steve
+
+ Changed:
+ crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0
+
+ When in FIPS mode write private keys in PKCS#8 and PBES2 format to
+ avoid use of prohibited MD5 algorithm.
+
+2004-07-23 15:20 ben
+
+ Changed:
+ fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
+ fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7
+ fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2
+
+ Convert to X9.31.
+
+2004-07-21 19:35 steve
+
+ Changed:
+ fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
+ fips/fips.c (1.1.2.5), "Exp", lines: +3 -3
+ fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8
+
+ Avoid compiler warnings.
+
+2004-07-27 02:17 steve
+
+ Changed:
+ fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8
+
+ Stop compiler warnings.
+
+2004-07-27 02:20 steve
+
+ Changed:
+ crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0
+
+ Add FIPS name to error library.
+
+2004-07-27 14:22 steve
+
+ Changed:
+ Makefile.org (1.154.2.84), "Exp", lines: +3 -3
+ fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1
+ fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1
+
+ Rename libcrypto.sha1 to libcrypto.a.sha1
+
+2004-07-27 20:28 steve
+
+ Changed:
+ ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33
+ ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0
+ ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0
+ ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1
+
+ New cipher "strength" FIPS which specifies that a cipher suite is
+ FIPS compatible.
+
+ New cipherstring "FIPS" is all FIPS compatible ciphersuites
+ except eNULL.
+
+ Only allow FIPS ciphersuites in FIPS mode.
+
+2004-07-28 04:24 levitte
+
+ Changed:
+ makevms.com (1.35.2.6), "Exp", lines: +2 -2
+
+ From the FIPS directory, darnit!
+
+2004-07-28 15:47 levitte
+
+ Changed:
+ makevms.com (1.35.2.7), "Exp", lines: +5 -1
+
+ Define OPENSSL_FIPS in opensslconf.h if a logical name with the
+ same name is defined.
+
+ Go up one directory level before dealing with FIPS stuff.
+
+2004-07-30 00:26 levitte
+
+ Changed:
+ fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3
+
+ We're building crypto stuff, not ssl stuff. Additionally, we're in
+ the fips subdirectory, not the crypto one...
+
+2004-07-30 16:37 levitte
+
+ Changed:
+ fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2
+ fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1
+ fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2
+ fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1
+ fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3
+ ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2
+ fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2
+ fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1
+ fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1
+ fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1
+ fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
+ fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3
+ fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2
+ fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
+ fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2
+ fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3
+ fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2
+ fips/fips.c (1.1.2.6), "Exp", lines: +76 -23
+ fips/fips.h (1.1.2.5), "Exp", lines: +2 -3
+ fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2
+ fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
+ fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1
+ crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1
+ crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1
+ crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2
+ crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1
+ crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2
+ crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6
+ crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1
+ crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2
+
+ To protect FIPS-related global variables, add locking mechanisms
+ around them.
+
+ NOTE: because two new locks are added, this adds potential
+ binary incompatibility with earlier versions in the 0.9.7 series.
+ However, those locks will only ever be touched when FIPS_mode_set()
+ is called and after, thanks to a variable that's only changed from
+ 0 to 1 once (when FIPS_mode_set() is called). So basically, as
+ long as FIPS mode hasn't been engaged explicitely by the calling
+ application, the new locks are treated as if they didn't exist at
+ all, thus not becoming a problem. Applications that are built or
+ rebuilt to use FIPS functionality will need to be recompiled in any
+ case, thus not being a problem either.
+
+2004-08-02 16:15 levitte
+
+ Changed:
+ crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4
+
+ Let's lock a write lock when changing values, shall we?
+
+ Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk>
+ for making me aware of this error.
+
+2004-08-05 20:11 steve
+
+ Changed:
+ fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
+ fips/fips.c (1.1.2.7), "Exp", lines: +1 -1
+
+ Stop compiler giving bogus shadow warning.
+
+2004-08-09 14:13 levitte
+
+ Changed:
+ makevms.com (1.35.2.8), "Exp", lines: +1 -1
+
+ In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
+
+2004-08-09 14:14 levitte
+
+ Changed:
+ fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4
+
+ Correct typos and include directory specifications.
+
+2004-08-10 11:11 levitte
+
+ Changed:
+ fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1
+
+ Update the VMS fips library builder with the DH library.
+
+2004-08-10 12:04 levitte
+
+ Changed:
+ fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
+ fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1
+
+ With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED
+ to get struct timeval and gettimeofday().
+
+2004-09-06 16:19 levitte
+
+ Changed:
+ fips/fips.c (1.1.2.8), "Exp", lines: +5 -4
+
+ Replace the bogus checks of n with proper uses of feof(), ferror()
+ and clearerr().
+
+2004-09-06 16:21 levitte
+
+ Changed:
+ fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2
+
+ num is an unsigned long, but since it was transfered from
+ crypto/sha/sha_locl.h, where it is in fact an int, we need to check
+ for less-than-zero as if it was an int...
+
+2004-10-08 12:03 ben
+
+ Changed:
+ fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
+ fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
+ fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1
+
+ Update fingerprints.
+
+2004-10-14 07:51 levitte
+
+ Changed:
+ VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0
+
+ We need to check for OPENSSL_FIPS when building shared libraries,
+ so we get correct transfer vectors for those functions when
+ required.
+
+2004-10-26 13:47 steve
+
+ Changed:
+ util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0
+
+ Add fips/dh directory to mkfiles.pl
+
+2004-10-26 14:17 levitte
+
+ Changed:
+ fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1
+ util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0
+ fips/Makefile (1.1.4.5), "Exp", lines: +7 -1
+ crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7
+
+ fips/dh was missing in mkfiles.pl. make update
+
+2004-10-26 15:01 steve
+
+ Changed:
+ util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1
+
+ Only add fips/dh once...
+
+2004-11-01 09:20 levitte
+
+ Changed:
+ fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
+ fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1
+
+ Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if
+ not already defined.
+
+2004-12-09 19:03 appro
+
+ vChanged:
+ crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0
+
+ Postpone linking of shared libcrypto in FIPS build.
+
+2004-12-09 19:13 appro
+
+ Changed:
+ fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1
+ fips/fips.c (1.1.2.9), "Exp", lines: +13 -1
+ fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2
+
+ Cygwin specific FIPS fix-ups.
+
+2004-12-09 23:43 appro
+
+ Changed:
+ Configure (1.314.2.100), "Exp", lines: +2 -3
+ crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2
+
+ Eliminate false dependency on 386 config option is FIPS context.
+ At the same time limit assembler support to ELF platforms [that's
+ what is there, ELF modules].
+
+2004-12-10 12:37 appro
+
+ Changed:
+ Configure (1.314.2.101), "Exp", lines: +10 -3
+ crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2
+
+ Respect no-asm with fips option and disable FIPS DES assembler in
+ shared context [because it's not PIC].
+
+2004-12-10 14:15 appro
+
+ Changed:
+ fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
+ fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1
+ fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32
+
+ Solaris x86 assembler update.
+
+2004-12-10 17:30 appro
+
+ Changed:
+ fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1
+ fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1
+ fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1
+
+ Adapt FIPS sub-tree for mingw.
+
+2005-01-03 18:46 steve
+
+ Changed:
+ fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11
+
+ RSA KAT.
+
+2005-01-11 17:54 levitte
+
+ Changed:
+ fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2
+
+ Clear signed vs. unsigned conflicts. Change the fingerprint
+ accordingly.
+
+2005-01-11 19:25 levitte
+
+ Changed:
+ ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2
+ fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3
+ fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4
+ fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7
+ fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2
+ apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1
+ fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7
+
+ Use EXIT() instead of exit().
+
+2005-01-26 21:00 steve
+
+ Changed:
+ apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0
+ apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1
+ crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0
+ crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1
+ crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1
+ crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1
+ crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1
+ crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1
+ crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7
+ crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0
+ crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11
+ crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3
+ crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6
+ crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0
+ crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1
+ crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1
+ crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2
+ crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1
+ crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0
+ crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0
+ crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0
+ crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0
+ crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0
+ crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1
+ crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0
+ crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0
+ crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0
+ crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0
+ crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0
+ crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0
+ crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1
+ crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0
+ crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1
+ crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0
+ crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1
+ crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1
+ crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1
+ crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1
+ crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0
+ crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0
+ crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1
+ crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1
+ crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0
+ crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0
+ crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1
+ crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0
+ crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0
+ crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1
+ crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1
+ ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0
+ ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0
+ ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0
+ ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0
+
+ FIPS algorithm blocking.
+
+ Non FIPS algorithms are not normally allowed in FIPS mode.
+
+ Any attempt to use them via high level functions will
+ return an error.
+
+ The low level non-FIPS algorithm functions cannot return
+ errors so they produce assertion failures. HMAC also has to give an
+ assertion error because it (erroneously) can't return an error
+ either.
+
+ There are exceptions (such as MD5 in TLS and non
+ cryptographic use of algorithms) and applications can override the
+ blocking and use non FIPS algorithms anyway.
+
+ For low level functions the override is perfomed by
+ prefixing the algorithm initalization function with "private_" for
+ example private_MD5_Init().
+
+ For high level functions an override is performed by
+ setting a flag in the context.
+
+2005-01-27 02:49 steve
+
+ Changed:
+ apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5
+ crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0
+ crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0
+ crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0
+
+ More FIPS algorithm blocking.
+
+ Catch attempted use of non FIPS algorithms with HMAC.
+
+ Give an assertion error for applications that ignore FIPS
+ digest errors.
+
+ Make -non-fips-allow work with dgst and HMAC.
+
+2005-01-28 15:03 steve
+
+ Changed:
+ apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1
+ apps/enc.c (1.35.2.13), "Exp", lines: +38 -4
+ crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0
+ crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0
+ crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15
+ crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0
+ test/testenc (1.3.8.2), "Exp", lines: +8 -8
+
+ Further FIPS algorithm blocking.
+
+ Fixes to cipher blocking and enabling code.
+
+ Add option -non-fips-allow to 'enc' and update testenc.
+
+2005-01-31 02:33 steve
+
+ Changed:
+ ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0
+ ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0
+ ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8
+ ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0
+ ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8
+ ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0
+ ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8
+ ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1
+ ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9
+ ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18
+
+ Only allow TLS is FIPS mode.
+
+ Remove old FIPS_allow_md5() calls.
+
+2005-02-05 19:24 steve
+
+ Changed:
+ apps/req.c (1.88.2.18), "Exp", lines: +8 -1
+ apps/x509.c (1.67.2.20), "Exp", lines: +8 -1
+
+ In FIPS mode use SHA1 as default digest in x509 and req utilities.
+
+2005-03-15 10:46 appro
+
+ Changed:
+ Makefile.org (1.154.2.96), "Exp", lines: +1 -1
+ crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3
+ fips/Makefile (1.1.4.8), "Exp", lines: +4 -1
+
+ Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this
+ in crypto/Makefile and make Makefile.org and fips/Makefile more
+ discreet.
+
+2005-03-22 18:29 steve
+
+ Changed:
+ fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1
+ fips/fips.c (1.1.2.10), "Exp", lines: +1 -0
+
+ Fix memory leak.
+
+2005-03-27 05:36 steve
+
+ Changed:
+ crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1
+ ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3
+
+ Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS
+ mode.
+
+2005-04-14 14:44 steve
+
+ Changed:
+ fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0
+ util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0
+
+ Perl script that checks or rebuilds FIPS hash files. This works on
+ both Unix and Windows.
+
+ Merge all FIPS hash files into a single hash file
+ fips/fips.sha1
+
+2005-04-15 05:27 steve
+
+ Changed:
+ fips/Makefile (1.1.4.9), "Exp", lines: +1 -1
+ fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4
+ fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4
+ fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4
+ fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4
+ fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4
+ fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4
+ fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7
+
+ Update hash checking in makefiles to use new perl script.
+
+2005-04-17 06:37 steve
+
+ Changed:
+ util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127
+
+ Modify checkhash.pl so it can be run standalone or included as a
+ funtion in another perl script.
+
+2005-04-17 16:00 appro
+
+ Changed:
+ fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5
+
+ Bring back fips_standalone_sha1.
+
+2005-04-17 16:17 appro
+
+ Deleted:
+ fips/sha1/asm/sx86-elf.s (1.1.4.4)
+ Changed:
+ Configure (1.314.2.114), "Exp", lines: +1 -1
+ fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1
+ fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1
+ fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1
+ fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0
+
+ Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s.
+
+2005-04-17 16:21 steve
+
+ Changed:
+ util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0
+
+ Return 0 for successful hash check.
+
+2005-04-17 16:54 appro
+
+ Changed:
+ Configure (1.314.2.116), "Exp", lines: +8 -1
+ Makefile.org (1.154.2.99), "Exp", lines: +3 -2
+ crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0
+ fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0
+ fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2
+ fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0
+
+ Throw in fips/aes/asm/fips-ax86-elf.s.
+
+2005-04-17 16:35 appro
+
+ Changed:
+ Configure (1.314.2.115), "Exp", lines: +1 -1
+ fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1
+ fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98
+
+ Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag.
+
+2005-04-17 17:26 appro
+
+ Changed:
+ crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55
+ crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3
+ fips/fips.c (1.1.2.11), "Exp", lines: +62 -8
+ fips/fips.h (1.1.2.7), "Exp", lines: +2 -3
+ fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3
+ fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4
+ fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1
+ fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2
+
+ Resolve minor binary compatibility issues in fips.
+
+2005-04-17 18:22 appro
+
+ Changed:
+ fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12
+ fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1
+ fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2
+ fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1
+ fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1
+ fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3
+ fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2
+ fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1
+ fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11
+ fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1
+ fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1
+ fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2
+
+ Minor fips const-ification.
+
+2005-04-18 07:02 steve
+
+ Changed:
+ crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0
+ crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0
+ crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0
+ crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0
+ crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0
+ crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0
+
+ Pick up definition of FIPS_mode() in fips.h to avoid warnings.
