aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcvs2svn <cvs2svn@FreeBSD.org>2006-10-01 08:09:47 +0000
committercvs2svn <cvs2svn@FreeBSD.org>2006-10-01 08:09:47 +0000
commit53f8bb4660ffd645a37cbe1eaa07adfa262e94b9 (patch)
tree56029a16c0d6fae638010bdaebed47596b1424a7
parent4d227dd736e57cf75f2278d8117f44dcb3defa61 (diff)
downloadsrc-53f8bb4660ffd645a37cbe1eaa07adfa262e94b9.tar.gz
src-53f8bb4660ffd645a37cbe1eaa07adfa262e94b9.zip
This commit was manufactured by cvs2svn to create tagvendor/openssl/0.9.8-20060929
'openssl-vendor-crypto-b0_9_8-20060929'.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=162916 svn path=/vendor-crypto/openssl/0.9.8-20060929/; revision=162918; tag=vendor/openssl/0.9.8-20060929
-rw-r--r--crypto/openssl/CHANGES7778
-rw-r--r--crypto/openssl/CHANGES.SSLeay968
-rw-r--r--crypto/openssl/ChangeLog.0_9_7-stable_not-in-head163
-rw-r--r--crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS1494
-rwxr-xr-xcrypto/openssl/Configure1817
-rw-r--r--crypto/openssl/FAQ898
-rw-r--r--crypto/openssl/INSTALL350
-rw-r--r--crypto/openssl/LICENSE127
-rw-r--r--crypto/openssl/Makefile590
-rw-r--r--crypto/openssl/Makefile.org588
-rw-r--r--crypto/openssl/Makefile.shared603
-rw-r--r--crypto/openssl/NEWS452
-rw-r--r--crypto/openssl/PROBLEMS197
-rw-r--r--crypto/openssl/README200
-rw-r--r--crypto/openssl/README.ASN1187
-rw-r--r--crypto/openssl/README.ENGINE289
-rwxr-xr-xcrypto/openssl/apps/CA.pl189
-rw-r--r--crypto/openssl/apps/CA.pl.in189
-rw-r--r--crypto/openssl/apps/CA.sh139
-rw-r--r--crypto/openssl/apps/Makefile900
-rw-r--r--crypto/openssl/apps/app_rand.c218
-rw-r--r--crypto/openssl/apps/apps.c2335
-rw-r--r--crypto/openssl/apps/apps.h345
-rw-r--r--crypto/openssl/apps/asn1pars.c444
-rw-r--r--crypto/openssl/apps/ca-cert.srl1
-rw-r--r--crypto/openssl/apps/ca-key.pem15
-rw-r--r--crypto/openssl/apps/ca-req.pem11
-rw-r--r--crypto/openssl/apps/ca.c3002
-rw-r--r--crypto/openssl/apps/cert.pem11
-rw-r--r--crypto/openssl/apps/ciphers.c208
-rw-r--r--crypto/openssl/apps/client.pem24
-rw-r--r--crypto/openssl/apps/crl.c429
-rw-r--r--crypto/openssl/apps/crl2p7.c345
-rw-r--r--crypto/openssl/apps/demoCA/cacert.pem14
-rw-r--r--crypto/openssl/apps/demoCA/index.txt39
-rw-r--r--crypto/openssl/apps/demoCA/private/cakey.pem24
-rw-r--r--crypto/openssl/apps/demoCA/serial1
-rw-r--r--crypto/openssl/apps/der_chop305
-rw-r--r--crypto/openssl/apps/der_chop.in305
-rw-r--r--crypto/openssl/apps/dgst.c477
-rw-r--r--crypto/openssl/apps/dh.c352
-rw-r--r--crypto/openssl/apps/dh1024.pem10
-rw-r--r--crypto/openssl/apps/dh2048.pem12
-rw-r--r--crypto/openssl/apps/dh4096.pem18
-rw-r--r--crypto/openssl/apps/dh512.pem9
-rw-r--r--crypto/openssl/apps/dhparam.c557
-rw-r--r--crypto/openssl/apps/dsa-ca.pem40
-rw-r--r--crypto/openssl/apps/dsa-pca.pem46
-rw-r--r--crypto/openssl/apps/dsa.c341
-rw-r--r--crypto/openssl/apps/dsa1024.pem9
-rw-r--r--crypto/openssl/apps/dsa512.pem6
-rw-r--r--crypto/openssl/apps/dsap.pem6
-rw-r--r--crypto/openssl/apps/dsaparam.c478
-rw-r--r--crypto/openssl/apps/ec.c400
-rw-r--r--crypto/openssl/apps/ecparam.c728
-rw-r--r--crypto/openssl/apps/enc.c681
-rw-r--r--crypto/openssl/apps/engine.c542
-rw-r--r--crypto/openssl/apps/errstr.c126
-rw-r--r--crypto/openssl/apps/gendh.c238
-rw-r--r--crypto/openssl/apps/gendsa.c274
-rw-r--r--crypto/openssl/apps/genrsa.c320
-rw-r--r--crypto/openssl/apps/nseq.c167
-rw-r--r--crypto/openssl/apps/ocsp.c1228
-rw-r--r--crypto/openssl/apps/oid.cnf6
-rw-r--r--crypto/openssl/apps/openssl.c526
-rw-r--r--crypto/openssl/apps/openssl.cnf313
-rw-r--r--crypto/openssl/apps/passwd.c512
-rw-r--r--crypto/openssl/apps/pca-cert.srl1
-rw-r--r--crypto/openssl/apps/pca-key.pem15
-rw-r--r--crypto/openssl/apps/pca-req.pem11
-rw-r--r--crypto/openssl/apps/pkcs12.c938
-rw-r--r--crypto/openssl/apps/pkcs7.c318
-rw-r--r--crypto/openssl/apps/pkcs8.c460
-rw-r--r--crypto/openssl/apps/prime.c130
-rw-r--r--crypto/openssl/apps/privkey.pem18
-rw-r--r--crypto/openssl/apps/progs.h324
-rw-r--r--crypto/openssl/apps/progs.pl91
-rw-r--r--crypto/openssl/apps/rand.c227
-rw-r--r--crypto/openssl/apps/req.c1686
-rw-r--r--crypto/openssl/apps/req.pem11
-rw-r--r--crypto/openssl/apps/rsa.c397
-rw-r--r--crypto/openssl/apps/rsa8192.pem101
-rw-r--r--crypto/openssl/apps/rsautl.c333
-rw-r--r--crypto/openssl/apps/s1024key.pem15
-rw-r--r--crypto/openssl/apps/s1024req.pem11
-rw-r--r--crypto/openssl/apps/s512-key.pem9
-rw-r--r--crypto/openssl/apps/s512-req.pem8
-rw-r--r--crypto/openssl/apps/s_apps.h170
-rw-r--r--crypto/openssl/apps/s_cb.c577
-rw-r--r--crypto/openssl/apps/s_client.c1219
-rw-r--r--crypto/openssl/apps/s_server.c2015
-rw-r--r--crypto/openssl/apps/s_socket.c617
-rw-r--r--crypto/openssl/apps/s_time.c735
-rw-r--r--crypto/openssl/apps/server.pem369
-rw-r--r--crypto/openssl/apps/server.srl1
-rw-r--r--crypto/openssl/apps/server2.pem376
-rw-r--r--crypto/openssl/apps/sess_id.c320
-rw-r--r--crypto/openssl/apps/set/set-g-ca.pem21
-rw-r--r--crypto/openssl/apps/set/set-m-ca.pem21
-rw-r--r--crypto/openssl/apps/set/set_b_ca.pem23
-rw-r--r--crypto/openssl/apps/set/set_c_ca.pem21
-rw-r--r--crypto/openssl/apps/set/set_d_ct.pem21
-rw-r--r--crypto/openssl/apps/set/set_root.pem21
-rw-r--r--crypto/openssl/apps/smime.c794
-rw-r--r--crypto/openssl/apps/speed.c2834
-rw-r--r--crypto/openssl/apps/spkac.c308
-rw-r--r--crypto/openssl/apps/testCA.pem8
-rw-r--r--crypto/openssl/apps/testdsa.h217
-rw-r--r--crypto/openssl/apps/testrsa.h518
-rw-r--r--crypto/openssl/apps/timeouts.h67
-rw-r--r--crypto/openssl/apps/verify.c370
-rw-r--r--crypto/openssl/apps/version.c217
-rw-r--r--crypto/openssl/apps/winrand.c148
-rw-r--r--crypto/openssl/apps/x509.c1278
-rw-r--r--crypto/openssl/bugs/MS7
-rw-r--r--crypto/openssl/bugs/SSLv349
-rw-r--r--crypto/openssl/bugs/VC16.bug18
-rw-r--r--crypto/openssl/bugs/alpha.c91
-rw-r--r--crypto/openssl/bugs/dggccbug.c45
-rw-r--r--crypto/openssl/bugs/sgiccbug.c57
-rw-r--r--crypto/openssl/bugs/sslref.dif26
-rw-r--r--crypto/openssl/bugs/stream.c131
-rw-r--r--crypto/openssl/bugs/ultrixcc.c45
-rw-r--r--crypto/openssl/certs/ICE-CA.pem59
-rw-r--r--crypto/openssl/certs/ICE-root.pem48
-rw-r--r--crypto/openssl/certs/ICE-user.pem63
-rw-r--r--crypto/openssl/certs/ICE.crl9
-rw-r--r--crypto/openssl/certs/RegTP-4R.pem19
-rw-r--r--crypto/openssl/certs/RegTP-5R.pem19
-rw-r--r--crypto/openssl/certs/RegTP-6R.pem19
-rw-r--r--crypto/openssl/certs/argena.pem39
-rw-r--r--crypto/openssl/certs/argeng.pem23
-rw-r--r--crypto/openssl/certs/ca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/ca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/dsa-ca.pem43
-rw-r--r--crypto/openssl/certs/demo/dsa-pca.pem49
-rw-r--r--crypto/openssl/certs/demo/nortelCA.pem16
-rw-r--r--crypto/openssl/certs/demo/pca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/timCA.pem16
-rw-r--r--crypto/openssl/certs/demo/tjhCA.pem15
-rw-r--r--crypto/openssl/certs/demo/vsigntca.pem18
-rw-r--r--crypto/openssl/certs/dsa-ca.pem43
-rw-r--r--crypto/openssl/certs/dsa-pca.pem49
-rw-r--r--crypto/openssl/certs/eng1.pem23
-rw-r--r--crypto/openssl/certs/eng2.pem23
-rw-r--r--crypto/openssl/certs/eng3.pem34
-rw-r--r--crypto/openssl/certs/eng4.pem23
-rw-r--r--crypto/openssl/certs/eng5.pem23
-rw-r--r--crypto/openssl/certs/expired/ICE-CA.pem59
-rw-r--r--crypto/openssl/certs/expired/ICE-root.pem48
-rw-r--r--crypto/openssl/certs/expired/ICE-user.pem63
-rw-r--r--crypto/openssl/certs/expired/ICE.crl9
-rw-r--r--crypto/openssl/certs/expired/RegTP-4R.pem19
-rw-r--r--crypto/openssl/certs/expired/factory.pem15
-rw-r--r--crypto/openssl/certs/expired/rsa-cca.pem19
-rw-r--r--crypto/openssl/certs/expired/rsa-ssca.pem19
-rw-r--r--crypto/openssl/certs/expired/vsign2.pem18
-rw-r--r--crypto/openssl/certs/expired/vsign3.pem18
-rw-r--r--crypto/openssl/certs/factory.pem15
-rw-r--r--crypto/openssl/certs/nortelCA.pem16
-rw-r--r--crypto/openssl/certs/pca-cert.pem33
-rw-r--r--crypto/openssl/certs/rsa-cca.pem19
-rw-r--r--crypto/openssl/certs/thawteCb.pem19
-rw-r--r--crypto/openssl/certs/thawteCp.pem19
-rw-r--r--crypto/openssl/certs/timCA.pem16
-rw-r--r--crypto/openssl/certs/tjhCA.pem15
-rw-r--r--crypto/openssl/certs/vsign1.pem17
-rw-r--r--crypto/openssl/certs/vsign2.pem18
-rw-r--r--crypto/openssl/certs/vsign3.pem17
-rw-r--r--crypto/openssl/certs/vsignss.pem17
-rw-r--r--crypto/openssl/certs/vsigntca.pem18
-rw-r--r--crypto/openssl/certs/wellsfgo.pem23
-rw-r--r--crypto/openssl/comm.txt1
-rw-r--r--crypto/openssl/comms.txt1
-rwxr-xr-xcrypto/openssl/config878
-rw-r--r--crypto/openssl/crypto/LPdir_nyi.c42
-rw-r--r--crypto/openssl/crypto/LPdir_unix.c127
-rw-r--r--crypto/openssl/crypto/LPdir_vms.c199
-rw-r--r--crypto/openssl/crypto/LPdir_win.c155
-rw-r--r--crypto/openssl/crypto/LPdir_win32.c30
-rw-r--r--crypto/openssl/crypto/LPdir_wince.c31
-rw-r--r--crypto/openssl/crypto/Makefile204
-rw-r--r--crypto/openssl/crypto/aes/Makefile112
-rw-r--r--crypto/openssl/crypto/aes/README3
-rw-r--r--crypto/openssl/crypto/aes/aes.h138
-rw-r--r--crypto/openssl/crypto/aes/aes_cbc.c131
-rw-r--r--crypto/openssl/crypto/aes/aes_cfb.c225
-rw-r--r--crypto/openssl/crypto/aes/aes_core.c1159
-rw-r--r--crypto/openssl/crypto/aes/aes_ctr.c139
-rw-r--r--crypto/openssl/crypto/aes/aes_ecb.c73
-rw-r--r--crypto/openssl/crypto/aes/aes_ige.c283
-rw-r--r--crypto/openssl/crypto/aes/aes_locl.h89
-rw-r--r--crypto/openssl/crypto/aes/aes_misc.c64
-rw-r--r--crypto/openssl/crypto/aes/aes_ofb.c142
-rwxr-xr-xcrypto/openssl/crypto/aes/asm/aes-586.pl1532
-rw-r--r--crypto/openssl/crypto/aes/asm/aes-ia64.S1652
-rw-r--r--crypto/openssl/crypto/asn1/Makefile870
-rw-r--r--crypto/openssl/crypto/asn1/a_bitstr.c225
-rw-r--r--crypto/openssl/crypto/asn1/a_bool.c114
-rw-r--r--crypto/openssl/crypto/asn1/a_bytes.c314
-rw-r--r--crypto/openssl/crypto/asn1/a_d2i_fp.c260
-rw-r--r--crypto/openssl/crypto/asn1/a_digest.c111
-rw-r--r--crypto/openssl/crypto/asn1/a_dup.c109
-rw-r--r--crypto/openssl/crypto/asn1/a_enum.c182
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c246
-rw-r--r--crypto/openssl/crypto/asn1/a_hdr.c119
-rw-r--r--crypto/openssl/crypto/asn1/a_i2d_fp.c163
-rw-r--r--crypto/openssl/crypto/asn1/a_int.c459
-rw-r--r--crypto/openssl/crypto/asn1/a_mbstr.c400
-rw-r--r--crypto/openssl/crypto/asn1/a_meth.c84
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c385
-rw-r--r--crypto/openssl/crypto/asn1/a_octet.c71
-rw-r--r--crypto/openssl/crypto/asn1/a_print.c127
-rw-r--r--crypto/openssl/crypto/asn1/a_set.c238
-rw-r--r--crypto/openssl/crypto/asn1/a_sign.c295
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c567
-rw-r--r--crypto/openssl/crypto/asn1/a_strnid.c290
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c164
-rw-r--r--crypto/openssl/crypto/asn1/a_type.c84
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c303
-rw-r--r--crypto/openssl/crypto/asn1/a_utf8.c211
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c181
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h1233
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c301
-rw-r--r--crypto/openssl/crypto/asn1/asn1_gen.c848
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c462
-rw-r--r--crypto/openssl/crypto/asn1/asn1_mac.h571
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c442
-rw-r--r--crypto/openssl/crypto/asn1/asn1t.h886
-rw-r--r--crypto/openssl/crypto/asn1/asn_moid.c160
-rw-r--r--crypto/openssl/crypto/asn1/asn_pack.c191
-rw-r--r--crypto/openssl/crypto/asn1/charmap.h15
-rw-r--r--crypto/openssl/crypto/asn1/charmap.pl80
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pr.c161
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pu.c135
-rw-r--r--crypto/openssl/crypto/asn1/evp_asn1.c189
-rw-r--r--crypto/openssl/crypto/asn1/f_enum.c207
-rw-r--r--crypto/openssl/crypto/asn1/f_int.c219
-rw-r--r--crypto/openssl/crypto/asn1/f_string.c212
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pr.c99
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pu.c95
-rw-r--r--crypto/openssl/crypto/asn1/n_pkey.c344
-rw-r--r--crypto/openssl/crypto/asn1/nsseq.c82
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbe.c131
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbev2.c205
-rw-r--r--crypto/openssl/crypto/asn1/p8_key.c131
-rw-r--r--crypto/openssl/crypto/asn1/p8_pkey.c84
-rw-r--r--crypto/openssl/crypto/asn1/t_bitst.c102
-rw-r--r--crypto/openssl/crypto/asn1/t_crl.c134
-rw-r--r--crypto/openssl/crypto/asn1/t_pkey.c839
-rw-r--r--crypto/openssl/crypto/asn1/t_req.c290
-rw-r--r--crypto/openssl/crypto/asn1/t_spki.c132
-rw-r--r--crypto/openssl/crypto/asn1/t_x509.c516
-rw-r--r--crypto/openssl/crypto/asn1/t_x509a.c110
-rw-r--r--crypto/openssl/crypto/asn1/tasn_dec.c1322
-rw-r--r--crypto/openssl/crypto/asn1/tasn_enc.c690
-rw-r--r--crypto/openssl/crypto/asn1/tasn_fre.c268
-rw-r--r--crypto/openssl/crypto/asn1/tasn_new.c395
-rw-r--r--crypto/openssl/crypto/asn1/tasn_prn.c198
-rw-r--r--crypto/openssl/crypto/asn1/tasn_typ.c137
-rw-r--r--crypto/openssl/crypto/asn1/tasn_utl.c279
-rw-r--r--crypto/openssl/crypto/asn1/x_algor.c73
-rw-r--r--crypto/openssl/crypto/asn1/x_attrib.c118
-rw-r--r--crypto/openssl/crypto/asn1/x_bignum.c139
-rw-r--r--crypto/openssl/crypto/asn1/x_crl.c140
-rw-r--r--crypto/openssl/crypto/asn1/x_exten.c71
-rw-r--r--crypto/openssl/crypto/asn1/x_info.c114
-rw-r--r--crypto/openssl/crypto/asn1/x_long.c171
-rw-r--r--crypto/openssl/crypto/asn1/x_name.c275
-rw-r--r--crypto/openssl/crypto/asn1/x_pkey.c151
-rw-r--r--crypto/openssl/crypto/asn1/x_pubkey.c531
-rw-r--r--crypto/openssl/crypto/asn1/x_req.c112
-rw-r--r--crypto/openssl/crypto/asn1/x_sig.c69
-rw-r--r--crypto/openssl/crypto/asn1/x_spki.c81
-rw-r--r--crypto/openssl/crypto/asn1/x_val.c69
-rw-r--r--crypto/openssl/crypto/asn1/x_x509.c194
-rw-r--r--crypto/openssl/crypto/asn1/x_x509a.c180
-rw-r--r--crypto/openssl/crypto/bf/COPYRIGHT46
-rw-r--r--crypto/openssl/crypto/bf/INSTALL14
-rw-r--r--crypto/openssl/crypto/bf/Makefile107
-rw-r--r--crypto/openssl/crypto/bf/README8
-rw-r--r--crypto/openssl/crypto/bf/VERSION6
-rw-r--r--crypto/openssl/crypto/bf/asm/bf-586.pl136
-rw-r--r--crypto/openssl/crypto/bf/asm/bf-686.pl127
-rw-r--r--crypto/openssl/crypto/bf/asm/readme10
-rw-r--r--crypto/openssl/crypto/bf/bf_cbc.c143
-rw-r--r--crypto/openssl/crypto/bf/bf_cfb64.c121
-rw-r--r--crypto/openssl/crypto/bf/bf_ecb.c96
-rw-r--r--crypto/openssl/crypto/bf/bf_enc.c306
-rw-r--r--crypto/openssl/crypto/bf/bf_locl.h219
-rw-r--r--crypto/openssl/crypto/bf/bf_ofb64.c110
-rw-r--r--crypto/openssl/crypto/bf/bf_opts.c331
-rw-r--r--crypto/openssl/crypto/bf/bf_pi.h325
-rw-r--r--crypto/openssl/crypto/bf/bf_skey.c116
-rw-r--r--crypto/openssl/crypto/bf/bfs.cpp67
-rw-r--r--crypto/openssl/crypto/bf/bfspeed.c277
-rw-r--r--crypto/openssl/crypto/bf/bftest.c540
-rw-r--r--crypto/openssl/crypto/bf/blowfish.h127
-rw-r--r--crypto/openssl/crypto/bio/Makefile221
-rw-r--r--crypto/openssl/crypto/bio/b_dump.c187
-rw-r--r--crypto/openssl/crypto/bio/b_print.c842
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c786
-rw-r--r--crypto/openssl/crypto/bio/bf_buff.c511
-rw-r--r--crypto/openssl/crypto/bio/bf_lbuf.c397
-rw-r--r--crypto/openssl/crypto/bio/bf_nbio.c255
-rw-r--r--crypto/openssl/crypto/bio/bf_null.c183
-rw-r--r--crypto/openssl/crypto/bio/bio.h770
-rw-r--r--crypto/openssl/crypto/bio/bio_cb.c139
-rw-r--r--crypto/openssl/crypto/bio/bio_err.c157
-rw-r--r--crypto/openssl/crypto/bio/bio_lcl.h28
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c556
-rw-r--r--crypto/openssl/crypto/bio/bss_acpt.c479
-rw-r--r--crypto/openssl/crypto/bio/bss_bio.c924
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c652
-rw-r--r--crypto/openssl/crypto/bio/bss_dgram.c484
-rw-r--r--crypto/openssl/crypto/bio/bss_fd.c294
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c424
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c402
-rw-r--r--crypto/openssl/crypto/bio/bss_mem.c321
-rw-r--r--crypto/openssl/crypto/bio/bss_null.c150
-rw-r--r--crypto/openssl/crypto/bio/bss_rtcp.c294
-rw-r--r--crypto/openssl/crypto/bio/bss_sock.c302
-rw-r--r--crypto/openssl/crypto/bn/Makefile343
-rw-r--r--crypto/openssl/crypto/bn/asm/README27
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.s3199
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.s.works533
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/add.pl119
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/div.pl144
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul.pl116
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl120
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl213
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl98
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl177
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl113
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl109
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl132
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sub.pl108
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/add.pl118
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/div.pl144
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul.pl104
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_add.pl123
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl215
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl98
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl177
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sqr.pl113
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl109
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl132
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sub.pl108
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-586.pl675
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-alpha.pl571
-rw-r--r--crypto/openssl/crypto/bn/asm/ca.pl33
-rw-r--r--crypto/openssl/crypto/bn/asm/co-586.pl286
-rw-r--r--crypto/openssl/crypto/bn/asm/co-alpha.pl116
-rw-r--r--crypto/openssl/crypto/bn/asm/ia64.S1560
-rw-r--r--crypto/openssl/crypto/bn/asm/mips1.s539
-rw-r--r--crypto/openssl/crypto/bn/asm/mips3.s2201
-rw-r--r--crypto/openssl/crypto/bn/asm/pa-risc.s710
-rw-r--r--crypto/openssl/crypto/bn/asm/pa-risc2.s1618
-rw-r--r--crypto/openssl/crypto/bn/asm/pa-risc2W.s1605
-rw-r--r--crypto/openssl/crypto/bn/asm/ppc.pl2078
-rw-r--r--crypto/openssl/crypto/bn/asm/r3000.s646
-rw-r--r--crypto/openssl/crypto/bn/asm/sparcv8.S1458
-rw-r--r--crypto/openssl/crypto/bn/asm/sparcv8plus.S1547
-rw-r--r--crypto/openssl/crypto/bn/asm/x86.pl28
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/add.pl76
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/comba.pl277
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/div.pl15
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/f3
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/mul.pl77
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/mul_add.pl87
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/sqr.pl60
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/sub.pl76
-rw-r--r--crypto/openssl/crypto/bn/asm/x86_64-gcc.c597
-rw-r--r--crypto/openssl/crypto/bn/bn.h827
-rw-r--r--crypto/openssl/crypto/bn/bn.mul19
-rw-r--r--crypto/openssl/crypto/bn/bn_add.c313
-rw-r--r--crypto/openssl/crypto/bn/bn_asm.c860
-rw-r--r--crypto/openssl/crypto/bn/bn_blind.c359
-rwxr-xr-xcrypto/openssl/crypto/bn/bn_const.c402
-rw-r--r--crypto/openssl/crypto/bn/bn_ctx.c454
-rw-r--r--crypto/openssl/crypto/bn/bn_depr.c112
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c400
-rw-r--r--crypto/openssl/crypto/bn/bn_err.c151
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c990
-rw-r--r--crypto/openssl/crypto/bn/bn_exp2.c311
-rw-r--r--crypto/openssl/crypto/bn/bn_gcd.c493
-rw-r--r--crypto/openssl/crypto/bn/bn_gf2m.c1091
-rw-r--r--crypto/openssl/crypto/bn/bn_kron.c184
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h489
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c845
-rw-r--r--crypto/openssl/crypto/bn/bn_mod.c301
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c437
-rw-r--r--crypto/openssl/crypto/bn/bn_mpi.c130
-rw-r--r--crypto/openssl/crypto/bn/bn_mul.c1164
-rw-r--r--crypto/openssl/crypto/bn/bn_nist.c775
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.c494
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.h325
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.pl117
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c338
-rw-r--r--crypto/openssl/crypto/bn/bn_rand.c305
-rw-r--r--crypto/openssl/crypto/bn/bn_recp.c234
-rw-r--r--crypto/openssl/crypto/bn/bn_shift.c220
-rw-r--r--crypto/openssl/crypto/bn/bn_sqr.c294
-rw-r--r--crypto/openssl/crypto/bn/bn_sqrt.c393
-rw-r--r--crypto/openssl/crypto/bn/bn_word.c247
-rw-r--r--crypto/openssl/crypto/bn/bnspeed.c233
-rw-r--r--crypto/openssl/crypto/bn/bntest.c2011
-rw-r--r--crypto/openssl/crypto/bn/divtest.c41
-rw-r--r--crypto/openssl/crypto/bn/exp.c62
-rw-r--r--crypto/openssl/crypto/bn/expspeed.c353
-rw-r--r--crypto/openssl/crypto/bn/exptest.c204
-rw-r--r--crypto/openssl/crypto/bn/todo3
-rw-r--r--crypto/openssl/crypto/buffer/Makefile90
-rw-r--r--crypto/openssl/crypto/buffer/buf_err.c102
-rw-r--r--crypto/openssl/crypto/buffer/buffer.c221
-rw-r--r--crypto/openssl/crypto/buffer/buffer.h118
-rw-r--r--crypto/openssl/crypto/camellia/Makefile103
-rw-r--r--crypto/openssl/crypto/camellia/camellia.c1688
-rw-r--r--crypto/openssl/crypto/camellia/camellia.h129
-rw-r--r--crypto/openssl/crypto/camellia/cmll_cbc.c234
-rw-r--r--crypto/openssl/crypto/camellia/cmll_cfb.c235
-rw-r--r--crypto/openssl/crypto/camellia/cmll_ctr.c143
-rw-r--r--crypto/openssl/crypto/camellia/cmll_ecb.c74
-rw-r--r--crypto/openssl/crypto/camellia/cmll_locl.h178
-rw-r--r--crypto/openssl/crypto/camellia/cmll_misc.c110
-rw-r--r--crypto/openssl/crypto/camellia/cmll_ofb.c141
-rw-r--r--crypto/openssl/crypto/cast/Makefile106
-rw-r--r--crypto/openssl/crypto/cast/asm/cast-586.pl176
-rw-r--r--crypto/openssl/crypto/cast/asm/readme7
-rw-r--r--crypto/openssl/crypto/cast/c_cfb64.c122
-rw-r--r--crypto/openssl/crypto/cast/c_ecb.c80
-rw-r--r--crypto/openssl/crypto/cast/c_enc.c207
-rw-r--r--crypto/openssl/crypto/cast/c_ofb64.c111
-rw-r--r--crypto/openssl/crypto/cast/c_skey.c166
-rw-r--r--crypto/openssl/crypto/cast/cast.h105
