aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Murray <markm@FreeBSD.org>2003-01-28 21:43:22 +0000
committerMark Murray <markm@FreeBSD.org>2003-01-28 21:43:22 +0000
commit5c87c606cde085944937b11c908b8c1232fef219 (patch)
tree610a51c6e3965764fb0f1629c1376e2d23afffe8
parent499810c08ee876c1599350a393834891c504b1b9 (diff)
downloadsrc-5c87c606cde085944937b11c908b8c1232fef219.tar.gz
src-5c87c606cde085944937b11c908b8c1232fef219.zip
Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=109998
-rw-r--r--crypto/openssl/CHANGES1895
-rwxr-xr-xcrypto/openssl/Configure734
-rw-r--r--crypto/openssl/FAQ90
-rw-r--r--crypto/openssl/INSTALL33
-rw-r--r--crypto/openssl/Makefile.org224
-rw-r--r--crypto/openssl/Makefile.ssl236
-rw-r--r--crypto/openssl/NEWS60
-rw-r--r--crypto/openssl/PROBLEMS32
-rw-r--r--crypto/openssl/README4
-rw-r--r--crypto/openssl/README.ASN1187
-rw-r--r--crypto/openssl/README.ENGINE302
-rwxr-xr-xcrypto/openssl/apps/CA.pl11
-rw-r--r--crypto/openssl/apps/CA.pl.in11
-rw-r--r--crypto/openssl/apps/Makefile.ssl1276
-rw-r--r--crypto/openssl/apps/app_rand.c21
-rw-r--r--crypto/openssl/apps/apps.c756
-rw-r--r--crypto/openssl/apps/apps.h150
-rw-r--r--crypto/openssl/apps/asn1pars.c8
-rw-r--r--crypto/openssl/apps/ca.c1691
-rw-r--r--crypto/openssl/apps/ciphers.c23
-rw-r--r--crypto/openssl/apps/crl.c31
-rw-r--r--crypto/openssl/apps/crl2p7.c8
-rw-r--r--crypto/openssl/apps/dgst.c117
-rw-r--r--crypto/openssl/apps/dh.c22
-rw-r--r--crypto/openssl/apps/dhparam.c37
-rw-r--r--crypto/openssl/apps/dsa.c31
-rw-r--r--crypto/openssl/apps/dsaparam.c21
-rw-r--r--crypto/openssl/apps/enc.c146
-rw-r--r--crypto/openssl/apps/engine.c520
-rw-r--r--crypto/openssl/apps/errstr.c5
-rw-r--r--crypto/openssl/apps/gendh.c26
-rw-r--r--crypto/openssl/apps/gendsa.c42
-rw-r--r--crypto/openssl/apps/genrsa.c54
-rw-r--r--crypto/openssl/apps/nseq.c8
-rw-r--r--crypto/openssl/apps/ocsp.c1228
-rw-r--r--crypto/openssl/apps/openssl.c221
-rw-r--r--crypto/openssl/apps/openssl.cnf13
-rw-r--r--crypto/openssl/apps/passwd.c93
-rw-r--r--crypto/openssl/apps/pkcs12.c113
-rw-r--r--crypto/openssl/apps/pkcs7.c18
-rw-r--r--crypto/openssl/apps/pkcs8.c46
-rw-r--r--crypto/openssl/apps/progs.h154
-rw-r--r--crypto/openssl/apps/progs.pl30
-rw-r--r--crypto/openssl/apps/rand.c79
-rw-r--r--crypto/openssl/apps/req.c600
-rw-r--r--crypto/openssl/apps/rsa.c120
-rw-r--r--crypto/openssl/apps/rsautl.c30
-rw-r--r--crypto/openssl/apps/s_apps.h67
-rw-r--r--crypto/openssl/apps/s_cb.c317
-rw-r--r--crypto/openssl/apps/s_client.c202
-rw-r--r--crypto/openssl/apps/s_server.c286
-rw-r--r--crypto/openssl/apps/s_socket.c71
-rw-r--r--crypto/openssl/apps/s_time.c76
-rw-r--r--crypto/openssl/apps/sess_id.c7
-rw-r--r--crypto/openssl/apps/smime.c125
-rw-r--r--crypto/openssl/apps/speed.c1125
-rw-r--r--crypto/openssl/apps/spkac.c47
-rw-r--r--crypto/openssl/apps/testdsa.h72
-rw-r--r--crypto/openssl/apps/verify.c77
-rw-r--r--crypto/openssl/apps/version.c90
-rw-r--r--crypto/openssl/apps/winrand.c1
-rw-r--r--crypto/openssl/apps/x509.c208
-rw-r--r--crypto/openssl/bugs/stream.c2
-rw-r--r--crypto/openssl/certs/RegTP-4R.pem19
-rw-r--r--crypto/openssl/certs/RegTP-5R.pem19
-rw-r--r--crypto/openssl/certs/RegTP-6R.pem19
-rwxr-xr-xcrypto/openssl/config233
-rw-r--r--crypto/openssl/crypto/Makefile.ssl143
-rw-r--r--crypto/openssl/crypto/aes/Makefile.ssl103
-rw-r--r--crypto/openssl/crypto/aes/README3
-rw-r--r--crypto/openssl/crypto/aes/aes.h112
-rw-r--r--crypto/openssl/crypto/aes/aes_cbc.c111
-rw-r--r--crypto/openssl/crypto/aes/aes_cfb.c157
-rw-r--r--crypto/openssl/crypto/aes/aes_core.c1257
-rw-r--r--crypto/openssl/crypto/aes/aes_ctr.c128
-rw-r--r--crypto/openssl/crypto/aes/aes_ecb.c73
-rw-r--r--crypto/openssl/crypto/aes/aes_locl.h85
-rw-r--r--crypto/openssl/crypto/aes/aes_misc.c64
-rw-r--r--crypto/openssl/crypto/aes/aes_ofb.c142
-rw-r--r--crypto/openssl/crypto/asn1/Makefile.ssl1757
-rw-r--r--crypto/openssl/crypto/asn1/a_bitstr.c62
-rw-r--r--crypto/openssl/crypto/asn1/a_bool.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_bytes.c17
-rw-r--r--crypto/openssl/crypto/asn1/a_d2i_fp.c93
-rw-r--r--crypto/openssl/crypto/asn1/a_digest.c24
-rw-r--r--crypto/openssl/crypto/asn1/a_dup.c28
-rw-r--r--crypto/openssl/crypto/asn1/a_enum.c61
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c35
-rw-r--r--crypto/openssl/crypto/asn1/a_i2d_fp.c54
-rw-r--r--crypto/openssl/crypto/asn1/a_int.c66
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_octet.c24
-rw-r--r--crypto/openssl/crypto/asn1/a_print.c70
-rw-r--r--crypto/openssl/crypto/asn1/a_set.c3
-rw-r--r--crypto/openssl/crypto/asn1/a_sign.c94
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c61
-rw-r--r--crypto/openssl/crypto/asn1/a_strnid.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c79
-rw-r--r--crypto/openssl/crypto/asn1/a_type.c277
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c73
-rw-r--r--crypto/openssl/crypto/asn1/a_utf8.c27
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c60
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h766
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c206
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c2
-rw-r--r--crypto/openssl/crypto/asn1/asn1_mac.h35
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c7
-rw-r--r--crypto/openssl/crypto/asn1/asn1t.h846
-rw-r--r--crypto/openssl/crypto/asn1/asn_moid.c95
-rw-r--r--crypto/openssl/crypto/asn1/asn_pack.c48
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pr.c16
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pu.c16
-rw-r--r--crypto/openssl/crypto/asn1/f_int.c11
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pr.c10
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pu.c10
-rw-r--r--crypto/openssl/crypto/asn1/n_pkey.c313
-rw-r--r--crypto/openssl/crypto/asn1/nsseq.c64
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbe.c47
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbev2.c111
-rw-r--r--crypto/openssl/crypto/asn1/p8_pkey.c79
-rw-r--r--crypto/openssl/crypto/asn1/t_crl.c56
-rw-r--r--crypto/openssl/crypto/asn1/t_pkey.c78
-rw-r--r--crypto/openssl/crypto/asn1/t_req.c288
-rw-r--r--crypto/openssl/crypto/asn1/t_spki.c6
-rw-r--r--crypto/openssl/crypto/asn1/t_x509.c304
-rw-r--r--crypto/openssl/crypto/asn1/t_x509a.c6
-rw-r--r--crypto/openssl/crypto/asn1/tasn_dec.c958
-rw-r--r--crypto/openssl/crypto/asn1/tasn_enc.c497
-rw-r--r--crypto/openssl/crypto/asn1/tasn_fre.c229
-rw-r--r--crypto/openssl/crypto/asn1/tasn_new.c351
-rw-r--r--crypto/openssl/crypto/asn1/tasn_prn.c198
-rw-r--r--crypto/openssl/crypto/asn1/tasn_typ.c133
-rw-r--r--crypto/openssl/crypto/asn1/tasn_utl.c253
-rw-r--r--crypto/openssl/crypto/asn1/x_algor.c165
-rw-r--r--crypto/openssl/crypto/asn1/x_attrib.c111
-rw-r--r--crypto/openssl/crypto/asn1/x_bignum.c137
-rw-r--r--crypto/openssl/crypto/asn1/x_crl.c330
-rw-r--r--crypto/openssl/crypto/asn1/x_exten.c190
-rw-r--r--crypto/openssl/crypto/asn1/x_info.c2
-rw-r--r--crypto/openssl/crypto/asn1/x_long.c163
-rw-r--r--crypto/openssl/crypto/asn1/x_name.c343
-rw-r--r--crypto/openssl/crypto/asn1/x_pubkey.c88
-rw-r--r--crypto/openssl/crypto/asn1/x_req.c231
-rw-r--r--crypto/openssl/crypto/asn1/x_sig.c53
-rw-r--r--crypto/openssl/crypto/asn1/x_spki.c109
-rw-r--r--crypto/openssl/crypto/asn1/x_val.c52
-rw-r--r--crypto/openssl/crypto/asn1/x_x509.c155
-rw-r--r--crypto/openssl/crypto/asn1/x_x509a.c75
-rw-r--r--crypto/openssl/crypto/bf/Makefile.ssl29
-rw-r--r--crypto/openssl/crypto/bf/bf_opts.c6
-rw-r--r--crypto/openssl/crypto/bf/bf_skey.c2
-rw-r--r--crypto/openssl/crypto/bf/bfspeed.c6
-rw-r--r--crypto/openssl/crypto/bf/bftest.c12
-rw-r--r--crypto/openssl/crypto/bf/blowfish.h8
-rw-r--r--crypto/openssl/crypto/bio/Makefile.ssl176
-rw-r--r--crypto/openssl/crypto/bio/b_print.c14
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c38
-rw-r--r--crypto/openssl/crypto/bio/bf_buff.c3
-rw-r--r--crypto/openssl/crypto/bio/bf_nbio.c1
-rw-r--r--crypto/openssl/crypto/bio/bf_null.c1
-rw-r--r--crypto/openssl/crypto/bio/bio.h29
-rw-r--r--crypto/openssl/crypto/bio/bio_cb.c2
-rw-r--r--crypto/openssl/crypto/bio/bio_err.c6
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c31
-rw-r--r--crypto/openssl/crypto/bio/bss_acpt.c18
-rw-r--r--crypto/openssl/crypto/bio/bss_bio.c11
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c19
-rw-r--r--crypto/openssl/crypto/bio/bss_fd.c226
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c24
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c28
-rw-r--r--crypto/openssl/crypto/bio/bss_mem.c8
-rw-r--r--crypto/openssl/crypto/bio/bss_sock.c137
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl280
-rw-r--r--crypto/openssl/crypto/bn/asm/README4
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-586.pl213
-rw-r--r--crypto/openssl/crypto/bn/asm/x86_64-gcc.c575
-rw-r--r--crypto/openssl/crypto/bn/bn.h173
-rw-r--r--crypto/openssl/crypto/bn/bn_add.c12
-rw-r--r--crypto/openssl/crypto/bn/bn_asm.c22
-rw-r--r--crypto/openssl/crypto/bn/bn_ctx.c13
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c92
-rw-r--r--crypto/openssl/crypto/bn/bn_err.c11
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c352
-rw-r--r--crypto/openssl/crypto/bn/bn_exp2.c27
-rw-r--r--crypto/openssl/crypto/bn/bn_gcd.c338
-rw-r--r--crypto/openssl/crypto/bn/bn_kron.c182
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h61
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c346
-rw-r--r--crypto/openssl/crypto/bn/bn_mod.c296
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c63
-rw-r--r--crypto/openssl/crypto/bn/bn_mpi.c2
-rw-r--r--crypto/openssl/crypto/bn/bn_mul.c14
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.c19
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c6
-rw-r--r--crypto/openssl/crypto/bn/bn_rand.c3
-rw-r--r--crypto/openssl/crypto/bn/bn_recp.c48
-rw-r--r--crypto/openssl/crypto/bn/bn_shift.c8
-rw-r--r--crypto/openssl/crypto/bn/bn_sqr.c16
-rw-r--r--crypto/openssl/crypto/bn/bn_sqrt.c387
-rw-r--r--crypto/openssl/crypto/bn/bn_word.c5
-rw-r--r--crypto/openssl/crypto/bn/bnspeed.c4
-rw-r--r--crypto/openssl/crypto/bn/bntest.c273
-rw-r--r--crypto/openssl/crypto/bn/divtest.c6
-rw-r--r--crypto/openssl/crypto/bn/expspeed.c176
-rw-r--r--crypto/openssl/crypto/bn/exptest.c21
-rw-r--r--crypto/openssl/crypto/buffer/Makefile.ssl23
-rw-r--r--crypto/openssl/crypto/buffer/buf_err.c4
-rw-r--r--crypto/openssl/crypto/buffer/buffer.c58
-rw-r--r--crypto/openssl/crypto/buffer/buffer.h9
-rw-r--r--crypto/openssl/crypto/cast/Makefile.ssl28
-rw-r--r--crypto/openssl/crypto/cast/cast.h2
-rw-r--r--crypto/openssl/crypto/cast/cast_lcl.h12
-rw-r--r--crypto/openssl/crypto/cast/cast_spd.c6
-rw-r--r--crypto/openssl/crypto/cast/castopts.c6
-rw-r--r--crypto/openssl/crypto/cast/casttest.c6
-rw-r--r--crypto/openssl/crypto/comp/Makefile.ssl47
-rw-r--r--crypto/openssl/crypto/comp/c_rle.c1
-rw-r--r--crypto/openssl/crypto/comp/c_zlib.c141
-rw-r--r--crypto/openssl/crypto/comp/comp.h2
-rw-r--r--crypto/openssl/crypto/comp/comp_err.c4
-rw-r--r--crypto/openssl/crypto/conf/Makefile.ssl115
-rw-r--r--crypto/openssl/crypto/conf/README78
-rw-r--r--crypto/openssl/crypto/conf/cnf_save.c7
-rw-r--r--crypto/openssl/crypto/conf/conf.h109
-rw-r--r--crypto/openssl/crypto/conf/conf_api.c50
-rw-r--r--crypto/openssl/crypto/conf/conf_api.h12
-rw-r--r--crypto/openssl/crypto/conf/conf_def.c80
-rw-r--r--crypto/openssl/crypto/conf/conf_err.c18
-rw-r--r--crypto/openssl/crypto/conf/conf_lib.c159
-rw-r--r--crypto/openssl/crypto/conf/conf_mall.c76
-rw-r--r--crypto/openssl/crypto/conf/conf_mod.c616
-rw-r--r--crypto/openssl/crypto/conf/conf_sap.c107
-rw-r--r--crypto/openssl/crypto/cpt_err.c9
-rw-r--r--crypto/openssl/crypto/cryptlib.c55
-rw-r--r--crypto/openssl/crypto/cryptlib.h10
-rw-r--r--crypto/openssl/crypto/crypto.h130
-rw-r--r--crypto/openssl/crypto/cversion.c8
-rw-r--r--crypto/openssl/crypto/des/FILES096
-rw-r--r--crypto/openssl/crypto/des/Makefile.ssl287
-rw-r--r--crypto/openssl/crypto/des/asm/crypt586.pl49
-rw-r--r--crypto/openssl/crypto/des/asm/des-586.pl67
-rw-r--r--crypto/openssl/crypto/des/asm/des686.pl20
-rw-r--r--crypto/openssl/crypto/des/asm/desboth.pl8
-rw-r--r--crypto/openssl/crypto/des/cbc3_enc.c52
-rw-r--r--crypto/openssl/crypto/des/cbc_cksm.c8
-rw-r--r--crypto/openssl/crypto/des/cfb64ede.c17
-rw-r--r--crypto/openssl/crypto/des/cfb64enc.c10
-rw-r--r--crypto/openssl/crypto/des/cfb_enc.c8
-rw-r--r--crypto/openssl/crypto/des/des.c140
-rw-r--r--crypto/openssl/crypto/des/des.h292
-rw-r--r--crypto/openssl/crypto/des/des_enc.c53
-rw-r--r--crypto/openssl/crypto/des/des_locl.h92
-rw-r--r--crypto/openssl/crypto/des/des_old.c271
-rw-r--r--crypto/openssl/crypto/des/des_old.h441
-rw-r--r--crypto/openssl/crypto/des/des_old2.c82
-rw-r--r--crypto/openssl/crypto/des/des_opts.c212
-rw-r--r--crypto/openssl/crypto/des/des_ver.h14
-rw-r--r--crypto/openssl/crypto/des/destest.c103
-rw-r--r--crypto/openssl/crypto/des/ecb3_enc.c9
-rw-r--r--crypto/openssl/crypto/des/ecb_enc.c11
-rw-r--r--crypto/openssl/crypto/des/ede_cbcm_enc.c24
-rw-r--r--crypto/openssl/crypto/des/enc_read.c28
-rw-r--r--crypto/openssl/crypto/des/enc_writ.c16
-rw-r--r--crypto/openssl/crypto/des/fcrypt.c29
-rw-r--r--crypto/openssl/crypto/des/fcrypt_b.c6
-rw-r--r--crypto/openssl/crypto/des/ncbc_enc.c20
-rw-r--r--crypto/openssl/crypto/des/ofb64ede.c21
-rw-r--r--crypto/openssl/crypto/des/ofb64enc.c10
-rw-r--r--crypto/openssl/crypto/des/ofb_enc.c7
-rw-r--r--crypto/openssl/crypto/des/pcbc_enc.c9
-rw-r--r--crypto/openssl/crypto/des/qud_cksm.c4
-rw-r--r--crypto/openssl/crypto/des/rand_key.c13
-rw-r--r--crypto/openssl/crypto/des/read2pwd.c77
-rw-r--r--crypto/openssl/crypto/des/read_pwd.c84
-rw-r--r--crypto/openssl/crypto/des/rpc_enc.c12
-rw-r--r--crypto/openssl/crypto/des/rpw.c2
-rw-r--r--crypto/openssl/crypto/des/set_key.c43
-rw-r--r--crypto/openssl/crypto/des/speed.c54
-rw-r--r--crypto/openssl/crypto/des/spr.h2
-rw-r--r--crypto/openssl/crypto/des/str2key.c54
-rw-r--r--crypto/openssl/crypto/des/xcbc_enc.c19
-rw-r--r--crypto/openssl/crypto/dh/Makefile.ssl89
-rw-r--r--crypto/openssl/crypto/dh/dh.h49
-rw-r--r--crypto/openssl/crypto/dh/dh_asn1.c87
-rw-r--r--crypto/openssl/crypto/dh/dh_check.c2
-rw-r--r--crypto/openssl/crypto/dh/dh_err.c6
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c44
-rw-r--r--crypto/openssl/crypto/dh/dh_lib.c111
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c24
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.ssl149
-rw-r--r--crypto/openssl/crypto/dsa/dsa.h69
-rw-r--r--crypto/openssl/crypto/dsa/dsa_asn1.c201
-rw-r--r--crypto/openssl/crypto/dsa/dsa_err.c7
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c18
-rw-r--r--crypto/openssl/crypto/dsa/dsa_key.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsa_lib.c119
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c8
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c1
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c30
-rw-r--r--crypto/openssl/crypto/dso/Makefile.ssl73
-rw-r--r--crypto/openssl/crypto/dso/README24
-rw-r--r--crypto/openssl/crypto/dso/dso.h164
-rw-r--r--crypto/openssl/crypto/dso/dso_dl.c112
-rw-r--r--crypto/openssl/crypto/dso/dso_dlfcn.c97
-rw-r--r--crypto/openssl/crypto/dso/dso_err.c23
-rw-r--r--crypto/openssl/crypto/dso/dso_lib.c179
-rw-r--r--crypto/openssl/crypto/ebcdic.c3
-rw-r--r--crypto/openssl/crypto/ec/Makefile.ssl128
-rw-r--r--crypto/openssl/crypto/ec/ec.h245
-rw-r--r--crypto/openssl/crypto/ec/ec_cvt.c80
-rw-r--r--crypto/openssl/crypto/ec/ec_err.c151
-rw-r--r--crypto/openssl/crypto/ec/ec_lcl.h277
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c654
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c473
-rw-r--r--crypto/openssl/crypto/ec/ecp_mont.c304
-rw-r--r--crypto/openssl/crypto/ec/ecp_nist.c134