+
+2005-04-18 10:34 steve
+
+ Deleted:
+ fips/fingerprint.sha1 (1.1.2.14)
+ fips/fips_check_sha1 (1.1.2.8)
+ fips/fips_make_sha1 (1.1.2.7)
+ fips/aes/fingerprint.sha1 (1.1.2.7)
+ fips/des/fingerprint.sha1 (1.1.2.6)
+ fips/dh/fingerprint.sha1 (1.1.2.4)
+ fips/dsa/fingerprint.sha1 (1.1.2.7)
+ fips/rand/fingerprint.sha1 (1.1.2.10)
+ fips/rsa/fingerprint.sha1 (1.1.4.7)
+ fips/sha1/fingerprint.sha1 (1.1.2.12)
+ Changed:
+ fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4
+
+ Remove obsolete fingerprint.sha1 files and associated scripts.
+ Delete test in fips/sha1/Makefile: the top level test checks the
+ same files.
+
+2005-04-19 09:11 appro
+
+ Deleted:
+ fips/fipshashes.sha1 (1.1.2.7)
+ fips/sha1/standalone.sha1 (1.1.2.15)
+ Changed:
+ fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0
+ util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4
+
+ Maintain fingerprint hashes as C source.
+
+2005-04-19 09:17 appro
+
+ Changed:
+ util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1
+
+ Complete the transition C-code hashes.
+
+2005-04-21 19:06 steve
+
+ Changed:
+ apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2
+ fips/fips.c (1.1.2.12), "Exp", lines: +0 -27
+ fips/fips.h (1.1.2.8), "Exp", lines: +0 -2
+ fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2
+
+ Remove defunct FIPS_allow_md5() and related functions.
+
+2005-04-22 06:15 appro
+
+ Changed:
+ fips/fips.c (1.1.2.13), "Exp", lines: +3 -3
+ fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3
+ fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2
+
+ Move some variables to .bss.
+
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 2cd5877f5312..9831ff3fab5c 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [[no-]fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
@@ -38,7 +38,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
-# no-engine do not compile in any engine code.
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
@@ -56,6 +55,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# 386 generate 80386 code
+# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
@@ -87,9 +87,15 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# (intended for 64-bit CPUs running 32-bit OS).
# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
# BF_PTR2 intel specific version (generic version is more efficient).
+#
+# Following are set automatically by this script
+#
# MD5_ASM use some extra md5 assember,
# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
# RMD160_ASM use some extra ripemd160 assember,
+# SHA256_ASM sha256_block is implemented in assembler
+# SHA512_ASM sha512_block is implemented in assembler
+# AES_ASM ASE_[en|de]crypt is implemented in assembler
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -108,19 +114,25 @@ my $tlib="-lnsl -lsocket";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
-my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
-my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
-my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";
+
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";
-my $mips3_irix_asm="asm/mips3.o::::::::";
-# There seems to be boundary faults in asm/alpha.s.
-#my $alpha_asm="asm/alpha.o::::::::";
-my $alpha_asm="::::::::";
+my $no_asm="::::::::::";
-# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
-# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
+# As for $BSDthreads. Idea is to maintain "collective" set of flags,
+# which would cover all BSD flavors. -pthread applies to them all,
+# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
+# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
+# which has to be accompanied by explicit -D_THREAD_SAFE and
+# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+# seems to be sufficient?
+my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
+#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
my %table=(
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -135,21 +147,25 @@ my %table=(
# Our development configs
"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@@ -157,10 +173,8 @@ my %table=(
"cc", "cc:-O::(unknown)::::::",
####VOS Configurations
-"vos-gcc","gcc:-b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:",
-"debug-vos-gcc","gcc:-b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:",
-"vos-vcc","vcc:-b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map::::::::::::::.so:",
-"debug-vos-vcc","vcc:-b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map::::::::::::::.so:",
+"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
#### Solaris x86 with GNU C setups
# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
@@ -168,68 +182,59 @@ my %table=(
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -shared -static-libgcc might appear controversial, but modules taken
+# from static libgcc do not have relocations and linking them into our
+# shared objects doesn't have any negative side-effects. On the contrary,
+# doing so makes it possible to use gcc shared build with Sun C. Given
+# that gcc generates faster code [thanks to inline assembler], I would
+# actually recommend to consider using gcc shared build even with vendor
+# compiler:-)
+# <appro@fy.chalmers.se>
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
-# but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with Sun C setups
-# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### SPARC Linux setups
-"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
-# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
-# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# Sunos configs, assuming sparc for the gcc one.
-##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+#### SunOS configs, assuming sparc for the gcc one.
+#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-cc -o32' manually.
-# -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -248,7 +253,7 @@ my %table=(
# suitable for execution on the host you're currently compiling at.
# If the toolkit is ment to be used on various PA-RISC processors
# consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's ment to be
+# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
# compatible with *future* releases.
# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
# pass -D_REENTRANT on HP-UX 10 and later.
@@ -259,106 +264,78 @@ my %table=(
# crypto/sha/sha_lcl.h.
# <appro@fy.chalmers.se>
#
-#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# 64bit PARISC for GCC without optimization, which seems to make problems.
-# Submitted by <ross.alexander@uk.neceur.com>
-"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
-# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# HPUX 9.X config.
-# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
-# egcs. gcc 2.8.1 is also broken.
-
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
-# please report your OS and compiler version to the openssl-bugs@openssl.org
-# mailing list.
-"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# If hpux-gcc fails, try this one:
-"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# HPUX 9.X on Motorola 68k platforms with gcc
-"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::",
-
-# HPUX 10.X config. Supports threads.
-"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# If hpux10-gcc fails, try this one:
-"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# HPUX 11.X from www.globus.org.
-# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
-#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::",
-#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
-# Use unified settings above instead.
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# HP/UX IA-64 targets
+"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC builds...
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT::bn-ia64.o::aes-ia64.o:::sha256-ia64.o sha512-ia64.o::rc4-ia64.o:::dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### PARISC Linux setups
-"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+# Legacy HPUX 9.X configs...
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
-# from the older DEC C Compiler to the newer compiler. It's now the
-# same as the preferred entry, alpha-cc. If you are still using the
-# older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
-# you should use `alphaold-cc'.
+# DEC Alpha OSF/1/Tru64 targets.
#
# "What's in a name? That which we call a rose
# By any other word would smell as sweet."
#
# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
#
-# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
-# vendor compiler, use alphaold-cc.
-# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
-# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
-#
-# There's also an alternate target available (which `config' will never
-# select) called alpha-cc-rpath. This target builds an RPATH into the
-# shared libraries, which is very convenient on Tru64 since binaries
-# linked against that shared library will automatically inherit that RPATH,
-# and hence know where to look for the openssl libraries, even if they're in
-# an odd place.
-#
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
#
-"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
-#
-# This probably belongs in a different section.
-#
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+####
+#### Variety of LINUX:-)
+####
+# *-generic* is endian-neutral target, but ./config is free to
+# throw in -D[BL]_ENDIAN, whichever appropriate...
+"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IA-32 targets...
+"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+####
+"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -bpowerpc64-linux is transient option, -m64 should be the one to use...
+"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### SPARC Linux setups
+# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -372,59 +349,39 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-# assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
-
-# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
-# bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
-"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+
+#### *BSD [do see comment about ${BSDthreads} above!]
+"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+# simply *happens* to work around a compiler bug in gcc 3.3.3,
+# triggered by RIPEMD160 code.
+"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
# NCR MP-RAS UNIX ver 02.03.01
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
-# QNX 4
+# QNX
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-
-# QNX 6
"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
-# Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# SCO/Caldera targets.
+#### SCO/Caldera targets.
#
# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
# Now we only have blended unixware-* as it's the only one used by ./config.
@@ -435,25 +392,23 @@ my %table=(
# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
# patiently assisted to debug most of it.
#
-# UnixWare 2.0x fails destest with -O
+# UnixWare 2.0x fails destest with -O.
"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# IBM's AIX.
-"aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
-"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+#### IBM's AIX.
+"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:",
+"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64",
+# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+# at build time. $OBJECT_MODE is respected at ./config stage!
+"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
#
# Cray T90 and similar (SDSC)
@@ -488,7 +443,7 @@ my %table=(
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
@@ -501,56 +456,53 @@ my %table=(
#
"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-# Windows NT, Microsoft Visual C++ 4.0
+# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
+"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
-"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
-"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
-"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
-"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+# Visual C targets
+"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
-"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
# MinGW
-"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
# UWIN
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
# Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+
+# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
+# netware-clib => legacy CLib c-runtime support
+"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+# netware-libc => LibC/NKS support
+# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be
+# configured to use BSD sockets instead.
+"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
# K&R C is no longer supported; you need gcc on old Ultrix installations
##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
-# Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-alpha", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-m88k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-mips", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-powerpc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-hppa", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
+"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX
"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -559,7 +511,7 @@ my %table=(
"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
##### GNU Hurd
-"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
##### OS/2 EMX
"OS2-EMX", "gcc::::::::",
@@ -567,17 +519,18 @@ my %table=(
##### VxWorks for various targets
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
+"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
##### Compaq Non-Stop Kernel (Tandem)
"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
);
-my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS
- BC-32 BC-16 Mingw32 OS2-EMX);
+my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
+ VC-NT VC-CE VC-WIN32
+ BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock);
my $idx = 0;
my $idx_cc = $idx++;
@@ -587,8 +540,10 @@ my $idx_thread_cflag = $idx++;
my $idx_sys_id = $idx++;
my $idx_lflags = $idx++;
my $idx_bn_ops = $idx++;
+my $idx_cpuid_obj = $idx++;
my $idx_bn_obj = $idx++;
my $idx_des_obj = $idx++;
+my $idx_aes_obj = $idx++;
my $idx_bf_obj = $idx++;
my $idx_md5_obj = $idx++;
my $idx_sha1_obj = $idx++;
@@ -609,12 +564,13 @@ my $openssldir="";
my $exe_ext="";
my $install_prefix="";
my $no_threads=0;
-my $no_shared=1;
-my $zlib=0;
-my $no_krb5=0;
my $threads=0;
+my $no_shared=0; # but "no-shared" is default
+my $zlib=1; # but "no-zlib" is default
+my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
my $no_asm=0;
my $no_dso=0;
+my $no_gmp=0;
my @skip=();
my $Makefile="Makefile";
my $des_locl="crypto/des/des_locl.h";
@@ -628,7 +584,7 @@ my $rc2 ="crypto/rc2/rc2.h";
my $bf ="crypto/bf/bf_locl.h";
my $bn_asm ="bn_asm.o";
my $des_enc="des_enc.o fcrypt_b.o";
-my $fips_des_enc="fips_des_enc.o";
+my $aes_enc="aes_core.o aes_cbc.o";
my $bf_enc ="bf_enc.o";
my $cast_enc="c_enc.o";
my $rc4_enc="rc4_enc.o";
@@ -639,16 +595,28 @@ my $rmd160_obj="";
my $processor="";
my $default_ranlib;
my $perl;
-my $fips=0;
-my $debug=0;
-my $no_ssl2=0;
-my $no_ssl3=0;
-my $no_tls1=0;
-my $no_md5=0;
-my $no_sha=0;
-my $no_rsa=0;
-my $no_dh=0;
+
+# All of the following is disabled by default (RC5 was enabled before 0.9.8):
+
+my %disabled = ( # "what" => "comment"
+ "gmp" => "default",
+ "mdc2" => "default",
+ "rc5" => "default",
+ "shared" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default"
+ );
+
+# Additional "no-..." options will be collected in %disabled.
+# To remove something from %disabled, use e.g. "enable-rc5".
+# For symmetry, "disable-..." is a synonym for "no-...".
+
+# This is what $depflags will look like with the above default:
+my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
+
+
+my $no_sse2=0;
&usage if ($#ARGV < 0);
@@ -690,102 +658,38 @@ PROCESS_ARGS:
foreach (@argvcopy)
{
s /^-no-/no-/; # some people just can't read the instructions
- if (/^--test-sanity$/)
- {
- exit(&test_sanity());
- }
- elsif (/^no-asm$/)
- {
- $no_asm=1;
- $flags .= "-DOPENSSL_NO_ASM ";
- $openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
- }
- elsif (/^no-err$/)
- {
- $flags .= "-DOPENSSL_NO_ERR ";
- $openssl_other_defines .= "#define OPENSSL_NO_ERR\n";
- }
- elsif (/^no-hw-(.+)$/)
- {
- my $hw=$1;
- $hw =~ tr/[a-z]/[A-Z]/;
- $flags .= "-DOPENSSL_NO_HW_$hw ";
- $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n";
- }
- elsif (/^no-hw$/)
- {
- $flags .= "-DOPENSSL_NO_HW ";
- $openssl_other_defines .= "#define OPENSSL_NO_HW\n";
- }
- elsif (/^no-dso$/)
- { $no_dso=1; }
- elsif (/^no-krb5$/)
- { $no_krb5=1; }
- elsif (/^no-threads$/)
- { $no_threads=1; }
- elsif (/^threads$/)
- { $threads=1; }
- elsif (/^no-shared$/)
- { $no_shared=1; }
- elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
- { $no_shared=0; }
- elsif (/^no-zlib$/)
- { $zlib=0; }
- elsif (/^zlib$/)
- { $zlib=1; }
- elsif (/^zlib-dynamic$/)
- { $zlib=2; }
- elsif (/^no-symlinks$/)
- { $symlink=0; }
- elsif (/^no-ssl$/)
- { $no_ssl2 = $no_ssl3 = 1; }
- elsif (/^no-ssl2$/)
- { $no_ssl2 = 1; }
- elsif (/^no-ssl3$/)
- { $no_ssl3 = 1; }
- elsif (/^no-tls1?$/)
- { $no_tls1 = 1; }
- elsif (/^no-fips$/)
- { $fips = 0; }
- elsif (/^no-(.+)$/)
+
+ # rewrite some options in "enable-..." form
+ s /^-?-?shared$/enable-shared/;
+ s /^threads$/enable-threads/;
+ s /^zlib$/enable-zlib/;
+ s /^zlib-dynamic$/enable-zlib-dynamic/;
+
+ if (/^no-(.+)$/ || /^disable-(.+)$/)
{
- my $algo=$1;
- push @skip,$algo;
- $algo =~ tr/[a-z]/[A-Z]/;
- $flags .= "-DOPENSSL_NO_$algo ";
- $depflags .= "-DOPENSSL_NO_$algo ";
- $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n";
- if ($algo eq "RIJNDAEL")
- {
- push @skip, "aes";
- $flags .= "-DOPENSSL_NO_AES ";
- $depflags .= "-DOPENSSL_NO_AES ";
- $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n";
- }
- if ($algo eq "DES")
- {
- push @skip, "mdc2";
- $options .= " no-mdc2";
- $flags .= "-DOPENSSL_NO_MDC2 ";
- $depflags .= "-DOPENSSL_NO_MDC2 ";
- $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
- }
- if ($algo eq "MD5")
- {
- $no_md5 = 1;
- }
- if ($algo eq "SHA")
+ if ($1 eq "ssl")
{
- $no_sha = 1;
+ $disabled{"ssl2"} = "option(ssl)";
+ $disabled{"ssl3"} = "option(ssl)";
}
- if ($algo eq "RSA")
+ elsif ($1 eq "tls")
{
- $no_rsa = 1;
+ $disabled{"tls1"} = "option(tls)"
}
- if ($algo eq "DH")
+ else
{
- $no_dh = 1;
+ $disabled{$1} = "option";
}
+ }
+ elsif (/^enable-(.+)$/)
+ {
+ delete $disabled{$1};
+
+ $threads = 1 if ($1 eq "threads");
+ }
+ elsif (/^--test-sanity$/)
+ {
+ exit(&test_sanity());
}
elsif (/^reconfigure/ || /^reconf/)
{
@@ -793,7 +697,7 @@ PROCESS_ARGS:
{
while (<IN>)
{
- chop;
+ chomp;
if (/^CONFIGURE_ARGS=(.*)/)
{
$argvstring=$1;
@@ -812,14 +716,6 @@ PROCESS_ARGS:
}
elsif (/^386$/)
{ $processor=386; }
- elsif (/^fips$/)
- {
- $fips=1;
- }
- elsif (/^debug$/)
- {
- $debug=1;
- }
elsif (/^rsaref$/)