-rw-r--r--crypto/openssl/crypto/cast/cast_lcl.h227
-rw-r--r--crypto/openssl/crypto/cast/cast_s.h585
-rw-r--r--crypto/openssl/crypto/cast/cast_spd.c278
-rw-r--r--crypto/openssl/crypto/cast/castopts.c342
-rw-r--r--crypto/openssl/crypto/cast/casts.cpp70
-rw-r--r--crypto/openssl/crypto/cast/casttest.c233
-rw-r--r--crypto/openssl/crypto/comp/Makefile108
-rw-r--r--crypto/openssl/crypto/comp/c_rle.c62
-rw-r--r--crypto/openssl/crypto/comp/c_zlib.c387
-rw-r--r--crypto/openssl/crypto/comp/comp.h66
-rw-r--r--crypto/openssl/crypto/comp/comp_err.c96
-rw-r--r--crypto/openssl/crypto/comp/comp_lib.c72
-rw-r--r--crypto/openssl/crypto/conf/Makefile152
-rw-r--r--crypto/openssl/crypto/conf/README78
-rw-r--r--crypto/openssl/crypto/conf/cnf_save.c106
-rw-r--r--crypto/openssl/crypto/conf/conf.h253
-rw-r--r--crypto/openssl/crypto/conf/conf_api.c308
-rw-r--r--crypto/openssl/crypto/conf/conf_api.h89
-rw-r--r--crypto/openssl/crypto/conf/conf_def.c750
-rw-r--r--crypto/openssl/crypto/conf/conf_def.h180
-rw-r--r--crypto/openssl/crypto/conf/conf_err.c132
-rw-r--r--crypto/openssl/crypto/conf/conf_lib.c401
-rw-r--r--crypto/openssl/crypto/conf/conf_mall.c80
-rw-r--r--crypto/openssl/crypto/conf/conf_mod.c616
-rw-r--r--crypto/openssl/crypto/conf/conf_sap.c111
-rw-r--r--crypto/openssl/crypto/conf/keysets.pl185
-rw-r--r--crypto/openssl/crypto/conf/ssleay.cnf78
-rw-r--r--crypto/openssl/crypto/conf/test.c98
-rw-r--r--crypto/openssl/crypto/cpt_err.c106
-rw-r--r--crypto/openssl/crypto/cryptlib.c758
-rw-r--r--crypto/openssl/crypto/cryptlib.h112
-rw-r--r--crypto/openssl/crypto/crypto.h550
-rw-r--r--crypto/openssl/crypto/cversion.c117
-rw-r--r--crypto/openssl/crypto/des/COPYRIGHT50
-rw-r--r--crypto/openssl/crypto/des/DES.pm19
-rw-r--r--crypto/openssl/crypto/des/DES.xs268
-rw-r--r--crypto/openssl/crypto/des/FILES096
-rw-r--r--crypto/openssl/crypto/des/INSTALL69
-rw-r--r--crypto/openssl/crypto/des/Imakefile35
-rw-r--r--crypto/openssl/crypto/des/KERBEROS41
-rw-r--r--crypto/openssl/crypto/des/Makefile292
-rw-r--r--crypto/openssl/crypto/des/README54
-rw-r--r--crypto/openssl/crypto/des/VERSION412
-rw-r--r--crypto/openssl/crypto/des/asm/crypt586.pl208
-rw-r--r--crypto/openssl/crypto/des/asm/des-586.pl251
-rw-r--r--crypto/openssl/crypto/des/asm/des686.pl230
-rw-r--r--crypto/openssl/crypto/des/asm/des_enc.m41980
-rw-r--r--crypto/openssl/crypto/des/asm/desboth.pl79
-rw-r--r--crypto/openssl/crypto/des/asm/readme131
-rw-r--r--crypto/openssl/crypto/des/cbc3_enc.c99
-rw-r--r--crypto/openssl/crypto/des/cbc_cksm.c106
-rw-r--r--crypto/openssl/crypto/des/cbc_enc.c61
-rw-r--r--crypto/openssl/crypto/des/cfb64ede.c254
-rw-r--r--crypto/openssl/crypto/des/cfb64enc.c121
-rw-r--r--crypto/openssl/crypto/des/cfb_enc.c195
-rw-r--r--crypto/openssl/crypto/des/des.c932
-rw-r--r--crypto/openssl/crypto/des/des.h244
-rw-r--r--crypto/openssl/crypto/des/des.pod217
-rw-r--r--crypto/openssl/crypto/des/des3s.cpp67
-rw-r--r--crypto/openssl/crypto/des/des_enc.c407
-rw-r--r--crypto/openssl/crypto/des/des_locl.h428
-rw-r--r--crypto/openssl/crypto/des/des_old.c271
-rw-r--r--crypto/openssl/crypto/des/des_old.h445
-rw-r--r--crypto/openssl/crypto/des/des_old2.c82
-rw-r--r--crypto/openssl/crypto/des/des_opts.c608
-rw-r--r--crypto/openssl/crypto/des/des_ver.h71
-rw-r--r--crypto/openssl/crypto/des/dess.cpp67
-rw-r--r--crypto/openssl/crypto/des/destest.c952
-rw-r--r--crypto/openssl/crypto/des/ecb3_enc.c83
-rw-r--r--crypto/openssl/crypto/des/ecb_enc.c123
-rw-r--r--crypto/openssl/crypto/des/ede_cbcm_enc.c199
-rw-r--r--crypto/openssl/crypto/des/enc_read.c228
-rw-r--r--crypto/openssl/crypto/des/enc_writ.c171
-rw-r--r--crypto/openssl/crypto/des/fcrypt.c170
-rw-r--r--crypto/openssl/crypto/des/fcrypt_b.c145
-rw-r--r--crypto/openssl/crypto/des/makefile.bc50
-rw-r--r--crypto/openssl/crypto/des/ncbc_enc.c148
-rw-r--r--crypto/openssl/crypto/des/ofb64ede.c125
-rw-r--r--crypto/openssl/crypto/des/ofb64enc.c110
-rw-r--r--crypto/openssl/crypto/des/ofb_enc.c135
-rw-r--r--crypto/openssl/crypto/des/options.txt39
-rw-r--r--crypto/openssl/crypto/des/pcbc_enc.c123
-rw-r--r--crypto/openssl/crypto/des/qud_cksm.c139
-rw-r--r--crypto/openssl/crypto/des/rand_key.c68
-rw-r--r--crypto/openssl/crypto/des/read2pwd.c140
-rw-r--r--crypto/openssl/crypto/des/read_pwd.c521
-rw-r--r--crypto/openssl/crypto/des/rpc_des.h131
-rw-r--r--crypto/openssl/crypto/des/rpc_enc.c98
-rw-r--r--crypto/openssl/crypto/des/rpw.c99
-rw-r--r--crypto/openssl/crypto/des/set_key.c407
-rw-r--r--crypto/openssl/crypto/des/speed.c314
-rw-r--r--crypto/openssl/crypto/des/spr.h204
-rw-r--r--crypto/openssl/crypto/des/str2key.c174
-rw-r--r--crypto/openssl/crypto/des/t/test27
-rw-r--r--crypto/openssl/crypto/des/times/486-50.sol16
-rw-r--r--crypto/openssl/crypto/des/times/586-100.lnx20
-rw-r--r--crypto/openssl/crypto/des/times/686-200.fre18
-rw-r--r--crypto/openssl/crypto/des/times/aix.cc26
-rw-r--r--crypto/openssl/crypto/des/times/alpha.cc18
-rw-r--r--crypto/openssl/crypto/des/times/hpux.cc17
-rw-r--r--crypto/openssl/crypto/des/times/sparc.gcc17
-rw-r--r--crypto/openssl/crypto/des/times/usparc.cc31
-rw-r--r--crypto/openssl/crypto/des/typemap34
-rw-r--r--crypto/openssl/crypto/des/xcbc_enc.c195
-rw-r--r--crypto/openssl/crypto/dh/Makefile133
-rw-r--r--crypto/openssl/crypto/dh/dh.h234
-rw-r--r--crypto/openssl/crypto/dh/dh1024.pem5
-rw-r--r--crypto/openssl/crypto/dh/dh192.pem3
-rw-r--r--crypto/openssl/crypto/dh/dh2048.pem16
-rw-r--r--crypto/openssl/crypto/dh/dh4096.pem14
-rw-r--r--crypto/openssl/crypto/dh/dh512.pem4
-rw-r--r--crypto/openssl/crypto/dh/dh_asn1.c87
-rw-r--r--crypto/openssl/crypto/dh/dh_check.c142
-rw-r--r--crypto/openssl/crypto/dh/dh_depr.c83
-rw-r--r--crypto/openssl/crypto/dh/dh_err.c107
-rw-r--r--crypto/openssl/crypto/dh/dh_gen.c175
-rw-r--r--crypto/openssl/crypto/dh/dh_lib.c247
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c226
-rw-r--r--crypto/openssl/crypto/dh/example50
-rw-r--r--crypto/openssl/crypto/dh/generate65
-rw-r--r--crypto/openssl/crypto/dh/p1024.c92
-rw-r--r--crypto/openssl/crypto/dh/p192.c80
-rw-r--r--crypto/openssl/crypto/dh/p512.c85
-rw-r--r--crypto/openssl/crypto/dsa/Makefile164
-rw-r--r--crypto/openssl/crypto/dsa/README4
-rw-r--r--crypto/openssl/crypto/dsa/dsa.h285
-rw-r--r--crypto/openssl/crypto/dsa/dsa_asn1.c140
-rw-r--r--crypto/openssl/crypto/dsa/dsa_depr.c106
-rw-r--r--crypto/openssl/crypto/dsa/dsa_err.c114
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c315
-rw-r--r--crypto/openssl/crypto/dsa/dsa_key.c128
-rw-r--r--crypto/openssl/crypto/dsa/dsa_lib.c311
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c393
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c92
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c94
-rw-r--r--crypto/openssl/crypto/dsa/dsagen.c111
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c260
-rw-r--r--crypto/openssl/crypto/dsa/fips186a.txt122
-rw-r--r--crypto/openssl/crypto/dso/Makefile142
-rw-r--r--crypto/openssl/crypto/dso/README22
-rw-r--r--crypto/openssl/crypto/dso/dso.h368
-rw-r--r--crypto/openssl/crypto/dso/dso_dl.c353
-rw-r--r--crypto/openssl/crypto/dso/dso_dlfcn.c369
-rw-r--r--crypto/openssl/crypto/dso/dso_err.c150
-rw-r--r--crypto/openssl/crypto/dso/dso_lib.c466
-rw-r--r--crypto/openssl/crypto/dso/dso_null.c88
-rw-r--r--crypto/openssl/crypto/dso/dso_openssl.c81
-rw-r--r--crypto/openssl/crypto/ebcdic.c221
-rw-r--r--crypto/openssl/crypto/ebcdic.h19
-rw-r--r--crypto/openssl/crypto/ec/Makefile193
-rw-r--r--crypto/openssl/crypto/ec/ec.h525
-rw-r--r--crypto/openssl/crypto/ec/ec2_mult.c380
-rw-r--r--crypto/openssl/crypto/ec/ec2_smpl.c971
-rw-r--r--crypto/openssl/crypto/ec/ec2_smpt.c141
-rw-r--r--crypto/openssl/crypto/ec/ec_asn1.c1425
-rw-r--r--crypto/openssl/crypto/ec/ec_check.c123
-rw-r--r--crypto/openssl/crypto/ec/ec_curve.c1270
-rw-r--r--crypto/openssl/crypto/ec/ec_cvt.c144
-rw-r--r--crypto/openssl/crypto/ec/ec_err.c241
-rw-r--r--crypto/openssl/crypto/ec/ec_key.c465
-rw-r--r--crypto/openssl/crypto/ec/ec_lcl.h390
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c1164
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c910
-rw-r--r--crypto/openssl/crypto/ec/ec_print.c195
-rw-r--r--crypto/openssl/crypto/ec/ecp_mont.c315
-rw-r--r--crypto/openssl/crypto/ec/ecp_nist.c236
-rw-r--r--crypto/openssl/crypto/ec/ecp_recp.c133
-rw-r--r--crypto/openssl/crypto/ec/ecp_smpl.c1716
-rw-r--r--crypto/openssl/crypto/ec/ectest.c1336
-rw-r--r--crypto/openssl/crypto/ecdh/Makefile111
-rw-r--r--crypto/openssl/crypto/ecdh/ecdh.h123
-rw-r--r--crypto/openssl/crypto/ecdh/ecdhtest.c368
-rw-r--r--crypto/openssl/crypto/ecdh/ech_err.c101
-rw-r--r--crypto/openssl/crypto/ecdh/ech_key.c83
-rw-r--r--crypto/openssl/crypto/ecdh/ech_lib.c247
-rw-r--r--crypto/openssl/crypto/ecdh/ech_locl.h94
-rw-r--r--crypto/openssl/crypto/ecdh/ech_ossl.c213
-rw-r--r--crypto/openssl/crypto/ecdsa/Makefile125
-rw-r--r--crypto/openssl/crypto/ecdsa/ecdsa.h270
-rw-r--r--crypto/openssl/crypto/ecdsa/ecdsatest.c500
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_asn1.c67
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_err.c106
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_lib.c261
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_locl.h107
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_ossl.c442
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_sign.c104
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_vrf.c96
-rw-r--r--crypto/openssl/crypto/engine/Makefile288
-rw-r--r--crypto/openssl/crypto/engine/README211
-rw-r--r--crypto/openssl/crypto/engine/eng_all.c120
-rw-r--r--crypto/openssl/crypto/engine/eng_cnf.c239
-rw-r--r--crypto/openssl/crypto/engine/eng_cryptodev.c1133
-rw-r--r--crypto/openssl/crypto/engine/eng_ctrl.c389
-rw-r--r--crypto/openssl/crypto/engine/eng_dyn.c548
-rw-r--r--crypto/openssl/crypto/engine/eng_err.c171
-rw-r--r--crypto/openssl/crypto/engine/eng_fat.c167
-rw-r--r--crypto/openssl/crypto/engine/eng_init.c154
-rw-r--r--crypto/openssl/crypto/engine/eng_int.h194
-rw-r--r--crypto/openssl/crypto/engine/eng_lib.c329
-rw-r--r--crypto/openssl/crypto/engine/eng_list.c431
-rw-r--r--crypto/openssl/crypto/engine/eng_openssl.c384
-rw-r--r--crypto/openssl/crypto/engine/eng_padlock.c1216
-rw-r--r--crypto/openssl/crypto/engine/eng_pkey.c154
-rw-r--r--crypto/openssl/crypto/engine/eng_table.c315
-rw-r--r--crypto/openssl/crypto/engine/engine.h785
-rw-r--r--crypto/openssl/crypto/engine/enginetest.c283
-rw-r--r--crypto/openssl/crypto/engine/hw.ec8
-rw-r--r--crypto/openssl/crypto/engine/hw_4758_cca.c969
-rw-r--r--crypto/openssl/crypto/engine/hw_4758_cca_err.c149
-rw-r--r--crypto/openssl/crypto/engine/hw_4758_cca_err.h93
-rw-r--r--crypto/openssl/crypto/engine/hw_aep.c1119
-rw-r--r--crypto/openssl/crypto/engine/hw_aep_err.c157
-rw-r--r--crypto/openssl/crypto/engine/hw_aep_err.h101
-rw-r--r--crypto/openssl/crypto/engine/hw_atalla.c594
-rw-r--r--crypto/openssl/crypto/engine/hw_atalla_err.c145
-rw-r--r--crypto/openssl/crypto/engine/hw_atalla_err.h89
-rw-r--r--crypto/openssl/crypto/engine/hw_cryptodev.c1135
-rw-r--r--crypto/openssl/crypto/engine/hw_cswift.c997
-rw-r--r--crypto/openssl/crypto/engine/hw_cswift_err.c149
-rw-r--r--crypto/openssl/crypto/engine/hw_cswift_err.h93
-rw-r--r--crypto/openssl/crypto/engine/hw_ncipher.c1388
-rw-r--r--crypto/openssl/crypto/engine/hw_ncipher_err.c157
-rw-r--r--crypto/openssl/crypto/engine/hw_ncipher_err.h101
-rw-r--r--crypto/openssl/crypto/engine/hw_nuron.c418
-rw-r--r--crypto/openssl/crypto/engine/hw_nuron_err.c142
-rw-r--r--crypto/openssl/crypto/engine/hw_nuron_err.h86
-rw-r--r--crypto/openssl/crypto/engine/hw_sureware.c1039
-rw-r--r--crypto/openssl/crypto/engine/hw_sureware_err.c150
-rw-r--r--crypto/openssl/crypto/engine/hw_sureware_err.h94
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec.c1060
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec_err.c151
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec_err.h95
-rw-r--r--crypto/openssl/crypto/engine/tb_cipher.c143
-rw-r--r--crypto/openssl/crypto/engine/tb_dh.c118
-rw-r--r--crypto/openssl/crypto/engine/tb_digest.c143
-rw-r--r--crypto/openssl/crypto/engine/tb_dsa.c118
-rw-r--r--crypto/openssl/crypto/engine/tb_ecdh.c133
-rw-r--r--crypto/openssl/crypto/engine/tb_ecdsa.c118
-rw-r--r--crypto/openssl/crypto/engine/tb_rand.c118
-rw-r--r--crypto/openssl/crypto/engine/tb_rsa.c118
-rw-r--r--crypto/openssl/crypto/engine/tb_store.c123
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/aep.h178
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/atalla.h48
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/cswift.h234
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h149
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h100
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h486
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/sureware.h239
-rw-r--r--crypto/openssl/crypto/err/Makefile109
-rw-r--r--crypto/openssl/crypto/err/err.c1128
-rw-r--r--crypto/openssl/crypto/err/err.h318
-rw-r--r--crypto/openssl/crypto/err/err_all.c146
-rw-r--r--crypto/openssl/crypto/err/err_prn.c111
-rw-r--r--crypto/openssl/crypto/err/openssl.ec85
-rw-r--r--crypto/openssl/crypto/evp/Makefile638
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c567
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c426
-rw-r--r--crypto/openssl/crypto/evp/bio_md.c263
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c575
-rw-r--r--crypto/openssl/crypto/evp/c_all.c90
-rw-r--r--crypto/openssl/crypto/evp/c_allc.c216
-rw-r--r--crypto/openssl/crypto/evp/c_alld.c114
-rw-r--r--crypto/openssl/crypto/evp/digest.c334
-rw-r--r--crypto/openssl/crypto/evp/e_aes.c120
-rw-r--r--crypto/openssl/crypto/evp/e_bf.c88
-rw-r--r--crypto/openssl/crypto/evp/e_camellia.c131
-rw-r--r--crypto/openssl/crypto/evp/e_cast.c90
-rw-r--r--crypto/openssl/crypto/evp/e_des.c176
-rw-r--r--crypto/openssl/crypto/evp/e_des3.c271
-rw-r--r--crypto/openssl/crypto/evp/e_dsa.c71
-rw-r--r--crypto/openssl/crypto/evp/e_idea.c118
-rw-r--r--crypto/openssl/crypto/evp/e_null.c102
-rw-r--r--crypto/openssl/crypto/evp/e_old.c125
-rw-r--r--crypto/openssl/crypto/evp/e_rc2.c232
-rw-r--r--crypto/openssl/crypto/evp/e_rc4.c136
-rw-r--r--crypto/openssl/crypto/evp/e_rc5.c126
-rw-r--r--crypto/openssl/crypto/evp/e_xcbc_d.c125
-rw-r--r--crypto/openssl/crypto/evp/encode.c446
-rw-r--r--crypto/openssl/crypto/evp/evp.h966
-rw-r--r--crypto/openssl/crypto/evp/evp_acnf.c73
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c563
-rw-r--r--crypto/openssl/crypto/evp/evp_err.c177
-rw-r--r--crypto/openssl/crypto/evp/evp_key.c175
-rw-r--r--crypto/openssl/crypto/evp/evp_lib.c170
-rw-r--r--crypto/openssl/crypto/evp/evp_locl.h236
-rw-r--r--crypto/openssl/crypto/evp/evp_pbe.c137
-rw-r--r--crypto/openssl/crypto/evp/evp_pkey.c794
-rw-r--r--crypto/openssl/crypto/evp/evp_test.c442
-rw-r--r--crypto/openssl/crypto/evp/evptests.txt312
-rw-r--r--crypto/openssl/crypto/evp/m_dss.c99
-rw-r--r--crypto/openssl/crypto/evp/m_dss1.c100
-rw-r--r--crypto/openssl/crypto/evp/m_ecdsa.c148
-rw-r--r--crypto/openssl/crypto/evp/m_md2.c101
-rw-r--r--crypto/openssl/crypto/evp/m_md4.c101
-rw-r--r--crypto/openssl/crypto/evp/m_md5.c101
-rw-r--r--crypto/openssl/crypto/evp/m_mdc2.c99
-rw-r--r--crypto/openssl/crypto/evp/m_null.c95
-rw-r--r--crypto/openssl/crypto/evp/m_ripemd.c101
-rw-r--r--crypto/openssl/crypto/evp/m_sha.c100
-rw-r--r--crypto/openssl/crypto/evp/m_sha1.c204
-rw-r--r--crypto/openssl/crypto/evp/names.c123
-rw-r--r--crypto/openssl/crypto/evp/openbsd_hw.c446
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt.c159
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt2.c263
-rw-r--r--crypto/openssl/crypto/evp/p_dec.c87
-rw-r--r--crypto/openssl/crypto/evp/p_enc.c86
-rw-r--r--crypto/openssl/crypto/evp/p_lib.c502
-rw-r--r--crypto/openssl/crypto/evp/p_open.c127
-rw-r--r--crypto/openssl/crypto/evp/p_seal.c115
-rw-r--r--crypto/openssl/crypto/evp/p_sign.c114
-rw-r--r--crypto/openssl/crypto/evp/p_verify.c101
-rw-r--r--crypto/openssl/crypto/ex_data.c632
-rw-r--r--crypto/openssl/crypto/hmac/Makefile85
-rw-r--r--crypto/openssl/crypto/hmac/hmac.c173
-rw-r--r--crypto/openssl/crypto/hmac/hmac.h108
-rw-r--r--crypto/openssl/crypto/hmac/hmactest.c175
-rw-r--r--crypto/openssl/crypto/ia64cpuid.S121
-rw-r--r--crypto/openssl/crypto/idea/Makefile86
-rw-r--r--crypto/openssl/crypto/idea/i_cbc.c168
-rw-r--r--crypto/openssl/crypto/idea/i_cfb64.c122
-rw-r--r--crypto/openssl/crypto/idea/i_ecb.c85
-rw-r--r--crypto/openssl/crypto/idea/i_ofb64.c111
-rw-r--r--crypto/openssl/crypto/idea/i_skey.c157
-rw-r--r--crypto/openssl/crypto/idea/idea.h100
-rw-r--r--crypto/openssl/crypto/idea/idea_lcl.h215
-rw-r--r--crypto/openssl/crypto/idea/idea_spd.c299
-rw-r--r--crypto/openssl/crypto/idea/ideatest.c235
-rw-r--r--crypto/openssl/crypto/idea/version12
-rw-r--r--crypto/openssl/crypto/krb5/Makefile84
-rw-r--r--crypto/openssl/crypto/krb5/krb5_asn.c167
-rw-r--r--crypto/openssl/crypto/krb5/krb5_asn.h256
-rw-r--r--crypto/openssl/crypto/lhash/Makefile88
-rw-r--r--crypto/openssl/crypto/lhash/lh_stats.c248
-rw-r--r--crypto/openssl/crypto/lhash/lh_test.c88
-rw-r--r--crypto/openssl/crypto/lhash/lhash.c470
-rw-r--r--crypto/openssl/crypto/lhash/lhash.h200
-rw-r--r--crypto/openssl/crypto/lhash/num.pl17
-rw-r--r--crypto/openssl/crypto/md2/Makefile89
-rw-r--r--crypto/openssl/crypto/md2/md2.c124
-rw-r--r--crypto/openssl/crypto/md2/md2.h91
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c227
-rw-r--r--crypto/openssl/crypto/md2/md2_one.c94
-rw-r--r--crypto/openssl/crypto/md2/md2test.c143
-rw-r--r--crypto/openssl/crypto/md32_common.h623
-rw-r--r--crypto/openssl/crypto/md4/Makefile86
-rw-r--r--crypto/openssl/crypto/md4/md4.c127
-rw-r--r--crypto/openssl/crypto/md4/md4.h116
-rw-r--r--crypto/openssl/crypto/md4/md4_dgst.c258
-rw-r--r--crypto/openssl/crypto/md4/md4_locl.h156
-rw-r--r--crypto/openssl/crypto/md4/md4_one.c97
-rw-r--r--crypto/openssl/crypto/md4/md4s.cpp78
-rw-r--r--crypto/openssl/crypto/md4/md4test.c136
-rw-r--r--crypto/openssl/crypto/md5/Makefile120
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-586.pl306
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-sparcv9.S1031
-rwxr-xr-xcrypto/openssl/crypto/md5/asm/md5-x86_64.pl245
-rw-r--r--crypto/openssl/crypto/md5/md5.c127
-rw-r--r--crypto/openssl/crypto/md5/md5.h116
-rw-r--r--crypto/openssl/crypto/md5/md5_dgst.c292
-rw-r--r--crypto/openssl/crypto/md5/md5_locl.h176
-rw-r--r--crypto/openssl/crypto/md5/md5_one.c97
-rw-r--r--crypto/openssl/crypto/md5/md5s.cpp78
-rw-r--r--crypto/openssl/crypto/md5/md5test.c140
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile93
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2.h95
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2_one.c76
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2dgst.c199
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2test.c149
-rw-r--r--crypto/openssl/crypto/mem.c401
-rw-r--r--crypto/openssl/crypto/mem_clr.c75
-rw-r--r--crypto/openssl/crypto/mem_dbg.c795
-rw-r--r--crypto/openssl/crypto/o_dir.c83
-rw-r--r--crypto/openssl/crypto/o_dir.h53
-rw-r--r--crypto/openssl/crypto/o_dir_test.c70
-rw-r--r--crypto/openssl/crypto/o_str.c105
-rw-r--r--crypto/openssl/crypto/o_str.h68
-rw-r--r--crypto/openssl/crypto/o_time.c217
-rw-r--r--crypto/openssl/crypto/o_time.h66
-rw-r--r--crypto/openssl/crypto/objects/Makefile119
-rw-r--r--crypto/openssl/crypto/objects/o_names.c369
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c785
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.h4251
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.pl307
-rw-r--r--crypto/openssl/crypto/objects/obj_err.c105
-rw-r--r--crypto/openssl/crypto/objects/obj_lib.c128
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.h3393
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.num768
-rw-r--r--crypto/openssl/crypto/objects/objects.README44
-rw-r--r--crypto/openssl/crypto/objects/objects.h1049
-rw-r--r--crypto/openssl/crypto/objects/objects.pl229
-rw-r--r--crypto/openssl/crypto/objects/objects.txt1087
-rw-r--r--crypto/openssl/crypto/ocsp/Makefile213
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp.h614
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_asn.c182
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_cl.c372
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_err.c143
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_ext.c545
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_ht.c173
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_lib.c262
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_prn.c291
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_srv.c264
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_vfy.c444
-rw-r--r--crypto/openssl/crypto/opensslconf.h208
-rw-r--r--crypto/openssl/crypto/opensslconf.h.in159
-rw-r--r--crypto/openssl/crypto/opensslv.h89
-rw-r--r--crypto/openssl/crypto/ossl_typ.h174
-rw-r--r--crypto/openssl/crypto/pem/Makefile241
-rw-r--r--crypto/openssl/crypto/pem/message16
-rw-r--r--crypto/openssl/crypto/pem/pem.h737
-rw-r--r--crypto/openssl/crypto/pem/pem2.h70
-rw-r--r--crypto/openssl/crypto/pem/pem_all.c308
-rw-r--r--crypto/openssl/crypto/pem/pem_err.c138
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c397
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c778
-rw-r--r--crypto/openssl/crypto/pem/pem_oth.c86
-rw-r--r--crypto/openssl/crypto/pem/pem_pk8.c242
-rw-r--r--crypto/openssl/crypto/pem/pem_pkey.c148
-rw-r--r--crypto/openssl/crypto/pem/pem_seal.c189
-rw-r--r--crypto/openssl/crypto/pem/pem_sign.c102
-rw-r--r--crypto/openssl/crypto/pem/pem_x509.c69
-rw-r--r--crypto/openssl/crypto/pem/pem_xaux.c69
-rw-r--r--crypto/openssl/crypto/pem/pkcs7.lis22
-rw-r--r--crypto/openssl/crypto/perlasm/alpha.pl434
-rw-r--r--crypto/openssl/crypto/perlasm/cbc.pl351
-rw-r--r--crypto/openssl/crypto/perlasm/readme124
-rwxr-xr-xcrypto/openssl/crypto/perlasm/x86_64-xlate.pl506
-rw-r--r--crypto/openssl/crypto/perlasm/x86asm.pl130
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl464
-rw-r--r--crypto/openssl/crypto/perlasm/x86nasm.pl451