-rw-r--r--crypto/openssl/crypto/ec/ecp_recp.c133
-rw-r--r--crypto/openssl/crypto/ec/ecp_smpl.c1717
-rw-r--r--crypto/openssl/crypto/ec/ectest.c639
-rw-r--r--crypto/openssl/crypto/engine/Makefile.ssl538
-rw-r--r--crypto/openssl/crypto/engine/README211
-rw-r--r--crypto/openssl/crypto/engine/eng_all.c113
-rw-r--r--crypto/openssl/crypto/engine/eng_cnf.c242
-rw-r--r--crypto/openssl/crypto/engine/eng_ctrl.c387
-rw-r--r--crypto/openssl/crypto/engine/eng_dyn.c460
-rw-r--r--crypto/openssl/crypto/engine/eng_err.c166
-rw-r--r--crypto/openssl/crypto/engine/eng_fat.c147
-rw-r--r--crypto/openssl/crypto/engine/eng_init.c157
-rw-r--r--crypto/openssl/crypto/engine/eng_int.h185
-rw-r--r--crypto/openssl/crypto/engine/eng_lib.c321
-rw-r--r--crypto/openssl/crypto/engine/eng_list.c394
-rw-r--r--crypto/openssl/crypto/engine/eng_openssl.c361
-rw-r--r--crypto/openssl/crypto/engine/eng_pkey.c157
-rw-r--r--crypto/openssl/crypto/engine/eng_table.c361
-rw-r--r--crypto/openssl/crypto/engine/engine.h716
-rw-r--r--crypto/openssl/crypto/engine/enginetest.c274
-rw-r--r--crypto/openssl/crypto/engine/hw.ec8
-rw-r--r--crypto/openssl/crypto/engine/hw_4758_cca.c969
-rw-r--r--crypto/openssl/crypto/engine/hw_4758_cca_err.c149
-rw-r--r--crypto/openssl/crypto/engine/hw_4758_cca_err.h93
-rw-r--r--crypto/openssl/crypto/engine/hw_aep.c1119
-rw-r--r--crypto/openssl/crypto/engine/hw_aep_err.c157
-rw-r--r--crypto/openssl/crypto/engine/hw_aep_err.h101
-rw-r--r--crypto/openssl/crypto/engine/hw_atalla.c594
-rw-r--r--crypto/openssl/crypto/engine/hw_atalla_err.c145
-rw-r--r--crypto/openssl/crypto/engine/hw_atalla_err.h89
-rw-r--r--crypto/openssl/crypto/engine/hw_cryptodev.c1130
-rw-r--r--crypto/openssl/crypto/engine/hw_cswift.c997
-rw-r--r--crypto/openssl/crypto/engine/hw_cswift_err.c149
-rw-r--r--crypto/openssl/crypto/engine/hw_cswift_err.h93
-rw-r--r--crypto/openssl/crypto/engine/hw_ncipher.c1388
-rw-r--r--crypto/openssl/crypto/engine/hw_ncipher_err.c157
-rw-r--r--crypto/openssl/crypto/engine/hw_ncipher_err.h101
-rw-r--r--crypto/openssl/crypto/engine/hw_nuron.c418
-rw-r--r--crypto/openssl/crypto/engine/hw_nuron_err.c142
-rw-r--r--crypto/openssl/crypto/engine/hw_nuron_err.h86
-rw-r--r--crypto/openssl/crypto/engine/hw_sureware.c1039
-rw-r--r--crypto/openssl/crypto/engine/hw_sureware_err.c150
-rw-r--r--crypto/openssl/crypto/engine/hw_sureware_err.h94
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec.c1061
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec_err.c151
-rw-r--r--crypto/openssl/crypto/engine/hw_ubsec_err.h95
-rw-r--r--crypto/openssl/crypto/engine/tb_cipher.c145
-rw-r--r--crypto/openssl/crypto/engine/tb_dh.c120
-rw-r--r--crypto/openssl/crypto/engine/tb_digest.c145
-rw-r--r--crypto/openssl/crypto/engine/tb_dsa.c120
-rw-r--r--crypto/openssl/crypto/engine/tb_rand.c120
-rw-r--r--crypto/openssl/crypto/engine/tb_rsa.c120
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/aep.h178
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/atalla.h48
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/cswift.h234
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h149
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h100
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h486
-rw-r--r--crypto/openssl/crypto/engine/vendor_defns/sureware.h239
-rw-r--r--crypto/openssl/crypto/err/Makefile.ssl51
-rw-r--r--crypto/openssl/crypto/err/err.c613
-rw-r--r--crypto/openssl/crypto/err/err.h186
-rw-r--r--crypto/openssl/crypto/err/err_all.c53
-rw-r--r--crypto/openssl/crypto/err/err_prn.c47
-rw-r--r--crypto/openssl/crypto/err/openssl.ec30
-rw-r--r--crypto/openssl/crypto/evp/Makefile.ssl1165
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c1
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c22
-rw-r--r--crypto/openssl/crypto/evp/bio_md.c30
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c54
-rw-r--r--crypto/openssl/crypto/evp/c_all.c16
-rw-r--r--crypto/openssl/crypto/evp/c_allc.c47
-rw-r--r--crypto/openssl/crypto/evp/c_alld.c22
-rw-r--r--crypto/openssl/crypto/evp/digest.c256
-rw-r--r--crypto/openssl/crypto/evp/e_aes.c100
-rw-r--r--crypto/openssl/crypto/evp/e_bf.c14
-rw-r--r--crypto/openssl/crypto/evp/e_cast.c16
-rw-r--r--crypto/openssl/crypto/evp/e_des.c21
-rw-r--r--crypto/openssl/crypto/evp/e_des3.c88
-rw-r--r--crypto/openssl/crypto/evp/e_idea.c24
-rw-r--r--crypto/openssl/crypto/evp/e_null.c6
-rw-r--r--crypto/openssl/crypto/evp/e_rc2.c68
-rw-r--r--crypto/openssl/crypto/evp/e_rc4.c34
-rw-r--r--crypto/openssl/crypto/evp/e_rc5.c65
-rw-r--r--crypto/openssl/crypto/evp/e_xcbc_d.c39
-rw-r--r--crypto/openssl/crypto/evp/encode.c2
-rw-r--r--crypto/openssl/crypto/evp/evp.h500
-rw-r--r--crypto/openssl/crypto/evp/evp_acnf.c74
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c296
-rw-r--r--crypto/openssl/crypto/evp/evp_err.c11
-rw-r--r--crypto/openssl/crypto/evp/evp_key.c43
-rw-r--r--crypto/openssl/crypto/evp/evp_lib.c2
-rw-r--r--crypto/openssl/crypto/evp/evp_locl.h125
-rw-r--r--crypto/openssl/crypto/evp/evp_pbe.c10
-rw-r--r--crypto/openssl/crypto/evp/evp_pkey.c24
-rw-r--r--crypto/openssl/crypto/evp/evp_test.c395
-rw-r--r--crypto/openssl/crypto/evp/evptests.txt183
-rw-r--r--crypto/openssl/crypto/evp/m_dss.c24
-rw-r--r--crypto/openssl/crypto/evp/m_dss1.c24
-rw-r--r--crypto/openssl/crypto/evp/m_md2.c25
-rw-r--r--crypto/openssl/crypto/evp/m_md4.c25
-rw-r--r--crypto/openssl/crypto/evp/m_md5.c25
-rw-r--r--crypto/openssl/crypto/evp/m_mdc2.c25
-rw-r--r--crypto/openssl/crypto/evp/m_null.c25
-rw-r--r--crypto/openssl/crypto/evp/m_ripemd.c24
-rw-r--r--crypto/openssl/crypto/evp/m_sha.c24
-rw-r--r--crypto/openssl/crypto/evp/m_sha1.c24
-rw-r--r--crypto/openssl/crypto/evp/names.c4
-rw-r--r--crypto/openssl/crypto/evp/openbsd_hw.c446
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt.c50
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt2.c19
-rw-r--r--crypto/openssl/crypto/evp/p_dec.c6
-rw-r--r--crypto/openssl/crypto/evp/p_enc.c6
-rw-r--r--crypto/openssl/crypto/evp/p_lib.c46
-rw-r--r--crypto/openssl/crypto/evp/p_open.c16
-rw-r--r--crypto/openssl/crypto/evp/p_seal.c21
-rw-r--r--crypto/openssl/crypto/evp/p_sign.c8
-rw-r--r--crypto/openssl/crypto/evp/p_verify.c6
-rw-r--r--crypto/openssl/crypto/ex_data.c615
-rw-r--r--crypto/openssl/crypto/hmac/Makefile.ssl31
-rw-r--r--crypto/openssl/crypto/hmac/hmac.c51
-rw-r--r--crypto/openssl/crypto/hmac/hmac.h12
-rw-r--r--crypto/openssl/crypto/hmac/hmactest.c24
-rw-r--r--crypto/openssl/crypto/idea/Makefile.ssl18
-rw-r--r--crypto/openssl/crypto/idea/idea.h2
-rw-r--r--crypto/openssl/crypto/idea/idea_spd.c6
-rw-r--r--crypto/openssl/crypto/idea/ideatest.c6
-rw-r--r--crypto/openssl/crypto/krb5/Makefile.ssl90
-rw-r--r--crypto/openssl/crypto/krb5/krb5_asn.c167
-rw-r--r--crypto/openssl/crypto/krb5/krb5_asn.h256
-rw-r--r--crypto/openssl/crypto/lhash/Makefile.ssl19
-rw-r--r--crypto/openssl/crypto/lhash/lh_stats.c108
-rw-r--r--crypto/openssl/crypto/lhash/lhash.c63
-rw-r--r--crypto/openssl/crypto/lhash/lhash.h92
-rw-r--r--crypto/openssl/crypto/md2/Makefile.ssl19
-rw-r--r--crypto/openssl/crypto/md2/md2.h8
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c22
-rw-r--r--crypto/openssl/crypto/md2/md2_one.c2
-rw-r--r--crypto/openssl/crypto/md2/md2test.c13
-rw-r--r--crypto/openssl/crypto/md32_common.h56
-rw-r--r--crypto/openssl/crypto/md4/Makefile.ssl20
-rw-r--r--crypto/openssl/crypto/md4/md4.c2
-rw-r--r--crypto/openssl/crypto/md4/md4.h14
-rw-r--r--crypto/openssl/crypto/md4/md4_dgst.c39
-rw-r--r--crypto/openssl/crypto/md4/md4_one.c3
-rw-r--r--crypto/openssl/crypto/md4/md4test.c11
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl20
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-sparcv9.S8
-rw-r--r--crypto/openssl/crypto/md5/md5.h14
-rw-r--r--crypto/openssl/crypto/md5/md5_dgst.c39
-rw-r--r--crypto/openssl/crypto/md5/md5_locl.h4
-rw-r--r--crypto/openssl/crypto/md5/md5_one.c3
-rw-r--r--crypto/openssl/crypto/md5/md5test.c11
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile.ssl29
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2.h10
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2_one.c2
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2dgst.c25
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2test.c30
-rw-r--r--crypto/openssl/crypto/mem.c164
-rw-r--r--crypto/openssl/crypto/mem_clr.c75
-rw-r--r--crypto/openssl/crypto/mem_dbg.c104
-rw-r--r--crypto/openssl/crypto/o_time.c203
-rw-r--r--crypto/openssl/crypto/o_time.h66
-rw-r--r--crypto/openssl/crypto/objects/Makefile.ssl51
-rw-r--r--crypto/openssl/crypto/objects/o_names.c147
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c50
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.h2600
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.pl2
-rw-r--r--crypto/openssl/crypto/objects/obj_err.c4
-rw-r--r--crypto/openssl/crypto/objects/obj_lib.c7
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.h1076
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.num250
-rw-r--r--crypto/openssl/crypto/objects/objects.h26
-rw-r--r--crypto/openssl/crypto/objects/objects.pl2
-rw-r--r--crypto/openssl/crypto/objects/objects.txt334
-rw-r--r--crypto/openssl/crypto/ocsp/Makefile.ssl293
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp.h619
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_asn.c182
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_cl.c370
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_err.c139
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_ext.c528
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_ht.c167
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_lib.c261
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_prn.c291
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_srv.c264
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_vfy.c444
-rw-r--r--crypto/openssl/crypto/opensslconf.h27
-rw-r--r--crypto/openssl/crypto/opensslconf.h.in7
-rw-r--r--crypto/openssl/crypto/opensslv.h6
-rw-r--r--crypto/openssl/crypto/ossl_typ.h122
-rw-r--r--crypto/openssl/crypto/pem/Makefile.ssl276
-rw-r--r--crypto/openssl/crypto/pem/pem.h37
-rw-r--r--crypto/openssl/crypto/pem/pem_all.c23
-rw-r--r--crypto/openssl/crypto/pem/pem_err.c4
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c15
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c302
-rw-r--r--crypto/openssl/crypto/pem/pem_oth.c85
-rw-r--r--crypto/openssl/crypto/pem/pem_pk8.c243
-rw-r--r--crypto/openssl/crypto/pem/pem_pkey.c140
-rw-r--r--crypto/openssl/crypto/pem/pem_seal.c33
-rw-r--r--crypto/openssl/crypto/pem/pem_sign.c2
-rw-r--r--crypto/openssl/crypto/pem/pem_x509.c69
-rw-r--r--crypto/openssl/crypto/pem/pem_xaux.c68
-rw-r--r--crypto/openssl/crypto/perlasm/cbc.pl41
-rw-r--r--crypto/openssl/crypto/perlasm/x86asm.pl6
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl9
-rw-r--r--crypto/openssl/crypto/perlasm/x86nasm.pl9
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl108
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile.ssl437
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_add.c87
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_asn.c125
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_attr.c155
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crpt.c14
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crt.c6
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_decr.c69
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_init.c8
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_key.c18
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_kiss.c10
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mutl.c15
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_npas.c10
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_p8d.c68
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_p8e.c97
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_utl.c40
-rw-r--r--crypto/openssl/crypto/pkcs12/pk12err.c4
-rw-r--r--crypto/openssl/crypto/pkcs12/pkcs12.h122
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile.ssl174
-rw-r--r--crypto/openssl/crypto/pkcs7/bio_ber.c8
-rw-r--r--crypto/openssl/crypto/pkcs7/enc.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/example.c1
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_asn1.c213
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c100
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_lib.c29
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_smime.c25
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7.h102
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7err.c5
-rw-r--r--crypto/openssl/crypto/pkcs7/sign.c8
-rw-r--r--crypto/openssl/crypto/pkcs7/verify.c8
-rw-r--r--crypto/openssl/crypto/rand/Makefile.ssl144
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c26
-rw-r--r--crypto/openssl/crypto/rand/rand.h31
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c238
-rw-r--r--crypto/openssl/crypto/rand/rand_err.c5
-rwxr-xr-xcrypto/openssl/crypto/rand/rand_lcl.h60
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c93
-rw-r--r--crypto/openssl/crypto/rand/rand_os2.c147
-rw-r--r--crypto/openssl/crypto/rand/rand_unix.c245
-rw-r--r--crypto/openssl/crypto/rand/rand_vms.c135
-rw-r--r--crypto/openssl/crypto/rand/rand_win.c141
-rw-r--r--crypto/openssl/crypto/rand/randfile.c27
-rw-r--r--crypto/openssl/crypto/rand/randtest.c13
-rw-r--r--crypto/openssl/crypto/rc2/Makefile.ssl18
-rw-r--r--crypto/openssl/crypto/rc2/rc2.h2
-rw-r--r--crypto/openssl/crypto/rc2/rc2speed.c6
-rw-r--r--crypto/openssl/crypto/rc2/rc2test.c6
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/rc4/rc4.c10
-rw-r--r--crypto/openssl/crypto/rc4/rc4.h2
-rw-r--r--crypto/openssl/crypto/rc4/rc4speed.c6
-rw-r--r--crypto/openssl/crypto/rc4/rc4test.c6
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.ssl18
-rw-r--r--crypto/openssl/crypto/rc5/rc5.h2
-rw-r--r--crypto/openssl/crypto/rc5/rc5_ecb.c2
-rw-r--r--crypto/openssl/crypto/rc5/rc5_locl.h24
-rw-r--r--crypto/openssl/crypto/rc5/rc5speed.c6
-rw-r--r--crypto/openssl/crypto/rc5/rc5test.c6
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.ssl18
-rw-r--r--crypto/openssl/crypto/ripemd/ripemd.h14
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_dgst.c15
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_one.c3
-rw-r--r--crypto/openssl/crypto/ripemd/rmdtest.c11
-rw-r--r--crypto/openssl/crypto/rsa/Makefile.ssl197
-rw-r--r--crypto/openssl/crypto/rsa/rsa.h145
-rw-r--r--crypto/openssl/crypto/rsa/rsa_asn1.c121
-rw-r--r--crypto/openssl/crypto/rsa/rsa_chk.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c56
-rw-r--r--crypto/openssl/crypto/rsa/rsa_err.c4
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c119
-rw-r--r--crypto/openssl/crypto/rsa/rsa_none.c8
-rw-r--r--crypto/openssl/crypto/rsa/rsa_null.c23
-rw-r--r--crypto/openssl/crypto/rsa/rsa_oaep.c40
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pk1.c14
-rw-r--r--crypto/openssl/crypto/rsa/rsa_saos.c20
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c41
-rw-r--r--crypto/openssl/crypto/rsa/rsa_ssl.c10
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c14
-rw-r--r--crypto/openssl/crypto/sha/Makefile.ssl28
-rw-r--r--crypto/openssl/crypto/sha/sha.h24
-rw-r--r--crypto/openssl/crypto/sha/sha1_one.c5
-rw-r--r--crypto/openssl/crypto/sha/sha1dgst.c2
-rw-r--r--crypto/openssl/crypto/sha/sha1test.c20
-rw-r--r--crypto/openssl/crypto/sha/sha_dgst.c2
-rw-r--r--crypto/openssl/crypto/sha/sha_locl.h15
-rw-r--r--crypto/openssl/crypto/sha/sha_one.c5
-rw-r--r--crypto/openssl/crypto/sha/shatest.c20
-rw-r--r--crypto/openssl/crypto/stack/Makefile.ssl14
-rw-r--r--crypto/openssl/crypto/stack/safestack.h378
-rw-r--r--crypto/openssl/crypto/stack/stack.c14
-rw-r--r--crypto/openssl/crypto/symhacks.h127