{
# No RSAref support any more since it's not needed.
@@ -852,6 +748,14 @@ PROCESS_ARGS:
{
$withargs{"krb5-".$1}=$2;
}
+ elsif (/^--with-zlib-lib=(.*)$/)
+ {
+ $withargs{"zlib-lib"}=$1;
+ }
+ elsif (/^--with-zlib-include=(.*)$/)
+ {
+ $withargs{"zlib-include"}="-I$1";
+ }
else
{
print STDERR $usage;
@@ -865,52 +769,73 @@ PROCESS_ARGS:
}
else
{
- die "target already defined - $target\n" if ($target ne "");
+ die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
$target=$_;
}
- unless ($_ eq $target) {
- if ($options eq "") {
- $options = $_;
- } else {
- $options .= " ".$_;
+
+ unless ($_ eq $target || /^no-/ || /^disable-/)
+ {
+ # "no-..." follows later after implied disactivations
+ # have been derived. (Don't take this too seroiusly,
+ # we really only write OPTIONS to the Makefile out of
+ # nostalgia.)
+
+ if ($options eq "")
+ { $options = $_; }
+ else
+ { $options .= " ".$_; }
}
}
}
-}
-$no_ssl3=1 if ($no_md5 || $no_sha);
-$no_ssl3=1 if ($no_rsa && $no_dh);
-$no_ssl2=1 if ($no_md5);
-$no_ssl2=1 if ($no_rsa);
-$no_tls1=1 if ($no_md5 || $no_sha);
-$no_tls1=1 if ($no_dh);
+if ($processor eq "386")
+ {
+ $disabled{"sse2"} = "forced";
+ }
-if ($no_ssl2)
+if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
{
- push @skip,"SSL2";
- $flags .= "-DOPENSSL_NO_SSL2 ";
- $depflags .= "-DOPENSSL_NO_SSL2 ";
- $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n";
+ $disabled{"krb5"} = "krb5-flavor not specified";
}
-if ($no_ssl3)
+if (!defined($disabled{"zlib-dynamic"}))
{
- push @skip,"SSL3";
- $flags .= "-DOPENSSL_NO_SSL3 ";
- $depflags .= "-DOPENSSL_NO_SSL3 ";
- $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n";
+ # "zlib-dynamic" was specifically enabled, so enable "zlib"
+ delete $disabled{"zlib"};
}
-if ($no_tls1)
+if (defined($disabled{"rijndael"}))
{
- push @skip,"TLS1";
- $flags .= "-DOPENSSL_NO_TLS1 ";
- $depflags .= "-DOPENSSL_NO_TLS1 ";
- $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n";
+ $disabled{"aes"} = "forced";
+ }
+if (defined($disabled{"des"}))
+ {
+ $disabled{"mdc2"} = "forced";
+ }
+if (defined($disabled{"ec"}))
+ {
+ $disabled{"ecdsa"} = "forced";
+ $disabled{"ecdh"} = "forced";
}
+# SSL 2.0 requires MD5 and RSA
+if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
+ {
+ $disabled{"ssl2"} = "forced";
+ }
+
+# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
+if (defined($disabled{"md5"}) || defined($disabled{"sha"})
+ || (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
+ {
+ $disabled{"ssl3"} = "forced";
+ $disabled{"tls1"} = "forced";
+ }
+
+
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
print_table_entry($target);
@@ -934,11 +859,69 @@ print "Configuring for $target\n";
&usage if (!defined($table{$target}));
-my $IsWindows=scalar grep /^$target$/,@WinTargets;
-$exe_ext=".exe" if ($target eq "Cygwin");
-$exe_ext=".exe" if ($target eq "DJGPP");
-$exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc");
+foreach (sort (keys %disabled))
+ {
+ $options .= " no-$_";
+
+ printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
+
+ if (/^dso$/)
+ { $no_dso = 1; }
+ elsif (/^threads$/)
+ { $no_threads = 1; }
+ elsif (/^shared$/)
+ { $no_shared = 1; }
+ elsif (/^zlib$/)
+ { $zlib = 0; }
+ elsif (/^static-engine$/)
+ { }
+ elsif (/^zlib-dynamic$/)
+ { }
+ elsif (/^symlinks$/)
+ { $symlink = 0; }
+ elsif (/^sse2$/)
+ { $no_sse2 = 1; }
+ else
+ {
+ my ($ALGO, $algo);
+ ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
+
+ if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
+ {
+ $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
+ elsif (/^asm$/) { $no_asm = 1; }
+ }
+ else
+ {
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^krb5$/)
+ { $no_krb5 = 1; }
+ else
+ {
+ push @skip, $algo;
+ print " (skip dir)";
+
+ $depflags .="-DOPENSSL_NO_$ALGO ";
+ }
+ }
+ }
+
+ print "\n";
+ }
+
+
+my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
+
+$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin");
+
+$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
+$exe_ext=".pm" if ($target =~ /vos/);
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
@@ -953,7 +936,7 @@ $openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-print "IsWindows=$IsWindows\n";
+print "IsMK1MF=$IsMK1MF\n";
my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
my $cc = $fields[$idx_cc];
@@ -963,14 +946,16 @@ my $thread_cflag = $fields[$idx_thread_cflag];
my $sys_id = $fields[$idx_sys_id];
my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
+my $cpuid_obj = $fields[$idx_cpuid_obj];
my $bn_obj = $fields[$idx_bn_obj];
my $des_obj = $fields[$idx_des_obj];
+my $aes_obj = $fields[$idx_aes_obj];
my $bf_obj = $fields[$idx_bf_obj];
-$md5_obj = $fields[$idx_md5_obj];
-$sha1_obj = $fields[$idx_sha1_obj];
+my $md5_obj = $fields[$idx_md5_obj];
+my $sha1_obj = $fields[$idx_sha1_obj];
my $cast_obj = $fields[$idx_cast_obj];
my $rc4_obj = $fields[$idx_rc4_obj];
-$rmd160_obj = $fields[$idx_rmd160_obj];
+my $rmd160_obj = $fields[$idx_rmd160_obj];
my $rc5_obj = $fields[$idx_rc5_obj];
my $dso_scheme = $fields[$idx_dso_scheme];
my $shared_target = $fields[$idx_shared_target];
@@ -981,20 +966,14 @@ my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags];
my $no_shared_warn=0;
+my $no_user_cflags=0;
-$cflags="$flags$cflags" if ($flags ne "");
+if ($flags ne "") { $cflags="$flags$cflags"; }
+else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
# the script "config" or manually.
-if ($no_krb5
- || !defined($withargs{"krb5-flavor"})
- || $withargs{"krb5-flavor"} eq "")
- {
- $cflags="-DOPENSSL_NO_KRB5 $cflags";
- $options.=" no-krb5" unless $no_krb5;
- $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n";
- }
-else
+if (!$no_krb5)
{
my ($lresolv, $lpath, $lext);
if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
@@ -1014,7 +993,7 @@ else
if $withargs{"krb5-dir"} eq "";
$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
"/lib -lgssapi -lkrb5 -lcom_err"
- if $withargs{"krb5-lib"} eq "";
+ if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
$cflags="-DKRB5_HEIMDAL $cflags";
}
if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
@@ -1023,7 +1002,7 @@ else
if $withargs{"krb5-dir"} eq "";
$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
- if $withargs{"krb5-lib"} eq "";
+ if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
$cflags="-DKRB5_MIT $cflags";
$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
@@ -1080,10 +1059,17 @@ if ($thread_cflag ne "(unknown)" && !$no_threads)
# If we know how to do it, support threads by default.
$threads = 1;
}
-if ($thread_cflag eq "(unknown)")
+if ($thread_cflag eq "(unknown)" && $threads)
{
- # If the user asked for "threads", hopefully they also provided
- # any system-dependent compiler options that are necessary.
+ # If the user asked for "threads", [s]he is also expected to
+ # provide any system-dependent compiler options that are
+ # necessary.
+ if ($no_user_cflags)
+ {
+ print "You asked for multi-threading support, but didn't\n";
+ print "provide any system-specific compiler options\n";
+ exit(1);
+ }
$thread_cflags="-DOPENSSL_THREADS $cflags" ;
$thread_defines .= "#define OPENSSL_THREADS\n";
}
@@ -1105,7 +1091,7 @@ $lflags="$libs$lflags" if ($libs ne "");
if ($no_asm)
{
- $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+ $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
$sha1_obj=$md5_obj=$rmd160_obj="";
}
@@ -1123,8 +1109,14 @@ if ($threads)
if ($zlib)
{
$cflags = "-DZLIB $cflags";
- $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2;
- $lflags = "$lflags -lz" if $zlib == 1;
+ if (defined($disabled{"zlib-dynamic"}))
+ {
+ $lflags = "$lflags -lz";
+ }
+ else
+ {
+ $cflags = "-DZLIB_SHARED $cflags";
+ }
}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
@@ -1138,13 +1130,41 @@ if (!$no_shared)
{
if ($shared_cflag ne "")
{
- $cflags = "$shared_cflag $cflags";
+ $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+ }
+ }
+
+if (!$IsMK1MF)
+ {
+ if ($no_shared)
+ {
+ $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+ }
+ else
+ {
+ $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+ }
+ }
+
+$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
+# Compiler fix-ups
+if ($target =~ /icc$/)
+ {
+ my($iccver)=`$cc -V 2>&1`;
+ if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; }
+ else { $iccver=0; }
+ if ($iccver>=8)
+ {
+ # Eliminate unnecessary dependency from libirc.a. This is
+ # essential for shared library support, as otherwise
+ # apps/openssl can end up in endless loop upon startup...
+ $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
}
}
if ($sys_id ne "")
{
- $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+ #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
}
@@ -1158,25 +1178,30 @@ if ($ranlib eq "")
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
#$bn_obj="$bn1";
+$cpuid_obj="" if ($processor eq "386");
+
$bn_obj = $bn_asm unless $bn_obj ne "";
+# bn86* is the only one implementing bn_*_part_words
+$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
+$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
-if ($fips)
- {
- $des_obj=$sha1_obj="";
- $openssl_other_defines.="#define OPENSSL_FIPS\n";
- }
-$des_obj=$des_enc unless (!$fips && $des_obj =~ /\.o$/);
-my $fips_des_obj='asm/fips-dx86-elf.o';
-$fips_des_obj=$fips_des_enc unless $processor eq '386';
-my $fips_sha1_obj='asm/sx86-elf.o' if $processor eq '386';
+$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
-if ($sha1_obj =~ /\.o$/ || $fips_sha1_obj =~ /\.o$/)
+if ($sha1_obj =~ /\.o$/)
{
# $sha1_obj=$sha1_enc;
- $cflags.=" -DSHA1_ASM";
+ $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
+ $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
+ $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
+ if ($sha1_obj =~ /x86/)
+ { if ($no_sse2)
+ { $sha1_obj =~ s/\S*sse2\S+//; }
+ elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
+ { $cflags.=" -DOPENSSL_IA32_SSE2"; }
+ }
}
if ($md5_obj =~ /\.o$/)
{
@@ -1188,11 +1213,12 @@ if ($rmd160_obj =~ /\.o$/)
# $rmd160_obj=$rmd160_enc;
$cflags.=" -DRMD160_ASM";
}
-
-if ($debug)
+if ($aes_obj =~ /\.o$/)
{
- $cflags.=" -g";
- $cflags=~s/-fomit-frame-pointer//;
+ $cflags.=" -DAES_ASM";
+ }
+else {
+ $aes_obj=$aes_enc;
}
# "Stringify" the C flags string. This permits it to be made part of a string
@@ -1200,6 +1226,7 @@ if ($debug)
$cflags =~ s/([\\\"])/\\\1/g;
my $version = "unknown";
+my $version_num = "unknown";
my $major = "unknown";
my $minor = "unknown";
my $shlib_version_number = "unknown";
@@ -1211,6 +1238,7 @@ open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+ $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
@@ -1236,7 +1264,7 @@ print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
while (<IN>)
{
- chop;
+ chomp;
$sdirs = 1 if /^SDIRS=/;
if ($sdirs) {
my $dir;
@@ -1265,16 +1293,16 @@ while (<IN>)
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
+ s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/;
- s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
+ s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
- s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/;
s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/;
@@ -1282,6 +1310,8 @@ while (<IN>)
s/^PERL=.*/PERL= $perl/;
s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+ s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
+ s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1314,8 +1344,10 @@ rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
print "CC =$cc\n";
print "CFLAG =$cflags\n";
print "EX_LIBS =$lflags\n";
+print "CPUID_OBJ =$cpuid_obj\n";
print "BN_ASM =$bn_obj\n";
print "DES_ENC =$des_obj\n";
+print "AES_ASM_OBJ =$aes_obj\n";
print "BF_ENC =$bf_obj\n";
print "CAST_ENC =$cast_obj\n";
print "RC4_ENC =$rc4_obj\n";
@@ -1407,10 +1439,14 @@ print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
print OUT $openssl_algorithm_defines_trans;
print OUT "#endif\n\n";
+print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj);
+
while (<IN>)
{
if (/^#define\s+OPENSSLDIR/)
{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+ elsif (/^#define\s+ENGINESDIR/)
+ { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; }
elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
if $export_var_as_fn;
@@ -1455,7 +1491,7 @@ while (<IN>)
elsif (/^#((define)|(undef))\s+RC4_INDEX/)
{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
elsif (/^#(define|undef)\s+I386_ONLY/)
- { printf OUT "#%s I386_ONLY\n", ($processor == 386)?
+ { printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
"define":"undef"; }
elsif (/^#define\s+MD2_INT\s/)
{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
@@ -1502,12 +1538,12 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
print "BF_PTR used\n" if $bf_ptr == 1;
print "BF_PTR2 used\n" if $bf_ptr == 2;
-if($IsWindows) {
+if($IsMK1MF) {
open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
printf OUT <<EOF;
#ifndef MK1MF_BUILD
/* auto-generated by Configure for crypto/cversion.c:
- * for Unix builds, crypto/Makefile generates functional definitions;
+ * for Unix builds, crypto/Makefile.ssl generates functional definitions;
* Windows builds (and other mk1mf builds) compile cversion.c with
* -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
#error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
@@ -1518,31 +1554,91 @@ EOF
my $make_command = "make PERL=\'$perl\'";
my $make_targets = "";
$make_targets .= " links" if $symlink;
- $make_targets .= " depend" if $depflags ne "" && $make_depend;
+ $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
$make_targets .= " gentests" if $symlink;
(system $make_command.$make_targets) == 0 or exit $?
if $make_targets ne "";
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
- &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
- &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
- if ($depflags ne "" && !$make_depend) {
+ if ($depflags ne $default_depflags && !$make_depend) {
print <<EOF;
-Since you've disabled at least one algorithm, you need to do the following
-before building:
+Since you've disabled or enabled at least one algorithm, you need to do
+the following before building:
make depend
EOF
}
}
+# create the ms/version32.rc file if needed
+if ($IsMK1MF) {
+ my ($v1, $v2, $v3, $v4);
+ if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+ $v1=hex $1;
+ $v2=hex $2;
+ $v3=hex $3;
+ $v4=hex $4;
+ }
+ open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
+ print OUT <<EOF;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+ FILEVERSION $v1,$v2,$v3,$v4
+ PRODUCTVERSION $v1,$v2,$v3,$v4
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x01L
+#else
+ FILEFLAGS 0x00L
+#endif
+ FILEOS VOS__WINDOWS32
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904b0"
+ BEGIN
+ // Required:
+ VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+ VALUE "FileDescription", "OpenSSL Shared Library\\0"
+ VALUE "FileVersion", "$version\\0"
+#if defined(CRYPTO)
+ VALUE "InternalName", "libeay32\\0"
+ VALUE "OriginalFilename", "libeay32.dll\\0"
+#elif defined(SSL)
+ VALUE "InternalName", "ssleay32\\0"
+ VALUE "OriginalFilename", "ssleay32.dll\\0"
+#endif
+ VALUE "ProductName", "The OpenSSL Toolkit\\0"
+ VALUE "ProductVersion", "$version\\0"
+ // Optional:
+ //VALUE "Comments", "\\0"
+ VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+ //VALUE "LegalTrademarks", "\\0"
+ //VALUE "PrivateBuild", "\\0"
+ //VALUE "SpecialBuild", "\\0"
+ END
+ END
+ BLOCK "VarFileInfo"
+ BEGIN
+ VALUE "Translation", 0x409, 0x4b0
+ END
+END
+EOF
+ close(OUT);
+ }
+
print <<EOF;
Configured for $target.
@@ -1638,7 +1734,7 @@ sub print_table_entry
my $target = shift;
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
- my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+ my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
@@ -1654,8 +1750,10 @@ sub print_table_entry
\$sys_id = $sys_id
\$lflags = $lflags
\$bn_ops = $bn_ops
+\$cpuid_obj = $cpuid_obj
\$bn_obj = $bn_obj
\$des_obj = $des_obj
+\$aes_obj = $aes_obj
\$bf_obj = $bf_obj
\$md5_obj = $md5_obj
\$sha1_obj = $sha1_obj
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index 1c232c3c54b8..c31c1ee36ed9 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -31,6 +31,7 @@ OpenSSL - Frequently Asked Questions
* Why does my browser give a warning about a mismatched hostname?
* How do I install a CA certificate into a browser?
* Why is OpenSSL x509 DN output not conformant to RFC2253?
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
[BUILD] Questions about building and testing OpenSSL
@@ -46,6 +47,9 @@ OpenSSL - Frequently Asked Questions
* Why does the OpenSSL test suite fail on MacOS X?
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
+* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
+* Why does compiler fail to compile sha512.c?
+* Test suite still fails, what to do?
[PROG] Questions about programming with OpenSSL
@@ -70,7 +74,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7e was released on October 25, 2004.
+OpenSSL 0.9.8b was released on May 4th, 2006.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -141,8 +145,8 @@ less Unix-centric, it might have been used much earlier.
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 (not yet released) the changes were merged into the main
-development line, so that the special release is no longer necessary.
+version 0.9.7 the changes were merged into the main development line,
+so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
@@ -152,7 +156,8 @@ Use MD5 to check that a tarball from a mirror site is identical:
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server). Then
+member public key used to sign it (download it from a key server, see a
+list of keys at <URL: http://www.openssl.org/about/>). Then
just do:
pgp TARBALL.asc
@@ -166,8 +171,8 @@ you if you want to use OpenSSL. For information on intellectual
property rights, please consult a lawyer. The OpenSSL team does not
offer legal advice.
-You can configure OpenSSL so as not to use RC5 and IDEA by using
- ./config no-rc5 no-idea
+You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
+ ./config no-idea no-mdc2 no-rc5
* Can I use OpenSSL with GPL software?
@@ -383,6 +388,43 @@ interface, the "-nameopt" option could be introduded. See the manual
page of the "openssl x509" commandline tool for details. The old behaviour
has however been left as default for the sake of compatibility.
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
+
+The term "128 bit certificate" is a highly misleading marketing term. It does
+*not* refer to the size of the public key in the certificate! A certificate
+containing a 128 bit RSA key would have negligible security.
+
+There were various other names such as "magic certificates", "SGC
+certificates", "step up certificates" etc.
+
+You can't generally create such a certificate using OpenSSL but there is no
+need to any more. Nowadays web browsers using unrestricted strong encryption
+are generally available.
+
+When there were tight export restrictions on the export of strong encryption
+software from the US only weak encryption algorithms could be freely exported
+(initially 40 bit and then 56 bit). It was widely recognised that this was
+inadequate. A relaxation the rules allowed the use of strong encryption but
+only to an authorised server.
+
+Two slighly different techniques were developed to support this, one used by
+Netscape was called "step up", the other used by MSIE was called "Server Gated
+Cryptography" (SGC). When a browser initially connected to a server it would
+check to see if the certificate contained certain extensions and was issued by
+an authorised authority. If these test succeeded it would reconnect using
+strong encryption.
+
+Only certain (initially one) certificate authorities could issue the
+certificates and they generally cost more than ordinary certificates.
+
+Although OpenSSL can create certificates containing the appropriate extensions
+the certificate would not come from a permitted authority and so would not
+be recognized.
+
+The export laws were later changed to allow almost unrestricted use of strong
+encryption so these certificates are now obsolete.
+
+
[BUILD] =======================================================================
* Why does the linker complain about undefined symbols?
@@ -462,7 +504,7 @@ get the best result from OpenSSL. A bit more complicated solution is the
following:
----- snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \
+ make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
make
@@ -472,6 +514,10 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
level chosen by the configuration process. When the above is done, do the
test and installation and you're set.
+3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
+should not be used and is not used in SSL/TLS nor any other recognized
+protocol in either case.
+
* Why does the OpenSSL compilation fail with "ar: command not found"?
@@ -593,6 +639,35 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and
remedy should be same. Provided binary is statically linked and should be
working across wider range of *BSD branches, not just OpenBSD.
+* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
+
+If the test program in question fails withs SIGILL, Illegal Instruction
+exception, then you more than likely to run SSE2-capable CPU, such as
+Intel P4, under control of kernel which does not support SSE2
+instruction extentions. See accompanying INSTALL file and
+OPENSSL_ia32cap(3) documentation page for further information.
+
+* Why does compiler fail to compile sha512.c?
+
+OpenSSL SHA-512 implementation depends on compiler support for 64-bit
+integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
+couple] lack support for this and therefore are incapable of compiling
+the module in question. The recommendation is to disable SHA-512 by
+adding no-sha512 to ./config [or ./Configure] command line. Another
+possible alternative might be to switch to GCC.
+
+* Test suite still fails, what to do?
+
+Another common reason for failure to complete some particular test is
+simply bad code generated by a buggy component in toolchain or deficiency
+in run-time environment. There are few cases documented in PROBLEMS file,
+consult it for possible workaround before you beat the drum. Even if you
+don't find solution or even mention there, do reserve for possibility of
+a compiler bug. Compiler bugs might appear in rather bizarre ways, they
+never make sense, and tend to emerge when you least expect them. In order
+to identify one, drop optimization level, e.g. by editing CFLAG line in
+top-level Makefile, recompile and re-run the test.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
@@ -625,10 +700,10 @@ your application must link against the same by which OpenSSL was
built. If you are using MS Visual C++ (Studio) this can be changed
by:
-1. Select Settings... from the Project Menu.
-2. Select the C/C++ Tab.
-3. Select "Code Generation from the "Category" drop down list box
-4. Select the Appropriate library (see table below) from the "Use
+ 1. Select Settings... from the Project Menu.
+ 2. Select the C/C++ Tab.
+ 3. Select "Code Generation from the "Category" drop down list box
+ 4. Select the Appropriate library (see table below) from the "Use
run-time library" drop down list box. Perform this step for both
your debug and release versions of your application (look at the
top left of the settings panel to change between the two)
@@ -647,30 +722,44 @@ by:
Note that debug and release libraries are NOT interchangeable. If you
built OpenSSL with /MD your application must use /MD and cannot use /MDd.
+As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
+.DLLs compiled with some specific run-time option [we insist on the
+default /MD] can be deployed with application compiled with different
+option or even different compiler. But there is a catch! Instead of
+re-compiling OpenSSL toolkit, as you would have to with prior versions,
+you have to compile small C snippet with compiler and/or options of
+your choice. The snippet gets installed as
+<install-root>/include/openssl/applink.c and should be either added to
+your application project or simply #include-d in one [and only one]
+of your application source files. Failure to link this shim module
+into your application manifests itself as fatal "no OPENSSL_Applink"
+run-time error. An explicit reminder is due that in this situation
+[mixing compiler options] it is as important to add CRYPTO_malloc_init
+prior first call to OpenSSL.
* How do I read or write a DER encoded buffer using the ASN1 functions?
You have two options. You can either use a memory BIO in conjunction
-with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
-i2d_XXX(), d2i_XXX() functions directly. Since these are often the
+with the i2d_*_bio() or d2i_*_bio() functions or you can use the
+i2d_*(), d2i_*() functions directly. Since these are often the
cause of grief here are some code fragments using PKCS7 as an example:
-unsigned char *buf, *p;
-int len;
+ unsigned char *buf, *p;
+ int len;
-len = i2d_PKCS7(p7, NULL);
-buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
-p = buf;
-i2d_PKCS7(p7, &p);
+ len = i2d_PKCS7(p7, NULL);
+ buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+ p = buf;
+ i2d_PKCS7(p7, &p);
At this point buf contains the len bytes of the DER encoding of
p7.
The opposite assumes we already have len bytes in buf:
-unsigned char *p;
-p = buf;
-p7 = d2i_PKCS7(NULL, &p, len);
+ unsigned char *p;
+ p = buf;
+ p7 = d2i_PKCS7(NULL, &p, len);
At this point p7 contains a valid PKCS7 structure of NULL if an error
occurred. If an error occurred ERR_print_errors(bio) should give more
@@ -788,9 +877,20 @@ that is allocated when an application starts up. Since such tables do not grow
in size over time they are harmless.
These internal tables can be freed up when an application closes using various
-functions. Currently these include: EVP_cleanup(), ERR_remove_state(),
-ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and
-CRYPTO_cleanup_all_ex_data().
+functions. Currently these include following:
+
+Thread-local cleanup functions:
+
+ ERR_remove_state()
+
+Application-global cleanup functions that are aware of usage (and therefore
+thread-safe):
+
+ ENGINE_cleanup() and CONF_modules_unload()
+
+"Brutal" (thread-unsafe) Application-global cleanup functions:
+
+ ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
===============================================================================
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index 503474f2e4ce..ebb36978a2ae 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -2,8 +2,10 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
- [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
- is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+ [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
+ and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
+ INSTALL.MacOS and INSTALL.NW.
+
This document describes installation on operating systems in the Unix
family.]
@@ -73,14 +75,30 @@
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
- more efficient, but requires at least a 486).
+ more efficient, but requires at least a 486). Note: Use
+ compiler flags for any other CPU specific configuration,
+ e.g. "-m32" to build x86 code on an x64 system.
+
+ no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
+ detected at run-time, but the decision whether or not the
+ machine code will be executed is taken solely on CPU
+ capability vector. This means that if you happen to run OS
+ kernel which does not support SSE2 extension on Intel P4
+ processor, then your application might be exposed to
+ "illegal instruction" exception. There might be a way
+ to enable support in kernel, e.g. FreeBSD kernel can be
+ compiled with CPU_ENABLE_SSE, and there is a way to
+ disengage SSE2 code pathes upon application start-up,
+ but if you aim for wider "audience" running such kernel,
+ consider no-sse2. Both 386 and no-asm options above imply
+ no-sse2.