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl761
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile286
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_add.c224
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_asn.c125
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_attr.c145
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crpt.c130
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crt.c348
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_decr.c177
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_init.c92
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_key.c206
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_kiss.c297
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mutl.c182
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_npas.c216
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_p8d.c68
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_p8e.c97
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_utl.c146
-rw-r--r--crypto/openssl/crypto/pkcs12/pk12err.c147
-rw-r--r--crypto/openssl/crypto/pkcs12/pkcs12.h333
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile187
-rw-r--r--crypto/openssl/crypto/pkcs7/bio_ber.c466
-rw-r--r--crypto/openssl/crypto/pkcs7/dec.c248
-rw-r--r--crypto/openssl/crypto/pkcs7/des.pem15
-rw-r--r--crypto/openssl/crypto/pkcs7/doc24
-rw-r--r--crypto/openssl/crypto/pkcs7/enc.c174
-rw-r--r--crypto/openssl/crypto/pkcs7/es1.pem66
-rw-r--r--crypto/openssl/crypto/pkcs7/example.c329
-rw-r--r--crypto/openssl/crypto/pkcs7/example.h57
-rw-r--r--crypto/openssl/crypto/pkcs7/info.pem57
-rw-r--r--crypto/openssl/crypto/pkcs7/infokey.pem9
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/a12
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/a21
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/cert.p7cbin1728 -> 0 bytes
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/smime.p7mbin4894 -> 0 bytes
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/smime.p7sbin2625 -> 0 bytes
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_asn1.c214
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_attr.c141
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_dgst.c66
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c1106
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_enc.c76
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_lib.c561
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_mime.c773
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_smime.c480
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7.h464
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7err.c170
-rw-r--r--crypto/openssl/crypto/pkcs7/server.pem24
-rw-r--r--crypto/openssl/crypto/pkcs7/sign.c154
-rw-r--r--crypto/openssl/crypto/pkcs7/t/3des.pem16
-rw-r--r--crypto/openssl/crypto/pkcs7/t/3dess.pem32
-rw-r--r--crypto/openssl/crypto/pkcs7/t/c.pem48
-rw-r--r--crypto/openssl/crypto/pkcs7/t/ff32
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-e20
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-e.pem22
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-0162
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem66
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-0290
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem106
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-s-a-e91
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem106
-rw-r--r--crypto/openssl/crypto/pkcs7/t/nav-smime157
-rw-r--r--crypto/openssl/crypto/pkcs7/t/s.pem57
-rw-r--r--crypto/openssl/crypto/pkcs7/t/server.pem57
-rw-r--r--crypto/openssl/crypto/pkcs7/verify.c263
-rw-r--r--crypto/openssl/crypto/pqueue/Makefile84
-rw-r--r--crypto/openssl/crypto/pqueue/pq_compat.h147
-rw-r--r--crypto/openssl/crypto/pqueue/pq_test.c95
-rw-r--r--crypto/openssl/crypto/pqueue/pqueue.c236
-rw-r--r--crypto/openssl/crypto/pqueue/pqueue.h95
-rw-r--r--crypto/openssl/crypto/rand/Makefile159
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c572
-rw-r--r--crypto/openssl/crypto/rand/rand.h140
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c303
-rw-r--r--crypto/openssl/crypto/rand/rand_err.c99
-rwxr-xr-xcrypto/openssl/crypto/rand/rand_lcl.h158
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c176
-rw-r--r--crypto/openssl/crypto/rand/rand_nw.c176
-rw-r--r--crypto/openssl/crypto/rand/rand_os2.c147
-rw-r--r--crypto/openssl/crypto/rand/rand_unix.c330
-rw-r--r--crypto/openssl/crypto/rand/rand_vms.c136
-rw-r--r--crypto/openssl/crypto/rand/rand_win.c758
-rw-r--r--crypto/openssl/crypto/rand/randfile.c285
-rw-r--r--crypto/openssl/crypto/rand/randtest.c219
-rw-r--r--crypto/openssl/crypto/rc2/Makefile86
-rw-r--r--crypto/openssl/crypto/rc2/rc2.h101
-rw-r--r--crypto/openssl/crypto/rc2/rc2_cbc.c226
-rw-r--r--crypto/openssl/crypto/rc2/rc2_ecb.c88
-rw-r--r--crypto/openssl/crypto/rc2/rc2_locl.h156
-rw-r--r--crypto/openssl/crypto/rc2/rc2_skey.c145
-rw-r--r--crypto/openssl/crypto/rc2/rc2cfb64.c122
-rw-r--r--crypto/openssl/crypto/rc2/rc2ofb64.c111
-rw-r--r--crypto/openssl/crypto/rc2/rc2speed.c277
-rw-r--r--crypto/openssl/crypto/rc2/rc2test.c274
-rw-r--r--crypto/openssl/crypto/rc2/rrc2.doc219
-rw-r--r--crypto/openssl/crypto/rc2/tab.c86
-rw-r--r--crypto/openssl/crypto/rc2/version22
-rw-r--r--crypto/openssl/crypto/rc4/Makefile115
-rw-r--r--crypto/openssl/crypto/rc4/asm/rc4-586.pl230
-rw-r--r--crypto/openssl/crypto/rc4/asm/rc4-ia64.S160
-rwxr-xr-xcrypto/openssl/crypto/rc4/asm/rc4-x86_64.pl240
-rw-r--r--crypto/openssl/crypto/rc4/rc4.c193
-rw-r--r--crypto/openssl/crypto/rc4/rc4.h87
-rw-r--r--crypto/openssl/crypto/rc4/rc4_enc.c315
-rw-r--r--crypto/openssl/crypto/rc4/rc4_locl.h5
-rw-r--r--crypto/openssl/crypto/rc4/rc4_skey.c150
-rw-r--r--crypto/openssl/crypto/rc4/rc4s.cpp73
-rw-r--r--crypto/openssl/crypto/rc4/rc4speed.c253
-rw-r--r--crypto/openssl/crypto/rc4/rc4test.c236
-rw-r--r--crypto/openssl/crypto/rc4/rrc4.doc278
-rw-r--r--crypto/openssl/crypto/rc5/Makefile103
-rw-r--r--crypto/openssl/crypto/rc5/asm/rc5-586.pl109
-rw-r--r--crypto/openssl/crypto/rc5/rc5.h118
-rw-r--r--crypto/openssl/crypto/rc5/rc5_ecb.c80
-rw-r--r--crypto/openssl/crypto/rc5/rc5_enc.c215
-rw-r--r--crypto/openssl/crypto/rc5/rc5_locl.h207
-rw-r--r--crypto/openssl/crypto/rc5/rc5_skey.c113
-rw-r--r--crypto/openssl/crypto/rc5/rc5cfb64.c122
-rw-r--r--crypto/openssl/crypto/rc5/rc5ofb64.c111
-rw-r--r--crypto/openssl/crypto/rc5/rc5s.cpp70
-rw-r--r--crypto/openssl/crypto/rc5/rc5speed.c277
-rw-r--r--crypto/openssl/crypto/rc5/rc5test.c386
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile99
-rw-r--r--crypto/openssl/crypto/ripemd/README15
-rw-r--r--crypto/openssl/crypto/ripemd/asm/rips.cpp82
-rw-r--r--crypto/openssl/crypto/ripemd/asm/rmd-586.pl590
-rw-r--r--crypto/openssl/crypto/ripemd/ripemd.h103
-rw-r--r--crypto/openssl/crypto/ripemd/rmd160.c127
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_dgst.c494
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_locl.h164
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_one.c78
-rw-r--r--crypto/openssl/crypto/ripemd/rmdconst.h399
-rw-r--r--crypto/openssl/crypto/ripemd/rmdtest.c145
-rw-r--r--crypto/openssl/crypto/rsa/Makefile239
-rw-r--r--crypto/openssl/crypto/rsa/rsa.h441
-rw-r--r--crypto/openssl/crypto/rsa/rsa_asn1.c121
-rw-r--r--crypto/openssl/crypto/rsa/rsa_chk.c184
-rw-r--r--crypto/openssl/crypto/rsa/rsa_depr.c101
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c827
-rw-r--r--crypto/openssl/crypto/rsa/rsa_err.c174
-rw-r--r--crypto/openssl/crypto/rsa/rsa_gen.c194
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c464
-rw-r--r--crypto/openssl/crypto/rsa/rsa_none.c98
-rw-r--r--crypto/openssl/crypto/rsa/rsa_null.c151
-rw-r--r--crypto/openssl/crypto/rsa/rsa_oaep.c213
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pk1.c224
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pss.c269
-rw-r--r--crypto/openssl/crypto/rsa/rsa_saos.c150
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c249
-rw-r--r--crypto/openssl/crypto/rsa/rsa_ssl.c154
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c322
-rw-r--r--crypto/openssl/crypto/rsa/rsa_x931.c177
-rw-r--r--crypto/openssl/crypto/sha/Makefile134
-rw-r--r--crypto/openssl/crypto/sha/asm/README1
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-586.pl430
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-ia64.pl549
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/sha512-ia64.pl432
-rw-r--r--crypto/openssl/crypto/sha/asm/sha512-sse2.pl404
-rw-r--r--crypto/openssl/crypto/sha/sha.c124
-rw-r--r--crypto/openssl/crypto/sha/sha.h199
-rw-r--r--crypto/openssl/crypto/sha/sha1.c127
-rw-r--r--crypto/openssl/crypto/sha/sha1_one.c78
-rw-r--r--crypto/openssl/crypto/sha/sha1dgst.c74
-rw-r--r--crypto/openssl/crypto/sha/sha1s.cpp82
-rw-r--r--crypto/openssl/crypto/sha/sha1test.c178
-rw-r--r--crypto/openssl/crypto/sha/sha256.c319
-rw-r--r--crypto/openssl/crypto/sha/sha256t.c147
-rw-r--r--crypto/openssl/crypto/sha/sha512.c496
-rw-r--r--crypto/openssl/crypto/sha/sha512t.c184
-rw-r--r--crypto/openssl/crypto/sha/sha_dgst.c74
-rw-r--r--crypto/openssl/crypto/sha/sha_locl.h605
-rw-r--r--crypto/openssl/crypto/sha/sha_one.c78
-rw-r--r--crypto/openssl/crypto/sha/shatest.c178
-rw-r--r--crypto/openssl/crypto/sparccpuid.S239
-rw-r--r--crypto/openssl/crypto/stack/Makefile84
-rw-r--r--crypto/openssl/crypto/stack/safestack.h1784
-rw-r--r--crypto/openssl/crypto/stack/stack.c341
-rw-r--r--crypto/openssl/crypto/stack/stack.h109
-rw-r--r--crypto/openssl/crypto/store/Makefile112
-rw-r--r--crypto/openssl/crypto/store/README95
-rw-r--r--crypto/openssl/crypto/store/store.h554
-rw-r--r--crypto/openssl/crypto/store/str_err.c214
-rw-r--r--crypto/openssl/crypto/store/str_lib.c1824
-rw-r--r--crypto/openssl/crypto/store/str_locl.h124
-rw-r--r--crypto/openssl/crypto/store/str_mem.c357
-rw-r--r--crypto/openssl/crypto/store/str_meth.c250
-rw-r--r--crypto/openssl/crypto/symhacks.h383
-rw-r--r--crypto/openssl/crypto/threads/README14
-rw-r--r--crypto/openssl/crypto/threads/mttest.c1211
-rw-r--r--crypto/openssl/crypto/threads/profile.sh4
-rw-r--r--crypto/openssl/crypto/threads/pthread.sh9
-rwxr-xr-xcrypto/openssl/crypto/threads/pthread2.sh7
-rw-r--r--crypto/openssl/crypto/threads/purify.sh4
-rw-r--r--crypto/openssl/crypto/threads/th-lock.c387
-rw-r--r--crypto/openssl/crypto/tmdiff.c260
-rw-r--r--crypto/openssl/crypto/tmdiff.h93
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile84
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.c386
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.h109
-rw-r--r--crypto/openssl/crypto/ui/Makefile111
-rw-r--r--crypto/openssl/crypto/ui/ui.h381
-rw-r--r--crypto/openssl/crypto/ui/ui_compat.c67
-rw-r--r--crypto/openssl/crypto/ui/ui_compat.h83
-rw-r--r--crypto/openssl/crypto/ui/ui_err.c115
-rw-r--r--crypto/openssl/crypto/ui/ui_lib.c904
-rw-r--r--crypto/openssl/crypto/ui/ui_locl.h153
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c705
-rw-r--r--crypto/openssl/crypto/ui/ui_util.c91
-rw-r--r--crypto/openssl/crypto/uid.c89
-rw-r--r--crypto/openssl/crypto/x509/Makefile406
-rw-r--r--crypto/openssl/crypto/x509/by_dir.c380
-rw-r--r--crypto/openssl/crypto/x509/by_file.c300
-rw-r--r--crypto/openssl/crypto/x509/x509.h1340
-rw-r--r--crypto/openssl/crypto/x509/x509_att.c332
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c425
-rw-r--r--crypto/openssl/crypto/x509/x509_d2.c107
-rw-r--r--crypto/openssl/crypto/x509/x509_def.c81
-rw-r--r--crypto/openssl/crypto/x509/x509_err.c164
-rw-r--r--crypto/openssl/crypto/x509/x509_ext.c210
-rw-r--r--crypto/openssl/crypto/x509/x509_lu.c567
-rw-r--r--crypto/openssl/crypto/x509/x509_obj.c226
-rw-r--r--crypto/openssl/crypto/x509/x509_r2x.c114
-rw-r--r--crypto/openssl/crypto/x509/x509_req.c319
-rw-r--r--crypto/openssl/crypto/x509/x509_set.c150
-rw-r--r--crypto/openssl/crypto/x509/x509_trs.c287
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c171
-rw-r--r--crypto/openssl/crypto/x509/x509_v3.c274
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c1533
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.h530
-rw-r--r--crypto/openssl/crypto/x509/x509_vpm.c420
-rw-r--r--crypto/openssl/crypto/x509/x509cset.c170
-rw-r--r--crypto/openssl/crypto/x509/x509name.c383
-rw-r--r--crypto/openssl/crypto/x509/x509rset.c83
-rw-r--r--crypto/openssl/crypto/x509/x509spki.c121
-rw-r--r--crypto/openssl/crypto/x509/x509type.c121
-rw-r--r--crypto/openssl/crypto/x509/x_all.c522
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile560
-rw-r--r--crypto/openssl/crypto/x509v3/ext_dat.h124
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_cache.c287
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_data.c123
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_int.h223
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_lib.c167
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_map.c186
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_node.c158
-rw-r--r--crypto/openssl/crypto/x509v3/pcy_tree.c682
-rw-r--r--crypto/openssl/crypto/x509v3/tabtest.c88
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akey.c208
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akeya.c72
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c581
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bcons.c124
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bitst.c141
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c524
-rw-r--r--crypto/openssl/crypto/x509v3/v3_cpols.c449
-rw-r--r--crypto/openssl/crypto/x509v3/v3_crld.c162
-rw-r--r--crypto/openssl/crypto/x509v3/v3_enum.c94
-rw-r--r--crypto/openssl/crypto/x509v3/v3_extku.c142
-rw-r--r--crypto/openssl/crypto/x509v3/v3_genn.c101
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ia5.c116
-rw-r--r--crypto/openssl/crypto/x509v3/v3_info.c193
-rw-r--r--crypto/openssl/crypto/x509v3/v3_int.c89
-rw-r--r--crypto/openssl/crypto/x509v3/v3_lib.c303
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ncons.c220
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ocsp.c275
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pci.c313
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pcia.c55
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pcons.c136
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pku.c108
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pmaps.c153
-rw-r--r--crypto/openssl/crypto/x509v3/v3_prn.c234
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c651
-rw-r--r--crypto/openssl/crypto/x509v3/v3_skey.c144
-rw-r--r--crypto/openssl/crypto/x509v3/v3_sxnet.c262
-rw-r--r--crypto/openssl/crypto/x509v3/v3_utl.c845
-rw-r--r--crypto/openssl/crypto/x509v3/v3conf.c127
-rw-r--r--crypto/openssl/crypto/x509v3/v3err.c212
-rw-r--r--crypto/openssl/crypto/x509v3/v3prin.c99
-rw-r--r--crypto/openssl/crypto/x509v3/x509v3.h759
-rw-r--r--crypto/openssl/crypto/x86_64cpuid.pl138
-rw-r--r--crypto/openssl/crypto/x86cpuid.pl197
-rw-r--r--crypto/openssl/demos/README9
-rw-r--r--crypto/openssl/demos/asn1/README.ASN17
-rw-r--r--crypto/openssl/demos/asn1/ocsp.c366
-rw-r--r--crypto/openssl/demos/b64.c268
-rw-r--r--crypto/openssl/demos/b64.pl20
-rw-r--r--crypto/openssl/demos/bio/Makefile16
-rw-r--r--crypto/openssl/demos/bio/README3
-rw-r--r--crypto/openssl/demos/bio/saccept.c112
-rw-r--r--crypto/openssl/demos/bio/sconnect.c121
-rw-r--r--crypto/openssl/demos/bio/server.pem30
-rw-r--r--crypto/openssl/demos/easy_tls/Makefile123
-rw-r--r--crypto/openssl/demos/easy_tls/README65
-rw-r--r--crypto/openssl/demos/easy_tls/cacerts.pem18
-rw-r--r--crypto/openssl/demos/easy_tls/cert.pem31
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.c1240
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.h57
-rw-r--r--crypto/openssl/demos/easy_tls/test.c244
-rw-r--r--crypto/openssl/demos/easy_tls/test.h11
-rw-r--r--crypto/openssl/demos/eay/Makefile24
-rw-r--r--crypto/openssl/demos/eay/base64.c49
-rw-r--r--crypto/openssl/demos/eay/conn.c105
-rw-r--r--crypto/openssl/demos/eay/loadrsa.c53
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/Makefile114
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/cluster_labs.h35
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c721
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec8
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c151
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h95
-rw-r--r--crypto/openssl/demos/engines/ibmca/Makefile114
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca.c920
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca.ec8
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c154
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h98
-rw-r--r--crypto/openssl/demos/engines/ibmca/ica_openssl_api.h189
-rw-r--r--crypto/openssl/demos/engines/zencod/Makefile114
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.c1739
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.ec8
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.h160
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod_err.c151
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod_err.h95
-rw-r--r--crypto/openssl/demos/maurice/Makefile59
-rw-r--r--crypto/openssl/demos/maurice/README34
-rw-r--r--crypto/openssl/demos/maurice/cert.pem77
-rw-r--r--crypto/openssl/demos/maurice/example1.c198
-rw-r--r--crypto/openssl/demos/maurice/example2.c75
-rw-r--r--crypto/openssl/demos/maurice/example3.c87
-rw-r--r--crypto/openssl/demos/maurice/example4.c123
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.c72
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.h19
-rw-r--r--crypto/openssl/demos/maurice/privkey.pem27
-rw-r--r--crypto/openssl/demos/pkcs12/README3
-rw-r--r--crypto/openssl/demos/pkcs12/pkread.c61
-rw-r--r--crypto/openssl/demos/pkcs12/pkwrite.c46
-rw-r--r--crypto/openssl/demos/prime/Makefile20
-rw-r--r--crypto/openssl/demos/prime/prime.c101
-rw-r--r--crypto/openssl/demos/privkey.pem9
-rw-r--r--crypto/openssl/demos/selfsign.c180
-rw-r--r--crypto/openssl/demos/sign/Makefile15
-rw-r--r--crypto/openssl/demos/sign/cert.pem14
-rw-r--r--crypto/openssl/demos/sign/key.pem9
-rw-r--r--crypto/openssl/demos/sign/sig.txt158
-rw-r--r--crypto/openssl/demos/sign/sign.c153
-rw-r--r--crypto/openssl/demos/sign/sign.txt170
-rw-r--r--crypto/openssl/demos/spkigen.c161
-rw-r--r--crypto/openssl/demos/ssl/cli.cpp110
-rw-r--r--crypto/openssl/demos/ssl/inetdsrv.cpp98
-rw-r--r--crypto/openssl/demos/ssl/serv.cpp152
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh98
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ECCcertgen.sh164
-rw-r--r--crypto/openssl/demos/ssltest-ecc/README15
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/RSAcertgen.sh121
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ssltest.sh188
-rw-r--r--crypto/openssl/demos/state_machine/Makefile9
-rw-r--r--crypto/openssl/demos/state_machine/state_machine.c416
-rw-r--r--crypto/openssl/demos/tunala/A-client.pem84
-rw-r--r--crypto/openssl/demos/tunala/A-server.pem84
-rw-r--r--crypto/openssl/demos/tunala/CA.pem24
-rw-r--r--crypto/openssl/demos/tunala/INSTALL107
-rw-r--r--crypto/openssl/demos/tunala/Makefile41
-rw-r--r--crypto/openssl/demos/tunala/Makefile.am7
-rw-r--r--crypto/openssl/demos/tunala/README233
-rwxr-xr-xcrypto/openssl/demos/tunala/autogunk.sh25
-rwxr-xr-xcrypto/openssl/demos/tunala/autoungunk.sh18
-rw-r--r--crypto/openssl/demos/tunala/breakage.c66
-rw-r--r--crypto/openssl/demos/tunala/buffer.c205
-rw-r--r--crypto/openssl/demos/tunala/cb.c143
-rw-r--r--crypto/openssl/demos/tunala/configure.in29
-rw-r--r--crypto/openssl/demos/tunala/ip.c146
-rw-r--r--crypto/openssl/demos/tunala/sm.c151
-rwxr-xr-xcrypto/openssl/demos/tunala/test.sh107
-rw-r--r--crypto/openssl/demos/tunala/tunala.c1107
-rw-r--r--crypto/openssl/demos/tunala/tunala.h215
-rw-r--r--crypto/openssl/demos/x509/README3
-rw-r--r--crypto/openssl/demos/x509/mkcert.c172
-rw-r--r--crypto/openssl/demos/x509/mkreq.c161
-rw-r--r--crypto/openssl/doc/HOWTO/certificates.txt105
-rw-r--r--crypto/openssl/doc/HOWTO/keys.txt73
-rw-r--r--crypto/openssl/doc/HOWTO/proxy_certificates.txt322
-rw-r--r--crypto/openssl/doc/README12
-rw-r--r--crypto/openssl/doc/apps/CA.pl.pod179
-rw-r--r--crypto/openssl/doc/apps/asn1parse.pod171
-rw-r--r--crypto/openssl/doc/apps/ca.pod671
-rw-r--r--crypto/openssl/doc/apps/ciphers.pod416
-rw-r--r--crypto/openssl/doc/apps/config.pod279
-rw-r--r--crypto/openssl/doc/apps/crl.pod117
-rw-r--r--crypto/openssl/doc/apps/crl2pkcs7.pod91
-rw-r--r--crypto/openssl/doc/apps/dgst.pod110
-rw-r--r--crypto/openssl/doc/apps/dhparam.pod141
-rw-r--r--crypto/openssl/doc/apps/dsa.pod158
-rw-r--r--crypto/openssl/doc/apps/dsaparam.pod110
-rw-r--r--crypto/openssl/doc/apps/ec.pod190
-rw-r--r--crypto/openssl/doc/apps/ecparam.pod179
-rw-r--r--crypto/openssl/doc/apps/enc.pod271
-rw-r--r--crypto/openssl/doc/apps/errstr.pod39
-rw-r--r--crypto/openssl/doc/apps/gendsa.pod66
-rw-r--r--crypto/openssl/doc/apps/genrsa.pod96
-rw-r--r--crypto/openssl/doc/apps/nseq.pod70
-rw-r--r--crypto/openssl/doc/apps/ocsp.pod365
-rw-r--r--crypto/openssl/doc/apps/openssl.pod345
-rw-r--r--crypto/openssl/doc/apps/passwd.pod82
-rw-r--r--crypto/openssl/doc/apps/pkcs12.pod330
-rw-r--r--crypto/openssl/doc/apps/pkcs7.pod105
-rw-r--r--crypto/openssl/doc/apps/pkcs8.pod243
-rw-r--r--crypto/openssl/doc/apps/rand.pod50
-rw-r--r--crypto/openssl/doc/apps/req.pod611
-rw-r--r--crypto/openssl/doc/apps/rsa.pod189
-rw-r--r--crypto/openssl/doc/apps/rsautl.pod183
-rw-r--r--crypto/openssl/doc/apps/s_client.pod266
-rw-r--r--crypto/openssl/doc/apps/s_server.pod327
-rw-r--r--crypto/openssl/doc/apps/s_time.pod173
-rw-r--r--crypto/openssl/doc/apps/sess_id.pod151
-rw-r--r--crypto/openssl/doc/apps/smime.pod385
-rw-r--r--crypto/openssl/doc/apps/speed.pod59
-rw-r--r--crypto/openssl/doc/apps/spkac.pod133
-rw-r--r--crypto/openssl/doc/apps/verify.pod328
-rw-r--r--crypto/openssl/doc/apps/version.pod64
-rw-r--r--crypto/openssl/doc/apps/x509.pod832
-rw-r--r--crypto/openssl/doc/apps/x509v3_config.pod456
-rw-r--r--crypto/openssl/doc/c-indentation.el44
-rw-r--r--crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod43