-rw-r--r--crypto/openssl/crypto/threads/mttest.c8
-rw-r--r--crypto/openssl/crypto/threads/th-lock.c6
-rw-r--r--crypto/openssl/crypto/tmdiff.c60
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile.ssl14
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.c12
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.h6
-rw-r--r--crypto/openssl/crypto/ui/Makefile.ssl117
-rw-r--r--crypto/openssl/crypto/ui/ui.h387
-rw-r--r--crypto/openssl/crypto/ui/ui_compat.c67
-rw-r--r--crypto/openssl/crypto/ui/ui_compat.h83
-rw-r--r--crypto/openssl/crypto/ui/ui_err.c111
-rw-r--r--crypto/openssl/crypto/ui/ui_lib.c901
-rw-r--r--crypto/openssl/crypto/ui/ui_locl.h148
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c673
-rw-r--r--crypto/openssl/crypto/ui/ui_util.c89
-rw-r--r--crypto/openssl/crypto/uid.c7
-rw-r--r--crypto/openssl/crypto/x509/Makefile.ssl540
-rw-r--r--crypto/openssl/crypto/x509/by_file.c21
-rw-r--r--crypto/openssl/crypto/x509/x509.h323
-rw-r--r--crypto/openssl/crypto/x509/x509_att.c26
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c154
-rw-r--r--crypto/openssl/crypto/x509/x509_d2.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_err.c8
-rw-r--r--crypto/openssl/crypto/x509/x509_ext.c19
-rw-r--r--crypto/openssl/crypto/x509/x509_lu.c40
-rw-r--r--crypto/openssl/crypto/x509/x509_obj.c1
-rw-r--r--crypto/openssl/crypto/x509/x509_req.c16
-rw-r--r--crypto/openssl/crypto/x509/x509_trs.c27
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c8
-rw-r--r--crypto/openssl/crypto/x509/x509_v3.c9
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c343
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.h65
-rw-r--r--crypto/openssl/crypto/x509/x509cset.c169
-rw-r--r--crypto/openssl/crypto/x509/x509spki.c1
-rw-r--r--crypto/openssl/crypto/x509/x_all.c203
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile.ssl630
-rw-r--r--crypto/openssl/crypto/x509v3/ext_dat.h16
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akey.c71
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akeya.c72
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c112
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bcons.c58
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bitst.c1
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c395
-rw-r--r--crypto/openssl/crypto/x509v3/v3_cpols.c328
-rw-r--r--crypto/openssl/crypto/x509v3/v3_crld.c181
-rw-r--r--crypto/openssl/crypto/x509v3/v3_enum.c12
-rw-r--r--crypto/openssl/crypto/x509v3/v3_extku.c132
-rw-r--r--crypto/openssl/crypto/x509v3/v3_genn.c264
-rw-r--r--crypto/openssl/crypto/x509v3/v3_info.c129
-rw-r--r--crypto/openssl/crypto/x509v3/v3_int.c11
-rw-r--r--crypto/openssl/crypto/x509v3/v3_lib.c80
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ocsp.c272
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pku.c61
-rw-r--r--crypto/openssl/crypto/x509v3/v3_prn.c80
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c104
-rw-r--r--crypto/openssl/crypto/x509v3/v3_skey.c15
-rw-r--r--crypto/openssl/crypto/x509v3/v3_sxnet.c112
-rw-r--r--crypto/openssl/crypto/x509v3/v3_utl.c39
-rw-r--r--crypto/openssl/crypto/x509v3/v3conf.c1
-rw-r--r--crypto/openssl/crypto/x509v3/v3err.c9
-rw-r--r--crypto/openssl/crypto/x509v3/v3prin.c2
-rw-r--r--crypto/openssl/crypto/x509v3/x509v3.h271
-rw-r--r--crypto/openssl/demos/asn1/README.ASN17
-rw-r--r--crypto/openssl/demos/asn1/ocsp.c366
-rw-r--r--crypto/openssl/demos/b64.c2
-rw-r--r--crypto/openssl/demos/bio/saccept.c5
-rw-r--r--crypto/openssl/demos/bio/sconnect.c5
-rw-r--r--crypto/openssl/demos/easy_tls/Makefile123
-rw-r--r--crypto/openssl/demos/easy_tls/README65
-rw-r--r--crypto/openssl/demos/easy_tls/cacerts.pem18
-rw-r--r--crypto/openssl/demos/easy_tls/cert.pem31
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.c1240
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.h57
-rw-r--r--crypto/openssl/demos/easy_tls/test.c244
-rw-r--r--crypto/openssl/demos/easy_tls/test.h11
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/Makefile114
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/cluster_labs.h35
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c721
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec8
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c151
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h95
-rw-r--r--crypto/openssl/demos/engines/ibmca/Makefile114
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca.c920
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca.ec8
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c154
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h98
-rw-r--r--crypto/openssl/demos/engines/ibmca/ica_openssl_api.h189
-rw-r--r--crypto/openssl/demos/engines/rsaref/Makefile135
-rw-r--r--crypto/openssl/demos/engines/rsaref/README22
-rw-r--r--crypto/openssl/demos/engines/rsaref/build.com85
-rw-r--r--crypto/openssl/demos/engines/rsaref/rsaref.c685
-rw-r--r--crypto/openssl/demos/engines/rsaref/rsaref.ec8
-rw-r--r--crypto/openssl/demos/engines/rsaref/rsaref_err.c161
-rw-r--r--crypto/openssl/demos/engines/rsaref/rsaref_err.h109
-rw-r--r--crypto/openssl/demos/engines/zencod/Makefile114
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.c1739
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.ec8
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.h160
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod_err.c151
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod_err.h95
-rw-r--r--crypto/openssl/demos/maurice/example1.c6
-rw-r--r--crypto/openssl/demos/maurice/example3.c6
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.c9
-rw-r--r--crypto/openssl/demos/sign/sign.c4
-rw-r--r--crypto/openssl/demos/spkigen.c3
-rw-r--r--crypto/openssl/demos/ssl/cli.cpp4
-rw-r--r--crypto/openssl/demos/ssl/inetdsrv.cpp4
-rw-r--r--crypto/openssl/demos/ssl/serv.cpp4
-rw-r--r--crypto/openssl/demos/state_machine/state_machine.c47
-rw-r--r--crypto/openssl/demos/tunala/A-client.pem84
-rw-r--r--crypto/openssl/demos/tunala/A-server.pem84
-rw-r--r--crypto/openssl/demos/tunala/CA.pem24
-rw-r--r--crypto/openssl/demos/tunala/INSTALL107
-rw-r--r--crypto/openssl/demos/tunala/Makefile41
-rw-r--r--crypto/openssl/demos/tunala/Makefile.am7
-rw-r--r--crypto/openssl/demos/tunala/README233
-rwxr-xr-xcrypto/openssl/demos/tunala/autogunk.sh25
-rwxr-xr-xcrypto/openssl/demos/tunala/autoungunk.sh18
-rw-r--r--crypto/openssl/demos/tunala/breakage.c66
-rw-r--r--crypto/openssl/demos/tunala/buffer.c205
-rw-r--r--crypto/openssl/demos/tunala/cb.c133
-rw-r--r--crypto/openssl/demos/tunala/configure.in28
-rw-r--r--crypto/openssl/demos/tunala/ip.c146
-rw-r--r--crypto/openssl/demos/tunala/sm.c151
-rw-r--r--crypto/openssl/demos/tunala/tunala.c1093
-rw-r--r--crypto/openssl/demos/tunala/tunala.h214
-rw-r--r--crypto/openssl/demos/x509/README3
-rw-r--r--crypto/openssl/demos/x509/mkcert.c168
-rw-r--r--crypto/openssl/demos/x509/mkreq.c157
-rw-r--r--crypto/openssl/doc/HOWTO/certificates.txt85
-rw-r--r--crypto/openssl/doc/apps/CA.pl.pod5
-rw-r--r--crypto/openssl/doc/apps/ca.pod168
-rw-r--r--crypto/openssl/doc/apps/ciphers.pod50
-rw-r--r--crypto/openssl/doc/apps/enc.pod16
-rw-r--r--crypto/openssl/doc/apps/ocsp.pod348
-rw-r--r--crypto/openssl/doc/apps/openssl.pod4
-rw-r--r--crypto/openssl/doc/apps/passwd.pod10
-rw-r--r--crypto/openssl/doc/apps/pkcs12.pod2
-rw-r--r--crypto/openssl/doc/apps/pkcs7.pod2
-rw-r--r--crypto/openssl/doc/apps/rand.pod2
-rw-r--r--crypto/openssl/doc/apps/req.pod67
-rw-r--r--crypto/openssl/doc/apps/rsa.pod2
-rw-r--r--crypto/openssl/doc/apps/s_client.pod17
-rw-r--r--crypto/openssl/doc/apps/s_server.pod22
-rw-r--r--crypto/openssl/doc/apps/smime.pod4
-rw-r--r--crypto/openssl/doc/apps/speed.pod14
-rw-r--r--crypto/openssl/doc/apps/version.pod8
-rw-r--r--crypto/openssl/doc/apps/x509.pod147
-rw-r--r--crypto/openssl/doc/c-indentation.el10
-rw-r--r--crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod43
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_length.pod81
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_new.pod44
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod96
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_md.pod2
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_accept.pod33
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_bio.pod56
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_connect.pod34
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_socket.pod12
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_add.pod91
-rw-r--r--crypto/openssl/doc/crypto/BN_add_word.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_bn2bin.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_copy.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_inverse.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod22
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_rand.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_swap.pod23
-rw-r--r--crypto/openssl/doc/crypto/BN_zero.pod5
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_key.pod2
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_parameters.pod3
-rw-r--r--crypto/openssl/doc/crypto/DH_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/DH_set_method.pod87
-rw-r--r--crypto/openssl/doc/crypto/DSA_SIG_new.pod3
-rw-r--r--crypto/openssl/doc/crypto/DSA_do_sign.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_dup_DH.pod4
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_key.pod3
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_parameters.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_new.pod5
-rw-r--r--crypto/openssl/doc/crypto/DSA_set_method.pod84
-rw-r--r--crypto/openssl/doc/crypto/DSA_sign.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_size.pod2
-rw-r--r--crypto/openssl/doc/crypto/ERR_get_error.pod29
-rw-r--r--crypto/openssl/doc/crypto/EVP_BytesToKey.pod67
-rw-r--r--crypto/openssl/doc/crypto/EVP_DigestInit.pod124
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod294
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_new.pod47
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod80
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_SignInit.pod39
-rw-r--r--crypto/openssl/doc/crypto/EVP_VerifyInit.pod36
-rw-r--r--crypto/openssl/doc/crypto/OBJ_nid2obj.pod149
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod6
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_create.pod57
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_parse.pod50
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_decrypt.pod53
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_encrypt.pod65
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_sign.pod85
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_verify.pod116
-rw-r--r--crypto/openssl/doc/crypto/RAND_bytes.pod3
-rw-r--r--crypto/openssl/doc/crypto/RAND_egd.pod18
-rw-r--r--crypto/openssl/doc/crypto/RAND_set_rand_method.pod44
-rw-r--r--crypto/openssl/doc/crypto/RSA_check_key.pod23
-rw-r--r--crypto/openssl/doc/crypto/RSA_generate_key.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_new.pod7
-rw-r--r--crypto/openssl/doc/crypto/RSA_print.pod6
-rw-r--r--crypto/openssl/doc/crypto/RSA_private_encrypt.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_public_encrypt.pod7
-rw-r--r--crypto/openssl/doc/crypto/RSA_set_method.pod126
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign.pod4
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod4
-rw-r--r--crypto/openssl/doc/crypto/RSA_size.pod2
-rw-r--r--crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod71
-rw-r--r--crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod59
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod72
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod110
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod106
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_print_ex.pod105
-rw-r--r--crypto/openssl/doc/crypto/X509_new.pod37
-rw-r--r--crypto/openssl/doc/crypto/bn.pod16
-rw-r--r--crypto/openssl/doc/crypto/bn_internal.pod19
-rw-r--r--crypto/openssl/doc/crypto/crypto.pod16
-rw-r--r--crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod29
-rw-r--r--crypto/openssl/doc/crypto/d2i_DHparams.pod14
-rw-r--r--crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod82
-rw-r--r--crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod56
-rw-r--r--crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod39
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509.pod231
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod30
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_CRL.pod37
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_NAME.pod31
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_REQ.pod36
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_SIG.pod30
-rw-r--r--crypto/openssl/doc/crypto/des.pod324
-rw-r--r--crypto/openssl/doc/crypto/dh.pod34
-rw-r--r--crypto/openssl/doc/crypto/dsa.pod44
-rw-r--r--crypto/openssl/doc/crypto/engine.pod621
-rw-r--r--crypto/openssl/doc/crypto/evp.pod10
-rw-r--r--crypto/openssl/doc/crypto/hmac.pod34
-rw-r--r--crypto/openssl/doc/crypto/lhash.pod201
-rw-r--r--crypto/openssl/doc/crypto/pem.pod476
-rw-r--r--crypto/openssl/doc/crypto/rand.pod24
-rw-r--r--crypto/openssl/doc/crypto/rsa.pod35
-rw-r--r--crypto/openssl/doc/crypto/threads.pod2
-rw-r--r--crypto/openssl/doc/crypto/ui.pod194
-rw-r--r--crypto/openssl/doc/crypto/ui_compat.pod55
-rw-r--r--crypto/openssl/doc/openssl.txt2
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_add_session.pod8
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod40
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod150
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod77
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod99
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_options.pod48
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod53
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_alert_type_string.pod8
-rw-r--r--crypto/openssl/doc/ssl/SSL_rstate_string.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_state_string.pod4
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod13
-rw-r--r--crypto/openssl/doc/standards.txt171
-rw-r--r--crypto/openssl/e_os.h189
-rw-r--r--crypto/openssl/e_os2.h256
-rw-r--r--crypto/openssl/openssl.spec15
-rw-r--r--crypto/openssl/os2/OS2-EMX.cmd66
-rw-r--r--crypto/openssl/ssl/Makefile.ssl1261
-rw-r--r--crypto/openssl/ssl/bio_ssl.c8
-rw-r--r--crypto/openssl/ssl/kssl.c2157
-rw-r--r--crypto/openssl/ssl/kssl.h173
-rw-r--r--crypto/openssl/ssl/kssl_lcl.h87
-rw-r--r--crypto/openssl/ssl/s23_clnt.c41
-rw-r--r--crypto/openssl/ssl/s23_lib.c6
-rw-r--r--crypto/openssl/ssl/s23_meth.c19
-rw-r--r--crypto/openssl/ssl/s23_pkt.c55
-rw-r--r--crypto/openssl/ssl/s23_srvr.c111
-rw-r--r--crypto/openssl/ssl/s2_clnt.c108
-rw-r--r--crypto/openssl/ssl/s2_enc.c18
-rw-r--r--crypto/openssl/ssl/s2_lib.c82
-rw-r--r--crypto/openssl/ssl/s2_meth.c23
-rw-r--r--crypto/openssl/ssl/s2_pkt.c8
-rw-r--r--crypto/openssl/ssl/s2_srvr.c93
-rw-r--r--crypto/openssl/ssl/s3_both.c60
-rw-r--r--crypto/openssl/ssl/s3_clnt.c403
-rw-r--r--crypto/openssl/ssl/s3_enc.c160
-rw-r--r--crypto/openssl/ssl/s3_lib.c511
-rw-r--r--crypto/openssl/ssl/s3_meth.c19
-rw-r--r--crypto/openssl/ssl/s3_pkt.c39
-rw-r--r--crypto/openssl/ssl/s3_srvr.c310
-rw-r--r--crypto/openssl/ssl/ssl.h427
-rw-r--r--crypto/openssl/ssl/ssl2.h3
-rw-r--r--crypto/openssl/ssl/ssl3.h60
-rw-r--r--crypto/openssl/ssl/ssl_algs.c26
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c53
-rw-r--r--crypto/openssl/ssl/ssl_cert.c153
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c83
-rw-r--r--crypto/openssl/ssl/ssl_err.c21