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
The crypto/<cipher> directory can be removed after running
"make depend".
- -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+ -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
library directories or other compiler options.
@@ -123,7 +141,7 @@
generic configurations "cc" or "gcc" should usually work on 32 bit
systems.
- Configure creates the file Makefile from Makefile.org and
+ Configure creates the file Makefile.ssl from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
crypto/opensslconf.h.in).
@@ -159,7 +177,7 @@
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line
- in Makefile and run "make clean; make". Please send a bug
+ in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt2.html.
@@ -312,7 +330,7 @@
Note on support for multiple builds
-----------------------------------
- OpenSSL is usually built in it's source tree. Unfortunately, this doesn't
+ OpenSSL is usually built in its source tree. Unfortunately, this doesn't
support building for multiple platforms from the same source tree very well.
It is however possible to build in a separate tree through the use of lots
of symbolic links, which should be prepared like this:
diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE
index 40277883a592..e6afecc72494 100644
--- a/crypto/openssl/LICENSE
+++ b/crypto/openssl/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
index 9c284bf265e4..18fa5a3d2b82 100644
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@@ -4,16 +4,16 @@
## Makefile for OpenSSL
##
-VERSION=0.9.7e
+VERSION=0.9.8b
MAJOR=0
-MINOR=9.7
-SHLIB_VERSION_NUMBER=0.9.7
+MINOR=9.8
+SHLIB_VERSION_NUMBER=0.9.8
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
-SHLIB_MINOR=9.7
+SHLIB_MINOR=9.8
SHLIB_EXT=
PLATFORM=dist
-OPTIONS= no-krb5
+OPTIONS= no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-zlib no-zlib-dynamic
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@@ -60,9 +60,8 @@ OPENSSLDIR=/usr/local/ssl
# PKCS1_CHECK - pkcs1 tests.
CC= cc
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DOPENSSL_NO_KRB5 -O
-DEPFLAG=
+CFLAG= -O
+DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5
PEX_LIBS=
EX_LIBS=
EXE_EXT=
@@ -82,113 +81,45 @@ MAKEDEPPROG=makedepend
AS=$(CC) -c
ASFLAG=$(CFLAG)
-# Set BN_ASM to bn_asm.o if you want to use the C version
-BN_ASM= bn_asm.o
-#BN_ASM= bn_asm.o
-#BN_ASM= asm/bn86-elf.o # elf, linux-elf
-#BN_ASM= asm/bn86-sol.o # solaris
-#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
-#BN_ASM= asm/bn86bsdi.o # bsdi
-#BN_ASM= asm/alpha.o # DEC Alpha
-#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
-#BN_ASM= asm/r3000.o # SGI MIPS cpu
-#BN_ASM= asm/sparc.o # Sun solaris/SunOS
-#BN_ASM= asm/bn-win32.o # Windows 95/NT
-#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
-#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
-
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-FIPS_DES_ENC= fips_des_enc.o
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
DES_ENC= des_enc.o fcrypt_b.o
-#DES_ENC= des_enc.o fcrypt_b.o # C
-#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
+AES_ASM_OBJ= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
-#BF_ENC= bf_enc.o
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o # solaris
-#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o # bsdi
-
-# Set CAST_ENC to c_enc.o if you want to use the C version
-#There are 4 x86 assember options.
CAST_ENC= c_enc.o
-#CAST_ENC= c_enc.o
-#CAST_ENC= asm/cx86-elf.o # elf
-#CAST_ENC= asm/cx86-sol.o # solaris
-#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
-#CAST_ENC= asm/cx86bsdi.o # bsdi
-
-# Set RC4_ENC to rc4_enc.o if you want to use the C version
-#There are 4 x86 assember options.
RC4_ENC= rc4_enc.o
-#RC4_ENC= rc4_enc.o
-#RC4_ENC= asm/rx86-elf.o # elf
-#RC4_ENC= asm/rx86-sol.o # solaris
-#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
-#RC4_ENC= asm/rx86bsdi.o # bsdi
-
-# Set RC5_ENC to rc5_enc.o if you want to use the C version
-#There are 4 x86 assember options.
RC5_ENC= rc5_enc.o
-#RC5_ENC= rc5_enc.o
-#RC5_ENC= asm/r586-elf.o # elf
-#RC5_ENC= asm/r586-sol.o # solaris
-#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
-#RC5_ENC= asm/r586bsdi.o # bsdi
-
-# Also need MD5_ASM defined
MD5_ASM_OBJ=
-#MD5_ASM_OBJ= asm/mx86-elf.o # elf
-#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
-#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
-#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
-
-# Also need SHA1_ASM defined
SHA1_ASM_OBJ=
-FIPS_SHA1_ASM_OBJ=
-#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
-#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
-#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
-#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
-
-# Also need RMD160_ASM defined
RMD160_ASM_OBJ=
-#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
-#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
-#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
-#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
-# When we're prepared to use shared libraries in the programs we link here
-# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
-SHLIB_MARK=
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
-DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
-SHLIBDIRS= fips crypto ssl
+DIRS= crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
# dirs in crypto to build
-SDIRS= objects \
- md2 md4 md5 sha mdc2 hmac ripemd \
- des rc2 rc4 rc5 idea bf cast \
- bn ec rsa dsa dh dso engine aes \
+SDIRS= \
+ objects \
+ md2 md4 md5 sha hmac ripemd \
+ des aes rc2 rc4 idea bf cast \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
-
-FDIRS= sha1 rand des aes dsa rsa dh
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store pqueue
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
@@ -207,7 +138,6 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
-SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
@@ -222,45 +152,106 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
-# When we're prepared to use shared libraries in the programs we link here
-# we might remove 'clean-shared' from the targets to perform at this stage
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
-all: Makefile sub_all openssl.pc
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-sigs: $(SIGS)
-libcrypto.a.sha1: libcrypto.a
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- $(RANLIB) libcrypto.a; \
- fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
- fi
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
-sub_all:
- @for i in $(DIRS); \
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
- else \
- $(MAKE) $$i; \
- fi; \
- done;
+build_libs: build_crypto build_ssl build_engines
-sub_target:
- @for i in $(DIRS); \
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making $(TARGET) in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
- else \
- $(MAKE) $$i; \
- fi; \
- done;
+build_crypto:
+ @dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl:
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines:
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps:
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests:
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools:
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@@ -268,10 +259,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
fi
clean-shared:
- @for i in $(SHLIBDIRS); do \
+ @set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
@@ -280,327 +272,59 @@ clean-shared:
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
- @if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for i in $(SHLIBDIRS); do \
- prev=lib$$i$(SHLIB_EXT); \
- for j in $${tmp:-x}; do \
- ( set -x; \
- rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
- prev=lib$$i$$j; \
- done; \
- done; \
- fi
-
-build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
-
-do_bsd-gcc-shared: do_gnu-shared
-do_linux-shared: do_gnu-shared
-do_gnu-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-Bsymbolic \
- -Wl,--whole-archive lib$$i.a \
- -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done
-
-DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
-
-# For Darwin AKA Mac OS/X (dyld)
-do_darwin-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
- lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
- -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
- libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
- echo "" ; \
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
done
-do_cygwin-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
- -Wl,-Bsymbolic \
- -Wl,--whole-archive lib$$i.a \
- -Wl,--out-implib,lib$$i.dll.a \
- -Wl,--no-whole-archive $$libs ) || exit 1; \
- libs="-l$$i $$libs"; \
- done
-
-# This assumes that GNU utilities are *not* used
-do_alpha-osf1-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -o lib$$i.so \
- -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
-# option passed to the linker.
-do_tru64-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -msym -o lib$$i.so \
- -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-# The difference between tru64-shared and tru64-shared-rpath is the
-# -rpath ${INSTALLTOP}/lib passed to the linker.
-do_tru64-shared-rpath:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -msym -o lib$$i.so \
- -rpath ${INSTALLTOP}/lib \
- -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-
-# This assumes that GNU utilities are *not* used
-do_solaris-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- MINUSZ='-z '; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
- -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-Bsymbolic \
- $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
- $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# OpenServer 5 native compilers used
-do_svr3-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- find . -name "*.o" -print > allobjs ; \
- OBJS= ; export OBJS ; \
- for obj in `ar t lib$$i.a` ; do \
- OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
- done ; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
- -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# UnixWare 7 and OpenUNIX 8 native compilers used
-do_svr5-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- SHARE_FLAG='-G'; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
- find . -name "*.o" -print > allobjs ; \
- OBJS= ; export OBJS ; \
- for obj in `ar t lib$$i.a` ; do \
- OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
- done ; \
- set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
- ${CC} ${SHARED_LDFLAGS} \
- $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
+build-shared: do_$(SHLIB_TARGET) link-shared
-# This assumes that GNU utilities are *not* used
-do_irix-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( WHOLELIB="-all lib$$i.a -notall"; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-# by temporarily specifying "+s"!
-#
-do_hpux-shared:
- for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- +vnocompatwarnings \
- -b -z +s \
- -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Fl lib$$i.a -ldld -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-do_hpux64-shared:
- for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- -b -z \
- -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +forceload lib$$i.a -ldl -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
- done
-
-# The following method is said to work on all platforms. Tests will
-# determine if that's how it's gong to be used.
-# This assumes that for all but GNU systems, GNU utilities are *not* used.
-# ALLSYMSFLAGS would be:
-# GNU systems: --whole-archive
-# Tru64 Unix: -all
-# Solaris: -z allextract
-# Irix: -all
-# HP/UX-32bit: -Fl
-# HP/UX-64bit: +forceload
-# AIX: -bnogc
-# SHAREDFLAGS would be:
-# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# Tru64 Unix: -shared \
-# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
-# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# HP/UX-32bit: +vnocompatwarnings -b -z +s \
-# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# AIX: -G -bE:lib$$i.exp -bM:SRE
-# SHAREDCMD would be:
-# GNU systems: $(CC)
-# Tru64 Unix: $(CC)
-# Solaris: $(CC)
-# Irix: $(CC)
-# HP/UX-32bit: /usr/ccs/bin/ld
-# HP/UX-64bit: /usr/ccs/bin/ld
-# AIX: $(CC)
-ALLSYMSFLAG=-bnogc
-SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
-SHAREDCMD=$(CC)
-do_aix-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; \
- ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
- ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAGS) \
- -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
- $$libs ${EX_LIBS} ) ) \
- || exit 1; \
- libs="-l$$i $$libs"; \
- done
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-do_reliantunix-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
- ( set -x; \
- ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
- cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
- ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
- ) || exit 1; \
- cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
- ) || exit 1; \
- rm -rf $$tmpdir ; \
- libs="-l$$i $$libs"; \
- done
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -612,31 +336,25 @@ openssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-Makefile: Makefile.org
- @echo "Makefile is older than Makefile.org."