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_length.pod81
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_new.pod44
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod96
-rw-r--r--crypto/openssl/doc/crypto/ASN1_generate_nconf.pod253
-rw-r--r--crypto/openssl/doc/crypto/BIO_ctrl.pod128
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_base64.pod81
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_buffer.pod69
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_cipher.pod76
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_md.pod138
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_null.pod32
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_ssl.pod313
-rw-r--r--crypto/openssl/doc/crypto/BIO_find_type.pod98
-rw-r--r--crypto/openssl/doc/crypto/BIO_new.pod65
-rw-r--r--crypto/openssl/doc/crypto/BIO_push.pod69
-rw-r--r--crypto/openssl/doc/crypto/BIO_read.pod66
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_accept.pod195
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_bio.pod182
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_connect.pod192
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_fd.pod89
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_file.pod144
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_mem.pod115
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_null.pod37
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_socket.pod63
-rw-r--r--crypto/openssl/doc/crypto/BIO_set_callback.pod108
-rw-r--r--crypto/openssl/doc/crypto/BIO_should_retry.pod114
-rw-r--r--crypto/openssl/doc/crypto/BN_BLINDING_new.pod109
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_new.pod53
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_start.pod52
-rw-r--r--crypto/openssl/doc/crypto/BN_add.pod126
-rw-r--r--crypto/openssl/doc/crypto/BN_add_word.pod61
-rw-r--r--crypto/openssl/doc/crypto/BN_bn2bin.pod95
-rw-r--r--crypto/openssl/doc/crypto/BN_cmp.pod48
-rw-r--r--crypto/openssl/doc/crypto/BN_copy.pod34
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod102
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_inverse.pod36
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod101
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod81
-rw-r--r--crypto/openssl/doc/crypto/BN_new.pod53
-rw-r--r--crypto/openssl/doc/crypto/BN_num_bytes.pod57
-rw-r--r--crypto/openssl/doc/crypto/BN_rand.pod58
-rw-r--r--crypto/openssl/doc/crypto/BN_set_bit.pod66
-rw-r--r--crypto/openssl/doc/crypto/BN_swap.pod23
-rw-r--r--crypto/openssl/doc/crypto/BN_zero.pod59
-rw-r--r--crypto/openssl/doc/crypto/CONF_modules_free.pod47
-rw-r--r--crypto/openssl/doc/crypto/CONF_modules_load_file.pod60
-rw-r--r--crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod51
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_key.pod50
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_parameters.pod73
-rw-r--r--crypto/openssl/doc/crypto/DH_get_ex_new_index.pod36
-rw-r--r--crypto/openssl/doc/crypto/DH_new.pod40
-rw-r--r--crypto/openssl/doc/crypto/DH_set_method.pod129
-rw-r--r--crypto/openssl/doc/crypto/DH_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/DSA_SIG_new.pod40
-rw-r--r--crypto/openssl/doc/crypto/DSA_do_sign.pod47
-rw-r--r--crypto/openssl/doc/crypto/DSA_dup_DH.pod36
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_key.pod34
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_parameters.pod105
-rw-r--r--crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod36
-rw-r--r--crypto/openssl/doc/crypto/DSA_new.pod42
-rw-r--r--crypto/openssl/doc/crypto/DSA_set_method.pod143
-rw-r--r--crypto/openssl/doc/crypto/DSA_sign.pod66
-rw-r--r--crypto/openssl/doc/crypto/DSA_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/ERR_GET_LIB.pod51
-rw-r--r--crypto/openssl/doc/crypto/ERR_clear_error.pod29
-rw-r--r--crypto/openssl/doc/crypto/ERR_error_string.pod73
-rw-r--r--crypto/openssl/doc/crypto/ERR_get_error.pod76
-rw-r--r--crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod46
-rw-r--r--crypto/openssl/doc/crypto/ERR_load_strings.pod54
-rw-r--r--crypto/openssl/doc/crypto/ERR_print_errors.pod51
-rw-r--r--crypto/openssl/doc/crypto/ERR_put_error.pod44
-rw-r--r--crypto/openssl/doc/crypto/ERR_remove_state.pod34
-rw-r--r--crypto/openssl/doc/crypto/ERR_set_mark.pod38
-rw-r--r--crypto/openssl/doc/crypto/EVP_BytesToKey.pod67
-rw-r--r--crypto/openssl/doc/crypto/EVP_DigestInit.pod256
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod511
-rw-r--r--crypto/openssl/doc/crypto/EVP_OpenInit.pod63
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_new.pod47
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod80
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod85
-rw-r--r--crypto/openssl/doc/crypto/EVP_SignInit.pod95
-rw-r--r--crypto/openssl/doc/crypto/EVP_VerifyInit.pod86
-rw-r--r--crypto/openssl/doc/crypto/OBJ_nid2obj.pod149
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_Applink.pod21
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod101
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_config.pod82
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod35
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod51
-rw-r--r--crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod66
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_create.pod75
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_parse.pod50
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_decrypt.pod53
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_encrypt.pod65
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_sign.pod101
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_verify.pod116
-rw-r--r--crypto/openssl/doc/crypto/RAND_add.pod77
-rw-r--r--crypto/openssl/doc/crypto/RAND_bytes.pod47
-rw-r--r--crypto/openssl/doc/crypto/RAND_cleanup.pod29
-rw-r--r--crypto/openssl/doc/crypto/RAND_egd.pod85
-rw-r--r--crypto/openssl/doc/crypto/RAND_load_file.pod53
-rw-r--r--crypto/openssl/doc/crypto/RAND_set_rand_method.pod83
-rw-r--r--crypto/openssl/doc/crypto/RSA_blinding_on.pod43
-rw-r--r--crypto/openssl/doc/crypto/RSA_check_key.pod67
-rw-r--r--crypto/openssl/doc/crypto/RSA_generate_key.pod69
-rw-r--r--crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod120
-rw-r--r--crypto/openssl/doc/crypto/RSA_new.pod41
-rw-r--r--crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod124
-rw-r--r--crypto/openssl/doc/crypto/RSA_print.pod49
-rw-r--r--crypto/openssl/doc/crypto/RSA_private_encrypt.pod70
-rw-r--r--crypto/openssl/doc/crypto/RSA_public_encrypt.pod84
-rw-r--r--crypto/openssl/doc/crypto/RSA_set_method.pod202
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign.pod62
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod59
-rw-r--r--crypto/openssl/doc/crypto/RSA_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod71
-rw-r--r--crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod61
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod72
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod114
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod106
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_print_ex.pod105
-rw-r--r--crypto/openssl/doc/crypto/X509_new.pod37
-rw-r--r--crypto/openssl/doc/crypto/bio.pod54
-rw-r--r--crypto/openssl/doc/crypto/blowfish.pod112
-rw-r--r--crypto/openssl/doc/crypto/bn.pod181
-rw-r--r--crypto/openssl/doc/crypto/bn_internal.pod226
-rw-r--r--crypto/openssl/doc/crypto/buffer.pod73
-rw-r--r--crypto/openssl/doc/crypto/crypto.pod85
-rw-r--r--crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod29
-rw-r--r--crypto/openssl/doc/crypto/d2i_DHparams.pod30
-rw-r--r--crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod83
-rw-r--r--crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod56
-rw-r--r--crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod67
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509.pod231
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod30
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_CRL.pod37
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_NAME.pod31
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_REQ.pod36
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_SIG.pod30
-rw-r--r--crypto/openssl/doc/crypto/des.pod358
-rw-r--r--crypto/openssl/doc/crypto/des_modes.pod255
-rw-r--r--crypto/openssl/doc/crypto/dh.pod78
-rw-r--r--crypto/openssl/doc/crypto/dsa.pod114
-rw-r--r--crypto/openssl/doc/crypto/ecdsa.pod210
-rw-r--r--crypto/openssl/doc/crypto/engine.pod599
-rw-r--r--crypto/openssl/doc/crypto/err.pod187
-rw-r--r--crypto/openssl/doc/crypto/evp.pod45
-rw-r--r--crypto/openssl/doc/crypto/hmac.pod102
-rw-r--r--crypto/openssl/doc/crypto/lh_stats.pod60
-rw-r--r--crypto/openssl/doc/crypto/lhash.pod294
-rw-r--r--crypto/openssl/doc/crypto/md5.pod101
-rw-r--r--crypto/openssl/doc/crypto/mdc2.pod64
-rw-r--r--crypto/openssl/doc/crypto/pem.pod476
-rw-r--r--crypto/openssl/doc/crypto/rand.pod175
-rw-r--r--crypto/openssl/doc/crypto/rc4.pod62
-rw-r--r--crypto/openssl/doc/crypto/ripemd.pod66
-rw-r--r--crypto/openssl/doc/crypto/rsa.pod123
-rw-r--r--crypto/openssl/doc/crypto/sha.pod70
-rw-r--r--crypto/openssl/doc/crypto/threads.pod175
-rw-r--r--crypto/openssl/doc/crypto/ui.pod194
-rw-r--r--crypto/openssl/doc/crypto/ui_compat.pod55
-rw-r--r--crypto/openssl/doc/crypto/x509.pod64
-rw-r--r--crypto/openssl/doc/fingerprints.txt57
-rw-r--r--crypto/openssl/doc/openssl-shared.txt32
-rw-r--r--crypto/openssl/doc/openssl.txt1254
-rw-r--r--crypto/openssl/doc/openssl_button.gifbin2063 -> 0 bytes
-rw-r--r--crypto/openssl/doc/openssl_button.html7
-rw-r--r--crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod112
-rw-r--r--crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod70
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod39
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_add_session.pod73
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod34
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod49
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_free.pod41
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod53
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod50
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod124
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_new.pod94
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sess_number.pod76
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod51
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod87
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sessions.pod34
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod57
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod75
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod70
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod94
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod94
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod76
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod150
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod153
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod77
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod81
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod99
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_options.pod235
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod63
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod137
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod83
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod61
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod59
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod170
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod166
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod294
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod169
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_free.pod55
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod61
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod64
-rw-r--r--crypto/openssl/doc/ssl/SSL_accept.pod76
-rw-r--r--crypto/openssl/doc/ssl/SSL_alert_type_string.pod228
-rw-r--r--crypto/openssl/doc/ssl/SSL_clear.pod69
-rw-r--r--crypto/openssl/doc/ssl/SSL_connect.pod73
-rw-r--r--crypto/openssl/doc/ssl/SSL_do_handshake.pod75
-rw-r--r--crypto/openssl/doc/ssl/SSL_free.pod44
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod26
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ciphers.pod42
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod53
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_current_cipher.pod43
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_default_timeout.pod41
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_error.pod114
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod61
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod59
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_fd.pod44
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod52
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod55
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_rbio.pod40
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_session.pod73
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_verify_result.pod57
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_version.pod46
-rw-r--r--crypto/openssl/doc/ssl/SSL_library_init.pod52
-rw-r--r--crypto/openssl/doc/ssl/SSL_load_client_CA_file.pod62
-rw-r--r--crypto/openssl/doc/ssl/SSL_new.pod44
-rw-r--r--crypto/openssl/doc/ssl/SSL_pending.pod43
-rw-r--r--crypto/openssl/doc/ssl/SSL_read.pod118
-rw-r--r--crypto/openssl/doc/ssl/SSL_rstate_string.pod59
-rw-r--r--crypto/openssl/doc/ssl/SSL_session_reused.pod45
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_bio.pod34
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_connect_state.pod55
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_fd.pod54
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_session.pod57
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_shutdown.pod72
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_verify_result.pod38
-rw-r--r--crypto/openssl/doc/ssl/SSL_shutdown.pod125
-rw-r--r--crypto/openssl/doc/ssl/SSL_state_string.pod45
-rw-r--r--crypto/openssl/doc/ssl/SSL_want.pod77
-rw-r--r--crypto/openssl/doc/ssl/SSL_write.pod109
-rw-r--r--crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod66
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod736
-rw-r--r--crypto/openssl/doc/ssleay.txt7030
-rw-r--r--crypto/openssl/doc/standards.txt272
-rw-r--r--crypto/openssl/e_os.h665
-rw-r--r--crypto/openssl/e_os2.h279
-rw-r--r--crypto/openssl/engines/Makefile249
-rw-r--r--crypto/openssl/engines/axp.opt1
-rw-r--r--crypto/openssl/engines/e_4758cca.c994
-rw-r--r--crypto/openssl/engines/e_4758cca.ec1
-rw-r--r--crypto/openssl/engines/e_4758cca_err.c153
-rw-r--r--crypto/openssl/engines/e_4758cca_err.h93
-rw-r--r--crypto/openssl/engines/e_aep.c1137
-rw-r--r--crypto/openssl/engines/e_aep.ec1
-rw-r--r--crypto/openssl/engines/e_aep_err.c161
-rw-r--r--crypto/openssl/engines/e_aep_err.h101
-rw-r--r--crypto/openssl/engines/e_atalla.c607
-rw-r--r--crypto/openssl/engines/e_atalla.ec1
-rw-r--r--crypto/openssl/engines/e_atalla_err.c149
-rw-r--r--crypto/openssl/engines/e_atalla_err.h89
-rw-r--r--crypto/openssl/engines/e_chil.c1374
-rw-r--r--crypto/openssl/engines/e_chil.ec1
-rw-r--r--crypto/openssl/engines/e_chil_err.c161
-rw-r--r--crypto/openssl/engines/e_chil_err.h101
-rw-r--r--crypto/openssl/engines/e_cswift.c1131
-rw-r--r--crypto/openssl/engines/e_cswift.ec1
-rw-r--r--crypto/openssl/engines/e_cswift_err.c154
-rw-r--r--crypto/openssl/engines/e_cswift_err.h94
-rw-r--r--crypto/openssl/engines/e_gmp.c435
-rw-r--r--crypto/openssl/engines/e_gmp.ec1
-rw-r--r--crypto/openssl/engines/e_gmp_err.c141
-rw-r--r--crypto/openssl/engines/e_gmp_err.h81
-rw-r--r--crypto/openssl/engines/e_nuron.c434
-rw-r--r--crypto/openssl/engines/e_nuron.ec1
-rw-r--r--crypto/openssl/engines/e_nuron_err.c146
-rw-r--r--crypto/openssl/engines/e_nuron_err.h86
-rw-r--r--crypto/openssl/engines/e_sureware.c1057
-rw-r--r--crypto/openssl/engines/e_sureware.ec1
-rw-r--r--crypto/openssl/engines/e_sureware_err.c158
-rw-r--r--crypto/openssl/engines/e_sureware_err.h98
-rw-r--r--crypto/openssl/engines/e_ubsec.c1070
-rw-r--r--crypto/openssl/engines/e_ubsec.ec1
-rw-r--r--crypto/openssl/engines/e_ubsec_err.c157
-rw-r--r--crypto/openssl/engines/e_ubsec_err.h97
-rw-r--r--crypto/openssl/engines/engine_vector.mar24
-rw-r--r--crypto/openssl/engines/vax.opt9
-rw-r--r--crypto/openssl/engines/vendor_defns/aep.h178
-rw-r--r--crypto/openssl/engines/vendor_defns/atalla.h48
-rw-r--r--crypto/openssl/engines/vendor_defns/cswift.h234
-rw-r--r--crypto/openssl/engines/vendor_defns/hw_4758_cca.h149
-rw-r--r--crypto/openssl/engines/vendor_defns/hw_ubsec.h100
-rw-r--r--crypto/openssl/engines/vendor_defns/hwcryptohook.h486
-rw-r--r--crypto/openssl/engines/vendor_defns/sureware.h239
-rw-r--r--crypto/openssl/openssl.doxy7
-rw-r--r--crypto/openssl/openssl.spec209
-rw-r--r--crypto/openssl/shlib/README1
-rw-r--r--crypto/openssl/ssl/Makefile970
-rw-r--r--crypto/openssl/ssl/bio_ssl.c598
-rw-r--r--crypto/openssl/ssl/d1_both.c1263
-rw-r--r--crypto/openssl/ssl/d1_clnt.c1143
-rw-r--r--crypto/openssl/ssl/d1_enc.c281
-rw-r--r--crypto/openssl/ssl/d1_lib.c190
-rw-r--r--crypto/openssl/ssl/d1_meth.c77
-rw-r--r--crypto/openssl/ssl/d1_pkt.c1776
-rw-r--r--crypto/openssl/ssl/d1_srvr.c1130
-rw-r--r--crypto/openssl/ssl/dtls1.h212
-rw-r--r--crypto/openssl/ssl/kssl.c2184
-rw-r--r--crypto/openssl/ssl/kssl.h179
-rw-r--r--crypto/openssl/ssl/kssl_lcl.h87
-rw-r--r--crypto/openssl/ssl/s23_clnt.c582
-rw-r--r--crypto/openssl/ssl/s23_lib.c198
-rw-r--r--crypto/openssl/ssl/s23_meth.c88
-rw-r--r--crypto/openssl/ssl/s23_pkt.c117
-rw-r--r--crypto/openssl/ssl/s23_srvr.c573
-rw-r--r--crypto/openssl/ssl/s2_clnt.c1123
-rw-r--r--crypto/openssl/ssl/s2_enc.c191
-rw-r--r--crypto/openssl/ssl/s2_lib.c478
-rw-r--r--crypto/openssl/ssl/s2_meth.c84
-rw-r--r--crypto/openssl/ssl/s2_pkt.c737
-rw-r--r--crypto/openssl/ssl/s2_srvr.c1143
-rw-r--r--crypto/openssl/ssl/s3_both.c622
-rw-r--r--crypto/openssl/ssl/s3_clnt.c2456
-rw-r--r--crypto/openssl/ssl/s3_enc.c715
-rw-r--r--crypto/openssl/ssl/s3_lib.c2406
-rw-r--r--crypto/openssl/ssl/s3_meth.c77
-rw-r--r--crypto/openssl/ssl/s3_pkt.c1315
-rw-r--r--crypto/openssl/ssl/s3_srvr.c2597
-rw-r--r--crypto/openssl/ssl/ssl.h1960
-rw-r--r--crypto/openssl/ssl/ssl2.h268
-rw-r--r--crypto/openssl/ssl/ssl23.h83
-rw-r--r--crypto/openssl/ssl/ssl3.h555
-rw-r--r--crypto/openssl/ssl/ssl_algs.c131
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c398
-rw-r--r--crypto/openssl/ssl/ssl_cert.c829
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c1341
-rw-r--r--crypto/openssl/ssl/ssl_err.c500
-rw-r--r--crypto/openssl/ssl/ssl_err2.c70
-rw-r--r--crypto/openssl/ssl/ssl_lib.c2590
-rw-r--r--crypto/openssl/ssl/ssl_locl.h950
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c777
-rw-r--r--crypto/openssl/ssl/ssl_sess.c767
-rw-r--r--crypto/openssl/ssl/ssl_stat.c502
-rw-r--r--crypto/openssl/ssl/ssl_task.c369
-rw-r--r--crypto/openssl/ssl/ssl_txt.c188
-rw-r--r--crypto/openssl/ssl/ssltest.c2294
-rw-r--r--crypto/openssl/ssl/t1_clnt.c79
-rw-r--r--crypto/openssl/ssl/t1_enc.c839
-rw-r--r--crypto/openssl/ssl/t1_lib.c119
-rw-r--r--crypto/openssl/ssl/t1_meth.c76
-rw-r--r--crypto/openssl/ssl/t1_srvr.c80
-rw-r--r--crypto/openssl/ssl/tls1.h305
-rw-r--r--crypto/openssl/test/CAss.cnf76
-rw-r--r--crypto/openssl/test/CAssdh.cnf24
-rw-r--r--crypto/openssl/test/CAssdsa.cnf23
-rw-r--r--crypto/openssl/test/CAssrsa.cnf24
-rw-r--r--crypto/openssl/test/Makefile624
-rw-r--r--crypto/openssl/test/P1ss.cnf37
-rw-r--r--crypto/openssl/test/P2ss.cnf45
-rw-r--r--crypto/openssl/test/Sssdsa.cnf27
-rw-r--r--crypto/openssl/test/Sssrsa.cnf26
-rw-r--r--crypto/openssl/test/Uss.cnf36
-rw-r--r--crypto/openssl/test/VMSca-response.11
-rw-r--r--crypto/openssl/test/VMSca-response.22
-rwxr-xr-xcrypto/openssl/test/bctest111
-rw-r--r--crypto/openssl/test/dummytest.c48
-rw-r--r--crypto/openssl/test/evptests.txt312
-rw-r--r--crypto/openssl/test/igetest.c486
-rw-r--r--crypto/openssl/test/methtest.c105
-rw-r--r--crypto/openssl/test/pkcs7-1.pem15
-rw-r--r--crypto/openssl/test/pkcs7.pem54
-rw-r--r--crypto/openssl/test/r160test.c57
-rw-r--r--crypto/openssl/test/tcrl78
-rw-r--r--crypto/openssl/test/test.cnf88
-rw-r--r--crypto/openssl/test/testca51
-rw-r--r--crypto/openssl/test/testcrl.pem16
-rw-r--r--crypto/openssl/test/testenc54
-rw-r--r--crypto/openssl/test/testfipsssl113
-rw-r--r--crypto/openssl/test/testgen44
-rw-r--r--crypto/openssl/test/testp7.pem46
-rw-r--r--crypto/openssl/test/testreq2.pem7
-rw-r--r--crypto/openssl/test/testrsa.pem9
-rw-r--r--crypto/openssl/test/testsid.pem12
-rw-r--r--crypto/openssl/test/testss163
-rw-r--r--crypto/openssl/test/testssl145
-rw-r--r--crypto/openssl/test/testsslproxy10
-rw-r--r--crypto/openssl/test/testx509.pem10
-rw-r--r--crypto/openssl/test/times113
-rw-r--r--crypto/openssl/test/tpkcs748
-rw-r--r--crypto/openssl/test/tpkcs7d41
-rw-r--r--crypto/openssl/test/treq83
-rw-r--r--crypto/openssl/test/trsa83
-rw-r--r--crypto/openssl/test/tsid78
-rw-r--r--crypto/openssl/test/tx50978
-rw-r--r--crypto/openssl/test/v3-cert1.pem16
-rw-r--r--crypto/openssl/test/v3-cert2.pem16
-rw-r--r--crypto/openssl/times/090/586-100.nt32
-rw-r--r--crypto/openssl/times/091/486-50.nt30
-rw-r--r--crypto/openssl/times/091/586-100.lnx32
-rw-r--r--crypto/openssl/times/091/68000.bsd32
-rw-r--r--crypto/openssl/times/091/686-200.lnx32
-rw-r--r--crypto/openssl/times/091/alpha064.osf32
-rw-r--r--crypto/openssl/times/091/alpha164.lnx32
-rw-r--r--crypto/openssl/times/091/alpha164.osf31
-rw-r--r--crypto/openssl/times/091/mips-rel.pl21
-rw-r--r--crypto/openssl/times/091/r10000.irx37
-rw-r--r--crypto/openssl/times/091/r3000.ult32
-rw-r--r--crypto/openssl/times/091/r4400.irx32
-rw-r--r--crypto/openssl/times/100.lnx32
-rw-r--r--crypto/openssl/times/100.nt29
-rw-r--r--crypto/openssl/times/200.lnx30
-rw-r--r--crypto/openssl/times/486-66.dos22
-rw-r--r--crypto/openssl/times/486-66.nt22