-rw-r--r--crypto/openssl/ssl/ssl_err2.c2
-rw-r--r--crypto/openssl/ssl/ssl_lib.c416
-rw-r--r--crypto/openssl/ssl/ssl_locl.h88
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c44
-rw-r--r--crypto/openssl/ssl/ssl_sess.c137
-rw-r--r--crypto/openssl/ssl/ssl_stat.c40
-rw-r--r--crypto/openssl/ssl/ssl_task.c4
-rw-r--r--crypto/openssl/ssl/ssl_txt.c14
-rw-r--r--crypto/openssl/ssl/ssltest.c311
-rw-r--r--crypto/openssl/ssl/t1_clnt.c19
-rw-r--r--crypto/openssl/ssl/t1_enc.c169
-rw-r--r--crypto/openssl/ssl/t1_meth.c20
-rw-r--r--crypto/openssl/ssl/t1_srvr.c19
-rw-r--r--crypto/openssl/ssl/tls1.h31
-rw-r--r--crypto/openssl/test/Makefile.ssl659
-rw-r--r--crypto/openssl/test/dummytest.c48
-rw-r--r--crypto/openssl/test/methtest.c4
-rw-r--r--crypto/openssl/test/tcrl6
-rw-r--r--crypto/openssl/test/testca6
-rw-r--r--crypto/openssl/test/testgen6
-rw-r--r--crypto/openssl/test/testssl81
-rw-r--r--crypto/openssl/test/tpkcs76
-rw-r--r--crypto/openssl/test/tpkcs7d6
-rw-r--r--crypto/openssl/test/treq6
-rw-r--r--crypto/openssl/test/trsa6
-rw-r--r--crypto/openssl/test/tsid6
-rw-r--r--crypto/openssl/test/tx5096
-rw-r--r--crypto/openssl/tools/Makefile.ssl15
-rw-r--r--crypto/openssl/tools/c_rehash10
-rw-r--r--crypto/openssl/tools/c_rehash.in10
-rwxr-xr-xcrypto/openssl/util/clean-depend.pl20
-rwxr-xr-xcrypto/openssl/util/domd27
-rw-r--r--crypto/openssl/util/extract-names.pl22
-rwxr-xr-xcrypto/openssl/util/libeay.num1343
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl114
-rwxr-xr-xcrypto/openssl/util/mkcerts.sh6
-rwxr-xr-xcrypto/openssl/util/mkdef.pl1023
-rw-r--r--crypto/openssl/util/mkerr.pl197
-rwxr-xr-xcrypto/openssl/util/mkfiles.pl7
-rwxr-xr-xcrypto/openssl/util/mklink.pl15
-rwxr-xr-xcrypto/openssl/util/mkstack.pl2
-rw-r--r--crypto/openssl/util/pl/BC-16.pl4
-rw-r--r--crypto/openssl/util/pl/BC-32.pl7
-rw-r--r--crypto/openssl/util/pl/Mingw32.pl14
-rw-r--r--crypto/openssl/util/pl/OS2-EMX.pl117
-rw-r--r--crypto/openssl/util/pl/VC-16.pl3
-rw-r--r--crypto/openssl/util/pl/VC-32.pl9
-rw-r--r--crypto/openssl/util/pl/VC-CE.pl111
-rwxr-xr-xcrypto/openssl/util/pod2mantest25
-rwxr-xr-xcrypto/openssl/util/point.sh6
-rw-r--r--crypto/openssl/util/selftest.pl10
-rwxr-xr-xcrypto/openssl/util/ssleay.num74
965 files changed, 103840 insertions, 20829 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 75ebac55bf53..418378f876a7 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,1889 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
+
+ *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+ code (06) was taken as the first octet of the session ID and the last
+ octet was ignored consequently. As a result SSLv2 client side session
+ caching could not have worked due to the session ID mismatch between
+ client and server.
+ Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+ PR #377.
+ [Lutz Jaenicke]
+
+ *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+ instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
+ removed entirely.
+ [Richard Levitte]
+
+ *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
+ seems that in spite of existing for more than a year, many application
+ author have done nothing to provide the necessary callbacks, which
+ means that this particular engine will not work properly anywhere.
+ This is a very unfortunate situation which forces us, in the name
+ of usability, to give the hw_ncipher.c a static lock, which is part
+ of libcrypto.
+ NOTE: This is for the 0.9.7 series ONLY. This hack will never
+ appear in 0.9.8 or later. We EXPECT application authors to have
+ dealt properly with this when 0.9.8 is released (unless we actually
+ make such changes in the libcrypto locking code that changes will
+ have to be made anyway).
+ [Richard Levitte]
+
+ *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+ octets have been read, EOF or an error occurs. Without this change
+ some truncated ASN1 structures will not produce an error.
+ [Steve Henson]
+
+ *) Disable Heimdal support, since it hasn't been fully implemented.
+ Still give the possibility to force the use of Heimdal, but with
+ warnings and a request that patches get sent to openssl-dev.
+ [Richard Levitte]
+
+ *) Add the VC-CE target, introduce the WINCE sysname, and add
+ INSTALL.WCE and appropriate conditionals to make it build.
+ [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+ *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+ cygssl-x.y.z.dll, where x, y and z are the major, minor and
+ edit numbers of the version.
+ [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+ *) Introduce safe string copy and catenation functions
+ (BUF_strlcpy() and BUF_strlcat()).
+ [Ben Laurie (CHATS) and Richard Levitte]
+
+ *) Avoid using fixed-size buffers for one-line DNs.
+ [Ben Laurie (CHATS)]
+
+ *) Add BUF_MEM_grow_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid using fixed size buffers for configuration file location.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation for various CA files.
+ [Ben Laurie (CHATS)]
+
+ *) Use sizeof in preference to magic numbers.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation in cert requests.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to check for (supposedly impossible) buffer
+ overflows.
+ [Ben Laurie (CHATS)]
+
+ *) Don't cache truncated DNS entries in the local cache (this could
+ potentially lead to a spoofing attack).
+ [Ben Laurie (CHATS)]
+
+ *) Fix various buffers to be large enough for hex/decimal
+ representations in a platform independent manner.
+ [Ben Laurie (CHATS)]
+
+ *) Add CRYPTO_realloc_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Add BIO_indent() to avoid much slightly worrying code to do
+ indents.
+ [Ben Laurie (CHATS)]
+
+ *) Convert sprintf()/BIO_puts() to BIO_printf().
+ [Ben Laurie (CHATS)]
+
+ *) buffer_gets() could terminate with the buffer only half
+ full. Fixed.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to prevent user-supplied crypto functions from
+ overflowing internal buffers by having large block sizes, etc.
+ [Ben Laurie (CHATS)]
+
+ *) New OPENSSL_assert() macro (similar to assert(), but enabled
+ unconditionally).
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused copy of key in RC4.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+ [Ben Laurie (CHATS)]
+
+ *) Fix off-by-one error in EGD path.
+ [Ben Laurie (CHATS)]
+
+ *) If RANDFILE path is too long, ignore instead of truncating.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized X.509 structure
+ CBCParameter.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous function knumber().
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous structure, KSSL_ERR.
+ [Ben Laurie (CHATS)]
+
+ *) Protect against overlong session ID context length in an encoded
+ session object. Since these are local, this does not appear to be
+ exploitable.
+ [Ben Laurie (CHATS)]
+
+ *) Change from security patch (see 0.9.6e below) that did not affect
+ the 0.9.6 release series:
+
+ Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized master key in Kerberos-enabled versions.
+ (CAN-2002-0657)
+ [Ben Laurie (CHATS)]
+
+ *) Change the SSL kerb5 codes to match RFC 2712.
+ [Richard Levitte]
+
+ *) Make -nameopt work fully for req and add -reqopt switch.
+ [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+ *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+ [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+ *) Make sure tests can be performed even if the corresponding algorithms
+ have been removed entirely. This was also the last step to make
+ OpenSSL compilable with DJGPP under all reasonable conditions.
+ [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
+
+ *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+ to allow version independent disabling of normally unselected ciphers,
+ which may be activated as a side-effect of selecting a single cipher.
+
+ (E.g., cipher list string "RSA" enables ciphersuites that are left
+ out of "ALL" because they do not provide symmetric encryption.
+ "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+ [Lutz Jaenicke, Bodo Moeller]
+
+ *) Add appropriate support for separate platform-dependent build
+ directories. The recommended way to make a platform-dependent
+ build directory is the following (tested on Linux), maybe with
+ some local tweaks:
+
+ # Place yourself outside of the OpenSSL source tree. In
+ # this example, the environment variable OPENSSL_SOURCE
+ # is assumed to contain the absolute OpenSSL source directory.
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+ (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+ mkdir -p `dirname $F`
+ ln -s $OPENSSL_SOURCE/$F $F
+ done
+
+ To be absolutely sure not to disturb the source tree, a "make clean"
+ is a good thing. If it isn't successfull, don't worry about it,
+ it probably means the source directory is very clean.
+ [Richard Levitte]
+
+ *) Make sure any ENGINE control commands make local copies of string
+ pointers passed to them whenever necessary. Otherwise it is possible
+ the caller may have overwritten (or deallocated) the original string
+ data when a later ENGINE operation tries to use the stored values.
+ [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
+ *) Improve diagnostics in file reading and command-line digests.
+ [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+ *) Add AES modes CFB and OFB to the object database. Correct an
+ error in AES-CFB decryption.
+ [Richard Levitte]
+
+ *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
+ allows existing EVP_CIPHER_CTX structures to be reused after
+ calling EVP_*Final(). This behaviour is used by encryption
+ BIOs and some applications. This has the side effect that
+ applications must explicitly clean up cipher contexts with
+ EVP_CIPHER_CTX_cleanup() or they will leak memory.
+ [Steve Henson]
+
+ *) Check the values of dna and dnb in bn_mul_recursive before calling
+ bn_mul_comba (a non zero value means the a or b arrays do not contain
+ n2 elements) and fallback to bn_mul_normal if either is not zero.
+ [Steve Henson]
+
+ *) Fix escaping of non-ASCII characters when using the -subj option
+ of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+ [Lutz Jaenicke]
+
+ *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+ form for "surname", serialNumber has no short form.
+ Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+ therefore remove "mail" short name for "internet 7".
+ The OID for unique identifiers in X509 certificates is
+ x500UniqueIdentifier, not uniqueIdentifier.
+ Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
+ [Lutz Jaenicke]
+
+ *) Add an "init" command to the ENGINE config module and auto initialize
+ ENGINEs. Without any "init" command the ENGINE will be initialized
+ after all ctrl commands have been executed on it. If init=1 the
+ ENGINE is initailized at that point (ctrls before that point are run
+ on the uninitialized ENGINE and after on the initialized one). If
+ init=0 then the ENGINE will not be iniatialized at all.
+ [Steve Henson]
+
+ *) Fix the 'app_verify_callback' interface so that the user-defined
+ argument is actually passed to the callback: In the
+ SSL_CTX_set_cert_verify_callback() prototype, the callback
+ declaration has been changed from
+ int (*cb)()
+ into
+ int (*cb)(X509_STORE_CTX *,void *);
+ in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+ i=s->ctx->app_verify_callback(&ctx)
+ has been changed into
+ i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+ To update applications using SSL_CTX_set_cert_verify_callback(),
+ a dummy argument can be added to their callback functions.
+ [D. K. Smetters <smetters@parc.xerox.com>]
+
+ *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+ [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+ *) Add and OPENSSL_LOAD_CONF define which will cause
+ OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+ This allows older applications to transparently support certain
+ OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+ Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+ load the config file and OPENSSL_add_all_algorithms_conf() which will
+ always load it have also been added.
+ [Steve Henson]
+
+ *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+ Adjust NIDs and EVP layer.
+ [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+ *) Config modules support in openssl utility.
+
+ Most commands now load modules from the config file,
+ though in a few (such as version) this isn't done
+ because it couldn't be used for anything.
+
+ In the case of ca and req the config file used is
+ the same as the utility itself: that is the -config
+ command line option can be used to specify an
+ alternative file.
+ [Steve Henson]
+
+ *) Move default behaviour from OPENSSL_config(). If appname is NULL
+ use "openssl_conf" if filename is NULL use default openssl config file.
+ [Steve Henson]
+
+ *) Add an argument to OPENSSL_config() to allow the use of an alternative
+ config section name. Add a new flag to tolerate a missing config file
+ and move code to CONF_modules_load_file().
+ [Steve Henson]
+
+ *) Support for crypto accelerator cards from Accelerated Encryption
+ Processing, www.aep.ie. (Use engine 'aep')
+ The support was copied from 0.9.6c [engine] and adapted/corrected
+ to work with the new engine framework.
+ [AEP Inc. and Richard Levitte]
+
+ *) Support for SureWare crypto accelerator cards from Baltimore
+ Technologies. (Use engine 'sureware')
+ The support was copied from 0.9.6c [engine] and adapted
+ to work with the new engine framework.
+ [Richard Levitte]
+
+ *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+ make the newer ENGINE framework commands for the CHIL engine work.
+ [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
+
+ *) Make it possible to produce shared libraries on ReliantUNIX.
+ [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
+
+ *) Add the configuration target debug-linux-ppro.
+ Make 'openssl rsa' use the general key loading routines
+ implemented in apps.c, and make those routines able to
+ handle the key format FORMAT_NETSCAPE and the variant
+ FORMAT_IISSGC.
+ [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+ [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Add -keyform to rsautl, and document -engine.
+ [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
+
+ *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+ BIO_R_NO_SUCH_FILE error code rather than the generic
+ ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+ [Ben Laurie]
+
+ *) Add new functions
+ ERR_peek_last_error
+ ERR_peek_last_error_line
+ ERR_peek_last_error_line_data.
+ These are similar to
+ ERR_peek_error
+ ERR_peek_error_line
+ ERR_peek_error_line_data,
+ but report on the latest error recorded rather than the first one
+ still in the error queue.
+ [Ben Laurie, Bodo Moeller]
+
+ *) default_algorithms option in ENGINE config module. This allows things
+ like:
+ default_algorithms = ALL
+ default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+ [Steve Henson]
+
+ *) Prelminary ENGINE config module.
+ [Steve Henson]
+
+ *) New experimental application configuration code.
+ [Steve Henson]
+
+ *) Change the AES code to follow the same name structure as all other
+ symmetric ciphers, and behave the same way. Move everything to
+ the directory crypto/aes, thereby obsoleting crypto/rijndael.
+ [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+ *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+ [Ben Laurie and Theo de Raadt]
+
+ *) Add option to output public keys in req command.