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
- rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making clean in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
- rm -f $(LIBS); \
- fi; \
- done;
- rm -f openssl.pc
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
- @for i in $(ONEDIRS) ;\
+ @set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
@@ -647,84 +365,44 @@ makefile.one: files
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making 'files' in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
- fi; \
- done;
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @for i in $(DIRS); do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making links in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
- fi; \
- done;
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -f *.bak
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making dclean in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
- fi; \
- done;
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs
- @(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
- DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
- SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
- LIBPATH="`pwd`:$$LIBPATH"; \
- if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
- $(PERL) tools/c_rehash certs)
+ @(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
tests: rehash
@(cd test && echo "testing..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
- @LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
- DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
- SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
- LIBPATH="`pwd`:$$LIBPATH"; \
- if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
- apps/openssl version -a
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
depend:
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making dependencies $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
- fi; \
- done;
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making lint $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
- fi; \
- done;
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
@@ -732,7 +410,8 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
- (cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
@@ -751,11 +430,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
@@ -790,45 +473,36 @@ dist:
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
dist_pem_h:
- (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @for i in $(EXHEADER) ;\
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i; echo "installing $$i..."; \
- $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
- fi; \
- done
- @for i in $(LIBS) ;\
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- : ; \
- else \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- fi; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done;
- @if [ -n "$(SHARED_LIBS)" ]; then \
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
@@ -839,20 +513,19 @@ install_sw:
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
fi ); \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- set $(MAKE); \
- $$1 -f $$here/Makefile link-shared ); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
@@ -860,15 +533,10 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
- @for i in $(SIGS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -881,12 +549,12 @@ install_docs:
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
- if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
filecase=-i; \
fi; \
- for i in doc/apps/*.pod; do \
+ set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
- if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@@ -894,16 +562,16 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
- for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
- if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@@ -911,8 +579,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 7a30acac3cb4..eaa9a11f9ce4 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -57,9 +57,8 @@ OPENSSLDIR=/usr/local/ssl
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
-CC= gcc
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CC= cc
+CFLAG= -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
@@ -80,113 +79,45 @@ MAKEDEPPROG=makedepend
AS=$(CC) -c
ASFLAG=$(CFLAG)
-# Set BN_ASM to bn_asm.o if you want to use the C version
-BN_ASM= bn_asm.o
-#BN_ASM= bn_asm.o
-#BN_ASM= asm/bn86-elf.o # elf, linux-elf
-#BN_ASM= asm/bn86-sol.o # solaris
-#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
-#BN_ASM= asm/bn86bsdi.o # bsdi
-#BN_ASM= asm/alpha.o # DEC Alpha
-#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
-#BN_ASM= asm/r3000.o # SGI MIPS cpu
-#BN_ASM= asm/sparc.o # Sun solaris/SunOS
-#BN_ASM= asm/bn-win32.o # Windows 95/NT
-#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
-#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
-
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-FIPS_DES_ENC= des_enc.o fcrypt_b.o
-DES_ENC= asm/dx86-out.o asm/yx86-out.o
-#DES_ENC= des_enc.o fcrypt_b.o # C
-#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= asm/bx86-out.o
-#BF_ENC= bf_enc.o
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o # solaris
-#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o # bsdi
-
-# Set CAST_ENC to c_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-CAST_ENC= asm/cx86-out.o
-#CAST_ENC= c_enc.o
-#CAST_ENC= asm/cx86-elf.o # elf
-#CAST_ENC= asm/cx86-sol.o # solaris
-#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
-#CAST_ENC= asm/cx86bsdi.o # bsdi
-
-# Set RC4_ENC to rc4_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC4_ENC= asm/rx86-out.o
-#RC4_ENC= rc4_enc.o
-#RC4_ENC= asm/rx86-elf.o # elf
-#RC4_ENC= asm/rx86-sol.o # solaris
-#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
-#RC4_ENC= asm/rx86bsdi.o # bsdi
-
-# Set RC5_ENC to rc5_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC5_ENC= asm/r586-out.o
-#RC5_ENC= rc5_enc.o
-#RC5_ENC= asm/r586-elf.o # elf
-#RC5_ENC= asm/r586-sol.o # solaris
-#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
-#RC5_ENC= asm/r586bsdi.o # bsdi
-
-# Also need MD5_ASM defined
-MD5_ASM_OBJ= asm/mx86-out.o
-#MD5_ASM_OBJ= asm/mx86-elf.o # elf
-#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
-#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
-#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
-
-# Also need SHA1_ASM defined
-SHA1_ASM_OBJ= asm/sx86-out.o
-FIPS_SHA1_ASM_OBJ= asm/sx86-out.o
-#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
-#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
-#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
-#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
-
-# Also need RMD160_ASM defined
-RMD160_ASM_OBJ= asm/rm86-out.o
-#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
-#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
-#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
-#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ASM_OBJ=aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ=
+SHA1_ASM_OBJ=
+RMD160_ASM_OBJ=
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
-# When we're prepared to use shared libraries in the programs we link here
-# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
-SHLIB_MARK=
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
-DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
-SHLIBDIRS= fips crypto ssl
+DIRS= crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
# dirs in crypto to build
-SDIRS= objects \
+SDIRS= \
+ objects \
md2 md4 md5 sha mdc2 hmac ripemd \
- des rc2 rc4 rc5 idea bf cast \
- bn ec rsa dsa dh dso engine aes \
+ des aes rc2 rc4 rc5 idea bf cast \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
-
-FDIRS= sha1 rand des aes dsa rsa dh
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store pqueue
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
@@ -205,7 +136,6 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
-SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
@@ -220,45 +150,106 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
-# When we're prepared to use shared libraries in the programs we link here
-# we might remove 'clean-shared' from the targets to perform at this stage
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
-all: Makefile sub_all openssl.pc
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-sigs: $(SIGS)
-libcrypto.a.sha1: libcrypto.a
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- $(RANLIB) libcrypto.a; \
- fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
- fi
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
-sub_all:
- @for i in $(DIRS); \
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
- else \
- $(MAKE) $$i; \
- fi; \
- done;
+build_libs: build_crypto build_ssl build_engines
-sub_target:
- @for i in $(DIRS); \
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making $(TARGET) in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
- else \
- $(MAKE) $$i; \
- fi; \
- done;
+build_crypto:
+ @dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl:
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines:
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps:
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests:
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools:
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@@ -266,10 +257,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
fi
clean-shared:
- @for i in $(SHLIBDIRS); do \
+ @set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
@@ -278,327 +270,59 @@ clean-shared:
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
- @if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for i in $(SHLIBDIRS); do \
- prev=lib$$i$(SHLIB_EXT); \
- for j in $${tmp:-x}; do \
- ( set -x; \
- rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
- prev=lib$$i$$j; \
- done; \
- done; \
- fi
-
-build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
-
-do_bsd-gcc-shared: do_gnu-shared
-do_linux-shared: do_gnu-shared
-do_gnu-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-Bsymbolic \
- -Wl,--whole-archive lib$$i.a \
- -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done
-
-DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
-
-# For Darwin AKA Mac OS/X (dyld)
-do_darwin-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
- lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
- -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
- libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
- echo "" ; \
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
done
-do_cygwin-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
- -Wl,-Bsymbolic \
- -Wl,--whole-archive lib$$i.a \
- -Wl,--out-implib,lib$$i.dll.a \
- -Wl,--no-whole-archive $$libs ) || exit 1; \
- libs="-l$$i $$libs"; \
- done
-
-# This assumes that GNU utilities are *not* used
-do_alpha-osf1-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -o lib$$i.so \
- -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
-# option passed to the linker.
-do_tru64-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -msym -o lib$$i.so \
- -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-# The difference between tru64-shared and tru64-shared-rpath is the
-# -rpath ${INSTALLTOP}/lib passed to the linker.
-do_tru64-shared-rpath:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -msym -o lib$$i.so \
- -rpath ${INSTALLTOP}/lib \
- -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-
-# This assumes that GNU utilities are *not* used
-do_solaris-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- MINUSZ='-z '; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
- -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-Bsymbolic \
- $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
- $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# OpenServer 5 native compilers used
-do_svr3-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- find . -name "*.o" -print > allobjs ; \
- OBJS= ; export OBJS ; \
- for obj in `ar t lib$$i.a` ; do \
- OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
- done ; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
- -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
+build-shared: do_$(SHLIB_TARGET) link-shared
-# UnixWare 7 and OpenUNIX 8 native compilers used
-do_svr5-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- SHARE_FLAG='-G'; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
- find . -name "*.o" -print > allobjs ; \
- OBJS= ; export OBJS ; \
- for obj in `ar t lib$$i.a` ; do \
- OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
- done ; \
- set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
- ${CC} ${SHARED_LDFLAGS} \
- $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-do_irix-shared:
- if ${DETECT_GNU_LD}; then \
- $(MAKE) do_gnu-shared; \
- else \
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( WHOLELIB="-all lib$$i.a -notall"; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
- -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
- libs="-l$$i $$libs"; \
- done; \
- fi
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-# by temporarily specifying "+s"!
-#
-do_hpux-shared:
- for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- +vnocompatwarnings \
- -b -z +s \
- -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Fl lib$$i.a -ldld -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
- done
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-do_hpux64-shared:
- for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- -b -z \
- -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +forceload lib$$i.a -ldl -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
-# The following method is said to work on all platforms. Tests will
-# determine if that's how it's gong to be used.
-# This assumes that for all but GNU systems, GNU utilities are *not* used.
-# ALLSYMSFLAGS would be:
-# GNU systems: --whole-archive
-# Tru64 Unix: -all
-# Solaris: -z allextract
-# Irix: -all
-# HP/UX-32bit: -Fl
-# HP/UX-64bit: +forceload
-# AIX: -bnogc
-# SHAREDFLAGS would be:
-# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# Tru64 Unix: -shared \
-# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
-# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# HP/UX-32bit: +vnocompatwarnings -b -z +s \
-# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
-# AIX: -G -bE:lib$$i.exp -bM:SRE
-# SHAREDCMD would be:
-# GNU systems: $(CC)
-# Tru64 Unix: $(CC)
-# Solaris: $(CC)
-# Irix: $(CC)
-# HP/UX-32bit: /usr/ccs/bin/ld
-# HP/UX-64bit: /usr/ccs/bin/ld
-# AIX: $(CC)
-ALLSYMSFLAG=-bnogc
-SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
-SHAREDCMD=$(CC)
-do_aix-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- ( set -x; \
- ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
- ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAGS) \
- -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
- $$libs ${EX_LIBS} ) ) \
- || exit 1; \
- libs="-l$$i $$libs"; \
- done
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-do_reliantunix-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
- ( set -x; \
- ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
- cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
- ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
- ) || exit 1; \
- cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
- ) || exit 1; \
- rm -rf $$tmpdir ; \
- libs="-l$$i $$libs"; \
- done
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -610,31 +334,25 @@ openssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-Makefile: Makefile.org
- @echo "Makefile is older than Makefile.org."
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
- rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making clean in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
- rm -f $(LIBS); \
- fi; \
- done;
- rm -f openssl.pc
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
- @for i in $(ONEDIRS) ;\
+ @set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
@@ -645,84 +363,44 @@ makefile.one: files
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making 'files' in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
- fi; \
- done;
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @for i in $(DIRS); do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making links in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
- fi; \
- done;
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -f *.bak
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making dclean in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
- fi; \
- done;
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs
- @(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
- DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
- SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
- LIBPATH="`pwd`:$$LIBPATH"; \
- if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
- $(PERL) tools/c_rehash certs)
+ @(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
tests: rehash
@(cd test && echo "testing..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
- @LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
- DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
- SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
- LIBPATH="`pwd`:$$LIBPATH"; \
- if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
- apps/openssl version -a
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
depend:
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making dependencies $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
- fi; \
- done;
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i && echo "making lint $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
- fi; \
- done;
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
@@ -730,7 +408,8 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
- (cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
@@ -749,11 +428,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
@@ -788,45 +471,36 @@ dist:
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
dist_pem_h:
- (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @for i in $(EXHEADER) ;\
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @for i in $(DIRS) ;\
- do \
- if [ -d "$$i" ]; then \
- (cd $$i; echo "installing $$i..."; \
- $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
- fi; \
- done
- @for i in $(LIBS) ;\
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- : ; \
- else \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- fi; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done;
- @if [ -n "$(SHARED_LIBS)" ]; then \
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
@@ -837,20 +511,19 @@ install_sw:
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
fi ); \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- set $(MAKE); \
- $$1 -f $$here/Makefile link-shared ); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
@@ -858,15 +531,10 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
- @for i in $(SIGS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -879,12 +547,12 @@ install_docs:
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
- if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
filecase=-i; \
fi; \
- for i in doc/apps/*.pod; do \
+ set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
- if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@@ -892,16 +560,16 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
- for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
- if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@@ -909,8 +577,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/crypto/openssl/Makefile.shared b/crypto/openssl/Makefile.shared
new file mode 100644
index 000000000000..ef1bfe1223a5
--- /dev/null
+++ b/crypto/openssl/Makefile.shared
@@ -0,0 +1,603 @@
+#
+# Helper makefile to link shared libraries in a portable way.
+# This is much simpler than libtool, and hopefully not too error-prone.
+#
+# The following variables need to be set on the command line to build
+# properly
+
+# CC contains the current compiler. This one MUST be defined
+CC=cc
+CFLAGS=$(CFLAG)
+# LDFLAGS contains flags to be used when temporary object files (when building
+# shared libraries) are created, or when an application is linked.
+# SHARED_LDFLAGS contains flags to be used when the shared library is created.
+LDFLAGS=
+SHARED_LDFLAGS=
+
+# LIBNAME contains just the name of the library, without prefix ("lib"
+# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
+# .dll, ...). This one MUST have a value when using this makefile to
+# build shared libraries.
+# For example, to build libfoo.so, you need to do the following:
+#LIBNAME=foo
+LIBNAME=
+
+# APPNAME contains just the name of the application, without suffix (""
+# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
+# this makefile to build applications.
+# For example, to build foo, you need to do the following:
+#APPNAME=foo
+APPNAME=
+
+# OBJECTS contains all the object files to link together into the application.
+# This must contain at least one object file.
+#OBJECTS=foo.o
+OBJECTS=
+
+# LIBEXTRAS contains extra modules to link together with the library.
+# For example, if a second library, say libbar.a needs to be linked into
+# libfoo.so, you need to do the following:
+#LIBEXTRAS=libbar.a
+# Note that this MUST be used when using the link_o targets, to hold the
+# names of all object files that go into the target library.
+LIBEXTRAS=
+
+# LIBVERSION contains the current version of the library.
+# For example, to build libfoo.so.1.2, you need to do the following:
+#LIBVERSION=1.2
+LIBVERSION=
+
+# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
+# the library. They MUST be in decreasing order.
+# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
+# and libfoo.so.1, you need to do the following:
+#LIBCOMPATVERSIONS=1.2 1
+# Note that on systems that use sonames, the last number will appear as
+# part of it.
+# It's also possible, for systems that support it (Tru64, for example),
+# to add extra compatibility info with more precision, by adding a second
+# list of versions, separated from the first with a semicolon, like this:
+#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
+LIBCOMPATVERSIONS=
+
+# LIBDEPS contains all the flags necessary to cover all necessary
+# dependencies to other libraries.
+LIBDEPS=
+
+#------------------------------------------------------------------------------
+# The rest is private to this makefile.
+
+SET_X=:
+#SET_X=set -x
+
+top:
+ echo "Trying to use this makefile interactively? Don't."
+
+CALC_VERSIONS= \
+ SHLIB_COMPAT=; SHLIB_SOVER=; \
+ if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
+ prev=""; \
+ for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
+ SHLIB_SOVER_NODOT=$$v; \
+ SHLIB_SOVER=.$$v; \
+ if [ -n "$$prev" ]; then \
+ SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
+ fi; \
+ prev=$$v; \
+ done; \
+ fi
+
+LINK_APP= \
+ ( $(SET_X); \
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+
+LINK_SO= \
+ ( $(SET_X); \
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
+ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+ ) && $(SYMLINK_SO); \
+ ( $(SET_X); rm -f lib$(LIBNAME).exp )
+
+SYMLINK_SO= \
+ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
+ prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+ if [ -n "$$SHLIB_COMPAT" ]; then \
+ for x in $$SHLIB_COMPAT; do \
+ ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
+ prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+ fi
+
+LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
+LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
+
+LINK_SO_A_VIA_O= \
+ SHOBJECTS=lib$(LIBNAME).o; \
+ ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
+ ( $(SET_X); \
+ ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
+ $(LINK_SO) && rm -f $(LIBNAME).o
+
+LINK_SO_A_UNPACKED= \
+ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
+ (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
+ ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
+ SHOBJECTS=$$UNPACKDIR/*.o; \
+ $(LINK_SO) && rm -rf $$UNPACKDIR
+
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+
+DO_GNU_SO=$(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+
+#This is rather special. It's a special target with which one can link
+#applications without bothering with any features that have anything to
+#do with shared libraries, for example when linking against static
+#libraries. It's mostly here to avoid a lot of conditionals everywhere
+#else...