-rw-r--r--crypto/openssl/times/486-66.w3123
-rw-r--r--crypto/openssl/times/5.lnx29
-rw-r--r--crypto/openssl/times/586-085i.nt29
-rw-r--r--crypto/openssl/times/586-100.LN326
-rw-r--r--crypto/openssl/times/586-100.NT226
-rw-r--r--crypto/openssl/times/586-100.dos24
-rw-r--r--crypto/openssl/times/586-100.ln426
-rw-r--r--crypto/openssl/times/586-100.lnx23
-rw-r--r--crypto/openssl/times/586-100.nt23
-rw-r--r--crypto/openssl/times/586-100.ntx30
-rw-r--r--crypto/openssl/times/586-100.w3127
-rw-r--r--crypto/openssl/times/586-1002.lnx26
-rw-r--r--crypto/openssl/times/586p-100.lnx26
-rw-r--r--crypto/openssl/times/686-200.bsd25
-rw-r--r--crypto/openssl/times/686-200.lnx26
-rw-r--r--crypto/openssl/times/686-200.nt24
-rw-r--r--crypto/openssl/times/L127
-rw-r--r--crypto/openssl/times/R10000.t24
-rw-r--r--crypto/openssl/times/R4400.t26
-rw-r--r--crypto/openssl/times/aix.t34
-rw-r--r--crypto/openssl/times/aixold.t23
-rw-r--r--crypto/openssl/times/alpha.t81
-rw-r--r--crypto/openssl/times/alpha400.t25
-rw-r--r--crypto/openssl/times/cyrix100.lnx22
-rw-r--r--crypto/openssl/times/dgux-x86.t23
-rw-r--r--crypto/openssl/times/dgux.t17
-rw-r--r--crypto/openssl/times/hpux-acc.t25
-rw-r--r--crypto/openssl/times/hpux-kr.t23
-rw-r--r--crypto/openssl/times/hpux.t86
-rw-r--r--crypto/openssl/times/p2.w9522
-rw-r--r--crypto/openssl/times/pent2.t24
-rw-r--r--crypto/openssl/times/readme11
-rw-r--r--crypto/openssl/times/s586-100.lnx25
-rw-r--r--crypto/openssl/times/s586-100.nt23
-rw-r--r--crypto/openssl/times/sgi.t29
-rw-r--r--crypto/openssl/times/sparc.t26
-rw-r--r--crypto/openssl/times/sparc221
-rw-r--r--crypto/openssl/times/sparcLX.t22
-rw-r--r--crypto/openssl/times/usparc.t25
-rw-r--r--crypto/openssl/times/x86/bfs.cpp67
-rw-r--r--crypto/openssl/times/x86/casts.cpp67
-rw-r--r--crypto/openssl/times/x86/des3s.cpp67
-rw-r--r--crypto/openssl/times/x86/dess.cpp67
-rw-r--r--crypto/openssl/times/x86/md4s.cpp78
-rw-r--r--crypto/openssl/times/x86/md5s.cpp78
-rw-r--r--crypto/openssl/times/x86/rc4s.cpp73
-rw-r--r--crypto/openssl/times/x86/sha1s.cpp79
-rw-r--r--crypto/openssl/tools/Makefile58
-rwxr-xr-xcrypto/openssl/tools/c89.sh15
-rw-r--r--crypto/openssl/tools/c_hash9
-rw-r--r--crypto/openssl/tools/c_info12
-rw-r--r--crypto/openssl/tools/c_issuer10
-rw-r--r--crypto/openssl/tools/c_name10
-rw-r--r--crypto/openssl/tools/c_rehash160
-rw-r--r--crypto/openssl/tools/c_rehash.in160
-rwxr-xr-xcrypto/openssl/util/FreeBSD.sh6
-rwxr-xr-xcrypto/openssl/util/add_cr.pl123
-rwxr-xr-xcrypto/openssl/util/bat.sh134
-rwxr-xr-xcrypto/openssl/util/ck_errf.pl50
-rwxr-xr-xcrypto/openssl/util/clean-depend.pl54
-rw-r--r--crypto/openssl/util/copy.pl59
-rwxr-xr-xcrypto/openssl/util/deleof.pl7
-rw-r--r--crypto/openssl/util/dirname.pl18
-rwxr-xr-xcrypto/openssl/util/do_ms.sh19
-rwxr-xr-xcrypto/openssl/util/domd34
-rwxr-xr-xcrypto/openssl/util/err-ins.pl33
-rw-r--r--crypto/openssl/util/extract-names.pl26
-rw-r--r--crypto/openssl/util/extract-section.pl12
-rwxr-xr-xcrypto/openssl/util/files.pl61
-rwxr-xr-xcrypto/openssl/util/fixNT.sh14
-rwxr-xr-xcrypto/openssl/util/install.sh108
-rwxr-xr-xcrypto/openssl/util/libeay.num3411
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl1091
-rwxr-xr-xcrypto/openssl/util/mkcerts.sh220
-rwxr-xr-xcrypto/openssl/util/mkdef.pl1442
-rwxr-xr-xcrypto/openssl/util/mkdir-p.pl34
-rw-r--r--crypto/openssl/util/mkerr.pl712
-rwxr-xr-xcrypto/openssl/util/mkfiles.pl123
-rwxr-xr-xcrypto/openssl/util/mklink.pl72
-rwxr-xr-xcrypto/openssl/util/mkstack.pl126
-rwxr-xr-xcrypto/openssl/util/opensslwrap.sh22
-rwxr-xr-xcrypto/openssl/util/perlpath.pl35
-rw-r--r--crypto/openssl/util/pl/BC-16.pl151
-rw-r--r--crypto/openssl/util/pl/BC-32.pl139
-rw-r--r--crypto/openssl/util/pl/Mingw32.pl106
-rw-r--r--crypto/openssl/util/pl/OS2-EMX.pl120
-rw-r--r--crypto/openssl/util/pl/VC-16.pl177
-rw-r--r--crypto/openssl/util/pl/VC-32.pl298
-rw-r--r--crypto/openssl/util/pl/VC-CE.pl116
-rw-r--r--crypto/openssl/util/pl/linux.pl104
-rw-r--r--crypto/openssl/util/pl/netware.pl341
-rw-r--r--crypto/openssl/util/pl/ultrix.pl38
-rw-r--r--crypto/openssl/util/pl/unix.pl96
-rwxr-xr-xcrypto/openssl/util/pod2man.pl1184
-rwxr-xr-xcrypto/openssl/util/pod2mantest58
-rw-r--r--crypto/openssl/util/pod2mantest.pod15
-rwxr-xr-xcrypto/openssl/util/point.sh10
-rw-r--r--crypto/openssl/util/selftest.pl201
-rwxr-xr-xcrypto/openssl/util/shlib_wrap.sh70
-rwxr-xr-xcrypto/openssl/util/sp-diff.pl80
-rwxr-xr-xcrypto/openssl/util/speed.sh39
-rwxr-xr-xcrypto/openssl/util/src-dep.pl147
-rwxr-xr-xcrypto/openssl/util/ssleay.num228
-rwxr-xr-xcrypto/openssl/util/tab_num.pl17
-rwxr-xr-xcrypto/openssl/util/x86asm.sh42
1799 files changed, 0 insertions, 451396 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
deleted file mode 100644
index b25fde566438..000000000000
--- a/crypto/openssl/CHANGES
+++ /dev/null
@@ -1,7778 +0,0 @@
-
- OpenSSL CHANGES
- _______________
-
- Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
-
- *) Introduce limits to prevent malicious keys being able to
- cause a denial of service. (CVE-2006-2940)
- [Steve Henson, Bodo Moeller]
-
- *) Fix ASN.1 parsing of certain invalid structures that can result
- in a denial of service. (CVE-2006-2937) [Steve Henson]
-
- *) Fix buffer overflow in SSL_get_shared_ciphers() function.
- (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Fix SSL client code which could crash if connecting to a
- malicious SSLv2 server. (CVE-2006-4343)
- [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
- match only those. Before that, "AES256-SHA" would be interpreted
- as a pattern and match "AES128-SHA" too (since AES128-SHA got
- the same strength classification in 0.9.7h) as we currently only
- have a single AES bit in the ciphersuite description bitmap.
- That change, however, also applied to ciphersuite strings such as
- "RC4-MD5" that intentionally matched multiple ciphersuites --
- namely, SSL 2.0 ciphersuites in addition to the more common ones
- from SSL 3.0/TLS 1.0.
-
- So we change the selection algorithm again: Naming an explicit
- ciphersuite selects this one ciphersuite, and any other similar
- ciphersuite (same bitmap) from *other* protocol versions.
- Thus, "RC4-MD5" again will properly select both the SSL 2.0
- ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
-
- Since SSL 2.0 does not have any ciphersuites for which the
- 128/256 bit distinction would be relevant, this works for now.
- The proper fix will be to use different bits for AES128 and
- AES256, which would have avoided the problems from the beginning;
- however, bits are scarce, so we can only do this in a new release
- (not just a patchlevel) when we can change the SSL_CIPHER
- definition to split the single 'unsigned long mask' bitmap into
- multiple values to extend the available space.
-
- [Bodo Moeller]
-
- Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
-
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
-
- *) Add AES IGE and biIGE modes.
- [Ben Laurie]
-
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations.
- [Darryl Miles via Richard Levitte and Bodo Moeller]
-
- *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
- treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
- cannot be implicitly activated as part of, e.g., the "AES" alias.
- However, please upgrade to OpenSSL 0.9.9[-dev] for
- non-experimental use of the ECC ciphersuites to get TLS extension
- support, which is required for curve and point format negotiation
- to avoid potential handshake problems.
- [Bodo Moeller]
-
- *) Disable rogue ciphersuites:
-
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
-
- Also deactive the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired.
- [Bodo Moeller]
-
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
-
- *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
- versions), which is now available for royalty-free use
- (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
- Also, add Camellia TLS ciphersuites from RFC 4132.
-
- To minimize changes between patchlevels in the OpenSSL 0.9.8
- series, Camellia remains excluded from compilation unless OpenSSL
- is configured with 'enable-camellia'.
- [NTT]
-
- *) Disable the padding bug check when compression is in use. The padding
- bug check assumes the first packet is of even length, this is not
- necessarily true if compresssion is enabled and can result in false
- positives causing handshake failure. The actual bug test is ancient
- code so it is hoped that implementations will either have fixed it by
- now or any which still have the bug do not support compression.
- [Steve Henson]
-
- Changes between 0.9.8a and 0.9.8b [04 May 2006]
-
- *) When applying a cipher rule check to see if string match is an explicit
- cipher suite and only match that one cipher suite if it is.
- [Steve Henson]
-
- *) Link in manifests for VC++ if needed.
- [Austin Ziegler <halostatue@gmail.com>]
-
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-12.txt with proposed changes (but without
- TLS extensions, which are supported starting with the 0.9.9
- branch, not in the OpenSSL 0.9.8 branch).
- [Douglas Stebila]
-
- *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
- opaque EVP_CIPHER_CTX handling.
- [Steve Henson]
-
- *) Fixes and enhancements to zlib compression code. We now only use
- "zlib1.dll" and use the default __cdecl calling convention on Win32
- to conform with the standards mentioned here:
- http://www.zlib.net/DLL_FAQ.txt
- Static zlib linking now works on Windows and the new --with-zlib-include
- --with-zlib-lib options to Configure can be used to supply the location
- of the headers and library. Gracefully handle case where zlib library
- can't be loaded.
- [Steve Henson]
-
- *) Several fixes and enhancements to the OID generation code. The old code
- sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
- handle numbers larger than ULONG_MAX, truncated printing and had a
- non standard OBJ_obj2txt() behaviour.
- [Steve Henson]
-
- *) Add support for building of engines under engine/ as shared libraries
- under VC++ build system.
- [Steve Henson]
-
- *) Corrected the numerous bugs in the Win32 path splitter in DSO.
- Hopefully, we will not see any false combination of paths any more.
- [Richard Levitte]
-
- Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
-
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CVE-2005-2969)
-
- [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
- for Information Security, National Institute of Advanced Industrial
- Science and Technology [AIST], Japan)]
-
- *) Add two function to clear and return the verify parameter flags.
- [Steve Henson]
-
- *) Keep cipherlists sorted in the source instead of sorting them at
- runtime, thus removing the need for a lock.
- [Nils Larsch]
-
- *) Avoid some small subgroup attacks in Diffie-Hellman.
- [Nick Mathewson and Ben Laurie]
-
- *) Add functions for well-known primes.
- [Nick Mathewson]
-
- *) Extended Windows CE support.
- [Satoshi Nakamura and Andy Polyakov]
-
- *) Initialize SSL_METHOD structures at compile time instead of during
- runtime, thus removing the need for a lock.
- [Steve Henson]
-
- *) Make PKCS7_decrypt() work even if no certificate is supplied by
- attempting to decrypt each encrypted key in turn. Add support to
- smime utility.
- [Steve Henson]
-
- Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
-
- [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
- OpenSSL 0.9.8.]
-
- *) Add libcrypto.pc and libssl.pc for those who feel they need them.
- [Richard Levitte]
-
- *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
- key into the same file any more.
- [Richard Levitte]
-
- *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
- [Andy Polyakov]
-
- *) Add -utf8 command line and config file option to 'ca'.
- [Stefan <stf@udoma.org]
-
- *) Removed the macro des_crypt(), as it seems to conflict with some
- libraries. Use DES_crypt().
- [Richard Levitte]
-
- *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
- involves renaming the source and generated shared-libs for
- both. The engines will accept the corrected or legacy ids
- ('ncipher' and '4758_cca' respectively) when binding. NB,
- this only applies when building 'shared'.
- [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
-
- *) Add attribute functions to EVP_PKEY structure. Modify
- PKCS12_create() to recognize a CSP name attribute and
- use it. Make -CSP option work again in pkcs12 utility.
- [Steve Henson]
-
- *) Add new functionality to the bn blinding code:
- - automatic re-creation of the BN_BLINDING parameters after
- a fixed number of uses (currently 32)
- - add new function for parameter creation
- - introduce flags to control the update behaviour of the
- BN_BLINDING parameters
- - hide BN_BLINDING structure
- Add a second BN_BLINDING slot to the RSA structure to improve
- performance when a single RSA object is shared among several
- threads.
- [Nils Larsch]
-
- *) Add support for DTLS.
- [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
-
- *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
- to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
- [Walter Goulet]
-
- *) Remove buggy and incompletet DH cert support from
- ssl/ssl_rsa.c and ssl/s3_both.c
- [Nils Larsch]
-
- *) Use SHA-1 instead of MD5 as the default digest algorithm for
- the apps/openssl applications.
- [Nils Larsch]
-
- *) Compile clean with "-Wall -Wmissing-prototypes
- -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
- DEBUG_SAFESTACK must also be set.
- [Ben Laurie]
-
- *) Change ./Configure so that certain algorithms can be disabled by default.
- The new counterpiece to "no-xxx" is "enable-xxx".
-
- The patented RC5 and MDC2 algorithms will now be disabled unless
- "enable-rc5" and "enable-mdc2", respectively, are specified.
-
- (IDEA remains enabled despite being patented. This is because IDEA
- is frequently required for interoperability, and there is no license
- fee for non-commercial use. As before, "no-idea" can be used to
- avoid this algorithm.)
-
- [Bodo Moeller]
-
- *) Add processing of proxy certificates (see RFC 3820). This work was
- sponsored by KTH (The Royal Institute of Technology in Stockholm) and
- EGEE (Enabling Grids for E-science in Europe).
- [Richard Levitte]
-
- *) RC4 performance overhaul on modern architectures/implementations, such
- as Intel P4, IA-64 and AMD64.
- [Andy Polyakov]
-
- *) New utility extract-section.pl. This can be used specify an alternative
- section number in a pod file instead of having to treat each file as
- a separate case in Makefile. This can be done by adding two lines to the
- pod file:
-
- =for comment openssl_section:XXX
-
- The blank line is mandatory.
-
- [Steve Henson]
-
- *) New arguments -certform, -keyform and -pass for s_client and s_server
- to allow alternative format key and certificate files and passphrase
- sources.
- [Steve Henson]
-
- *) New structure X509_VERIFY_PARAM which combines current verify parameters,
- update associated structures and add various utility functions.
-
- Add new policy related verify parameters, include policy checking in
- standard verify code. Enhance 'smime' application with extra parameters
- to support policy checking and print out.
- [Steve Henson]
-
- *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
- Nehemiah processors. These extensions support AES encryption in hardware
- as well as RNG (though RNG support is currently disabled).
- [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
-
- *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
- [Geoff Thorpe]
-
- *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
- [Andy Polyakov and a number of other people]
-
- *) Improved PowerPC platform support. Most notably BIGNUM assembler
- implementation contributed by IBM.
- [Suresh Chari, Peter Waltenberg, Andy Polyakov]
-
- *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
- exponent rather than 'unsigned long'. There is a corresponding change to
- the new 'rsa_keygen' element of the RSA_METHOD structure.
- [Jelte Jansen, Geoff Thorpe]
-
- *) Functionality for creating the initial serial number file is now
- moved from CA.pl to the 'ca' utility with a new option -create_serial.
-
- (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
- number file to 1, which is bound to cause problems. To avoid
- the problems while respecting compatibility between different 0.9.7
- patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
- CA.pl for serial number initialization. With the new release 0.9.8,
- we can fix the problem directly in the 'ca' utility.)
- [Steve Henson]
-
- *) Reduced header interdepencies by declaring more opaque objects in
- ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
- give fewer recursive includes, which could break lazy source code - so
- this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
- developers should define this symbol when building and using openssl to
- ensure they track the recommended behaviour, interfaces, [etc], but
- backwards-compatible behaviour prevails when this isn't defined.
- [Geoff Thorpe]
-
- *) New function X509_POLICY_NODE_print() which prints out policy nodes.
- [Steve Henson]
-
- *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
- This will generate a random key of the appropriate length based on the
- cipher context. The EVP_CIPHER can provide its own random key generation
- routine to support keys of a specific form. This is used in the des and
- 3des routines to generate a key of the correct parity. Update S/MIME
- code to use new functions and hence generate correct parity DES keys.
- Add EVP_CHECK_DES_KEY #define to return an error if the key is not
- valid (weak or incorrect parity).
- [Steve Henson]
-
- *) Add a local set of CRLs that can be used by X509_verify_cert() as well
- as looking them up. This is useful when the verified structure may contain
- CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
- present unless the new PKCS7_NO_CRL flag is asserted.
- [Steve Henson]
-
- *) Extend ASN1 oid configuration module. It now additionally accepts the
- syntax:
-
- shortName = some long name, 1.2.3.4
- [Steve Henson]
-
- *) Reimplemented the BN_CTX implementation. There is now no more static
- limitation on the number of variables it can handle nor the depth of the
- "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
- information can now expand as required, and rather than having a single
- static array of bignums, BN_CTX now uses a linked-list of such arrays
- allowing it to expand on demand whilst maintaining the usefulness of
- BN_CTX's "bundling".
- [Geoff Thorpe]
-
- *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
- to allow all RSA operations to function using a single BN_CTX.
- [Geoff Thorpe]
-
- *) Preliminary support for certificate policy evaluation and checking. This
- is initially intended to pass the tests outlined in "Conformance Testing
- of Relying Party Client Certificate Path Processing Logic" v1.07.
- [Steve Henson]
-
- *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
- remained unused and not that useful. A variety of other little bignum
- tweaks and fixes have also been made continuing on from the audit (see
- below).
- [Geoff Thorpe]
-
- *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
- associated ASN1, EVP and SSL functions and old ASN1 macros.
- [Richard Levitte]
-
- *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
- and this should never fail. So the return value from the use of
- BN_set_word() (which can fail due to needless expansion) is now deprecated;
- if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
- [Geoff Thorpe]
-
- *) BN_CTX_get() should return zero-valued bignums, providing the same
- initialised value as BN_new().
- [Geoff Thorpe, suggested by Ulf Möller]
-
- *) Support for inhibitAnyPolicy certificate extension.
- [Steve Henson]
-
- *) An audit of the BIGNUM code is underway, for which debugging code is
- enabled when BN_DEBUG is defined. This makes stricter enforcements on what
- is considered valid when processing BIGNUMs, and causes execution to
- assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
- further steps are taken to deliberately pollute unused data in BIGNUM
- structures to try and expose faulty code further on. For now, openssl will
- (in its default mode of operation) continue to tolerate the inconsistent
- forms that it has tolerated in the past, but authors and packagers should
- consider trying openssl and their own applications when compiled with
- these debugging symbols defined. It will help highlight potential bugs in
- their own code, and will improve the test coverage for OpenSSL itself. At
- some point, these tighter rules will become openssl's default to improve
- maintainability, though the assert()s and other overheads will remain only
- in debugging configurations. See bn.h for more details.
- [Geoff Thorpe, Nils Larsch, Ulf Möller]
-
- *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
- that can only be obtained through BN_CTX_new() (which implicitly
- initialises it). The presence of this function only made it possible
- to overwrite an existing structure (and cause memory leaks).
- [Geoff Thorpe]
-
- *) Because of the callback-based approach for implementing LHASH as a
- template type, lh_insert() adds opaque objects to hash-tables and
- lh_doall() or lh_doall_arg() are typically used with a destructor callback
- to clean up those corresponding objects before destroying the hash table
- (and losing the object pointers). So some over-zealous constifications in
- LHASH have been relaxed so that lh_insert() does not take (nor store) the
- objects as "const" and the lh_doall[_arg] callback wrappers are not
- prototyped to have "const" restrictions on the object pointers they are
- given (and so aren't required to cast them away any more).