+ [Massimiliano Pala madwolf@openca.org]
+
+ *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+ (up to about 10% better than before for P-192 and P-224).
+ [Bodo Moeller]
+
+ *) New functions/macros
+
+ SSL_CTX_set_msg_callback(ctx, cb)
+ SSL_CTX_set_msg_callback_arg(ctx, arg)
+ SSL_set_msg_callback(ssl, cb)
+ SSL_set_msg_callback_arg(ssl, arg)
+
+ to request calling a callback function
+
+ void cb(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg)
+
+ whenever a protocol message has been completely received
+ (write_p == 0) or sent (write_p == 1). Here 'version' is the
+ protocol version according to which the SSL library interprets
+ the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+ TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
+ the content type as defined in the SSL 3.0/TLS 1.0 protocol
+ specification (change_cipher_spec(20), alert(21), handshake(22)).
+ 'buf' and 'len' point to the actual message, 'ssl' to the
+ SSL object, and 'arg' is the application-defined value set by
+ SSL[_CTX]_set_msg_callback_arg().
+
+ 'openssl s_client' and 'openssl s_server' have new '-msg' options
+ to enable a callback that displays all protocol messages.
+ [Bodo Moeller]
+
+ *) Change the shared library support so shared libraries are built as
+ soon as the corresponding static library is finished, and thereby get
+ openssl and the test programs linked against the shared library.
+ This still only happens when the keyword "shard" has been given to
+ the configuration scripts.
+
+ NOTE: shared library support is still an experimental thing, and
+ backward binary compatibility is still not guaranteed.
+ ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
+ *) Add support for Subject Information Access extension.
+ [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+ *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+ additional bytes when new memory had to be allocated, not just
+ when reusing an existing buffer.
+ [Bodo Moeller]
+
+ *) New command line and configuration option 'utf8' for the req command.
+ This allows field values to be specified as UTF8 strings.
+ [Steve Henson]
+
+ *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+ runs for the former and machine-readable output for the latter.
+ [Ben Laurie]
+
+ *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
+ of the e-mail address in the DN (i.e., it will go into a certificate
+ extension only). The new configuration file option 'email_in_dn = no'
+ has the same effect.
+ [Massimiliano Pala madwolf@openca.org]
+
+ *) Change all functions with names starting with des_ to be starting
+ with DES_ instead. Add wrappers that are compatible with libdes,
+ but are named _ossl_old_des_*. Finally, add macros that map the
+ des_* symbols to the corresponding _ossl_old_des_* if libdes
+ compatibility is desired. If OpenSSL 0.9.6c compatibility is
+ desired, the des_* symbols will be mapped to DES_*, with one
+ exception.
+
+ Since we provide two compatibility mappings, the user needs to
+ define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+ compatibility is desired. The default (i.e., when that macro
+ isn't defined) is OpenSSL 0.9.6c compatibility.
+
+ There are also macros that enable and disable the support of old
+ des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+ and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
+ are defined, the default will apply: to support the old des routines.
+
+ In either case, one must include openssl/des.h to get the correct
+ definitions. Do not try to just include openssl/des_old.h, that
+ won't work.
+
+ NOTE: This is a major break of an old API into a new one. Software
+ authors are encouraged to switch to the DES_ style functions. Some
+ time in the future, des_old.h and the libdes compatibility functions
+ will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+ default), and then completely removed.
+ [Richard Levitte]
+
+ *) Test for certificates which contain unsupported critical extensions.
+ If such a certificate is found during a verify operation it is
+ rejected by default: this behaviour can be overridden by either
+ handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+ by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+ X509_supported_extension() has also been added which returns 1 if a
+ particular extension is supported.
+ [Steve Henson]
+
+ *) Modify the behaviour of EVP cipher functions in similar way to digests
+ to retain compatibility with existing code.
+ [Steve Henson]
+
+ *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+ compatibility with existing code. In particular the 'ctx' parameter does
+ not have to be to be initialized before the call to EVP_DigestInit() and
+ it is tidied up after a call to EVP_DigestFinal(). New function
+ EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+ EVP_MD_CTX_copy() changed to not require the destination to be
+ initialized valid and new function EVP_MD_CTX_copy_ex() added which
+ requires the destination to be valid.
+
+ Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+ EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+ [Steve Henson]
+
+ *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+ so that complete 'Handshake' protocol structures are kept in memory
+ instead of overwriting 'msg_type' and 'length' with 'body' data.
+ [Bodo Moeller]
+
+ *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+ [Massimo Santin via Richard Levitte]
+
+ *) Major restructuring to the underlying ENGINE code. This includes
+ reduction of linker bloat, separation of pure "ENGINE" manipulation
+ (initialisation, etc) from functionality dealing with implementations
+ of specific crypto iterfaces. This change also introduces integrated
+ support for symmetric ciphers and digest implementations - so ENGINEs
+ can now accelerate these by providing EVP_CIPHER and EVP_MD
+ implementations of their own. This is detailed in crypto/engine/README
+ as it couldn't be adequately described here. However, there are a few
+ API changes worth noting - some RSA, DSA, DH, and RAND functions that
+ were changed in the original introduction of ENGINE code have now
+ reverted back - the hooking from this code to ENGINE is now a good
+ deal more passive and at run-time, operations deal directly with
+ RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+ dereferencing through an ENGINE pointer any more. Also, the ENGINE
+ functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+ they were not being used by the framework as there is no concept of a
+ BIGNUM_METHOD and they could not be generalised to the new
+ 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+ ENGINE_cpy() has been removed as it cannot be consistently defined in
+ the new code.
+ [Geoff Thorpe]
+
+ *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+ [Steve Henson]
+
+ *) Change mkdef.pl to sort symbols that get the same entry number,
+ and make sure the automatically generated functions ERR_load_*
+ become part of libeay.num as well.
+ [Richard Levitte]
+
+ *) New function SSL_renegotiate_pending(). This returns true once
+ renegotiation has been requested (either SSL_renegotiate() call
+ or HelloRequest/ClientHello receveived from the peer) and becomes
+ false once a handshake has been completed.
+ (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+ sends a HelloRequest, but does not ensure that a handshake takes
+ place. SSL_renegotiate_pending() is useful for checking if the
+ client has followed the request.)
+ [Bodo Moeller]
+
+ *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+ By default, clients may request session resumption even during
+ renegotiation (if session ID contexts permit); with this option,
+ session resumption is possible only in the first handshake.
+
+ SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
+ more bits available for options that should not be part of
+ SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+ [Bodo Moeller]
+
+ *) Add some demos for certificate and certificate request creation.
+ [Steve Henson]
+
+ *) Make maximum certificate chain size accepted from the peer application
+ settable (SSL*_get/set_max_cert_list()), as proposed by
+ "Douglas E. Engert" <deengert@anl.gov>.
+ [Lutz Jaenicke]
+
+ *) Add support for shared libraries for Unixware-7
+ (Boyd Lynn Gerber <gerberb@zenez.com>).
+ [Lutz Jaenicke]
+
+ *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+ be done prior to destruction. Use this to unload error strings from
+ ENGINEs that load their own error strings. NB: This adds two new API
+ functions to "get" and "set" this destroy handler in an ENGINE.
+ [Geoff Thorpe]
+
+ *) Alter all existing ENGINE implementations (except "openssl" and
+ "openbsd") to dynamically instantiate their own error strings. This
+ makes them more flexible to be built both as statically-linked ENGINEs
+ and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+ Also, add stub code to each that makes building them as self-contained
+ shared-libraries easier (see README.ENGINE).
+ [Geoff Thorpe]
+
+ *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+ implementations into applications that are completely implemented in
+ self-contained shared-libraries. The "dynamic" ENGINE exposes control
+ commands that can be used to configure what shared-library to load and
+ to control aspects of the way it is handled. Also, made an update to
+ the README.ENGINE file that brings its information up-to-date and
+ provides some information and instructions on the "dynamic" ENGINE
+ (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+ [Geoff Thorpe]
+
+ *) Make it possible to unload ranges of ERR strings with a new
+ "ERR_unload_strings" function.
+ [Geoff Thorpe]
+
+ *) Add a copy() function to EVP_MD.
+ [Ben Laurie]
+
+ *) Make EVP_MD routines take a context pointer instead of just the
+ md_data void pointer.
+ [Ben Laurie]
+
+ *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+ that the digest can only process a single chunk of data
+ (typically because it is provided by a piece of
+ hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+ is only going to provide a single chunk of data, and hence the
+ framework needn't accumulate the data for oneshot drivers.
+ [Ben Laurie]
+
+ *) As with "ERR", make it possible to replace the underlying "ex_data"
+ functions. This change also alters the storage and management of global
+ ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+ RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+ index counters. The API functions that use this state have been changed
+ to take a "class_index" rather than pointers to the class's local STACK
+ and counter, and there is now an API function to dynamically create new
+ classes. This centralisation allows us to (a) plug a lot of the
+ thread-safety problems that existed, and (b) makes it possible to clean
+ up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+ such data would previously have always leaked in application code and
+ workarounds were in place to make the memory debugging turn a blind eye
+ to it. Application code that doesn't use this new function will still
+ leak as before, but their memory debugging output will announce it now
+ rather than letting it slide.
+
+ Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+ induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+ has a return value to indicate success or failure.
+ [Geoff Thorpe]
+
+ *) Make it possible to replace the underlying "ERR" functions such that the
+ global state (2 LHASH tables and 2 locks) is only used by the "default"
+ implementation. This change also adds two functions to "get" and "set"
+ the implementation prior to it being automatically set the first time
+ any other ERR function takes place. Ie. an application can call "get",
+ pass the return value to a module it has just loaded, and that module
+ can call its own "set" function using that value. This means the
+ module's "ERR" operations will use (and modify) the error state in the
+ application and not in its own statically linked copy of OpenSSL code.
+ [Geoff Thorpe]
+
+ *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+ reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+ the operation, and provides a more encapsulated way for external code
+ (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+ to use these functions rather than manually incrementing the counts.
+
+ Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+ [Geoff Thorpe]
+
+ *) Add EVP test program.
+ [Ben Laurie]
+
+ *) Add symmetric cipher support to ENGINE. Expect the API to change!
+ [Ben Laurie]
+
+ *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+ X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+ X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+ These allow a CRL to be built without having to access X509_CRL fields
+ directly. Modify 'ca' application to use new functions.
+ [Steve Henson]
+
+ *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+ bug workarounds. Rollback attack detection is a security feature.
+ The problem will only arise on OpenSSL servers when TLSv1 is not
+ available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+ Software authors not wanting to support TLSv1 will have special reasons
+ for their choice and can explicitly enable this option.
+ [Bodo Moeller, Lutz Jaenicke]
+
+ *) Rationalise EVP so it can be extended: don't include a union of
+ cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+ (similar to those existing for EVP_CIPHER_CTX).
+ Usage example:
+
+ EVP_MD_CTX md;
+
+ EVP_MD_CTX_init(&md); /* new function call */
+ EVP_DigestInit(&md, EVP_sha1());
+ EVP_DigestUpdate(&md, in, len);
+ EVP_DigestFinal(&md, out, NULL);
+ EVP_MD_CTX_cleanup(&md); /* new function call */
+
+ [Ben Laurie]
+
+ *) Make DES key schedule conform to the usual scheme, as well as
+ correcting its structure. This means that calls to DES functions
+ now have to pass a pointer to a des_key_schedule instead of a
+ plain des_key_schedule (which was actually always a pointer
+ anyway): E.g.,
+
+ des_key_schedule ks;
+
+ des_set_key_checked(..., &ks);
+ des_ncbc_encrypt(..., &ks, ...);
+
+ (Note that a later change renames 'des_...' into 'DES_...'.)
+ [Ben Laurie]
+
+ *) Initial reduction of linker bloat: the use of some functions, such as
+ PEM causes large amounts of unused functions to be linked in due to
+ poor organisation. For example pem_all.c contains every PEM function
+ which has a knock on effect of linking in large amounts of (unused)
+ ASN1 code. Grouping together similar functions and splitting unrelated
+ functions prevents this.
+ [Steve Henson]
+
+ *) Cleanup of EVP macros.
+ [Ben Laurie]
+
+ *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+ correct _ecb suffix.
+ [Ben Laurie]
+
+ *) Add initial OCSP responder support to ocsp application. The
+ revocation information is handled using the text based index
+ use by the ca application. The responder can either handle
+ requests generated internally, supplied in files (for example
+ via a CGI script) or using an internal minimal server.
+ [Steve Henson]
+
+ *) Add configuration choices to get zlib compression for TLS.
+ [Richard Levitte]
+
+ *) Changes to Kerberos SSL for RFC 2712 compliance:
+ 1. Implemented real KerberosWrapper, instead of just using
+ KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+ 2. Implemented optional authenticator field of KerberosWrapper.
+
+ Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+ and authenticator structs; see crypto/krb5/.
+
+ Generalized Kerberos calls to support multiple Kerberos libraries.
+ [Vern Staats <staatsvr@asc.hpc.mil>,
+ Jeffrey Altman <jaltman@columbia.edu>
+ via Richard Levitte]
+
+ *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+ already does with RSA. testdsa.h now has 'priv_key/pub_key'
+ values for each of the key sizes rather than having just
+ parameters (and 'speed' generating keys each time).
+ [Geoff Thorpe]
+
+ *) Speed up EVP routines.
+ Before:
+encrypt
+type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
+des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
+des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
+decrypt
+des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
+des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
+des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
+ After:
+encrypt
+des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
+decrypt
+des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
+ [Ben Laurie]
+
+ *) Added the OS2-EMX target.
+ ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+ *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+ to support NCONF routines in extension code. New function CONF_set_nconf()
+ to allow functions which take an NCONF to also handle the old LHASH
+ structure: this means that the old CONF compatible routines can be
+ retained (in particular wrt extensions) without having to duplicate the
+ code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+ [Steve Henson]
+
+ *) Enhance the general user interface with mechanisms for inner control
+ and with possibilities to have yes/no kind of prompts.
+ [Richard Levitte]
+
+ *) Change all calls to low level digest routines in the library and
+ applications to use EVP. Add missing calls to HMAC_cleanup() and
+ don't assume HMAC_CTX can be copied using memcpy().
+ [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
+ *) Add the possibility to control engines through control names but with
+ arbitrary arguments instead of just a string.
+ Change the key loaders to take a UI_METHOD instead of a callback
+ function pointer. NOTE: this breaks binary compatibility with earlier
+ versions of OpenSSL [engine].
+ Adapt the nCipher code for these new conditions and add a card insertion
+ callback.
+ [Richard Levitte]
+
+ *) Enhance the general user interface with mechanisms to better support
+ dialog box interfaces, application-defined prompts, the possibility
+ to use defaults (for example default passwords from somewhere else)
+ and interrupts/cancellations.
+ [Richard Levitte]
+
+ *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+ attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+ [Steve Henson]
+
+ *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+ tidy up some unnecessarily weird code in 'sk_new()').
+ [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
+
+ *) Change the key loading routines for ENGINEs to use the same kind
+ callback (pem_password_cb) as all other routines that need this
+ kind of callback.
+ [Richard Levitte]
+
+ *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+ 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+ than this minimum value is recommended.
+ [Lutz Jaenicke]
+
+ *) New random seeder for OpenVMS, using the system process statistics
+ that are easily reachable.
+ [Richard Levitte]
+
+ *) Windows apparently can't transparently handle global
+ variables defined in DLLs. Initialisations such as:
+
+ const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+ wont compile. This is used by the any applications that need to
+ declare their own ASN1 modules. This was fixed by adding the option
+ EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+ needed for static libraries under Win32.
+ [Steve Henson]
+
+ *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+ setting of purpose and trust fields. New X509_STORE trust and
+ purpose functions and tidy up setting in other SSL functions.
+ [Steve Henson]
+
+ *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+ structure. These are inherited by X509_STORE_CTX when it is
+ initialised. This allows various defaults to be set in the
+ X509_STORE structure (such as flags for CRL checking and custom
+ purpose or trust settings) for functions which only use X509_STORE_CTX
+ internally such as S/MIME.
+
+ Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+ trust settings if they are not set in X509_STORE. This allows X509_STORE
+ purposes and trust (in S/MIME for example) to override any set by default.
+
+ Add command line options for CRL checking to smime, s_client and s_server
+ applications.
+ [Steve Henson]
+
+ *) Initial CRL based revocation checking. If the CRL checking flag(s)
+ are set then the CRL is looked up in the X509_STORE structure and
+ its validity and signature checked, then if the certificate is found
+ in the CRL the verify fails with a revoked error.
+
+ Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+ Command line options added to 'verify' application to support this.
+
+ This needs some additional work, such as being able to handle multiple
+ CRLs with different times, extension based lookup (rather than just
+ by subject name) and ultimately more complete V2 CRL extension
+ handling.
+ [Steve Henson]
+
+ *) Add a general user interface API (crypto/ui/). This is designed
+ to replace things like des_read_password and friends (backward
+ compatibility functions using this new API are provided).
+ The purpose is to remove prompting functions from the DES code
+ section as well as provide for prompting through dialog boxes in
+ a window system and the like.
+ [Richard Levitte]
+
+ *) Add "ex_data" support to ENGINE so implementations can add state at a
+ per-structure level rather than having to store it globally.
+ [Geoff]
+
+ *) Make it possible for ENGINE structures to be copied when retrieved by
+ ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+ This causes the "original" ENGINE structure to act like a template,
+ analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+ operational state can be localised to each ENGINE structure, despite the
+ fact they all share the same "methods". New ENGINE structures returned in
+ this case have no functional references and the return value is the single
+ structural reference. This matches the single structural reference returned
+ by ENGINE_by_id() normally, when it is incremented on the pre-existing
+ ENGINE structure.