+link_app.:
+ $(LINK_APP)
+
+link_o.gnu:
+ @ $(DO_GNU_SO); $(LINK_SO_O)
+link_a.gnu:
+ @ $(DO_GNU_SO); $(LINK_SO_A)
+link_app.gnu:
+ @ $(DO_GNU_APP); $(LINK_APP)
+
+link_o.bsd:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ LIBDEPS=" "; \
+ ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
+ NOALLSYMSFLAGS=; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+ fi; $(LINK_SO_O)
+link_a.bsd:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ LIBDEPS=" "; \
+ ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
+ NOALLSYMSFLAGS=; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+ fi; $(LINK_SO_A)
+link_app.bsd:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
+ LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
+ fi; $(LINK_APP)
+
+# For Darwin AKA Mac OS/X (dyld)
+# link_o.darwin produces .so, because we let it use dso_dlfcn module,
+# which has .so extension hard-coded. One can argue that one should
+# develop special dso module for MacOS X. At least manual encourages
+# to use native NSModule(3) API and refers to dlfcn as termporary hack.
+link_o.darwin:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME); \
+ SHLIB_SUFFIX=.so; \
+ ALLSYMSFLAGS='-all_load'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+ if [ -n "$(LIBVERSION)" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.darwin:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME); \
+ SHLIB_SUFFIX=.dylib; \
+ ALLSYMSFLAGS='-all_load'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+ if [ -n "$(LIBVERSION)" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+ fi; \
+ SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
+ $(LINK_SO_A)
+link_app.darwin: # is there run-path on darwin?
+ $(LINK_APP)
+
+link_o.cygwin:
+ @ $(CALC_VERSIONS); \
+ INHIBIT_SYMLINKS=yes; \
+ SHLIB=cyg$(LIBNAME); \
+ expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
+ SHLIB_SUFFIX=.dll; \
+ LIBVERSION="$(LIBVERSION)"; \
+ SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+ $(LINK_SO_O)
+link_a.cygwin:
+ @ $(CALC_VERSIONS); \
+ INHIBIT_SYMLINKS=yes; \
+ SHLIB=cyg$(LIBNAME); \
+ expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
+ SHLIB_SUFFIX=.dll; \
+ SHLIB_SOVER=-$(LIBVERSION); \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+ [ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
+ [ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
+ $(LINK_SO_A) || exit 1; \
+ cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
+ cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
+link_app.cygwin:
+ $(LINK_APP)
+
+link_o.alpha-osf1:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+ else \
+ SHLIB_HIST="$(LIBVERSION)"; \
+ fi; \
+ SHLIB_SOVER=; \
+ ALLSYMSFLAGS='-all'; \
+ NOALLSYMSFLAGS='-none'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+ fi; \
+ fi; \
+ $(LINK_SO_O)
+link_a.alpha-osf1:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+ else \
+ SHLIB_HIST="$(LIBVERSION)"; \
+ fi; \
+ SHLIB_SOVER=; \
+ ALLSYMSFLAGS='-all'; \
+ NOALLSYMSFLAGS='-none'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
+ if [ -n "$$SHLIB_HIST" ]; then \
+ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+ fi; \
+ fi; \
+ $(LINK_SO_A)
+link_app.alpha-osf1:
+ @if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_APP); \
+ else \
+ LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
+ fi; \
+ $(LINK_APP)
+
+link_o.solaris:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ MINUSZ='-z '; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS="$${MINUSZ}allextract"; \
+ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.solaris:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ MINUSZ='-z '; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=;\
+ ALLSYMSFLAGS="$${MINUSZ}allextract"; \
+ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+ fi; \
+ $(LINK_SO_A)
+link_app.solaris:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_APP); \
+ else \
+ LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
+ fi; \
+ $(LINK_APP)
+
+# OpenServer 5 native compilers used
+link_o.svr3:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.svr3:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_A_UNPACKED)
+link_app.svr3:
+ @${DETECT_GNU_LD} && $(DO_GNU_APP); \
+ $(LINK_APP)
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+link_o.svr5:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHARE_FLAG='-G'; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.svr5:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHARE_FLAG='-G'; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=''; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_A_UNPACKED)
+link_app.svr5:
+ @${DETECT_GNU_LD} && $(DO_GNU_APP); \
+ $(LINK_APP)
+
+link_o.irix:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ MINUSWL=""; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
+ ALLSYMSFLAGS="$${MINUSWL}-all"; \
+ NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_O)
+link_a.irix:
+ @ if ${DETECT_GNU_LD}; then \
+ $(DO_GNU_SO); \
+ else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ MINUSWL=""; \
+ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
+ ALLSYMSFLAGS="$${MINUSWL}-all"; \
+ NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ $(LINK_SO_A)
+link_app.irix:
+ @LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
+ $(LINK_APP)
+
+# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
+# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
+# rules imply that we can only link one level down in catalog structure,
+# but that's what takes place for the moment of this writing. +cdp option
+# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
+# editor context only [it's simply ignored in other cases, which are all
+# ELFs by the way].
+#
+link_o.hpux:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).sl; \
+ expr "$(CFLAGS)" : 'DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,-Fl'; \
+ NOALLSYMSFLAGS=''; \
+ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
+ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_a.hpux:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).sl; \
+ expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,-Fl'; \
+ NOALLSYMSFLAGS=''; \
+ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ fi; \
+ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
+ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_app.hpux:
+ @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
+ LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
+ fi; \
+ $(LINK_APP)
+
+link_o.aix:
+ @ $(CALC_VERSIONS); \
+ OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
+ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-bnogc'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
+ $(LINK_SO_O); rm -rf lib$(LIBNAME).exp
+link_a.aix:
+ @ $(CALC_VERSIONS); \
+ OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
+ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-bnogc'; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
+ $(LINK_SO_A_VIA_O)
+link_app.aix:
+ LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+ $(LINK_APP)
+
+link_o.reliantunix:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) -G'; \
+ $(LINK_SO_O)
+link_a.reliantunix:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS=; \
+ NOALLSYMSFLAGS=''; \
+ SHAREDFLAGS='$(CFLAGS) -G'; \
+ $(LINK_SO_A_UNPACKED)
+link_app.reliantunix:
+ $(LINK_APP)
+
+# Targets to build symbolic links when needed
+symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
+symlink.aix symlink.reliantunix:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).so; \
+ $(SYMLINK_SO)
+symlink.darwin:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME); \
+ SHLIB_SUFFIX=.dylib; \
+ $(SYMLINK_SO)
+symlink.hpux:
+ @ $(CALC_VERSIONS); \
+ SHLIB=lib$(LIBNAME).sl; \
+ expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ $(SYMLINK_SO)
+# The following lines means those specific architectures do no symlinks
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+
+# Compatibility targets
+link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
+link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
+link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
+symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+link_o.bsd-shared: link_o.bsd
+link_a.bsd-shared: link_a.bsd
+link_app.bsd-shared: link_app.bsd
+link_o.darwin-shared: link_o.darwin
+link_a.darwin-shared: link_a.darwin
+link_app.darwin-shared: link_app.darwin
+symlink.darwin-shared: symlink.darwin
+link_o.cygwin-shared: link_o.cygwin
+link_a.cygwin-shared: link_a.cygwin
+link_app.cygwin-shared: link_app.cygwin
+symlink.cygwin-shared: symlink.cygwin
+link_o.alpha-osf1-shared: link_o.alpha-osf1
+link_a.alpha-osf1-shared: link_a.alpha-osf1
+link_app.alpha-osf1-shared: link_app.alpha-osf1
+symlink.alpha-osf1-shared: symlink.alpha-osf1
+link_o.tru64-shared: link_o.tru64
+link_a.tru64-shared: link_a.tru64
+link_app.tru64-shared: link_app.tru64
+symlink.tru64-shared: symlink.tru64
+link_o.tru64-shared-rpath: link_o.tru64-rpath
+link_a.tru64-shared-rpath: link_a.tru64-rpath
+link_app.tru64-shared-rpath: link_app.tru64-rpath
+symlink.tru64-shared-rpath: symlink.tru64-rpath
+link_o.solaris-shared: link_o.solaris
+link_a.solaris-shared: link_a.solaris
+link_app.solaris-shared: link_app.solaris
+symlink.solaris-shared: symlink.solaris
+link_o.svr3-shared: link_o.svr3
+link_a.svr3-shared: link_a.svr3
+link_app.svr3-shared: link_app.svr3
+symlink.svr3-shared: symlink.svr3
+link_o.svr5-shared: link_o.svr5
+link_a.svr5-shared: link_a.svr5
+link_app.svr5-shared: link_app.svr5
+symlink.svr5-shared: symlink.svr5
+link_o.irix-shared: link_o.irix
+link_a.irix-shared: link_a.irix
+link_app.irix-shared: link_app.irix
+symlink.irix-shared: symlink.irix
+link_o.hpux-shared: link_o.hpux
+link_a.hpux-shared: link_a.hpux
+link_app.hpux-shared: link_app.hpux
+symlink.hpux-shared: symlink.hpux
+link_o.aix-shared: link_o.aix
+link_a.aix-shared: link_a.aix
+link_app.aix-shared: link_app.aix
+symlink.aix-shared: symlink.aix
+link_o.reliantunix-shared: link_o.reliantunix
+link_a.reliantunix-shared: link_a.reliantunix
+link_app.reliantunix-shared: link_app.reliantunix
+symlink.reliantunix-shared: symlink.reliantunix
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 496f59de41a1..4cdfbf4377ba 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,127 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+
+ o Cipher string fixes.
+ o Fixes for VC++ 2005.
+ o Updated ECC cipher suite support.
+ o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+ o Zlib compression usage fixes.
+ o Built in dynamic engine compilation support on Win32.
+ o Fixes auto dynamic engine loading in Win32.
+
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+
+ o Fix potential SSL 2.0 rollback, CAN-2005-2969
+ o Extended Windows CE support
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+
+ o Major work on the BIGNUM library for higher efficiency and to
+ make operations more streamlined and less contradictory. This
+ is the result of a major audit of the BIGNUM library.
+ o Addition of BIGNUM functions for fields GF(2^m) and NIST
+ curves, to support the Elliptic Crypto functions.
+ o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+ the use through EVP, X509 and ENGINE.
+ o New ASN.1 mini-compiler that's usable through the OpenSSL
+ configuration file.
+ o Added support for ASN.1 indefinite length constructed encoding.
+ o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+ o Complete rework of shared library construction and linking
+ programs with shared or static libraries, through a separate
+ Makefile.shared.
+ o Rework of the passing of parameters from one Makefile to another.
+ o Changed ENGINE framework to load dynamic engine modules
+ automatically from specifically given directories.
+ o New structure and ASN.1 functions for CertificatePair.
+ o Changed the ZLIB compression method to be stateful.
+ o Changed the key-generation and primality testing "progress"
+ mechanism to take a structure that contains the ticker
+ function and an argument.
+ o New engine module: GMP (performs private key exponentiation).
+ o New engine module: VIA PadLOck ACE extension in VIA C3
+ Nehemiah processors.
+ o Added support for IPv6 addresses in certificate extensions.
+ See RFC 1884, section 2.2.
+ o Added support for certificate policy mappings, policy
+ constraints and name constraints.
+ o Added support for multi-valued AVAs in the OpenSSL
+ configuration file.
+ o Added support for multiple certificates with the same subject
+ in the 'openssl ca' index file.
+ o Make it possible to create self-signed certificates using
+ 'openssl ca -selfsign'.
+ o Make it possible to generate a serial number file with
+ 'openssl ca -create_serial'.
+ o New binary search functions with extended functionality.
+ o New BUF functions.
+ o New STORE structure and library to provide an interface to all
+ sorts of data repositories. Supports storage of public and
+ private keys, certificates, CRLs, numbers and arbitrary blobs.
+ This library is unfortunately unfinished and unused withing
+ OpenSSL.
+ o New control functions for the error stack.
+ o Changed the PKCS#7 library to support one-pass S/MIME
+ processing.
+ o Added the possibility to compile without old deprecated
+ functionality with the OPENSSL_NO_DEPRECATED macro or the
+ 'no-deprecated' argument to the config and Configure scripts.
+ o Constification of all ASN.1 conversion functions, and other
+ affected functions.
+ o Improved platform support for PowerPC.
+ o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+ o New X509_VERIFY_PARAM structure to support parametrisation
+ of X.509 path validation.
+ o Major overhaul of RC4 performance on Intel P4, IA-64 and
+ AMD64.
+ o Changed the Configure script to have some algorithms disabled
+ by default. Those can be explicitely enabled with the new
+ argument form 'enable-xxx'.
+ o Change the default digest in 'openssl' commands from MD5 to
+ SHA-1.
+ o Added support for DTLS.
+ o New BIGNUM blinding.
+ o Added support for the RSA-PSS encryption scheme
+ o Added support for the RSA X.931 padding.
+ o Added support for BSD sockets on NetWare.
+ o Added support for files larger than 2GB.
+ o Added initial support for Win64.
+ o Added alternate pkg-config files.
+
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+
+ o Visual C++ 2005 fixes.
+ o Update Windows build system for FIPS.
+
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+
+ o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+
+ o Fix SSL 2.0 Rollback, CAN-2005-2969
+ o Allow use of fixed-length exponent on DSA signing
+ o Default fixed-window RSA, DSA, DH private-key operations
+
+ Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
+
+ o More compilation issues fixed.
+ o Adaptation to more modern Kerberos API.
+ o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+ o Enhanced x86_64 assembler BIGNUM module.
+ o More constification.
+ o Added processing of proxy certificates (RFC 3820).
+
+ Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
+
+ o Several compilation issues fixed.
+ o Many memory allocation failure checks added.
+ o Improved comparison of X509 Name type.
+ o Mandatory basic checks on certificates.
+ o Performance improvements.
+
Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
o Fix race condition in CRL checking code.
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
index d6731b1b134c..ed3c1745352c 100644
--- a/crypto/openssl/PROBLEMS
+++ b/crypto/openssl/PROBLEMS
@@ -48,20 +48,34 @@ will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
-* Bugs in gcc 3.0 triggered
+* Bugs in gcc triggered
-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
+- According to a problem report, there are bugs in gcc 3.0 that are
+ triggered by some of the code in OpenSSL, more specifically in
+ PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
+ What happens is that gcc might optimize a little too agressively, and
+ you end up with an extra incrementation when *header != '4'.
-We recommend that you upgrade gcc to as high a 3.x version as you can.
+ We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+- According to multiple problem reports, some of our message digest
+ implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
+ and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
+ latter - SHA one.