- [Geoff Thorpe]
-
- *) The tmdiff.h API was so ugly and minimal that our own timing utility
- (speed) prefers to use its own implementation. The two implementations
- haven't been consolidated as yet (volunteers?) but the tmdiff API has had
- its object type properly exposed (MS_TM) instead of casting to/from "char
- *". This may still change yet if someone realises MS_TM and "ms_time_***"
- aren't necessarily the greatest nomenclatures - but this is what was used
- internally to the implementation so I've used that for now.
- [Geoff Thorpe]
-
- *) Ensure that deprecated functions do not get compiled when
- OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
- the self-tests were still using deprecated key-generation functions so
- these have been updated also.
- [Geoff Thorpe]
-
- *) Reorganise PKCS#7 code to separate the digest location functionality
- into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
- New function PKCS7_set_digest() to set the digest type for PKCS#7
- digestedData type. Add additional code to correctly generate the
- digestedData type and add support for this type in PKCS7 initialization
- functions.
- [Steve Henson]
-
- *) New function PKCS7_set0_type_other() this initializes a PKCS7
- structure of type "other".
- [Steve Henson]
-
- *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
- sure the loop does correctly stop and breaking ("division by zero")
- modulus operations are not performed. The (pre-generated) prime
- table crypto/bn/bn_prime.h was already correct, but it could not be
- re-generated on some platforms because of the "division by zero"
- situation in the script.
- [Ralf S. Engelschall]
-
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
- SHA-1 now is only used for "small" curves (where the
- representation of a field element takes up to 24 bytes); for
- larger curves, the field element resulting from ECDH is directly
- used as premaster secret.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
- curve secp160r1 to the tests.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add the possibility to load symbols globally with DSO.
- [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
-
- *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
- control of the error stack.
- [Richard Levitte]
-
- *) Add support for STORE in ENGINE.
- [Richard Levitte]
-
- *) Add the STORE type. The intention is to provide a common interface
- to certificate and key stores, be they simple file-based stores, or
- HSM-type store, or LDAP stores, or...
- NOTE: The code is currently UNTESTED and isn't really used anywhere.
- [Richard Levitte]
-
- *) Add a generic structure called OPENSSL_ITEM. This can be used to
- pass a list of arguments to any function as well as provide a way
- for a function to pass data back to the caller.
- [Richard Levitte]
-
- *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
- works like BUF_strdup() but can be used to duplicate a portion of
- a string. The copy gets NUL-terminated. BUF_memdup() duplicates
- a memory area.
- [Richard Levitte]
-
- *) Add the function sk_find_ex() which works like sk_find(), but will
- return an index to an element even if an exact match couldn't be
- found. The index is guaranteed to point at the element where the
- searched-for key would be inserted to preserve sorting order.
- [Richard Levitte]
-
- *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
- takes an extra flags argument for optional functionality. Currently,
- the following flags are defined:
-
- OBJ_BSEARCH_VALUE_ON_NOMATCH
- This one gets OBJ_bsearch_ex() to return a pointer to the first
- element where the comparing function returns a negative or zero
- number.
-
- OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
- This one gets OBJ_bsearch_ex() to return a pointer to the first
- element where the comparing function returns zero. This is useful
- if there are more than one element where the comparing function
- returns zero.
- [Richard Levitte]
-
- *) Make it possible to create self-signed certificates with 'openssl ca'
- in such a way that the self-signed certificate becomes part of the
- CA database and uses the same mechanisms for serial number generation
- as all other certificate signing. The new flag '-selfsign' enables
- this functionality. Adapt CA.sh and CA.pl.in.
- [Richard Levitte]
-
- *) Add functionality to check the public key of a certificate request
- against a given private. This is useful to check that a certificate
- request can be signed by that key (self-signing).
- [Richard Levitte]
-
- *) Make it possible to have multiple active certificates with the same
- subject in the CA index file. This is done only if the keyword
- 'unique_subject' is set to 'no' in the main CA section (default
- if 'CA_default') of the configuration file. The value is saved
- with the database itself in a separate index attribute file,
- named like the index file with '.attr' appended to the name.
- [Richard Levitte]
-
- *) Generate muti valued AVAs using '+' notation in config files for
- req and dirName.
- [Steve Henson]
-
- *) Support for nameConstraints certificate extension.
- [Steve Henson]
-
- *) Support for policyConstraints certificate extension.
- [Steve Henson]
-
- *) Support for policyMappings certificate extension.
- [Steve Henson]
-
- *) Make sure the default DSA_METHOD implementation only uses its
- dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
- and change its own handlers to be NULL so as to remove unnecessary
- indirection. This lets alternative implementations fallback to the
- default implementation more easily.
- [Geoff Thorpe]
-
- *) Support for directoryName in GeneralName related extensions
- in config files.
- [Steve Henson]
-
- *) Make it possible to link applications using Makefile.shared.
- Make that possible even when linking against static libraries!
- [Richard Levitte]
-
- *) Support for single pass processing for S/MIME signing. This now
- means that S/MIME signing can be done from a pipe, in addition
- cleartext signing (multipart/signed type) is effectively streaming
- and the signed data does not need to be all held in memory.
-
- This is done with a new flag PKCS7_STREAM. When this flag is set
- PKCS7_sign() only initializes the PKCS7 structure and the actual signing
- is done after the data is output (and digests calculated) in
- SMIME_write_PKCS7().
- [Steve Henson]
-
- *) Add full support for -rpath/-R, both in shared libraries and
- applications, at least on the platforms where it's known how
- to do it.
- [Richard Levitte]
-
- *) In crypto/ec/ec_mult.c, implement fast point multiplication with
- precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
- will now compute a table of multiples of the generator that
- makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
- faster (notably in the case of a single point multiplication,
- scalar * generator).
- [Nils Larsch, Bodo Moeller]
-
- *) IPv6 support for certificate extensions. The various extensions
- which use the IP:a.b.c.d can now take IPv6 addresses using the
- formats of RFC1884 2.2 . IPv6 addresses are now also displayed
- correctly.
- [Steve Henson]
-
- *) Added an ENGINE that implements RSA by performing private key
- exponentiations with the GMP library. The conversions to and from
- GMP's mpz_t format aren't optimised nor are any montgomery forms
- cached, and on x86 it appears OpenSSL's own performance has caught up.
- However there are likely to be other architectures where GMP could
- provide a boost. This ENGINE is not built in by default, but it can be
- specified at Configure time and should be accompanied by the necessary
- linker additions, eg;
- ./config -DOPENSSL_USE_GMP -lgmp
- [Geoff Thorpe]
-
- *) "openssl engine" will not display ENGINE/DSO load failure errors when
- testing availability of engines with "-t" - the old behaviour is
- produced by increasing the feature's verbosity with "-tt".
- [Geoff Thorpe]
-
- *) ECDSA routines: under certain error conditions uninitialized BN objects
- could be freed. Solution: make sure initialization is performed early
- enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
- via PR#459)
- [Lutz Jaenicke]
-
- *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
- and DH_METHOD (eg. by ENGINE implementations) to override the normal
- software implementations. For DSA and DH, parameter generation can
- also be overriden by providing the appropriate method callbacks.
- [Geoff Thorpe]
-
- *) Change the "progress" mechanism used in key-generation and
- primality testing to functions that take a new BN_GENCB pointer in
- place of callback/argument pairs. The new API functions have "_ex"
- postfixes and the older functions are reimplemented as wrappers for
- the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
- declarations of the old functions to help (graceful) attempts to
- migrate to the new functions. Also, the new key-generation API
- functions operate on a caller-supplied key-structure and return
- success/failure rather than returning a key or NULL - this is to
- help make "keygen" another member function of RSA_METHOD etc.
-
- Example for using the new callback interface:
-
- int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
- void *my_arg = ...;
- BN_GENCB my_cb;
-
- BN_GENCB_set(&my_cb, my_callback, my_arg);
-
- return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
- /* For the meaning of a, b in calls to my_callback(), see the
- * documentation of the function that calls the callback.
- * cb will point to my_cb; my_arg can be retrieved as cb->arg.
- * my_callback should return 1 if it wants BN_is_prime_ex()
- * to continue, or 0 to stop.
- */
-
- [Geoff Thorpe]
-
- *) Change the ZLIB compression method to be stateful, and make it
- available to TLS with the number defined in
- draft-ietf-tls-compression-04.txt.
- [Richard Levitte]
-
- *) Add the ASN.1 structures and functions for CertificatePair, which
- is defined as follows (according to X.509_4thEditionDraftV6.pdf):
-
- CertificatePair ::= SEQUENCE {
- forward [0] Certificate OPTIONAL,
- reverse [1] Certificate OPTIONAL,
- -- at least one of the pair shall be present -- }
-
- Also implement the PEM functions to read and write certificate
- pairs, and defined the PEM tag as "CERTIFICATE PAIR".
-
- This needed to be defined, mostly for the sake of the LDAP
- attribute crossCertificatePair, but may prove useful elsewhere as
- well.
- [Richard Levitte]
-
- *) Make it possible to inhibit symlinking of shared libraries in
- Makefile.shared, for Cygwin's sake.
- [Richard Levitte]
-
- *) Extend the BIGNUM API by creating a function
- void BN_set_negative(BIGNUM *a, int neg);
- and a macro that behave like
- int BN_is_negative(const BIGNUM *a);
-
- to avoid the need to access 'a->neg' directly in applications.
- [Nils Larsch]
-
- *) Implement fast modular reduction for pseudo-Mersenne primes
- used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
- EC_GROUP_new_curve_GFp() will now automatically use this
- if applicable.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add new lock type (CRYPTO_LOCK_BN).
- [Bodo Moeller]
-
- *) Change the ENGINE framework to automatically load engines
- dynamically from specific directories unless they could be
- found to already be built in or loaded. Move all the
- current engines except for the cryptodev one to a new
- directory engines/.
- The engines in engines/ are built as shared libraries if
- the "shared" options was given to ./Configure or ./config.
- Otherwise, they are inserted in libcrypto.a.
- /usr/local/ssl/engines is the default directory for dynamic
- engines, but that can be overriden at configure time through
- the usual use of --prefix and/or --openssldir, and at run
- time with the environment variable OPENSSL_ENGINES.
- [Geoff Thorpe and Richard Levitte]
-
- *) Add Makefile.shared, a helper makefile to build shared
- libraries. Addapt Makefile.org.
- [Richard Levitte]
-
- *) Add version info to Win32 DLLs.
- [Peter 'Luna' Runestig" <peter@runestig.com>]
-
- *) Add new 'medium level' PKCS#12 API. Certificates and keys
- can be added using this API to created arbitrary PKCS#12
- files while avoiding the low level API.
-
- New options to PKCS12_create(), key or cert can be NULL and
- will then be omitted from the output file. The encryption
- algorithm NIDs can be set to -1 for no encryption, the mac
- iteration count can be set to 0 to omit the mac.
-
- Enhance pkcs12 utility by making the -nokeys and -nocerts
- options work when creating a PKCS#12 file. New option -nomac
- to omit the mac, NONE can be set for an encryption algorithm.
- New code is modified to use the enhanced PKCS12_create()
- instead of the low level API.
- [Steve Henson]
-
- *) Extend ASN1 encoder to support indefinite length constructed
- encoding. This can output sequences tags and octet strings in
- this form. Modify pk7_asn1.c to support indefinite length
- encoding. This is experimental and needs additional code to
- be useful, such as an ASN1 bio and some enhanced streaming
- PKCS#7 code.
-
- Extend template encode functionality so that tagging is passed
- down to the template encoder.
- [Steve Henson]
-
- *) Let 'openssl req' fail if an argument to '-newkey' is not
- recognized instead of using RSA as a default.
- [Bodo Moeller]
-
- *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
- As these are not official, they are not included in "ALL";
- the "ECCdraft" ciphersuite group alias can be used to select them.
- [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
-
- *) Add ECDH engine support.
- [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add ECDH in new directory crypto/ecdh/.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Let BN_rand_range() abort with an error after 100 iterations
- without success (which indicates a broken PRNG).
- [Bodo Moeller]
-
- *) Change BN_mod_sqrt() so that it verifies that the input value
- is really the square of the return value. (Previously,
- BN_mod_sqrt would show GIGO behaviour.)
- [Bodo Moeller]
-
- *) Add named elliptic curves over binary fields from X9.62, SECG,
- and WAP/WTLS; add OIDs that were still missing.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Extend the EC library for elliptic curves over binary fields
- (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
- New EC_METHOD:
-
- EC_GF2m_simple_method
-
- New API functions:
-
- EC_GROUP_new_curve_GF2m
- EC_GROUP_set_curve_GF2m
- EC_GROUP_get_curve_GF2m
- EC_POINT_set_affine_coordinates_GF2m
- EC_POINT_get_affine_coordinates_GF2m
- EC_POINT_set_compressed_coordinates_GF2m
-
- Point compression for binary fields is disabled by default for
- patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
- enable it).
-
- As binary polynomials are represented as BIGNUMs, various members
- of the EC_GROUP and EC_POINT data structures can be shared
- between the implementations for prime fields and binary fields;
- the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
- are essentially identical to their ..._GFp counterparts.
- (For simplicity, the '..._GFp' prefix has been dropped from
- various internal method names.)
-
- An internal 'field_div' method (similar to 'field_mul' and
- 'field_sqr') has been added; this is used only for binary fields.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
- through methods ('mul', 'precompute_mult').
-
- The generic implementations (now internally called 'ec_wNAF_mul'
- and 'ec_wNAF_precomputed_mult') remain the default if these
- methods are undefined.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) New function EC_GROUP_get_degree, which is defined through
- EC_METHOD. For curves over prime fields, this returns the bit
- length of the modulus.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) New functions EC_GROUP_dup, EC_POINT_dup.
- (These simply call ..._new and ..._copy).
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
- Polynomials are represented as BIGNUMs (where the sign bit is not
- used) in the following functions [macros]:
-
- BN_GF2m_add
- BN_GF2m_sub [= BN_GF2m_add]
- BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
- BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
- BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
- BN_GF2m_mod_inv
- BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
- BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
- BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
- BN_GF2m_cmp [= BN_ucmp]
-
- (Note that only the 'mod' functions are actually for fields GF(2^m).
- BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
-
- For some functions, an the irreducible polynomial defining a
- field can be given as an 'unsigned int[]' with strictly
- decreasing elements giving the indices of those bits that are set;
- i.e., p[] represents the polynomial
- f(t) = t^p[0] + t^p[1] + ... + t^p[k]
- where
- p[0] > p[1] > ... > p[k] = 0.
- This applies to the following functions:
-
- BN_GF2m_mod_arr
- BN_GF2m_mod_mul_arr
- BN_GF2m_mod_sqr_arr
- BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
- BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
- BN_GF2m_mod_exp_arr
- BN_GF2m_mod_sqrt_arr
- BN_GF2m_mod_solve_quad_arr
- BN_GF2m_poly2arr
- BN_GF2m_arr2poly
-
- Conversion can be performed by the following functions:
-
- BN_GF2m_poly2arr
- BN_GF2m_arr2poly
-
- bntest.c has additional tests for binary polynomial arithmetic.
-
- Two implementations for BN_GF2m_mod_div() are available.
- The default algorithm simply uses BN_GF2m_mod_inv() and
- BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
- if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
- copyright notice in crypto/bn/bn_gf2m.c before enabling it).
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Add new error code 'ERR_R_DISABLED' that can be used when some
- functionality is disabled at compile-time.
- [Douglas Stebila <douglas.stebila@sun.com>]
-
- *) Change default behaviour of 'openssl asn1parse' so that more
- information is visible when viewing, e.g., a certificate:
-
- Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
- mode the content of non-printable OCTET STRINGs is output in a
- style similar to INTEGERs, but with '[HEX DUMP]' prepended to
- avoid the appearance of a printable string.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
- functions
- EC_GROUP_set_asn1_flag()
- EC_GROUP_get_asn1_flag()
- EC_GROUP_set_point_conversion_form()
- EC_GROUP_get_point_conversion_form()
- These control ASN1 encoding details:
- - Curves (i.e., groups) are encoded explicitly unless asn1_flag
- has been set to OPENSSL_EC_NAMED_CURVE.
- - Points are encoded in uncompressed form by default; options for
- asn1_for are as for point2oct, namely
- POINT_CONVERSION_COMPRESSED
- POINT_CONVERSION_UNCOMPRESSED
- POINT_CONVERSION_HYBRID
-
- Also add 'seed' and 'seed_len' members to EC_GROUP with access
- functions
- EC_GROUP_set_seed()
- EC_GROUP_get0_seed()
- EC_GROUP_get_seed_len()
- This is used only for ASN1 purposes (so far).
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'field_type' member to EC_METHOD, which holds the NID
- of the appropriate field type OID. The new function
- EC_METHOD_get_field_type() returns this value.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add functions
- EC_POINT_point2bn()
- EC_POINT_bn2point()
- EC_POINT_point2hex()
- EC_POINT_hex2point()
- providing useful interfaces to EC_POINT_point2oct() and
- EC_POINT_oct2point().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Change internals of the EC library so that the functions
- EC_GROUP_set_generator()
- EC_GROUP_get_generator()
- EC_GROUP_get_order()
- EC_GROUP_get_cofactor()
- are implemented directly in crypto/ec/ec_lib.c and not dispatched
- to methods, which would lead to unnecessary code duplication when
- adding different types of curves.
- [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
-
- *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
- arithmetic, and such that modified wNAFs are generated
- (which avoid length expansion in many cases).
- [Bodo Moeller]
-
- *) Add a function EC_GROUP_check_discriminant() (defined via
- EC_METHOD) that verifies that the curve discriminant is non-zero.
-
- Add a function EC_GROUP_check() that makes some sanity tests
- on a EC_GROUP, its generator and order. This includes
- EC_GROUP_check_discriminant().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add ECDSA in new directory crypto/ecdsa/.
-
- Add applications 'openssl ecparam' and 'openssl ecdsa'
- (these are based on 'openssl dsaparam' and 'openssl dsa').
-
- ECDSA support is also included in various other files across the
- library. Most notably,
- - 'openssl req' now has a '-newkey ecdsa:file' option;
- - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
- - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
- d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
- them suitable for ECDSA where domain parameters must be
- extracted before the specific public key;
- - ECDSA engine support has been added.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Include some named elliptic curves, and add OIDs from X9.62,
- SECG, and WAP/WTLS. Each curve can be obtained from the new
- function
- EC_GROUP_new_by_curve_name(),
- and the list of available named curves can be obtained with
- EC_get_builtin_curves().
- Also add a 'curve_name' member to EC_GROUP objects, which can be
- accessed via
- EC_GROUP_set_curve_name()
- EC_GROUP_get_curve_name()
- [Nils Larsch <larsch@trustcenter.de, Bodo Moeller]
-
- *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
- was actually never needed) and in BN_mul(). The removal in BN_mul()
- required a small change in bn_mul_part_recursive() and the addition
- of the functions bn_cmp_part_words(), bn_sub_part_words() and
- bn_add_part_words(), which do the same thing as bn_cmp_words(),
- bn_sub_words() and bn_add_words() except they take arrays with
- differing sizes.
- [Richard Levitte]
-
- Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]
-
- *) Change ciphersuite string processing so that an explicit
- ciphersuite selects this one ciphersuite (so that "AES256-SHA"
- will no longer include "AES128-SHA"), and any other similar
- ciphersuite (same bitmap) from *other* protocol versions (so that
- "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
- SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining
- changes from 0.9.8b and 0.9.8d.
- [Bodo Moeller]
-
- Changes between 0.9.7j and 0.9.7k [05 Sep 2006]
-
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
-
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations.
- [Darryl Miles via Richard Levitte and Bodo Moeller]
-
- *) Disable rogue ciphersuites:
-
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
-
- Also deactive the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired.
- [Bodo Moeller]
-
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
-
- Changes between 0.9.7i and 0.9.7j [04 May 2006]
-
- *) Adapt fipsld and the build system to link against the validated FIPS
- module in FIPS mode.
- [Steve Henson]
-
- *) Fixes for VC++ 2005 build under Windows.
- [Steve Henson]
-
- *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
- from a Windows bash shell such as MSYS. It is autodetected from the
- "config" script when run from a VC++ environment. Modify standard VC++
- build to use fipscanister.o from the GNU make build.
- [Steve Henson]
-
- Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
-
- *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
- The value now differs depending on if you build for FIPS or not.
- BEWARE! A program linked with a shared FIPSed libcrypto can't be
- safely run with a non-FIPSed libcrypto, as it may crash because of
- the difference induced by this change.
- [Andy Polyakov]
-
- Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
-
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CVE-2005-2969)
-
- [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
- for Information Security, National Institute of Advanced Industrial
- Science and Technology [AIST], Japan)]
-
- *) Minimal support for X9.31 signatures and PSS padding modes. This is
- mainly for FIPS compliance and not fully integrated at this stage.
- [Steve Henson]
-
- *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
- the exponentiation using a fixed-length exponent. (Otherwise,
- the information leaked through timing could expose the secret key
- after many signatures; cf. Bleichenbacher's attack on DSA with
- biased k.)
- [Bodo Moeller]
-
- *) Make a new fixed-window mod_exp implementation the default for
- RSA, DSA, and DH private-key operations so that the sequence of
- squares and multiplies and the memory access pattern are
- independent of the particular secret key. This will mitigate
- cache-timing and potential related attacks.
-
- BN_mod_exp_mont_consttime() is the new exponentiation implementation,
- and this is automatically used by BN_mod_exp_mont() if the new flag
- BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
- will use this BN flag for private exponents unless the flag
- RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
- DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
-
- [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
-
- *) Change the client implementation for SSLv23_method() and
- SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
- Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
- (Previously, the SSL 2.0 backwards compatible Client Hello
- message format would be used even with SSL_OP_NO_SSLv2.)
- [Bodo Moeller]
-
- *) Add support for smime-type MIME parameter in S/MIME messages which some
- clients need.
- [Steve Henson]
-
- *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
- a threadsafe manner. Modify rsa code to use new function and add calls
- to dsa and dh code (which had race conditions before).
- [Steve Henson]
-
- *) Include the fixed error library code in the C error file definitions
- instead of fixing them up at runtime. This keeps the error code
- structures constant.
- [Steve Henson]
-
- Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
-
- [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
- OpenSSL 0.9.8.]
-
- *) Fixes for newer kerberos headers. NB: the casts are needed because
- the 'length' field is signed on one version and unsigned on another
- with no (?) obvious way to tell the difference, without these VC++
- complains. Also the "definition" of FAR (blank) is no longer included
- nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
- some needed definitions.
- [Steve Henson]
-
- *) Undo Cygwin change.
- [Ulf Möller]
-
- *) Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- [Richard Levitte]
-
- Changes between 0.9.7e and 0.9.7f [22 Mar 2005]
-
- *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
- server and client random values. Previously
- (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
- less random data when sizeof(time_t) > 4 (some 64 bit platforms).
-
- This change has negligible security impact because:
-
- 1. Server and client random values still have 24 bytes of pseudo random
- data.
-
- 2. Server and client random values are sent in the clear in the initial
- handshake.
-
- 3. The master secret is derived using the premaster secret (48 bytes in
- size for static RSA ciphersuites) as well as client server and random
- values.
-
- The OpenSSL team would like to thank the UK NISCC for bringing this issue
- to our attention.
-
- [Stephen Henson, reported by UK NISCC]
-
- *) Use Windows randomness collection on Cygwin.
- [Ulf Möller]
-
- *) Fix hang in EGD/PRNGD query when communication socket is closed
- prematurely by EGD/PRNGD.
- [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
-
- *) Prompt for pass phrases when appropriate for PKCS12 input format.
- [Steve Henson]
-
- *) Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- [Andy Polyakov]
-
- *) Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
-
- *) Add new -passin argument to dgst.
- [Steve Henson]
-
- *) Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- [Steve Henson]
-
- *) Make an explicit check during certificate validation to see that
- the CA setting in each certificate on the chain is correct. As a
- side effect always do the following basic checks on extensions,
- not just when there's an associated purpose to the check:
-
- - if there is an unhandled critical extension (unless the user
- has chosen to ignore this fault)
- - if the path length has been exceeded (if one is set at all)
- - that certain extensions fit the associated purpose (if one has
- been given)
- [Richard Levitte]
-
- Changes between 0.9.7d and 0.9.7e [25 Oct 2004]
-
- *) Avoid a race condition when CRLs are checked in a multi threaded
- environment. This would happen due to the reordering of the revoked
- entries during signature checking and serial number lookup. Now the
- encoding is cached and the serial number sort performed under a lock.
- Add new STACK function sk_is_sorted().
- [Steve Henson]
-
- *) Add Delta CRL to the extension code.
- [Steve Henson]
-
- *) Various fixes to s3_pkt.c so alerts are sent properly.
- [David Holmes <d.holmes@f5.com>]
-
- *) Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation utilities.
- This is done by creating a random 64 bit value for the initial serial
- number when a serial number file is created or when a self signed
- certificate is created using 'openssl req -x509'. The initial serial
- number file is created using 'openssl x509 -next_serial' in CA.pl
- rather than being initialized to 1.
- [Steve Henson]
-
- Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
-
- *) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CVE-2004-0079)
- [Joe Orton, Steve Henson]
-
- *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
- (CVE-2004-0112)
- [Joe Orton, Steve Henson]
-
- *) Make it possible to have multiple active certificates with the same
- subject in the CA index file. This is done only if the keyword
- 'unique_subject' is set to 'no' in the main CA section (default
- if 'CA_default') of the configuration file. The value is saved
- with the database itself in a separate index attribute file,
- named like the index file with '.attr' appended to the name.