+ [Geoff]
+
+ *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+ needs to match any other type at all we need to manually clear the
+ tag cache.
+ [Steve Henson]
+
+ *) Changes to the "openssl engine" utility to include;
+ - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+ about an ENGINE's available control commands.
+ - executing control commands from command line arguments using the
+ '-pre' and '-post' switches. '-post' is only used if '-t' is
+ specified and the ENGINE is successfully initialised. The syntax for
+ the individual commands are colon-separated, for example;
+ openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+ [Geoff]
+
+ *) New dynamic control command support for ENGINEs. ENGINEs can now
+ declare their own commands (numbers), names (strings), descriptions,
+ and input types for run-time discovery by calling applications. A
+ subset of these commands are implicitly classed as "executable"
+ depending on their input type, and only these can be invoked through
+ the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+ can be based on user input, config files, etc). The distinction is
+ that "executable" commands cannot return anything other than a boolean
+ result and can only support numeric or string input, whereas some
+ discoverable commands may only be for direct use through
+ ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+ pointers, or other custom uses. The "executable" commands are to
+ support parameterisations of ENGINE behaviour that can be
+ unambiguously defined by ENGINEs and used consistently across any
+ OpenSSL-based application. Commands have been added to all the
+ existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+ control over shared-library paths without source code alterations.
+ [Geoff]
+
+ *) Changed all ENGINE implementations to dynamically allocate their
+ ENGINEs rather than declaring them statically. Apart from this being
+ necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+ this also allows the implementations to compile without using the
+ internal engine_int.h header.
+ [Geoff]
+
+ *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+ 'const' value. Any code that should be able to modify a RAND_METHOD
+ should already have non-const pointers to it (ie. they should only
+ modify their own ones).
+ [Geoff]
+
+ *) Made a variety of little tweaks to the ENGINE code.
+ - "atalla" and "ubsec" string definitions were moved from header files
+ to C code. "nuron" string definitions were placed in variables
+ rather than hard-coded - allowing parameterisation of these values
+ later on via ctrl() commands.
+ - Removed unused "#if 0"'d code.
+ - Fixed engine list iteration code so it uses ENGINE_free() to release
+ structural references.
+ - Constified the RAND_METHOD element of ENGINE structures.
+ - Constified various get/set functions as appropriate and added
+ missing functions (including a catch-all ENGINE_cpy that duplicates
+ all ENGINE values onto a new ENGINE except reference counts/state).
+ - Removed NULL parameter checks in get/set functions. Setting a method
+ or function to NULL is a way of cancelling out a previously set
+ value. Passing a NULL ENGINE parameter is just plain stupid anyway
+ and doesn't justify the extra error symbols and code.
+ - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+ flags from engine_int.h to engine.h.
+ - Changed prototypes for ENGINE handler functions (init(), finish(),
+ ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+ [Geoff]
+
+ *) Implement binary inversion algorithm for BN_mod_inverse in addition
+ to the algorithm using long division. The binary algorithm can be
+ used only if the modulus is odd. On 32-bit systems, it is faster
+ only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+ roughly 5-15% for 256-bit moduli), so we use it only for moduli
+ up to 450 bits. In 64-bit environments, the binary algorithm
+ appears to be advantageous for much longer moduli; here we use it
+ for moduli up to 2048 bits.
+ [Bodo Moeller]
+
+ *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+ could not support the combine flag in choice fields.
+ [Steve Henson]
+
+ *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+ extensions from a certificate request to the certificate.
+ [Steve Henson]
+
+ *) Allow multiple 'certopt' and 'nameopt' options to be separated
+ by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+ file: this allows the display of the certificate about to be
+ signed to be customised, to allow certain fields to be included
+ or excluded and extension details. The old system didn't display
+ multicharacter strings properly, omitted fields not in the policy
+ and couldn't display additional details such as extensions.
+ [Steve Henson]
+
+ *) Function EC_POINTs_mul for multiple scalar multiplication
+ of an arbitrary number of elliptic curve points
+ \sum scalars[i]*points[i],
+ optionally including the generator defined for the EC_GROUP:
+ scalar*generator + \sum scalars[i]*points[i].
+
+ EC_POINT_mul is a simple wrapper function for the typical case
+ that the point list has just one item (besides the optional
+ generator).
+ [Bodo Moeller]
+
+ *) First EC_METHODs for curves over GF(p):
+
+ EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+ operations and provides various method functions that can also
+ operate with faster implementations of modular arithmetic.
+
+ EC_GFp_mont_method() reuses most functions that are part of
+ EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+ [Bodo Moeller; point addition and point doubling
+ implementation directly derived from source code provided by
+ Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
+
+ *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+ crypto/ec/ec_lib.c):
+
+ Curves are EC_GROUP objects (with an optional group generator)
+ based on EC_METHODs that are built into the library.
+
+ Points are EC_POINT objects based on EC_GROUP objects.
+
+ Most of the framework would be able to handle curves over arbitrary
+ finite fields, but as there are no obvious types for fields other
+ than GF(p), some functions are limited to that for now.
+ [Bodo Moeller]
+
+ *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
+ that the file contains a complete HTTP response.
+ [Richard Levitte]
+
+ *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+ change the def and num file printf format specifier from "%-40sXXX"
+ to "%-39s XXX". The latter will always guarantee a space after the
+ field while the former will cause them to run together if the field
+ is 40 of more characters long.
+ [Steve Henson]
+
+ *) Constify the cipher and digest 'method' functions and structures
+ and modify related functions to take constant EVP_MD and EVP_CIPHER
+ pointers.
+ [Steve Henson]
+
+ *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+ in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
+ [Bodo Moeller]
+
+ *) Modify EVP_Digest*() routines so they now return values. Although the
+ internal software routines can never fail additional hardware versions
+ might.
+ [Steve Henson]
+
+ *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+ Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+ (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+ ASN1 error codes
+ ERR_R_NESTED_ASN1_ERROR
+ ...
+ ERR_R_MISSING_ASN1_EOS
+ were 4 .. 9, conflicting with
+ ERR_LIB_RSA (= ERR_R_RSA_LIB)
+ ...
+ ERR_LIB_PEM (= ERR_R_PEM_LIB).
+ They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+ Add new error code 'ERR_R_INTERNAL_ERROR'.
+ [Bodo Moeller]
+
+ *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+ suffices.
+ [Bodo Moeller]
+
+ *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
+ sets the subject name for a new request or supersedes the
+ subject name in a given request. Formats that can be parsed are
+ 'CN=Some Name, OU=myOU, C=IT'
+ and
+ 'CN=Some Name/OU=myOU/C=IT'.
+
+ Add options '-batch' and '-verbose' to 'openssl req'.
+ [Massimiliano Pala <madwolf@hackmasters.net>]
+
+ *) Introduce the possibility to access global variables through
+ functions on platform were that's the best way to handle exporting
+ global variables in shared libraries. To enable this functionality,
+ one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+ "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+ is normally done by Configure or something similar).
+
+ To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+ in the source file (foo.c) like this:
+
+ OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+ OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+ To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+ and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+ OPENSSL_DECLARE_GLOBAL(int,foo);
+ #define foo OPENSSL_GLOBAL_REF(foo)
+ OPENSSL_DECLARE_GLOBAL(double,bar);
+ #define bar OPENSSL_GLOBAL_REF(bar)
+
+ The #defines are very important, and therefore so is including the
+ header file everywhere where the defined globals are used.
+
+ The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+ of ASN.1 items, but that structure is a bit different.
+
+ The largest change is in util/mkdef.pl which has been enhanced with
+ better and easier to understand logic to choose which symbols should
+ go into the Windows .def files as well as a number of fixes and code
+ cleanup (among others, algorithm keywords are now sorted
+ lexicographically to avoid constant rewrites).
+ [Richard Levitte]
+
+ *) In BN_div() keep a copy of the sign of 'num' before writing the
+ result to 'rm' because if rm==num the value will be overwritten
+ and produce the wrong result if 'num' is negative: this caused
+ problems with BN_mod() and BN_nnmod().
+ [Steve Henson]
+
+ *) Function OCSP_request_verify(). This checks the signature on an
+ OCSP request and verifies the signer certificate. The signer
+ certificate is just checked for a generic purpose and OCSP request
+ trust settings.
+ [Steve Henson]
+
+ *) Add OCSP_check_validity() function to check the validity of OCSP
+ responses. OCSP responses are prepared in real time and may only
+ be a few seconds old. Simply checking that the current time lies
+ between thisUpdate and nextUpdate max reject otherwise valid responses
+ caused by either OCSP responder or client clock inaccuracy. Instead
+ we allow thisUpdate and nextUpdate to fall within a certain period of
+ the current time. The age of the response can also optionally be
+ checked. Two new options -validity_period and -status_age added to
+ ocsp utility.
+ [Steve Henson]
+
+ *) If signature or public key algorithm is unrecognized print out its
+ OID rather that just UNKNOWN.
+ [Steve Henson]
+
+ *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+ OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+ ID to be generated from the issuer certificate alone which can then be
+ passed to OCSP_id_issuer_cmp().
+ [Steve Henson]
+
+ *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+ ASN1 modules to export functions returning ASN1_ITEM pointers
+ instead of the ASN1_ITEM structures themselves. This adds several
+ new macros which allow the underlying ASN1 function/structure to
+ be accessed transparently. As a result code should not use ASN1_ITEM
+ references directly (such as &X509_it) but instead use the relevant
+ macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+ use of the new ASN1 code on platforms where exporting structures
+ is problematical (for example in shared libraries) but exporting
+ functions returning pointers to structures is not.
+ [Steve Henson]
+
+ *) Add support for overriding the generation of SSL/TLS session IDs.
+ These callbacks can be registered either in an SSL_CTX or per SSL.
+ The purpose of this is to allow applications to control, if they wish,
+ the arbitrary values chosen for use as session IDs, particularly as it
+ can be useful for session caching in multiple-server environments. A
+ command-line switch for testing this (and any client code that wishes
+ to use such a feature) has been added to "s_server".
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+ of the form '#if defined(...) || defined(...) || ...' and
+ '#if !defined(...) && !defined(...) && ...'. This also avoids
+ the growing number of special cases it was previously handling.
+ [Richard Levitte]
+
+ *) Make all configuration macros available for application by making
+ sure they are available in opensslconf.h, by giving them names starting
+ with "OPENSSL_" to avoid conflicts with other packages and by making
+ sure e_os2.h will cover all platform-specific cases together with
+ opensslconf.h.
+ Additionally, it is now possible to define configuration/platform-
+ specific names (called "system identities"). In the C code, these
+ are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
+ macro with the name beginning with "OPENSSL_SYS_", which is determined
+ from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+ what is available.
+ [Richard Levitte]
+
+ *) New option -set_serial to 'req' and 'x509' this allows the serial
+ number to use to be specified on the command line. Previously self
+ signed certificates were hard coded with serial number 0 and the
+ CA options of 'x509' had to use a serial number in a file which was
+ auto incremented.
+ [Steve Henson]
+
+ *) New options to 'ca' utility to support V2 CRL entry extensions.
+ Currently CRL reason, invalidity date and hold instruction are
+ supported. Add new CRL extensions to V3 code and some new objects.
+ [Steve Henson]
+
+ *) New function EVP_CIPHER_CTX_set_padding() this is used to
+ disable standard block padding (aka PKCS#5 padding) in the EVP
+ API, which was previously mandatory. This means that the data is
+ not padded in any way and so the total length much be a multiple
+ of the block size, otherwise an error occurs.
+ [Steve Henson]
+
+ *) Initial (incomplete) OCSP SSL support.
+ [Steve Henson]
+
+ *) New function OCSP_parse_url(). This splits up a URL into its host,
+ port and path components: primarily to parse OCSP URLs. New -url
+ option to ocsp utility.
+ [Steve Henson]
+
+ *) New nonce behavior. The return value of OCSP_check_nonce() now
+ reflects the various checks performed. Applications can decide
+ whether to tolerate certain situations such as an absent nonce
+ in a response when one was present in a request: the ocsp application
+ just prints out a warning. New function OCSP_add1_basic_nonce()
+ this is to allow responders to include a nonce in a response even if
+ the request is nonce-less.
+ [Steve Henson]
+
+ *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+ skipped when using openssl x509 multiple times on a single input file,
+ e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+ [Bodo Moeller]
+
+ *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+ set string type: to handle setting ASN1_TIME structures. Fix ca
+ utility to correctly initialize revocation date of CRLs.
+ [Steve Henson]
+
+ *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+ the clients preferred ciphersuites and rather use its own preferences.
+ Should help to work around M$ SGC (Server Gated Cryptography) bug in
+ Internet Explorer by ensuring unchanged hash method during stepup.
+ (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+ [Lutz Jaenicke]
+
+ *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+ to aes and add a new 'exist' option to print out symbols that don't
+ appear to exist.
+ [Steve Henson]
+
+ *) Additional options to ocsp utility to allow flags to be set and
+ additional certificates supplied.
+ [Steve Henson]
+
+ *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+ OCSP client a number of certificate to only verify the response
+ signature against.
+ [Richard Levitte]
+
+ *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+ handle the new API. Currently only ECB, CBC modes supported. Add new
+ AES OIDs.
+
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
+
+ *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+ request to response.
+ [Steve Henson]
+
+ *) Functions for OCSP responders. OCSP_request_onereq_count(),
+ OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+ extract information from a certificate request. OCSP_response_create()
+ creates a response and optionally adds a basic response structure.
+ OCSP_basic_add1_status() adds a complete single response to a basic
+ response and returns the OCSP_SINGLERESP structure just added (to allow
+ extensions to be included for example). OCSP_basic_add1_cert() adds a
+ certificate to a basic response and OCSP_basic_sign() signs a basic
+ response with various flags. New helper functions ASN1_TIME_check()
+ (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+ (converts ASN1_TIME to GeneralizedTime).
+ [Steve Henson]
+
+ *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+ in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+ structure from a certificate. X509_pubkey_digest() digests the public_key
+ contents: this is used in various key identifiers.
+ [Steve Henson]
+
+ *) Make sk_sort() tolerate a NULL argument.
+ [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
+
+ *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+ passed by the function are trusted implicitly. If any of them signed the
+ response then it is assumed to be valid and is not verified.
+ [Steve Henson]
+
+ *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+ to data. This was previously part of the PKCS7 ASN1 code. This
+ was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+ [Steve Henson, reported by Kenneth R. Robinette
+ <support@securenetterm.com>]
+
+ *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+ routines: without these tracing memory leaks is very painful.
+ Fix leaks in PKCS12 and PKCS7 routines.
+ [Steve Henson]
+
+ *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+ Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+ effectively meant GeneralizedTime would never be used. Now it
+ is initialised to -1 but X509_time_adj() now has to check the value
+ and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+ V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+ [Steve Henson, reported by Kenneth R. Robinette
+ <support@securenetterm.com>]
+
+ *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+ result in a zero length in the ASN1_INTEGER structure which was
+ not consistent with the structure when d2i_ASN1_INTEGER() was used
+ and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+ to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+ where it did not print out a minus for negative ASN1_INTEGER.
+ [Steve Henson]
+
+ *) Add summary printout to ocsp utility. The various functions which
+ convert status values to strings have been renamed to:
+ OCSP_response_status_str(), OCSP_cert_status_str() and
+ OCSP_crl_reason_str() and are no longer static. New options
+ to verify nonce values and to disable verification. OCSP response
+ printout format cleaned up.
+ [Steve Henson]
+
+ *) Add additional OCSP certificate checks. These are those specified
+ in RFC2560. This consists of two separate checks: the CA of the
+ certificate being checked must either be the OCSP signer certificate
+ or the issuer of the OCSP signer certificate. In the latter case the
+ OCSP signer certificate must contain the OCSP signing extended key
+ usage. This check is performed by attempting to match the OCSP
+ signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+ in the OCSP_CERTID structures of the response.
+ [Steve Henson]
+
+ *) Initial OCSP certificate verification added to OCSP_basic_verify()
+ and related routines. This uses the standard OpenSSL certificate
+ verify routines to perform initial checks (just CA validity) and
+ to obtain the certificate chain. Then additional checks will be
+ performed on the chain. Currently the root CA is checked to see
+ if it is explicitly trusted for OCSP signing. This is used to set
+ a root CA as a global signing root: that is any certificate that
+ chains to that CA is an acceptable OCSP signing certificate.
+ [Steve Henson]
+
+ *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+ extensions from a separate configuration file.
+ As when reading extensions from the main configuration file,
+ the '-extensions ...' option may be used for specifying the
+ section to use.
+ [Massimiliano Pala <madwolf@comune.modena.it>]
+
+ *) New OCSP utility. Allows OCSP requests to be generated or
+ read. The request can be sent to a responder and the output
+ parsed, outputed or printed in text form. Not complete yet:
+ still needs to check the OCSP response validity.
+ [Steve Henson]
+
+ *) New subcommands for 'openssl ca':
+ 'openssl ca -status <serial>' prints the status of the cert with
+ the given serial number (according to the index file).
+ 'openssl ca -updatedb' updates the expiry status of certificates
+ in the index file.
+ [Massimiliano Pala <madwolf@comune.modena.it>]
+
+ *) New '-newreq-nodes' command option to CA.pl. This is like
+ '-newreq', but calls 'openssl req' with the '-nodes' option
+ so that the resulting key is not encrypted.
+ [Damien Miller <djm@mindrot.org>]
+
+ *) New configuration for the GNU Hurd.