+
+ The recomendation is to upgrade your compiler. This naturally applies to
+ other similar cases.
+
+- There is a subtle Solaris x86-specific gcc run-time environment bug, which
+ "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
+ manifests itself as Segmentation Fault upon early application start-up.
+ The problem can be worked around by patching the environment according to
+ http://www.openssl.org/~appro/values.c.
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
@@ -90,15 +104,6 @@ failures in other parts of the code.
Workaround: modify the target to +O2 when building with no-asm.
-* Poor support for AIX shared builds.
-
-do_aix-shared rule is not flexible enough to parameterize through a
-config-line. './Configure aix43-cc shared' is working, but not
-'./Configure aix64-gcc shared'. In latter case make fails to create shared
-libraries. It's possible to build 64-bit shared libraries by running
-'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
-supporting even gcc shared builds. See RT#463 for background information.
-
* Problems building shared libraries on SCO OpenServer Release 5.0.6
with gcc 2.95.3
@@ -129,3 +134,64 @@ Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.
+
+* ULTRIX build fails with shell errors, such as "bad substitution"
+ and "test: argument expected"
+
+The problem is caused by ULTRIX /bin/sh supporting only original
+Bourne shell syntax/semantics, and the trouble is that the vast
+majority is so accustomed to more modern syntax, that very few
+people [if any] would recognize the ancient syntax even as valid.
+This inevitably results in non-trivial scripts breaking on ULTRIX,
+and OpenSSL isn't an exclusion. Fortunately there is workaround,
+hire /bin/ksh to do the job /bin/sh fails to do.
+
+1. Trick make(1) to use /bin/ksh by setting up following environ-
+ ment variables *prior* you execute ./Configure and make:
+
+ PROG_ENV=POSIX
+ MAKESHELL=/bin/ksh
+ export PROG_ENV MAKESHELL
+
+ or if your shell is csh-compatible:
+
+ setenv PROG_ENV POSIX
+ setenv MAKESHELL /bin/ksh
+
+2. Trick /bin/sh to use alternative expression evaluator. Create
+ following 'test' script for example in /tmp:
+
+ #!/bin/ksh
+ ${0##*/} "$@"
+
+ Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
+ your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
+ natively just replace system /bin/test and /bin/[ with the
+ above script.
+
+* hpux64-ia64-cc fails blowfish test.
+
+Compiler bug, presumably at particular patch level. It should be noted
+that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
+target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
+
+* no-engines generates errors.
+
+Unfortunately, the 'no-engines' configuration option currently doesn't
+work properly. Use 'no-hw' and you'll will at least get no hardware
+support. We'll see how we fix that on OpenSSL versions past 0.9.8.
+
+* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
+ if elder GNU binutils were deployed to link shared libcrypto.so.
+
+As subject suggests the failure is caused by a bug in elder binutils,
+either as or ld, and was observed on FreeBSD and Linux. There are two
+options. First is naturally to upgrade binutils, the second one - to
+reconfigure with additional no-sse2 [or 386] option passed to ./config.
+
+* If configured with ./config no-dso, toolkit still gets linked with -ldl,
+ which most notably poses a problem when linking with dietlibc.
+
+We don't have framework to associate -ldl with no-dso, therefore the only
+way is to edit Makefile right after ./config no-dso and remove -ldl from
+EX_LIBS line.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 4d0cd83be662..48612bb0340d 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.7e 25 Oct 2004
+ OpenSSL 0.9.8b 04 May 2006
- Copyright (c) 1998-2004 The OpenSSL Project
+ Copyright (c) 1998-2005 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -14,13 +14,13 @@
protocols as well as a full-strength general purpose cryptography library.
The project is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
+ related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
+ purposes as long as you fulfill the conditions of both licenses.
OVERVIEW
--------
@@ -53,11 +53,11 @@
MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
- RSA encryption/decryption/generation.
+ RSA encryption/decryption/generation.
There is no limit on the number of bits.
- DSA encryption/decryption/generation.
+ DSA encryption/decryption/generation.
There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
+ Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
X.509v3 certificates
@@ -80,16 +80,16 @@
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
- openssl:
+ openssl:
A command line tool that can be used for:
Creation of RSA, DH and DSA key parameters
- Creation of X.509 certificates, CSRs and CRLs
+ Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
-
+
PATENTS
-------
@@ -104,13 +104,15 @@
licensing conditions. Their web page is http://www.rsasecurity.com/.
RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission.
+ only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
+ The MDC2 algorithm is patented by IBM.
+
INSTALLATION
------------
@@ -129,7 +131,7 @@
or application author. We try to collect those in doc/PROBLEMS, with current
thoughts on how they should be solved in a future of OpenSSL.
- SUPPORT
+ SUPPORT
-------
If you have any problems with OpenSSL then please take the following steps
@@ -138,7 +140,7 @@
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
to see if the problem has already been addressed
- Remove ASM versions of libraries
- - Remove compiler optimisation flags
+ - Remove compiler optimisation flags
If you wish to report a bug then please include the following information in
any bug report:
@@ -191,3 +193,4 @@
# ./Configure dist; make clean
# cd ..
# diff -ur openssl-orig openssl-work > mydiffs.patch
+
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index a52a0045c1e8..a3965ecea96e 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -36,16 +36,26 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+ $openssl = $ENV{OPENSSL};
+} else {
+ $openssl = "openssl";
+ $ENV{OPENSSL} = $openssl;
+}
+
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
+$DAYS="-days 365"; # 1 year
+$CADAYS="-days 1095"; # 3 years
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
+$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
@@ -58,19 +68,19 @@ foreach (@ARGV) {
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
- system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
- print "Certificate (and private key) is in newreq.pem\n"
+ print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
- system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
- system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -84,6 +94,9 @@ foreach (@ARGV) {
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
+ open OUT, ">${CATOP}/crlnumber";
+ print OUT "01\n";
+ close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
@@ -98,22 +111,24 @@ foreach (@ARGV) {
$RET=$?;
} else {
print "Making CA certificate ...\n";
- system ("$REQ -new -x509 -keyout " .
- "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+ system ("$REQ -new -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
+ system ("$CA -create_serial " .
+ "-out ${CATOP}/$CACERT $CADAYS -batch " .
+ "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+ "-extensions v3_ca " .
+ "-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
- if (! -f "${CATOP}/serial" ) {
- system ("$X509 -in ${CATOP}/$CACERT -noout "
- . "-next_serial -out ${CATOP}/serial");
- }
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
- system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
+ print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in
index ae7d9c045f31..c783a6e6a541 100644
--- a/crypto/openssl/apps/CA.pl.in
+++ b/crypto/openssl/apps/CA.pl.in
@@ -36,16 +36,26 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+ $openssl = $ENV{OPENSSL};
+} else {
+ $openssl = "openssl";
+ $ENV{OPENSSL} = $openssl;
+}
+
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
+$DAYS="-days 365"; # 1 year
+$CADAYS="-days 1095"; # 3 years
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
+$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
@@ -58,19 +68,19 @@ foreach (@ARGV) {
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
- system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
- print "Certificate (and private key) is in newreq.pem\n"
+ print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
- system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
- system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -84,6 +94,9 @@ foreach (@ARGV) {
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
+ open OUT, ">${CATOP}/crlnumber";
+ print OUT "01\n";
+ close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
@@ -98,22 +111,24 @@ foreach (@ARGV) {
$RET=$?;
} else {
print "Making CA certificate ...\n";
- system ("$REQ -new -x509 -keyout " .
- "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+ system ("$REQ -new -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
+ system ("$CA -create_serial " .
+ "-out ${CATOP}/$CACERT $CADAYS -batch " .
+ "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+ "-extensions v3_ca " .
+ "-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
- if (! -f "${CATOP}/serial" ) {
- system ("$X509 -in ${CATOP}/$CACERT -noout "
- . "-next_serial -out ${CATOP}/serial");
- }
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
- system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
+ print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh
index d9f3069fb2a6..a0b20d85a975 100644
--- a/crypto/openssl/apps/CA.sh
+++ b/crypto/openssl/apps/CA.sh
@@ -30,14 +30,18 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
-DAYS="-days 365"
-REQ="openssl req $SSLEAY_CONFIG"
-CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="openssl verify"
-X509="openssl x509"
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
+DAYS="-days 365" # 1 year
+CADAYS="-days 1095" # 3 years
+REQ="$OPENSSL req $SSLEAY_CONFIG"
+CA="$OPENSSL ca $SSLEAY_CONFIG"
+VERIFY="$OPENSSL verify"
+X509="$OPENSSL x509"
CATOP=./demoCA
CAKEY=./cakey.pem
+CAREQ=./careq.pem
CACERT=./cacert.pem
for i
@@ -49,15 +53,15 @@ case $i in
;;
-newcert)
# create a certificate
- $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+ $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
- echo "Certificate (and private key) is in newreq.pem"
+ echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
- $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+ $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
- echo "Request (and private key) is in newreq.pem"
+ echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
@@ -70,7 +74,7 @@ case $i in
mkdir ${CATOP}/crl
mkdir ${CATOP}/newcerts
mkdir ${CATOP}/private
- echo "01" > ${CATOP}/serial
+ echo "00" > ${CATOP}/serial
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
@@ -83,8 +87,11 @@ case $i in
RET=$?
else
echo "Making CA certificate ..."
- $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
- -out ${CATOP}/$CACERT $DAYS
+ $REQ -new -keyout ${CATOP}/private/$CAKEY \
+ -out ${CATOP}/$CAREQ
+ $CA -out ${CATOP}/$CACERT $CADAYS -batch \
+ -keyfile ${CATOP}/private/$CAKEY -selfsign \
+ -infiles ${CATOP}/$CAREQ
RET=$?
fi
fi
diff --git a/crypto/openssl/apps/Makefile b/crypto/openssl/apps/Makefile
index b44c8fa3845f..79ea8a733714 100644
--- a/crypto/openssl/apps/Makefile
+++ b/crypto/openssl/apps/Makefile
@@ -7,11 +7,6 @@ TOP= ..
CC= cc
INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
CFLAG= -g -static
-INSTALL_PREFIX=
-INSTALLTOP= /usr/local/ssl
-OPENSSLDIR= /usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
PERL= perl
RM= rm -f
@@ -36,12 +31,12 @@ LIBSSL=-L.. -lssl
PROGRAM= openssl
-SCRIPTS=CA.sh CA.pl der_chop
+SCRIPTS=CA.sh CA.pl
EXE= $(PROGRAM)$(EXE_EXT)
E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
- ca crl rsa rsautl dsa dsaparam \
+ ca crl rsa rsautl dsa dsaparam ec ecparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
pkcs8 spkac smime rand engine ocsp prime
@@ -57,17 +52,19 @@ RAND_SRC=app_rand.c
E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
ca.o pkcs7.o crl2p7.o crl.o \
- rsa.o rsautl.o dsa.o dsaparam.o \
+ rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
+ ocsp.o prime.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
- rsa.c rsautl.c dsa.c dsaparam.c \
+ rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c prime.c
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
+ ocsp.c prime.c
SRC=$(E_SRC)
@@ -86,8 +83,13 @@ all: exe
exe: $(EXE)
req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
- LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
- $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+ shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ shlib_target="$(SHLIB_TARGET)"; \
+ fi; \
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
+ APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
+ LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
+ link_app.$${shlib_target}
sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
@@ -96,14 +98,15 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
install:
- @for i in $(EXE); \
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @set -e; for i in $(EXE); \
do \
(echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
done;
- @for i in $(SCRIPTS); \
+ @set -e; for i in $(SCRIPTS); \
do \
(echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
@@ -125,7 +128,11 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+ @if [ -z "$(THIS)" ]; then \
+ $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
+ else \
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+ fi
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -143,23 +150,21 @@ $(DLIBCRYPTO):
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
- if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
- $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+ shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ shlib_target="$(SHLIB_TARGET)"; \
+ fi; \
+ if [ "$${shlib_target}" = "darwin-shared" ] ; then \
+ LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
else \
- LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
- $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
- fi
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
- fi
- -(cd ..; OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \
- LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
- DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
- SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
- LIBPATH="`pwd`:$$LIBPATH"; \
- if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
- $(PERL) tools/c_rehash certs)
+ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
+ fi; \
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
+ APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ link_app.$${shlib_target}
+ -(cd ..; \
+ OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
+ $(PERL) tools/c_rehash certs)
progs.h: progs.pl
$(PERL) progs.pl $(E_EXE) >progs.h
@@ -167,1005 +172,729 @@ progs.h: progs.pl
# DO NOT DELETE THIS LINE -- make depend depends on it.
-app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
-app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
-app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
-app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
-app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
-app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
app_rand.o: apps.h
-apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
-apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
-apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
-apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
-apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
-asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
-asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
-asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
-asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
-asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+apps.o: ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
asn1pars.o: asn1pars.c
-ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
-ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ca.o: ../include/openssl/engine.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
-ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
-crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
-crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
-crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-crl.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
-crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
crl.o: ../include/openssl/x509v3.h apps.h crl.c
-crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
-crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
-crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
-crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
crl2p7.o: crl2p7.c
-dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
-dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-dgst.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
-dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
-dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/engine.h ../include/openssl/err.h
-dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
-dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
-dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
-dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
-dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
-dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-dsaparam.o: dsaparam.c
-enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
-enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
-enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/engine.h ../include/openssl/err.h
-enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
+ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ec.o: ../include/openssl/err.h ../include/openssl/evp.h
+ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c
+ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
+enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
-engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
-engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
-engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
-engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-engine.o: ../include/openssl/md4.h ../include/openssl/md5.h
-engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
+engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+engine.o: ../include/openssl/engine.h ../include/openssl/err.h
+engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
-errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
-errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
-gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
-gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
-gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
-gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
-gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
gendsa.o: gendsa.c
-genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
-genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
-genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-genrsa.o: genrsa.c
-nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
-nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
-nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
-nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
-nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
-nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
+nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
-ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
-ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
+ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
-openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
-openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
-openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/fips.h ../include/openssl/idea.h
-openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-openssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-openssl.o: openssl.c progs.h s_apps.h
-passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
-passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
-passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
passwd.o: passwd.c
-pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
-pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
-pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
-pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
-pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
-pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
-pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-pkcs7.o: ../include