- [Richard Levitte]
-
- *) X509 verify fixes. Disable broken certificate workarounds when
- X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
- keyUsage extension present. Don't accept CRLs with unhandled critical
- extensions: since verify currently doesn't process CRL extensions this
- rejects a CRL with *any* critical extensions. Add new verify error codes
- for these cases.
- [Steve Henson]
-
- *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
- A clarification of RFC2560 will require the use of OCTET STRINGs and
- some implementations cannot handle the current raw format. Since OpenSSL
- copies and compares OCSP nonces as opaque blobs without any attempt at
- parsing them this should not create any compatibility issues.
- [Steve Henson]
-
- *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
- calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
- this HMAC (and other) operations are several times slower than OpenSSL
- < 0.9.7.
- [Steve Henson]
-
- *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
- [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
- *) Use the correct content when signing type "other".
- [Steve Henson]
-
- Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
-
- *) Fix various bugs revealed by running the NISCC test suite:
-
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CVE-2003-0543 and CVE-2003-0544).
-
- Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
-
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
-
- [Steve Henson]
-
- *) New -ignore_err option in ocsp application to stop the server
- exiting on the first error in a request.
- [Steve Henson]
-
- *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- [Steve Henson]
-
- *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
- extra data after the compression methods not only for TLS 1.0
- but also for SSL 3.0 (as required by the specification).
- [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
- *) Change X509_certificate_type() to mark the key as exported/exportable
- when it's 512 *bits* long, not 512 bytes.
- [Richard Levitte]
-
- *) Change AES_cbc_encrypt() so it outputs exact multiple of
- blocks during encryption.
- [Richard Levitte]
-
- *) Various fixes to base64 BIO and non blocking I/O. On write
- flushes were not handled properly if the BIO retried. On read
- data was not being buffered properly and had various logic bugs.
- This also affects blocking I/O when the data being decoded is a
- certain size.
- [Steve Henson]
-
- *) Various S/MIME bugfixes and compatibility changes:
- output correct application/pkcs7 MIME type if
- PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
- Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
- of files as .eml work). Correctly handle very long lines in MIME
- parser.
- [Steve Henson]
-
- Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
-
- *) Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
- [Bodo Moeller]
-
- *) Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases.
- [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
- *) Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- [Bodo Moeller]
-
- *) Fixed a typo bug that would cause ENGINE_set_default() to set an
- ENGINE as defaults for all supported algorithms irrespective of
- the 'flags' parameter. 'flags' is now honoured, so applications
- should make sure they are passing it correctly.
- [Geoff Thorpe]
-
- *) Target "mingw" now allows native Windows code to be generated in
- the Cygwin environment as well as with the MinGW compiler.
- [Ulf Moeller]
-
- Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
-
- *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CVE-2003-0078)
-
- [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
- Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
- Martin Vuagnoux (EPFL, Ilion)]
-
- *) Make the no-err option work as intended. The intention with no-err
- is not to have the whole error stack handling routines removed from
- libcrypto, it's only intended to remove all the function name and
- reason texts, thereby removing some of the footprint that may not
- be interesting if those errors aren't displayed anyway.
-
- NOTE: it's still possible for any application or module to have it's
- own set of error texts inserted. The routines are there, just not
- used by default when no-err is given.
- [Richard Levitte]
-
- *) Add support for FreeBSD on IA64.
- [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
-
- *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
- Kerberos function mit_des_cbc_cksum(). Before this change,
- the value returned by DES_cbc_cksum() was like the one from
- mit_des_cbc_cksum(), except the bytes were swapped.
- [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
-
- *) Allow an application to disable the automatic SSL chain building.
- Before this a rather primitive chain build was always performed in
- ssl3_output_cert_chain(): an application had no way to send the
- correct chain if the automatic operation produced an incorrect result.
-
- Now the chain builder is disabled if either:
-
- 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
-
- 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
-
- The reasoning behind this is that an application would not want the
- auto chain building to take place if extra chain certificates are
- present and it might also want a means of sending no additional
- certificates (for example the chain has two certificates and the
- root is omitted).
- [Steve Henson]
-
- *) Add the possibility to build without the ENGINE framework.
- [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
-
- *) Under Win32 gmtime() can return NULL: check return value in
- OPENSSL_gmtime(). Add error code for case where gmtime() fails.
- [Steve Henson]
-
- *) DSA routines: under certain error conditions uninitialized BN objects
- could be freed. Solution: make sure initialization is performed early
- enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
- Nils Larsch <nla@trustcenter.de> via PR#459)
- [Lutz Jaenicke]
-
- *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
- checked on reconnect on the client side, therefore session resumption
- could still fail with a "ssl session id is different" error. This
- behaviour is masked when SSL_OP_ALL is used due to
- SSL_OP_MICROSOFT_SESS_ID_BUG being set.
- Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
- followup to PR #377.
- [Lutz Jaenicke]
-
- *) IA-32 assembler support enhancements: unified ELF targets, support
- for SCO/Caldera platforms, fix for Cygwin shared build.
- [Andy Polyakov]
-
- *) Add support for FreeBSD on sparc64. As a consequence, support for
- FreeBSD on non-x86 processors is separate from x86 processors on
- the config script, much like the NetBSD support.
- [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
-
- Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
-
- [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
- OpenSSL 0.9.7.]
-
- *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
- code (06) was taken as the first octet of the session ID and the last
- octet was ignored consequently. As a result SSLv2 client side session
- caching could not have worked due to the session ID mismatch between
- client and server.
- Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
- PR #377.
- [Lutz Jaenicke]
-
- *) Change the declaration of needed Kerberos libraries to use EX_LIBS
- instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
- removed entirely.
- [Richard Levitte]
-
- *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
- seems that in spite of existing for more than a year, many application
- author have done nothing to provide the necessary callbacks, which
- means that this particular engine will not work properly anywhere.
- This is a very unfortunate situation which forces us, in the name
- of usability, to give the hw_ncipher.c a static lock, which is part
- of libcrypto.
- NOTE: This is for the 0.9.7 series ONLY. This hack will never
- appear in 0.9.8 or later. We EXPECT application authors to have
- dealt properly with this when 0.9.8 is released (unless we actually
- make such changes in the libcrypto locking code that changes will
- have to be made anyway).
- [Richard Levitte]
-
- *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
- octets have been read, EOF or an error occurs. Without this change
- some truncated ASN1 structures will not produce an error.
- [Steve Henson]
-
- *) Disable Heimdal support, since it hasn't been fully implemented.
- Still give the possibility to force the use of Heimdal, but with
- warnings and a request that patches get sent to openssl-dev.
- [Richard Levitte]
-
- *) Add the VC-CE target, introduce the WINCE sysname, and add
- INSTALL.WCE and appropriate conditionals to make it build.
- [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
-
- *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
- cygssl-x.y.z.dll, where x, y and z are the major, minor and
- edit numbers of the version.
- [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
-
- *) Introduce safe string copy and catenation functions
- (BUF_strlcpy() and BUF_strlcat()).
- [Ben Laurie (CHATS) and Richard Levitte]
-
- *) Avoid using fixed-size buffers for one-line DNs.
- [Ben Laurie (CHATS)]
-
- *) Add BUF_MEM_grow_clean() to avoid information leakage when
- resizing buffers containing secrets, and use where appropriate.
- [Ben Laurie (CHATS)]
-
- *) Avoid using fixed size buffers for configuration file location.
- [Ben Laurie (CHATS)]
-
- *) Avoid filename truncation for various CA files.
- [Ben Laurie (CHATS)]
-
- *) Use sizeof in preference to magic numbers.
- [Ben Laurie (CHATS)]
-
- *) Avoid filename truncation in cert requests.
- [Ben Laurie (CHATS)]
-
- *) Add assertions to check for (supposedly impossible) buffer
- overflows.
- [Ben Laurie (CHATS)]
-
- *) Don't cache truncated DNS entries in the local cache (this could
- potentially lead to a spoofing attack).
- [Ben Laurie (CHATS)]
-
- *) Fix various buffers to be large enough for hex/decimal
- representations in a platform independent manner.
- [Ben Laurie (CHATS)]
-
- *) Add CRYPTO_realloc_clean() to avoid information leakage when
- resizing buffers containing secrets, and use where appropriate.
- [Ben Laurie (CHATS)]
-
- *) Add BIO_indent() to avoid much slightly worrying code to do
- indents.
- [Ben Laurie (CHATS)]
-
- *) Convert sprintf()/BIO_puts() to BIO_printf().
- [Ben Laurie (CHATS)]
-
- *) buffer_gets() could terminate with the buffer only half
- full. Fixed.
- [Ben Laurie (CHATS)]
-
- *) Add assertions to prevent user-supplied crypto functions from
- overflowing internal buffers by having large block sizes, etc.
- [Ben Laurie (CHATS)]
-
- *) New OPENSSL_assert() macro (similar to assert(), but enabled
- unconditionally).
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused copy of key in RC4.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
- [Ben Laurie (CHATS)]
-
- *) Fix off-by-one error in EGD path.
- [Ben Laurie (CHATS)]
-
- *) If RANDFILE path is too long, ignore instead of truncating.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and incorrectly sized X.509 structure
- CBCParameter.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and dangerous function knumber().
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and dangerous structure, KSSL_ERR.
- [Ben Laurie (CHATS)]
-
- *) Protect against overlong session ID context length in an encoded
- session object. Since these are local, this does not appear to be
- exploitable.
- [Ben Laurie (CHATS)]
-
- *) Change from security patch (see 0.9.6e below) that did not affect
- the 0.9.6 release series:
-
- Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized master key in Kerberos-enabled versions.
- (CVE-2002-0657)
- [Ben Laurie (CHATS)]
-
- *) Change the SSL kerb5 codes to match RFC 2712.
- [Richard Levitte]
-
- *) Make -nameopt work fully for req and add -reqopt switch.
- [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
-
- *) The "block size" for block ciphers in CFB and OFB mode should be 1.
- [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
-
- *) Make sure tests can be performed even if the corresponding algorithms
- have been removed entirely. This was also the last step to make
- OpenSSL compilable with DJGPP under all reasonable conditions.
- [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
-
- *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
- to allow version independent disabling of normally unselected ciphers,
- which may be activated as a side-effect of selecting a single cipher.
-
- (E.g., cipher list string "RSA" enables ciphersuites that are left
- out of "ALL" because they do not provide symmetric encryption.
- "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
- [Lutz Jaenicke, Bodo Moeller]
-
- *) Add appropriate support for separate platform-dependent build
- directories. The recommended way to make a platform-dependent
- build directory is the following (tested on Linux), maybe with
- some local tweaks:
-
- # Place yourself outside of the OpenSSL source tree. In
- # this example, the environment variable OPENSSL_SOURCE
- # is assumed to contain the absolute OpenSSL source directory.
- mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
- cd objtree/"`uname -s`-`uname -r`-`uname -m`"
- (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
- mkdir -p `dirname $F`
- ln -s $OPENSSL_SOURCE/$F $F
- done
-
- To be absolutely sure not to disturb the source tree, a "make clean"
- is a good thing. If it isn't successfull, don't worry about it,
- it probably means the source directory is very clean.
- [Richard Levitte]
-
- *) Make sure any ENGINE control commands make local copies of string
- pointers passed to them whenever necessary. Otherwise it is possible
- the caller may have overwritten (or deallocated) the original string
- data when a later ENGINE operation tries to use the stored values.
- [Götz Babin-Ebell <babinebell@trustcenter.de>]
-
- *) Improve diagnostics in file reading and command-line digests.
- [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
-
- *) Add AES modes CFB and OFB to the object database. Correct an
- error in AES-CFB decryption.
- [Richard Levitte]
-
- *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
- allows existing EVP_CIPHER_CTX structures to be reused after
- calling EVP_*Final(). This behaviour is used by encryption
- BIOs and some applications. This has the side effect that
- applications must explicitly clean up cipher contexts with
- EVP_CIPHER_CTX_cleanup() or they will leak memory.
- [Steve Henson]
-
- *) Check the values of dna and dnb in bn_mul_recursive before calling
- bn_mul_comba (a non zero value means the a or b arrays do not contain
- n2 elements) and fallback to bn_mul_normal if either is not zero.
- [Steve Henson]
-
- *) Fix escaping of non-ASCII characters when using the -subj option
- of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
- [Lutz Jaenicke]
-
- *) Make object definitions compliant to LDAP (RFC2256): SN is the short
- form for "surname", serialNumber has no short form.
- Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
- therefore remove "mail" short name for "internet 7".
- The OID for unique identifiers in X509 certificates is
- x500UniqueIdentifier, not uniqueIdentifier.
- Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
- [Lutz Jaenicke]
-
- *) Add an "init" command to the ENGINE config module and auto initialize
- ENGINEs. Without any "init" command the ENGINE will be initialized
- after all ctrl commands have been executed on it. If init=1 the
- ENGINE is initailized at that point (ctrls before that point are run
- on the uninitialized ENGINE and after on the initialized one). If
- init=0 then the ENGINE will not be iniatialized at all.
- [Steve Henson]
-
- *) Fix the 'app_verify_callback' interface so that the user-defined
- argument is actually passed to the callback: In the
- SSL_CTX_set_cert_verify_callback() prototype, the callback
- declaration has been changed from
- int (*cb)()
- into
- int (*cb)(X509_STORE_CTX *,void *);
- in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
- i=s->ctx->app_verify_callback(&ctx)
- has been changed into
- i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
-
- To update applications using SSL_CTX_set_cert_verify_callback(),
- a dummy argument can be added to their callback functions.
- [D. K. Smetters <smetters@parc.xerox.com>]
-
- *) Added the '4758cca' ENGINE to support IBM 4758 cards.
- [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
-
- *) Add and OPENSSL_LOAD_CONF define which will cause
- OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
- This allows older applications to transparently support certain
- OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
- Two new functions OPENSSL_add_all_algorithms_noconf() which will never
- load the config file and OPENSSL_add_all_algorithms_conf() which will
- always load it have also been added.
- [Steve Henson]
-
- *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
- Adjust NIDs and EVP layer.
- [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
-
- *) Config modules support in openssl utility.
-
- Most commands now load modules from the config file,
- though in a few (such as version) this isn't done
- because it couldn't be used for anything.
-
- In the case of ca and req the config file used is
- the same as the utility itself: that is the -config
- command line option can be used to specify an
- alternative file.
- [Steve Henson]
-
- *) Move default behaviour from OPENSSL_config(). If appname is NULL
- use "openssl_conf" if filename is NULL use default openssl config file.
- [Steve Henson]
-
- *) Add an argument to OPENSSL_config() to allow the use of an alternative
- config section name. Add a new flag to tolerate a missing config file
- and move code to CONF_modules_load_file().
- [Steve Henson]
-
- *) Support for crypto accelerator cards from Accelerated Encryption
- Processing, www.aep.ie. (Use engine 'aep')
- The support was copied from 0.9.6c [engine] and adapted/corrected
- to work with the new engine framework.
- [AEP Inc. and Richard Levitte]
-
- *) Support for SureWare crypto accelerator cards from Baltimore
- Technologies. (Use engine 'sureware')
- The support was copied from 0.9.6c [engine] and adapted
- to work with the new engine framework.
- [Richard Levitte]
-
- *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
- make the newer ENGINE framework commands for the CHIL engine work.
- [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
-
- *) Make it possible to produce shared libraries on ReliantUNIX.
- [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
-
- *) Add the configuration target debug-linux-ppro.
- Make 'openssl rsa' use the general key loading routines
- implemented in apps.c, and make those routines able to
- handle the key format FORMAT_NETSCAPE and the variant
- FORMAT_IISSGC.
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Add -keyform to rsautl, and document -engine.
- [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
-
- *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
- BIO_R_NO_SUCH_FILE error code rather than the generic
- ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
- [Ben Laurie]
-
- *) Add new functions
- ERR_peek_last_error
- ERR_peek_last_error_line
- ERR_peek_last_error_line_data.
- These are similar to
- ERR_peek_error
- ERR_peek_error_line
- ERR_peek_error_line_data,
- but report on the latest error recorded rather than the first one
- still in the error queue.
- [Ben Laurie, Bodo Moeller]
-
- *) default_algorithms option in ENGINE config module. This allows things
- like:
- default_algorithms = ALL
- default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
- [Steve Henson]
-
- *) Prelminary ENGINE config module.
- [Steve Henson]
-
- *) New experimental application configuration code.
- [Steve Henson]
-
- *) Change the AES code to follow the same name structure as all other
- symmetric ciphers, and behave the same way. Move everything to
- the directory crypto/aes, thereby obsoleting crypto/rijndael.
- [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
-
- *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
- [Ben Laurie and Theo de Raadt]
-
- *) Add option to output public keys in req command.
- [Massimiliano Pala madwolf@openca.org]
-
- *) Use wNAFs in EC_POINTs_mul() for improved efficiency
- (up to about 10% better than before for P-192 and P-224).
- [Bodo Moeller]
-
- *) New functions/macros
-
- SSL_CTX_set_msg_callback(ctx, cb)
- SSL_CTX_set_msg_callback_arg(ctx, arg)
- SSL_set_msg_callback(ssl, cb)
- SSL_set_msg_callback_arg(ssl, arg)
-
- to request calling a callback function
-
- void cb(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg)
-
- whenever a protocol message has been completely received
- (write_p == 0) or sent (write_p == 1). Here 'version' is the
- protocol version according to which the SSL library interprets
- the current protocol message (SSL2_VERSION, SSL3_VERSION, or
- TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
- the content type as defined in the SSL 3.0/TLS 1.0 protocol
- specification (change_cipher_spec(20), alert(21), handshake(22)).
- 'buf' and 'len' point to the actual message, 'ssl' to the
- SSL object, and 'arg' is the application-defined value set by
- SSL[_CTX]_set_msg_callback_arg().
-
- 'openssl s_client' and 'openssl s_server' have new '-msg' options
- to enable a callback that displays all protocol messages.
- [Bodo Moeller]
-
- *) Change the shared library support so shared libraries are built as
- soon as the corresponding static library is finished, and thereby get
- openssl and the test programs linked against the shared library.
- This still only happens when the keyword "shard" has been given to
- the configuration scripts.
-
- NOTE: shared library support is still an experimental thing, and
- backward binary compatibility is still not guaranteed.
- ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
-
- *) Add support for Subject Information Access extension.
- [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
- *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
- additional bytes when new memory had to be allocated, not just
- when reusing an existing buffer.
- [Bodo Moeller]
-
- *) New command line and configuration option 'utf8' for the req command.
- This allows field values to be specified as UTF8 strings.
- [Steve Henson]
-
- *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
- runs for the former and machine-readable output for the latter.
- [Ben Laurie]
-
- *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
- of the e-mail address in the DN (i.e., it will go into a certificate
- extension only). The new configuration file option 'email_in_dn = no'
- has the same effect.
- [Massimiliano Pala madwolf@openca.org]
-
- *) Change all functions with names starting with des_ to be starting
- with DES_ instead. Add wrappers that are compatible with libdes,
- but are named _ossl_old_des_*. Finally, add macros that map the
- des_* symbols to the corresponding _ossl_old_des_* if libdes
- compatibility is desired. If OpenSSL 0.9.6c compatibility is
- desired, the des_* symbols will be mapped to DES_*, with one
- exception.
-
- Since we provide two compatibility mappings, the user needs to
- define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
- compatibility is desired. The default (i.e., when that macro
- isn't defined) is OpenSSL 0.9.6c compatibility.
-
- There are also macros that enable and disable the support of old
- des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
- and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
- are defined, the default will apply: to support the old des routines.
-
- In either case, one must include openssl/des.h to get the correct
- definitions. Do not try to just include openssl/des_old.h, that
- won't work.
-
- NOTE: This is a major break of an old API into a new one. Software
- authors are encouraged to switch to the DES_ style functions. Some
- time in the future, des_old.h and the libdes compatibility functions
- will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
- default), and then completely removed.
- [Richard Levitte]
-
- *) Test for certificates which contain unsupported critical extensions.
- If such a certificate is found during a verify operation it is
- rejected by default: this behaviour can be overridden by either
- handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
- by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
- X509_supported_extension() has also been added which returns 1 if a
- particular extension is supported.
- [Steve Henson]
-
- *) Modify the behaviour of EVP cipher functions in similar way to digests
- to retain compatibility with existing code.
- [Steve Henson]
-
- *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
- compatibility with existing code. In particular the 'ctx' parameter does
- not have to be to be initialized before the call to EVP_DigestInit() and
- it is tidied up after a call to EVP_DigestFinal(). New function
- EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
- EVP_MD_CTX_copy() changed to not require the destination to be
- initialized valid and new function EVP_MD_CTX_copy_ex() added which
- requires the destination to be valid.
-
- Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
- EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
- [Steve Henson]
-
- *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
- so that complete 'Handshake' protocol structures are kept in memory
- instead of overwriting 'msg_type' and 'length' with 'body' data.
- [Bodo Moeller]
-
- *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
- [Massimo Santin via Richard Levitte]
-
- *) Major restructuring to the underlying ENGINE code. This includes
- reduction of linker bloat, separation of pure "ENGINE" manipulation
- (initialisation, etc) from functionality dealing with implementations
- of specific crypto iterfaces. This change also introduces integrated
- support for symmetric ciphers and digest implementations - so ENGINEs
- can now accelerate these by providing EVP_CIPHER and EVP_MD
- implementations of their own. This is detailed in crypto/engine/README
- as it couldn't be adequately described here. However, there are a few
- API changes worth noting - some RSA, DSA, DH, and RAND functions that
- were changed in the original introduction of ENGINE code have now
- reverted back - the hooking from this code to ENGINE is now a good
- deal more passive and at run-time, operations deal directly with
- RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
- dereferencing through an ENGINE pointer any more. Also, the ENGINE
- functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
- they were not being used by the framework as there is no concept of a
- BIGNUM_METHOD and they could not be generalised to the new
- 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
- ENGINE_cpy() has been removed as it cannot be consistently defined in
- the new code.
- [Geoff Thorpe]
-
- *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
- [Steve Henson]
-
- *) Change mkdef.pl to sort symbols that get the same entry number,
- and make sure the automatically generated functions ERR_load_*
- become part of libeay.num as well.
- [Richard Levitte]
-
- *) New function SSL_renegotiate_pending(). This returns true once
- renegotiation has been requested (either SSL_renegotiate() call
- or HelloRequest/ClientHello receveived from the peer) and becomes
- false once a handshake has been completed.
- (For servers, SSL_renegotiate() followed by SSL_do_handshake()
- sends a HelloRequest, but does not ensure that a handshake takes
- place. SSL_renegotiate_pending() is useful for checking if the
- client has followed the request.)
- [Bodo Moeller]
-
- *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
- By default, clients may request session resumption even during
- renegotiation (if session ID contexts permit); with this option,
- session resumption is possible only in the first handshake.
-
- SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
- more bits available for options that should not be part of
- SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
- [Bodo Moeller]
-
- *) Add some demos for certificate and certificate request creation.
- [Steve Henson]
-
- *) Make maximum certificate chain size accepted from the peer application
- settable (SSL*_get/set_max_cert_list()), as proposed by
- "Douglas E. Engert" <deengert@anl.gov>.
- [Lutz Jaenicke]
-
- *) Add support for shared libraries for Unixware-7
- (Boyd Lynn Gerber <gerberb@zenez.com>).
- [Lutz Jaenicke]
-
- *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
- be done prior to destruction. Use this to unload error strings from
- ENGINEs that load their own error strings. NB: This adds two new API
- functions to "get" and "set" this destroy handler in an ENGINE.
- [Geoff Thorpe]
-
- *) Alter all existing ENGINE implementations (except "openssl" and
- "openbsd") to dynamically instantiate their own error strings. This
- makes them more flexible to be built both as statically-linked ENGINEs
- and self-contained shared-libraries loadable via the "dynamic" ENGINE.
- Also, add stub code to each that makes building them as self-contained
- shared-libraries easier (see README.ENGINE).
- [Geoff Thorpe]
-
- *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
- implementations into applications that are completely implemented in
- self-contained shared-libraries. The "dynamic" ENGINE exposes control
- commands that can be used to configure what shared-library to load and
- to control aspects of the way it is handled. Also, made an update to
- the README.ENGINE file that brings its information up-to-date and
- provides some information and instructions on the "dynamic" ENGINE
- (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
- [Geoff Thorpe]
-
- *) Make it possible to unload ranges of ERR strings with a new
- "ERR_unload_strings" function.
- [Geoff Thorpe]
-
- *) Add a copy() function to EVP_MD.
- [Ben Laurie]
-
- *) Make EVP_MD routines take a context pointer instead of just the
- md_data void pointer.
- [Ben Laurie]
-
- *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
- that the digest can only process a single chunk of data
- (typically because it is provided by a piece of
- hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
- is only going to provide a single chunk of data, and hence the
- framework needn't accumulate the data for oneshot drivers.
- [Ben Laurie]
-
- *) As with "ERR", make it possible to replace the underlying "ex_data"
- functions. This change also alters the storage and management of global
- ex_data state - it's now all inside ex_data.c and all "class" code (eg.
- RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
- index counters. The API functions that use this state have been changed
- to take a "class_index" rather than pointers to the class's local STACK
- and counter, and there is now an API function to dynamically create new
- classes. This centralisation allows us to (a) plug a lot of the
- thread-safety problems that existed, and (b) makes it possible to clean
- up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
- such data would previously have always leaked in application code and
- workarounds were in place to make the memory debugging turn a blind eye
- to it. Application code that doesn't use this new function will still
- leak as before, but their memory debugging output will announce it now
- rather than letting it slide.