+ [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
+
+ *) Initial code to implement OCSP basic response verify. This
+ is currently incomplete. Currently just finds the signer's
+ certificate and verifies the signature on the response.
+ [Steve Henson]
+
+ *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+ value of OPENSSLDIR. This is available via the new '-d' option
+ to 'openssl version', and is also included in 'openssl version -a'.
+ [Bodo Moeller]
+
+ *) Allowing defining memory allocation callbacks that will be given
+ file name and line number information in additional arguments
+ (a const char* and an int). The basic functionality remains, as
+ well as the original possibility to just replace malloc(),
+ realloc() and free() by functions that do not know about these
+ additional arguments. To register and find out the current
+ settings for extended allocation functions, the following
+ functions are provided:
+
+ CRYPTO_set_mem_ex_functions
+ CRYPTO_set_locked_mem_ex_functions
+ CRYPTO_get_mem_ex_functions
+ CRYPTO_get_locked_mem_ex_functions
+
+ These work the same way as CRYPTO_set_mem_functions and friends.
+ CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+ extended allocation function is enabled.
+ Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+ a conventional allocation function is enabled.
+ [Richard Levitte, Bodo Moeller]
+
+ *) Finish off removing the remaining LHASH function pointer casts.
+ There should no longer be any prototype-casting required when using
+ the LHASH abstraction, and any casts that remain are "bugs". See
+ the callback types and macros at the head of lhash.h for details
+ (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+ [Geoff Thorpe]
+
+ *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+ If /dev/[u]random devices are not available or do not return enough
+ entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+ be queried.
+ The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+ /etc/entropy will be queried once each in this sequence, quering stops
+ when enough entropy was collected without querying more sockets.
+ [Lutz Jaenicke]
+
+ *) Change the Unix RAND_poll() variant to be able to poll several
+ random devices, as specified by DEVRANDOM, until a sufficient amount
+ of data has been collected. We spend at most 10 ms on each file
+ (select timeout) and read in non-blocking mode. DEVRANDOM now
+ defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+ (previously it was just the string "/dev/urandom"), so on typical
+ platforms the 10 ms delay will never occur.
+ Also separate out the Unix variant to its own file, rand_unix.c.
+ For VMS, there's a currently-empty rand_vms.c.
+ [Richard Levitte]
+
+ *) Move OCSP client related routines to ocsp_cl.c. These
+ provide utility functions which an application needing
+ to issue a request to an OCSP responder and analyse the
+ response will typically need: as opposed to those which an
+ OCSP responder itself would need which will be added later.
+
+ OCSP_request_sign() signs an OCSP request with an API similar
+ to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+ response. OCSP_response_get1_basic() extracts basic response
+ from response. OCSP_resp_find_status(): finds and extracts status
+ information from an OCSP_CERTID structure (which will be created
+ when the request structure is built). These are built from lower
+ level functions which work on OCSP_SINGLERESP structures but
+ wont normally be used unless the application wishes to examine
+ extensions in the OCSP response for example.
+
+ Replace nonce routines with a pair of functions.
+ OCSP_request_add1_nonce() adds a nonce value and optionally
+ generates a random value. OCSP_check_nonce() checks the
+ validity of the nonce in an OCSP response.
+ [Steve Henson]
+
+ *) Change function OCSP_request_add() to OCSP_request_add0_id().
+ This doesn't copy the supplied OCSP_CERTID and avoids the
+ need to free up the newly created id. Change return type
+ to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+ This can then be used to add extensions to the request.
+ Deleted OCSP_request_new(), since most of its functionality
+ is now in OCSP_REQUEST_new() (and the case insensitive name
+ clash) apart from the ability to set the request name which
+ will be added elsewhere.
+ [Steve Henson]
+
+ *) Update OCSP API. Remove obsolete extensions argument from
+ various functions. Extensions are now handled using the new
+ OCSP extension code. New simple OCSP HTTP function which
+ can be used to send requests and parse the response.
+ [Steve Henson]
+
+ *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+ ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+ uses the special reorder version of SET OF to sort the attributes
+ and reorder them to match the encoded order. This resolves a long
+ standing problem: a verify on a PKCS7 structure just after signing
+ it used to fail because the attribute order did not match the
+ encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+ it uses the received order. This is necessary to tolerate some broken
+ software that does not order SET OF. This is handled by encoding
+ as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+ to produce the required SET OF.
+ [Steve Henson]
+
+ *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+ OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+ files to get correct declarations of the ASN.1 item variables.
+ [Richard Levitte]
+
+ *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+ PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+ asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+ NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+ New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+ ASN1_ITEM and no wrapper functions.
+ [Steve Henson]
+
+ *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+ replace the old function pointer based I/O routines. Change most of
+ the *_d2i_bio() and *_d2i_fp() functions to use these.
+ [Steve Henson]
+
+ *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+ lines, recognice more "algorithms" that can be deselected, and make
+ it complain about algorithm deselection that isn't recognised.
+ [Richard Levitte]
+
+ *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+ unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+ to use new functions. Add NO_ASN1_OLD which can be set to remove
+ some old style ASN1 functions: this can be used to determine if old
+ code will still work when these eventually go away.
+ [Steve Henson]
+
+ *) New extension functions for OCSP structures, these follow the
+ same conventions as certificates and CRLs.
+ [Steve Henson]
+
+ *) New function X509V3_add1_i2d(). This automatically encodes and
+ adds an extension. Its behaviour can be customised with various
+ flags to append, replace or delete. Various wrappers added for
+ certifcates and CRLs.
+ [Steve Henson]
+
+ *) Fix to avoid calling the underlying ASN1 print routine when
+ an extension cannot be parsed. Correct a typo in the
+ OCSP_SERVICELOC extension. Tidy up print OCSP format.
+ [Steve Henson]
+
+ *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+ entries for variables.
+ [Steve Henson]
+
+ *) Add functionality to apps/openssl.c for detecting locking
+ problems: As the program is single-threaded, all we have
+ to do is register a locking callback using an array for
+ storing which locks are currently held by the program.
+ [Bodo Moeller]
+
+ *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+ SSL_get_ex_data_X509_STORE_idx(), which is used in
+ ssl_verify_cert_chain() and thus can be called at any time
+ during TLS/SSL handshakes so that thread-safety is essential.
+ Unfortunately, the ex_data design is not at all suited
+ for multi-threaded use, so it probably should be abolished.
+ [Bodo Moeller]
+
+ *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+ [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+ *) Move common extension printing code to new function
+ X509V3_print_extensions(). Reorganise OCSP print routines and
+ implement some needed OCSP ASN1 functions. Add OCSP extensions.
+ [Steve Henson]
+
+ *) New function X509_signature_print() to remove duplication in some
+ print routines.
+ [Steve Henson]
+
+ *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+ set (this was treated exactly the same as SET OF previously). This
+ is used to reorder the STACK representing the structure to match the
+ encoding. This will be used to get round a problem where a PKCS7
+ structure which was signed could not be verified because the STACK
+ order did not reflect the encoded order.
+ [Steve Henson]
+
+ *) Reimplement the OCSP ASN1 module using the new code.
+ [Steve Henson]
+
+ *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+ for its ASN1 operations. The old style function pointers still exist
+ for now but they will eventually go away.
+ [Steve Henson]
+
+ *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+ completely replaces the old ASN1 functionality with a table driven
+ encoder and decoder which interprets an ASN1_ITEM structure describing
+ the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+ largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+ has also been converted to the new form.
+ [Steve Henson]
+
+ *) Change BN_mod_exp_recp so that negative moduli are tolerated
+ (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
+ so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+ for negative moduli.
+ [Bodo Moeller]
+
+ *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+ of not touching the result's sign bit.
+ [Bodo Moeller]
+
+ *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+ set.
+ [Bodo Moeller]
+
+ *) Changed the LHASH code to use prototypes for callbacks, and created
+ macros to declare and implement thin (optionally static) functions
+ that provide type-safety and avoid function pointer casting for the
+ type-specific callbacks.
+ [Geoff Thorpe]
+
+ *) Added Kerberos Cipher Suites to be used with TLS, as written in
+ RFC 2712.
+ [Veers Staats <staatsvr@asc.hpc.mil>,
+ Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
+
+ *) Reformat the FAQ so the different questions and answers can be divided
+ in sections depending on the subject.
+ [Richard Levitte]
+
+ *) Have the zlib compression code load ZLIB.DLL dynamically under
+ Windows.
+ [Richard Levitte]
+
+ *) New function BN_mod_sqrt for computing square roots modulo a prime
+ (using the probabilistic Tonelli-Shanks algorithm unless
+ p == 3 (mod 4) or p == 5 (mod 8), which are cases that can
+ be handled deterministically).
+ [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+ *) Make BN_mod_inverse faster by explicitly handling small quotients
+ in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+ 512 bits], about 30% for larger ones [1024 or 2048 bits].)
+ [Bodo Moeller]
+
+ *) New function BN_kronecker.
+ [Bodo Moeller]
+
+ *) Fix BN_gcd so that it works on negative inputs; the result is
+ positive unless both parameters are zero.
+ Previously something reasonably close to an infinite loop was
+ possible because numbers could be growing instead of shrinking
+ in the implementation of Euclid's algorithm.
+ [Bodo Moeller]
+
+ *) Fix BN_is_word() and BN_is_one() macros to take into account the
+ sign of the number in question.
+
+ Fix BN_is_word(a,w) to work correctly for w == 0.
+
+ The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+ because its test if the absolute value of 'a' equals 'w'.
+ Note that BN_abs_is_word does *not* handle w == 0 reliably;
+ it exists mostly for use in the implementations of BN_is_zero(),
+ BN_is_one(), and BN_is_word().
+ [Bodo Moeller]
+
+ *) New function BN_swap.
+ [Bodo Moeller]
+
+ *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+ the exponentiation functions are more likely to produce reasonable
+ results on negative inputs.
+ [Bodo Moeller]
+
+ *) Change BN_mod_mul so that the result is always non-negative.
+ Previously, it could be negative if one of the factors was negative;
+ I don't think anyone really wanted that behaviour.
+ [Bodo Moeller]
+
+ *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+ (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+ and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+ and add new functions:
+
+ BN_nnmod
+ BN_mod_sqr
+ BN_mod_add
+ BN_mod_add_quick
+ BN_mod_sub
+ BN_mod_sub_quick
+ BN_mod_lshift1
+ BN_mod_lshift1_quick
+ BN_mod_lshift
+ BN_mod_lshift_quick
+
+ These functions always generate non-negative results.
+
+ BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
+ such that |m| < r < 0, BN_nnmod will output rem + |m| instead).
+
+ BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+ BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
+ be reduced modulo m.
+ [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+ *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+ was actually never needed) and in BN_mul(). The removal in BN_mul()
+ required a small change in bn_mul_part_recursive() and the addition
+ of the functions bn_cmp_part_words(), bn_sub_part_words() and
+ bn_add_part_words(), which do the same thing as bn_cmp_words(),
+ bn_sub_words() and bn_add_words() except they take arrays with
+ differing sizes.
+ [Richard Levitte]
+
+ *) In 'openssl passwd', verify passwords read from the terminal
+ unless the '-salt' option is used (which usually means that
+ verification would just waste user's time since the resulting
+ hash is going to be compared with some given password hash)
+ or the new '-noverify' option is used.
+
+ This is an incompatible change, but it does not affect
+ non-interactive use of 'openssl passwd' (passwords on the command
+ line, '-stdin' option, '-in ...' option) and thus should not
+ cause any problems.
+ [Bodo Moeller]
+
+ *) Remove all references to RSAref, since there's no more need for it.
+ [Richard Levitte]
+
+ *) Make DSO load along a path given through an environment variable
+ (SHLIB_PATH) with shl_load().
+ [Richard Levitte]
+
+ *) Constify the ENGINE code as a result of BIGNUM constification.
+ Also constify the RSA code and most things related to it. In a
+ few places, most notable in the depth of the ASN.1 code, ugly
+ casts back to non-const were required (to be solved at a later
+ time)
+ [Richard Levitte]
+
+ *) Make it so the openssl application has all engines loaded by default.
+ [Richard Levitte]
+
+ *) Constify the BIGNUM routines a little more.
+ [Richard Levitte]
+
+ *) Add the following functions:
+
+ ENGINE_load_cswift()
+ ENGINE_load_chil()
+ ENGINE_load_atalla()
+ ENGINE_load_nuron()
+ ENGINE_load_builtin_engines()
+
+ That way, an application can itself choose if external engines that
+ are built-in in OpenSSL shall ever be used or not. The benefit is
+ that applications won't have to be linked with libdl or other dso
+ libraries unless it's really needed.
+
+ Changed 'openssl engine' to load all engines on demand.
+ Changed the engine header files to avoid the duplication of some
+ declarations (they differed!).
+ [Richard Levitte]
+
+ *) 'openssl engine' can now list capabilities.
+ [Richard Levitte]
+
+ *) Better error reporting in 'openssl engine'.
+ [Richard Levitte]
+
+ *) Never call load_dh_param(NULL) in s_server.
+ [Bodo Moeller]
+
+ *) Add engine application. It can currently list engines by name and
+ identity, and test if they are actually available.
+ [Richard Levitte]
+
+ *) Improve RPM specification file by forcing symbolic linking and making
+ sure the installed documentation is also owned by root.root.
+ [Damien Miller <djm@mindrot.org>]
+
+ *) Give the OpenSSL applications more possibilities to make use of
+ keys (public as well as private) handled by engines.
+ [Richard Levitte]
+
+ *) Add OCSP code that comes from CertCo.
+ [Richard Levitte]
+
+ *) Add VMS support for the Rijndael code.
+ [Richard Levitte]
+
+ *) Added untested support for Nuron crypto accelerator.
+ [Ben Laurie]
+
+ *) Add support for external cryptographic devices. This code was
+ previously distributed separately as the "engine" branch.
+ [Geoff Thorpe, Richard Levitte]
+
+ *) Rework the filename-translation in the DSO code. It is now possible to
+ have far greater control over how a "name" is turned into a filename
+ depending on the operating environment and any oddities about the
+ different shared library filenames on each system.
+ [Geoff Thorpe]
+
+ *) Support threads on FreeBSD-elf in Configure.
+ [Richard Levitte]
+
+ *) Fix for SHA1 assembly problem with MASM: it produces
+ warnings about corrupt line number information when assembling
+ with debugging information. This is caused by the overlapping
+ of two sections.
+ [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+ *) NCONF changes.
+ NCONF_get_number() has no error checking at all. As a replacement,
+ NCONF_get_number_e() is defined (_e for "error checking") and is
+ promoted strongly. The old NCONF_get_number is kept around for
+ binary backward compatibility.
+ Make it possible for methods to load from something other than a BIO,
+ by providing a function pointer that is given a name instead of a BIO.
+ For example, this could be used to load configuration data from an
+ LDAP server.
+ [Richard Levitte]
+
+ *) Fix for non blocking accept BIOs. Added new I/O special reason
+ BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+ with non blocking I/O was not possible because no retry code was
+ implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+ this case.
+ [Steve Henson]
+
+ *) Added the beginnings of Rijndael support.
+ [Ben Laurie]
+
+ *) Fix for bug in DirectoryString mask setting. Add support for
+ X509_NAME_print_ex() in 'req' and X509_print_ex() function
+ to allow certificate printing to more controllable, additional
+ 'certopt' option to 'x509' to allow new printing options to be
+ set.
+ [Steve Henson]
+
+ *) Clean old EAY MD5 hack from e_os.h.
+ [Richard Levitte]
+
+ Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
+
+ *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+ memory from it's contents. This is done with a counter that will
+ place alternating values in each byte. This can be used to solve
+ two issues: 1) the removal of calls to memset() by highly optimizing
+ compilers, and 2) cleansing with other values than 0, since those can
+ be read through on certain media, for example a swap space on disk.
+ [Geoff Thorpe]
+
+ *) Bugfix: client side session caching did not work with external caching,
+ because the session->cipher setting was not restored when reloading
+ from the external cache. This problem was masked, when
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+ (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+ [Lutz Jaenicke]
+
+ *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+ length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+ [Zeev Lieber <zeev-l@yahoo.com>]
+
+ *) Undo an undocumented change introduced in 0.9.6e which caused
+ repeated calls to OpenSSL_add_all_ciphers() and
+ OpenSSL_add_all_digests() to be ignored, even after calling
+ EVP_cleanup().
+ [Richard Levitte]
+
+ *) Change the default configuration reader to deal with last line not
+ being properly terminated.
+ [Richard Levitte]
+
+ *) Change X509_NAME_cmp() so it applies the special rules on handling
+ DN values that are of type PrintableString, as well as RDNs of type
+ emailAddress where the value has the type ia5String.
+ [stefank@valicert.com via Richard Levitte]
+
+ *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+ the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+ doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+ the bitwise-OR of the two for use by the majority of applications
+ wanting this behaviour, and update the docs. The documented
+ behaviour and actual behaviour were inconsistent and had been
+ changing anyway, so this is more a bug-fix than a behavioural
+ change.
+ [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
+ ssl2_get_cipher_by_char(),
+ ssl3_get_cipher_by_char().
+ [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+ length, instead of the encoding length to d2i_ASN1_OBJECT.
+ [Steve Henson]
+
Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
*) [In 0.9.6g-engine release:]
@@ -23,6 +1906,12 @@
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
by the selection routines (PR #130).
@@ -54,7 +1943,7 @@
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
- supplied buffer.
+ supplied buffer. (CAN-2002-0659)
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
@@ -159,8 +2048,8 @@
value is 0.