-
- Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
- induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
- has a return value to indicate success or failure.
- [Geoff Thorpe]
-
- *) Make it possible to replace the underlying "ERR" functions such that the
- global state (2 LHASH tables and 2 locks) is only used by the "default"
- implementation. This change also adds two functions to "get" and "set"
- the implementation prior to it being automatically set the first time
- any other ERR function takes place. Ie. an application can call "get",
- pass the return value to a module it has just loaded, and that module
- can call its own "set" function using that value. This means the
- module's "ERR" operations will use (and modify) the error state in the
- application and not in its own statically linked copy of OpenSSL code.
- [Geoff Thorpe]
-
- *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
- reference counts. This performs normal REF_PRINT/REF_CHECK macros on
- the operation, and provides a more encapsulated way for external code
- (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
- to use these functions rather than manually incrementing the counts.
-
- Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
- [Geoff Thorpe]
-
- *) Add EVP test program.
- [Ben Laurie]
-
- *) Add symmetric cipher support to ENGINE. Expect the API to change!
- [Ben Laurie]
-
- *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
- X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
- X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
- These allow a CRL to be built without having to access X509_CRL fields
- directly. Modify 'ca' application to use new functions.
- [Steve Henson]
-
- *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
- bug workarounds. Rollback attack detection is a security feature.
- The problem will only arise on OpenSSL servers when TLSv1 is not
- available (sslv3_server_method() or SSL_OP_NO_TLSv1).
- Software authors not wanting to support TLSv1 will have special reasons
- for their choice and can explicitly enable this option.
- [Bodo Moeller, Lutz Jaenicke]
-
- *) Rationalise EVP so it can be extended: don't include a union of
- cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
- (similar to those existing for EVP_CIPHER_CTX).
- Usage example:
-
- EVP_MD_CTX md;
-
- EVP_MD_CTX_init(&md); /* new function call */
- EVP_DigestInit(&md, EVP_sha1());
- EVP_DigestUpdate(&md, in, len);
- EVP_DigestFinal(&md, out, NULL);
- EVP_MD_CTX_cleanup(&md); /* new function call */
-
- [Ben Laurie]
-
- *) Make DES key schedule conform to the usual scheme, as well as
- correcting its structure. This means that calls to DES functions
- now have to pass a pointer to a des_key_schedule instead of a
- plain des_key_schedule (which was actually always a pointer
- anyway): E.g.,
-
- des_key_schedule ks;
-
- des_set_key_checked(..., &ks);
- des_ncbc_encrypt(..., &ks, ...);
-
- (Note that a later change renames 'des_...' into 'DES_...'.)
- [Ben Laurie]
-
- *) Initial reduction of linker bloat: the use of some functions, such as
- PEM causes large amounts of unused functions to be linked in due to
- poor organisation. For example pem_all.c contains every PEM function
- which has a knock on effect of linking in large amounts of (unused)
- ASN1 code. Grouping together similar functions and splitting unrelated
- functions prevents this.
- [Steve Henson]
-
- *) Cleanup of EVP macros.
- [Ben Laurie]
-
- *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
- correct _ecb suffix.
- [Ben Laurie]
-
- *) Add initial OCSP responder support to ocsp application. The
- revocation information is handled using the text based index
- use by the ca application. The responder can either handle
- requests generated internally, supplied in files (for example
- via a CGI script) or using an internal minimal server.
- [Steve Henson]
-
- *) Add configuration choices to get zlib compression for TLS.
- [Richard Levitte]
-
- *) Changes to Kerberos SSL for RFC 2712 compliance:
- 1. Implemented real KerberosWrapper, instead of just using
- KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
- 2. Implemented optional authenticator field of KerberosWrapper.
-
- Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
- and authenticator structs; see crypto/krb5/.
-
- Generalized Kerberos calls to support multiple Kerberos libraries.
- [Vern Staats <staatsvr@asc.hpc.mil>,
- Jeffrey Altman <jaltman@columbia.edu>
- via Richard Levitte]
-
- *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
- already does with RSA. testdsa.h now has 'priv_key/pub_key'
- values for each of the key sizes rather than having just
- parameters (and 'speed' generating keys each time).
- [Geoff Thorpe]
-
- *) Speed up EVP routines.
- Before:
-encrypt
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
-des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
-des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
-decrypt
-des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
-des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
-des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
- After:
-encrypt
-des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
-decrypt
-des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
- [Ben Laurie]
-
- *) Added the OS2-EMX target.
- ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
-
- *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
- to support NCONF routines in extension code. New function CONF_set_nconf()
- to allow functions which take an NCONF to also handle the old LHASH
- structure: this means that the old CONF compatible routines can be
- retained (in particular wrt extensions) without having to duplicate the
- code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
- [Steve Henson]
-
- *) Enhance the general user interface with mechanisms for inner control
- and with possibilities to have yes/no kind of prompts.
- [Richard Levitte]
-
- *) Change all calls to low level digest routines in the library and
- applications to use EVP. Add missing calls to HMAC_cleanup() and
- don't assume HMAC_CTX can be copied using memcpy().
- [Verdon Walker <VWalker@novell.com>, Steve Henson]
-
- *) Add the possibility to control engines through control names but with
- arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
- function pointer. NOTE: this breaks binary compatibility with earlier
- versions of OpenSSL [engine].
- Adapt the nCipher code for these new conditions and add a card insertion
- callback.
- [Richard Levitte]
-
- *) Enhance the general user interface with mechanisms to better support
- dialog box interfaces, application-defined prompts, the possibility
- to use defaults (for example default passwords from somewhere else)
- and interrupts/cancellations.
- [Richard Levitte]
-
- *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
- attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
- [Steve Henson]
-
- *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
- tidy up some unnecessarily weird code in 'sk_new()').
- [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
-
- *) Change the key loading routines for ENGINEs to use the same kind
- callback (pem_password_cb) as all other routines that need this
- kind of callback.
- [Richard Levitte]
-
- *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
- 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
- than this minimum value is recommended.
- [Lutz Jaenicke]
-
- *) New random seeder for OpenVMS, using the system process statistics
- that are easily reachable.
- [Richard Levitte]
-
- *) Windows apparently can't transparently handle global
- variables defined in DLLs. Initialisations such as:
-
- const ASN1_ITEM *it = &ASN1_INTEGER_it;
-
- wont compile. This is used by the any applications that need to
- declare their own ASN1 modules. This was fixed by adding the option
- EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
- needed for static libraries under Win32.
- [Steve Henson]
-
- *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
- setting of purpose and trust fields. New X509_STORE trust and
- purpose functions and tidy up setting in other SSL functions.
- [Steve Henson]
-
- *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
- structure. These are inherited by X509_STORE_CTX when it is
- initialised. This allows various defaults to be set in the
- X509_STORE structure (such as flags for CRL checking and custom
- purpose or trust settings) for functions which only use X509_STORE_CTX
- internally such as S/MIME.
-
- Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
- trust settings if they are not set in X509_STORE. This allows X509_STORE
- purposes and trust (in S/MIME for example) to override any set by default.
-
- Add command line options for CRL checking to smime, s_client and s_server
- applications.
- [Steve Henson]
-
- *) Initial CRL based revocation checking. If the CRL checking flag(s)
- are set then the CRL is looked up in the X509_STORE structure and
- its validity and signature checked, then if the certificate is found
- in the CRL the verify fails with a revoked error.
-
- Various new CRL related callbacks added to X509_STORE_CTX structure.
-
- Command line options added to 'verify' application to support this.
-
- This needs some additional work, such as being able to handle multiple
- CRLs with different times, extension based lookup (rather than just
- by subject name) and ultimately more complete V2 CRL extension
- handling.
- [Steve Henson]
-
- *) Add a general user interface API (crypto/ui/). This is designed
- to replace things like des_read_password and friends (backward
- compatibility functions using this new API are provided).
- The purpose is to remove prompting functions from the DES code
- section as well as provide for prompting through dialog boxes in
- a window system and the like.
- [Richard Levitte]
-
- *) Add "ex_data" support to ENGINE so implementations can add state at a
- per-structure level rather than having to store it globally.
- [Geoff]
-
- *) Make it possible for ENGINE structures to be copied when retrieved by
- ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
- This causes the "original" ENGINE structure to act like a template,
- analogous to the RSA vs. RSA_METHOD type of separation. Because of this
- operational state can be localised to each ENGINE structure, despite the
- fact they all share the same "methods". New ENGINE structures returned in
- this case have no functional references and the return value is the single
- structural reference. This matches the single structural reference returned
- by ENGINE_by_id() normally, when it is incremented on the pre-existing
- ENGINE structure.
- [Geoff]
-
- *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
- needs to match any other type at all we need to manually clear the
- tag cache.
- [Steve Henson]
-
- *) Changes to the "openssl engine" utility to include;
- - verbosity levels ('-v', '-vv', and '-vvv') that provide information
- about an ENGINE's available control commands.
- - executing control commands from command line arguments using the
- '-pre' and '-post' switches. '-post' is only used if '-t' is
- specified and the ENGINE is successfully initialised. The syntax for
- the individual commands are colon-separated, for example;
- openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
- [Geoff]
-
- *) New dynamic control command support for ENGINEs. ENGINEs can now
- declare their own commands (numbers), names (strings), descriptions,
- and input types for run-time discovery by calling applications. A
- subset of these commands are implicitly classed as "executable"
- depending on their input type, and only these can be invoked through
- the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
- can be based on user input, config files, etc). The distinction is
- that "executable" commands cannot return anything other than a boolean
- result and can only support numeric or string input, whereas some
- discoverable commands may only be for direct use through
- ENGINE_ctrl(), eg. supporting the exchange of binary data, function
- pointers, or other custom uses. The "executable" commands are to
- support parameterisations of ENGINE behaviour that can be
- unambiguously defined by ENGINEs and used consistently across any
- OpenSSL-based application. Commands have been added to all the
- existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
- control over shared-library paths without source code alterations.
- [Geoff]
-
- *) Changed all ENGINE implementations to dynamically allocate their
- ENGINEs rather than declaring them statically. Apart from this being
- necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
- this also allows the implementations to compile without using the
- internal engine_int.h header.
- [Geoff]
-
- *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
- 'const' value. Any code that should be able to modify a RAND_METHOD
- should already have non-const pointers to it (ie. they should only
- modify their own ones).
- [Geoff]
-
- *) Made a variety of little tweaks to the ENGINE code.
- - "atalla" and "ubsec" string definitions were moved from header files
- to C code. "nuron" string definitions were placed in variables
- rather than hard-coded - allowing parameterisation of these values
- later on via ctrl() commands.
- - Removed unused "#if 0"'d code.
- - Fixed engine list iteration code so it uses ENGINE_free() to release
- structural references.
- - Constified the RAND_METHOD element of ENGINE structures.
- - Constified various get/set functions as appropriate and added
- missing functions (including a catch-all ENGINE_cpy that duplicates
- all ENGINE values onto a new ENGINE except reference counts/state).
- - Removed NULL parameter checks in get/set functions. Setting a method
- or function to NULL is a way of cancelling out a previously set
- value. Passing a NULL ENGINE parameter is just plain stupid anyway
- and doesn't justify the extra error symbols and code.
- - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
- flags from engine_int.h to engine.h.
- - Changed prototypes for ENGINE handler functions (init(), finish(),
- ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
- [Geoff]
-
- *) Implement binary inversion algorithm for BN_mod_inverse in addition
- to the algorithm using long division. The binary algorithm can be
- used only if the modulus is odd. On 32-bit systems, it is faster
- only for relatively small moduli (roughly 20-30% for 128-bit moduli,
- roughly 5-15% for 256-bit moduli), so we use it only for moduli
- up to 450 bits. In 64-bit environments, the binary algorithm
- appears to be advantageous for much longer moduli; here we use it
- for moduli up to 2048 bits.
- [Bodo Moeller]
-
- *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
- could not support the combine flag in choice fields.
- [Steve Henson]
-
- *) Add a 'copy_extensions' option to the 'ca' utility. This copies
- extensions from a certificate request to the certificate.
- [Steve Henson]
-
- *) Allow multiple 'certopt' and 'nameopt' options to be separated
- by commas. Add 'namopt' and 'certopt' options to the 'ca' config
- file: this allows the display of the certificate about to be
- signed to be customised, to allow certain fields to be included
- or excluded and extension details. The old system didn't display
- multicharacter strings properly, omitted fields not in the policy
- and couldn't display additional details such as extensions.
- [Steve Henson]
-
- *) Function EC_POINTs_mul for multiple scalar multiplication
- of an arbitrary number of elliptic curve points
- \sum scalars[i]*points[i],
- optionally including the generator defined for the EC_GROUP:
- scalar*generator + \sum scalars[i]*points[i].
-
- EC_POINT_mul is a simple wrapper function for the typical case
- that the point list has just one item (besides the optional
- generator).
- [Bodo Moeller]
-
- *) First EC_METHODs for curves over GF(p):
-
- EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
- operations and provides various method functions that can also
- operate with faster implementations of modular arithmetic.
-
- EC_GFp_mont_method() reuses most functions that are part of
- EC_GFp_simple_method, but uses Montgomery arithmetic.
-
- [Bodo Moeller; point addition and point doubling
- implementation directly derived from source code provided by
- Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
-
- *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
- crypto/ec/ec_lib.c):
-
- Curves are EC_GROUP objects (with an optional group generator)
- based on EC_METHODs that are built into the library.
-
- Points are EC_POINT objects based on EC_GROUP objects.
-
- Most of the framework would be able to handle curves over arbitrary
- finite fields, but as there are no obvious types for fields other
- than GF(p), some functions are limited to that for now.
- [Bodo Moeller]
-
- *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
- that the file contains a complete HTTP response.
- [Richard Levitte]
-
- *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
- change the def and num file printf format specifier from "%-40sXXX"
- to "%-39s XXX". The latter will always guarantee a space after the
- field while the former will cause them to run together if the field
- is 40 of more characters long.
- [Steve Henson]
-
- *) Constify the cipher and digest 'method' functions and structures
- and modify related functions to take constant EVP_MD and EVP_CIPHER
- pointers.
- [Steve Henson]
-
- *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
- in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
- [Bodo Moeller]
-
- *) Modify EVP_Digest*() routines so they now return values. Although the
- internal software routines can never fail additional hardware versions
- might.
- [Steve Henson]
-
- *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
-
- Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
- (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
-
- ASN1 error codes
- ERR_R_NESTED_ASN1_ERROR
- ...
- ERR_R_MISSING_ASN1_EOS
- were 4 .. 9, conflicting with
- ERR_LIB_RSA (= ERR_R_RSA_LIB)
- ...
- ERR_LIB_PEM (= ERR_R_PEM_LIB).
- They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
-
- Add new error code 'ERR_R_INTERNAL_ERROR'.
- [Bodo Moeller]
-
- *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
- suffices.
- [Bodo Moeller]
-
- *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
- sets the subject name for a new request or supersedes the
- subject name in a given request. Formats that can be parsed are
- 'CN=Some Name, OU=myOU, C=IT'
- and
- 'CN=Some Name/OU=myOU/C=IT'.
-
- Add options '-batch' and '-verbose' to 'openssl req'.
- [Massimiliano Pala <madwolf@hackmasters.net>]
-
- *) Introduce the possibility to access global variables through
- functions on platform were that's the best way to handle exporting
- global variables in shared libraries. To enable this functionality,
- one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
- "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
- is normally done by Configure or something similar).
-
- To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
- in the source file (foo.c) like this:
-
- OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
- OPENSSL_IMPLEMENT_GLOBAL(double,bar);
-
- To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
- and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
-
- OPENSSL_DECLARE_GLOBAL(int,foo);
- #define foo OPENSSL_GLOBAL_REF(foo)
- OPENSSL_DECLARE_GLOBAL(double,bar);
- #define bar OPENSSL_GLOBAL_REF(bar)
-
- The #defines are very important, and therefore so is including the
- header file everywhere where the defined globals are used.
-
- The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
- of ASN.1 items, but that structure is a bit different.
-
- The largest change is in util/mkdef.pl which has been enhanced with
- better and easier to understand logic to choose which symbols should
- go into the Windows .def files as well as a number of fixes and code
- cleanup (among others, algorithm keywords are now sorted
- lexicographically to avoid constant rewrites).
- [Richard Levitte]
-
- *) In BN_div() keep a copy of the sign of 'num' before writing the
- result to 'rm' because if rm==num the value will be overwritten
- and produce the wrong result if 'num' is negative: this caused
- problems with BN_mod() and BN_nnmod().
- [Steve Henson]
-
- *) Function OCSP_request_verify(). This checks the signature on an
- OCSP request and verifies the signer certificate. The signer
- certificate is just checked for a generic purpose and OCSP request
- trust settings.
- [Steve Henson]
-
- *) Add OCSP_check_validity() function to check the validity of OCSP
- responses. OCSP responses are prepared in real time and may only
- be a few seconds old. Simply checking that the current time lies
- between thisUpdate and nextUpdate max reject otherwise valid responses
- caused by either OCSP responder or client clock inaccuracy. Instead
- we allow thisUpdate and nextUpdate to fall within a certain period of
- the current time. The age of the response can also optionally be
- checked. Two new options -validity_period and -status_age added to
- ocsp utility.
- [Steve Henson]
-
- *) If signature or public key algorithm is unrecognized print out its
- OID rather that just UNKNOWN.
- [Steve Henson]
-
- *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
- OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
- ID to be generated from the issuer certificate alone which can then be
- passed to OCSP_id_issuer_cmp().
- [Steve Henson]
-
- *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
- ASN1 modules to export functions returning ASN1_ITEM pointers
- instead of the ASN1_ITEM structures themselves. This adds several
- new macros which allow the underlying ASN1 function/structure to
- be accessed transparently. As a result code should not use ASN1_ITEM
- references directly (such as &X509_it) but instead use the relevant
- macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
- use of the new ASN1 code on platforms where exporting structures
- is problematical (for example in shared libraries) but exporting
- functions returning pointers to structures is not.
- [Steve Henson]
-
- *) Add support for overriding the generation of SSL/TLS session IDs.
- These callbacks can be registered either in an SSL_CTX or per SSL.
- The purpose of this is to allow applications to control, if they wish,
- the arbitrary values chosen for use as session IDs, particularly as it
- can be useful for session caching in multiple-server environments. A
- command-line switch for testing this (and any client code that wishes
- to use such a feature) has been added to "s_server".
- [Geoff Thorpe, Lutz Jaenicke]
-
- *) Modify mkdef.pl to recognise and parse preprocessor conditionals
- of the form '#if defined(...) || defined(...) || ...' and
- '#if !defined(...) && !defined(...) && ...'. This also avoids
- the growing number of special cases it was previously handling.
- [Richard Levitte]
-
- *) Make all configuration macros available for application by making
- sure they are available in opensslconf.h, by giving them names starting
- with "OPENSSL_" to avoid conflicts with other packages and by making
- sure e_os2.h will cover all platform-specific cases together with
- opensslconf.h.
- Additionally, it is now possible to define configuration/platform-
- specific names (called "system identities"). In the C code, these
- are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
- macro with the name beginning with "OPENSSL_SYS_", which is determined
- from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
- what is available.
- [Richard Levitte]
-
- *) New option -set_serial to 'req' and 'x509' this allows the serial
- number to use to be specified on the command line. Previously self
- signed certificates were hard coded with serial number 0 and the
- CA options of 'x509' had to use a serial number in a file which was
- auto incremented.
- [Steve Henson]
-
- *) New options to 'ca' utility to support V2 CRL entry extensions.
- Currently CRL reason, invalidity date and hold instruction are
- supported. Add new CRL extensions to V3 code and some new objects.
- [Steve Henson]
-
- *) New function EVP_CIPHER_CTX_set_padding() this is used to
- disable standard block padding (aka PKCS#5 padding) in the EVP
- API, which was previously mandatory. This means that the data is
- not padded in any way and so the total length much be a multiple
- of the block size, otherwise an error occurs.
- [Steve Henson]
-
- *) Initial (incomplete) OCSP SSL support.
- [Steve Henson]
-
- *) New function OCSP_parse_url(). This splits up a URL into its host,
- port and path components: primarily to parse OCSP URLs. New -url
- option to ocsp utility.
- [Steve Henson]
-
- *) New nonce behavior. The return value of OCSP_check_nonce() now
- reflects the various checks performed. Applications can decide
- whether to tolerate certain situations such as an absent nonce
- in a response when one was present in a request: the ocsp application
- just prints out a warning. New function OCSP_add1_basic_nonce()
- this is to allow responders to include a nonce in a response even if
- the request is nonce-less.
- [Steve Henson]
-
- *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
- skipped when using openssl x509 multiple times on a single input file,
- e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
- [Bodo Moeller]
-
- *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
- set string type: to handle setting ASN1_TIME structures. Fix ca
- utility to correctly initialize revocation date of CRLs.
- [Steve Henson]
-
- *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
- the clients preferred ciphersuites and rather use its own preferences.
- Should help to work around M$ SGC (Server Gated Cryptography) bug in
- Internet Explorer by ensuring unchanged hash method during stepup.
- (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
- [Lutz Jaenicke]
-
- *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
- to aes and add a new 'exist' option to print out symbols that don't
- appear to exist.
- [Steve Henson]
-
- *) Additional options to ocsp utility to allow flags to be set and
- additional certificates supplied.
- [Steve Henson]
-
- *) Add the option -VAfile to 'openssl ocsp', so the user can give the
- OCSP client a number of certificate to only verify the response
- signature against.
- [Richard Levitte]
-
- *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
- handle the new API. Currently only ECB, CBC modes supported. Add new
- AES OIDs.
-
- Add TLS AES ciphersuites as described in RFC3268, "Advanced
- Encryption Standard (AES) Ciphersuites for Transport Layer
- Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
- not enabled by default and were not part of the "ALL" ciphersuite
- alias because they were not yet official; they could be
- explicitly requested by specifying the "AESdraft" ciphersuite
- group alias. In the final release of OpenSSL 0.9.7, the group
- alias is called "AES" and is part of "ALL".)
- [Ben Laurie, Steve Henson, Bodo Moeller]
-
- *) New function OCSP_copy_nonce() to copy nonce value (if present) from
- request to response.
- [Steve Henson]
-
- *) Functions for OCSP responders. OCSP_request_onereq_count(),
- OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
- extract information from a certificate request. OCSP_response_create()
- creates a response and optionally adds a basic response structure.
- OCSP_basic_add1_status() adds a complete single response to a basic
- response and returns the OCSP_SINGLERESP structure just added (to allow
- extensions to be included for example). OCSP_basic_add1_cert() adds a
- certificate to a basic response and OCSP_basic_sign() signs a basic
- response with various flags. New helper functions ASN1_TIME_check()
- (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
- (converts ASN1_TIME to GeneralizedTime).
- [Steve Henson]
-
- *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
- in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
- structure from a certificate. X509_pubkey_digest() digests the public_key
- contents: this is used in various key identifiers.
- [Steve Henson]
-
- *) Make sk_sort() tolerate a NULL argument.
- [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
- passed by the function are trusted implicitly. If any of them signed the
- response then it is assumed to be valid and is not verified.
- [Steve Henson]
-
- *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
- to data. This was previously part of the PKCS7 ASN1 code. This
- was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
- [Steve Henson, reported by Kenneth R. Robinette
- <support@securenetterm.com>]
-
- *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
- routines: without these tracing memory leaks is very painful.
- Fix leaks in PKCS12 and PKCS7 routines.
- [Steve Henson]
-
- *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
- Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
- effectively meant GeneralizedTime would never be used. Now it
- is initialised to -1 but X509_time_adj() now has to check the value
- and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
- V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
- [Steve Henson, reported by Kenneth R. Robinette
- <support@securenetterm.com>]
-
- *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
- result in a zero length in the ASN1_INTEGER structure which was
- not consistent with the structure when d2i_ASN1_INTEGER() was used
- and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
- to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
- where it did not print out a minus for negative ASN1_INTEGER.
- [Steve Henson]
-
- *) Add summary printout to ocsp utility. The various functions which
- convert status values to strings have been renamed to:
- OCSP_response_status_str(), OCSP_cert_status_str() and
- OCSP_crl_reason_str() and are no longer static. New options
- to verify nonce values and to disable verification. OCSP response
- printout format cleaned up.
- [Steve Henson]
-
- *) Add additional OCSP certificate checks. These are those specified
- in RFC2560. This consists of two separate checks: the CA of the
- certificate being checked must either be the OCSP signer certificate
- or the issuer of the OCSP signer certificate. In the latter case the
- OCSP signer certificate must contain the OCSP signing extended key
- usage. This check is performed by attempting to match the OCSP
- signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
- in the OCSP_CERTID structures of the response.
- [Steve Henson]
-
- *) Initial OCSP certificate verification added to OCSP_basic_verify()
- and related routines. This uses the standard OpenSSL certificate
- verify routines to perform initial checks (just CA validity) and
- to obtain the certificate chain. Then additional checks will be
- performed on the chain. Currently the root CA is checked to see
- if it is explicitly trusted for OCSP signing. This is used to set
- a root CA as a global signing root: that is any certificate that
- chains to that CA is an acceptable OCSP signing certificate.
- [Steve Henson]
-
- *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
- extensions from a separate configuration file.
- As when reading extensions from the main configuration file,
- the '-extensions ...' option may be used for specifying the
- section to use.
- [Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New OCSP utility. Allows OCSP requests to be generated or
- read. The request can be sent to a responder and the output
- parsed, outputed or printed in text form. Not complete yet:
- still needs to check the OCSP response validity.
-