[Richard Levitte]
- *) [In 0.9.6c-engine release:]
- Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+ *) [In 0.9.6d-engine release:]
+ Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
*) Add the configuration target linux-s390x.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 15cfbaa0331b..df29f780d1bf 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
@@ -23,10 +23,26 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
+# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
+# to live in the subdirectory lib/ and the header files in
+# include/. A value is required.
+# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
+# required.
+# (Default: KRB5_DIR/lib)
+# --with-krb5-include Declare where the Kerberos 5 header files live. A
+# value is required.
+# (Default: KRB5_DIR/include)
+# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
+# supported values are "MIT" and "Heimdal". A value is required.
+#
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
-# rsaref use RSAref
+# no-hw-xxx do not compile support for specific crypto hardware.
+# Generic OpenSSL-style methods relating to this support
+# are always compiled but return NULL if the hardware
+# support isn't compiled.
+# no-hw do not compile support for any crypto hardware.
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
@@ -34,6 +50,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
+# no-krb5 do not compile in any KRB5 library or code.
+# [no-]zlib [don't] compile support for zlib compression.
+# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
+# library and will be loaded in run-time by the OpenSSL library.
# 386 generate 80386 code
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
@@ -100,7 +120,7 @@ my $alpha_asm="::::::::";
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
-#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
+#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
my %table=(
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -113,88 +133,96 @@ my %table=(
#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
# Our development configs
-"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
-"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
-"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
-"dist", "cc:-O::(unknown):::::",
+"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
+"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
-"gcc", "gcc:-O3::(unknown)::BN_LLONG:::",
-"cc", "cc:-O::(unknown):::::",
+"gcc", "gcc:-O3::(unknown):::BN_LLONG:::",
+"cc", "cc:-O::(unknown)::::::",
-#### Solaris x86 setups
-# -DNO_INLINE_ASM switches off inline assembler. We have to do it
+#### Solaris x86 with GNU C setups
+# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
# here because whenever GNU C instantiates an assembler template it
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
# but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with Sun C setups
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Linux setups
-"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# !!!Folowing can't be even tested yet!!!
-# We have to wait till 64-bit glibc for SPARC is operational!!!
-#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Sunos configs, assuming sparc for the gcc one.
-##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-[g]cc' manually.
# -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -212,7 +240,7 @@ my %table=(
# - Keep in mind that the HP compiler by default generates code
# suitable for execution on the host you're currently compiling at.
# If the toolkit is ment to be used on various PA-RISC processors
-# consider './config +Dportable'.
+# consider './config +DAportable'.
# - +DD64 is chosen in favour of +DA2.0W because it's ment to be
# compatible with *future* releases.
# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
@@ -224,59 +252,70 @@ my %table=(
# crypto/sha/sha_lcl.h.
# <appro@fy.chalmers.se>
#
-#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# 64bit PARISC for GCC without optimization, which seems to make problems.
+# Submitted by <ross.alexander@uk.neceur.com>
+"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# IA-64 targets
+# I have no idea if this one actually works, feedback needed. <appro>
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
# egcs. gcc 2.8.1 is also broken.
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
# please report your OS and compiler version to the openssl-bugs@openssl.org
# mailing list.
-"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux-gcc fails, try this one:
-"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 9.X on Motorola 68k platforms with gcc
-"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",
+"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::",
# HPUX 10.X config. Supports threads.
-"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux10-gcc fails, try this one:
-"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 11.X from www.globus.org.
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
-#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
-#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::",
+#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
# Use unified settings above instead.
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
#### PARISC Linux setups
-"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
# from the older DEC C Compiler to the newer compiler. It's now the
@@ -303,15 +342,15 @@ my %table=(
#
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
#
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
+"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
#
# This probably belongs in a different section.
#
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
@@ -326,76 +365,82 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
# assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+
# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
# QNX 4
-"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
+"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
# QNX 6
-"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
+"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
# Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# UnixWare 2.0x fails destest with -O
-"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# UnixWare 2.1
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# OpenUNIX 8
-"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
-"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
+"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# IBM's AIX.
-"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
-"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
-"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
#
# Cray T90 and similar (SDSC)
@@ -411,7 +456,7 @@ my %table=(
#
# j90 is considered the base machine type for unicos machines,
# so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
#
# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -421,96 +466,121 @@ my %table=(
# for some st_addr stuff, and then sizeof and address-of fails
# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
# did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
# DGUX, 88100.
-"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
# SCO 3 - Tim Rice <tim@multitalents.net>
-"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
# SCO cc.
-"sco5-cc", "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
-"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc", "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
+"sco5-cc-pentium", "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC",
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
-"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
-"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
# You need to compile using the c89.sh wrapper in the tools directory, because the
# IBM compiler does not like the -L switch after any object modules.
#
-"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
# Windows NT, Microsoft Visual C++ 4.0
-"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
-"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
-"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Borland C++ 4.5
-"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
-"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Mingw32
# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
# and its library files in util/pl/*)
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# UWIN
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::",
+"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
# K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
# Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-m88k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-powerpc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-hppa", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+##### GNU Hurd
+"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+##### OS/2 EMX
+"OS2-EMX", "gcc::::::::",
##### VxWorks for various targets
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
);
-my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
- BC-16 Mingw32);
+my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS
+ BC-32 BC-16 Mingw32 OS2-EMX);
my $idx = 0;
my $idx_cc = $idx++;
my $idx_cflags = $idx++;
my $idx_unistd = $idx++;
my $idx_thread_cflag = $idx++;
+my $idx_sys_id = $idx++;
my $idx_lflags = $idx++;
my $idx_bn_ops = $idx++;
my $idx_bn_obj = $idx++;
@@ -528,6 +598,7 @@ my $idx_shared_cflag = $idx++;
my $idx_shared_ldflag = $idx++;
my $idx_shared_extension = $idx++;
my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
my $prefix="";
my $openssldir="";
@@ -535,6 +606,8 @@ my $exe_ext="";
my $install_prefix="";
my $no_threads=0;
my $no_shared=1;
+my $zlib=0;
+my $no_krb5=0;
my $threads=0;
my $no_asm=0;
my $no_dso=0;
@@ -562,6 +635,14 @@ my $processor="";
my $default_ranlib;
my $perl;
+my $no_ssl2=0;
+my $no_ssl3=0;
+my $no_tls1=0;
+my $no_md5=0;
+my $no_sha=0;
+my $no_rsa=0;
+my $no_dh=0;
+
$default_ranlib= &which("ranlib") or $default_ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
@@ -572,11 +653,14 @@ my $flags;
my $depflags;
my $openssl_algorithm_defines;
my $openssl_thread_defines;
+my $openssl_sys_defines="";
my $openssl_other_defines;
my $libs;
my $target;
my $options;
my $symlink;
+my $make_depend=0;
+my %withargs=();
my @argvcopy=@ARGV;
my $argvstring="";
@@ -588,6 +672,7 @@ while($argv_unprocessed)
$depflags="";
$openssl_algorithm_defines="";
$openssl_thread_defines="";
+ $openssl_sys_defines="";
$openssl_other_defines="";
$libs="";
$target="";
@@ -608,36 +693,87 @@ PROCESS_ARGS:
elsif (/^no-asm$/)
{
$no_asm=1;
- $flags .= "-DNO_ASM ";
- $openssl_other_defines .= "#define NO_ASM\n";
+ $flags .= "-DOPENSSL_NO_ASM ";
+ $openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
+ }
+ elsif (/^no-hw-(.+)$/)
+ {
+ my $hw=$1;
+ $hw =~ tr/[a-z]/[A-Z]/;
+ $flags .= "-DOPENSSL_NO_HW_$hw ";
+ $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n";
+ }
+ elsif (/^no-hw$/)
+ {
+ $flags .= "-DOPENSSL_NO_HW ";
+ $openssl_other_defines .= "#define OPENSSL_NO_HW\n";
}
elsif (/^no-dso$/)
{ $no_dso=1; }
+ elsif (/^no-krb5$/)
+ { $no_krb5=1; }
elsif (/^no-threads$/)
{ $no_threads=1; }
elsif (/^threads$/)
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
- elsif (/^shared$/)
+ elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
{ $no_shared=0; }
+ elsif (/^no-zlib$/)
+ { $zlib=0; }
+ elsif (/^zlib$/)
+ { $zlib=1; }
+ elsif (/^zlib-dynamic$/)
+ { $zlib=2; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
+ elsif (/^no-ssl$/)
+ { $no_ssl2 = $no_ssl3 = 1; }
+ elsif (/^no-ssl2$/)
+ { $no_ssl2 = 1; }
+ elsif (/^no-ssl3$/)
+ { $no_ssl3 = 1; }
+ elsif (/^no-tls1?$/)
+ { $no_tls1 = 1; }
elsif (/^no-(.+)$/)
{
my $algo=$1;
push @skip,$algo;
$algo =~ tr/[a-z]/[A-Z]/;
- $flags .= "-DNO_$algo ";
- $depflags .= "-DNO_$algo ";
- $openssl_algorithm_defines .= "#define NO_$algo\n";
+ $flags .= "-DOPENSSL_NO_$algo ";
+ $depflags .= "-DOPENSSL_NO_$algo ";
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n";
+ if ($algo eq "RIJNDAEL")
+ {
+ push @skip, "aes";
+ $flags .= "-DOPENSSL_NO_AES ";
+ $depflags .= "-DOPENSSL_NO_AES ";
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n";
+ }
if ($algo eq "DES")
{
push @skip, "mdc2";
$options .= " no-mdc2";
- $flags .= "-DNO_MDC2 ";
- $depflags .= "-DNO_MDC2 ";
- $openssl_algorithm_defines .= "#define NO_MDC2\n";
+ $flags .= "-DOPENSSL_NO_MDC2 ";
+ $depflags .= "-DOPENSSL_NO_MDC2 ";
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
+ }
+ if ($algo eq "MD5")
+ {
+ $no_md5 = 1;
+ }
+ if ($algo eq "SHA")
+ {
+ $no_sha = 1;
+ }
+ if ($algo eq "RSA")
+ {
+ $no_rsa = 1;
+ }
+ if ($algo eq "DH")
+ {
+ $no_dh = 1;
}
}
elsif (/^reconfigure/ || /^reconf/)
@@ -667,9 +803,9 @@ PROCESS_ARGS:
{ $processor=386; }
elsif (/^rsaref$/)
{
- $libs.= "-lRSAglue -lrsaref ";
- $flags.= "-DRSAref ";
- $openssl_other_defines .= "#define RSAref\n";
+ # No RSAref support any more since it's not needed.
+ # The check for the option is there so scripts aren't
+ # broken
}
elsif (/^[-+]/)
{
@@ -693,6 +829,10 @@ PROCESS_ARGS:
{
$install_prefix=$1;
}
+ elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
+ {
+ $withargs{"krb5-".$1}=$2;
+ }
else
{
print STDERR $usage;
@@ -719,6 +859,39 @@ PROCESS_ARGS:
}
}
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+
+$no_tls1=1 if ($no_md5 || $no_sha);
+$no_tls1=1 if ($no_dh);
+
+if ($no_ssl2)
+ {
+ push @skip,"SSL2";
+ $flags .= "-DOPENSSL_NO_SSL2 ";
+ $depflags .= "-DOPENSSL_NO_SSL2 ";
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n";
+ }
+
+if ($no_ssl3)
+ {
+ push @skip,"SSL3";
+ $flags .= "-DOPENSSL_NO_SSL3 ";
+ $depflags .= "-DOPENSSL_NO_SSL3 ";
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n";
+ }
+
+if ($no_tls1)
+ {
+ push @skip,"TLS1";
+ $flags .= "-DOPENSSL_NO_TLS1 ";
+ $depflags .= "-DOPENSSL_NO_TLS1 ";
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n";
+ }
+
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
print_table_entry($target);
@@ -745,6 +918,7 @@ print "Configuring for $target\n";
my $IsWindows=scalar grep /^$target$/,@WinTargets;
$exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
@@ -752,7 +926,7 @@ chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
print "IsWindows=$IsWindows\n";
@@ -762,16 +936,17 @@ my $cc = $fields[$idx_cc];
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
my $bn_obj = $fields[$idx_bn_obj];
my $des_obj = $fields[$idx_des_obj];
my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
+$md5_obj = $fields[$idx_md5_obj];
+$sha1_obj = $fields[$idx_sha1_obj];
my $cast_obj = $fields[$idx_cast_obj];
my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
+$rmd160_obj = $fields[$idx_rmd160_obj];
my $rc5_obj = $fields[$idx_rc5_obj];
my $dso_scheme = $fields[$idx_dso_scheme];
my $shared_target = $fields[$idx_shared_target];
@@ -779,9 +954,76 @@ my $shared_cflag = $fields[$idx_shared_cflag];
my $shared_ldflag = $fields[$idx_shared_ldflag];
my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
+my $arflags = $fields[$idx_arflags];
$cflags="$flags$cflags" if ($flags ne "");
+# Kerberos settings. The flavor must be provided from outside, either through
+# the script "config" or manually.
+if ($no_krb5
+ || !defined($withargs{"krb5-flavor"})
+ || $withargs{"krb5-flavor"} eq "")
+ {
+ $cflags="-DOPENSSL_NO_KRB5 $cflags";
+ $options.=" no-krb5" unless $no_krb5;
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n";
+ }
+else
+ {
+ my ($lresolv, $lpath, $lext);
+ if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
+ {
+ die "Sorry, Heimdal is currently not supported\n";
+ }
+ ##### HACK to force use of Heimdal.
+ ##### WARNING: Since we don't really have adequate support for Heimdal,
+ ##### using this will break the build. You'll have to make
+ ##### changes to the source, and if you do, please send
+ ##### patches to openssl-dev@openssl.org
+ if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
+ {
+ warn "Heimdal isn't really supported. Your build WILL break\n";
+ warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
+ $withargs{"krb5-dir"} = "/usr/heimdal"
+ if $withargs{"krb5-dir"} eq "";
+ $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+ "/lib -lgssapi -lkrb5 -lcom_err"
+ if $withargs{"krb5-lib"} eq "";
+ $cflags="-DKRB5_HEIMDAL $cflags";
+ }
+ if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
+ {
+ $withargs{"krb5-dir"} = "/usr/kerberos"
+ if $withargs{"krb5-dir"} eq "";
+ $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+ "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
+ if $withargs{"krb5-lib"} eq "";
+ $cflags="-DKRB5_MIT $cflags";
+ $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
+ if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
+ {
+ $cflags="-DKRB5_MIT_OLD11 $cflags";
+ }
+ }
+ LRESOLV:
+ foreach $lpath ("/lib", "/usr/lib")
+ {
+ foreach $lext ("a", "so")
+ {
+ $lresolv = "$lpath/libresolv.$lext";
+ last LRESOLV if (-r "$lresolv");
+ $lresolv = "";
+ }
+ }
+ $withargs{"krb5-lib"} .= " -lresolv"
+ if ("$lresolv" ne "");
+ $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+ if $withargs{"krb5-include"} eq "" &&
+ $withargs{"krb5-dir"} ne "";
+
+ $libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne "";
+ }
+
# The DSO code currently always implements all functions so that no
# applications will have to worry about that from a compilation point
# of view. However, the "method"s may return zero unless that platform
@@ -795,18 +1037,14 @@ if (!$no_dso && $dso_scheme ne "")
if ($dso_scheme eq "DLFCN")
{
$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
- $openssl_other_defines .= "#define DSO_DLFCN\n";
- $openssl_other_defines .= "#define HAVE_DLFCN_H\n";
}
elsif ($dso_scheme eq "DLFCN_NO_H")
{
$dso_cflags = "-DDSO_DLFCN";
- $openssl_other_defines .= "#define DSO_DLFCN\n";
}
else
{
$dso_cflags = "-DDSO_$dso_scheme";
- $openssl_other_defines .= "#define DSO_$dso_scheme\n";
}
$cflags = "$dso_cflags $cflags";
}
@@ -822,13 +1060,13 @@ if ($thread_cflag eq "(unknown)")
{
# If the user asked for "threads", hopefully they also provided
# any system-dependent compiler options that are necessary.
- $thread_cflags="-DTHREADS $cflags" ;
- $thread_defines .= "#define THREADS\n";
+ $thread_cflags="-DOPENSSL_THREADS $cflags" ;
+ $thread_defines .= "#define OPENSSL_THREADS\n";
}
else
{
- $thread_cflags="-DTHREADS $thread_cflag $cflags";
- $thread_defines .= "#define THREADS\n";
+ $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
+ $thread_defines .= "#define OPENSSL_THREADS\n";
# my $def;
# foreach $def (split ' ',$thread_cflag)
# {
@@ -839,7 +1077,7 @@ else
# }
}
-$lflags="$libs$lflags"if ($libs ne "");
+$lflags="$libs$lflags" if ($libs ne "");
if ($no_asm)
{
@@ -847,28 +1085,42 @@ if ($no_asm)
$sha1_obj=$md5_obj=$rmd160_obj="";
}
+if (!$no_shared)
+ {
+ $cast_obj=""; # CAST assembler is not PIC
+ }
+
if ($threads)
{
- $cflags=$thread_cflags;
- $openssl_thread_defines .= $thread_defines;
+ $cflags=$thread_cflags;
+ $openssl_thread_defines .= $thread_defines;
+ }
+
+if ($zlib)
+ {
+ $cflags = "-DZLIB $cflags";
+ $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2;
+ $lflags = "$lflags -lz" if $zlib == 1;
}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark = "";
-if ($shared_target ne "")
+if ($shared_target eq "")
+ {
+ $no_shared = 1;
+ }
+if (!$no_shared)
{
if ($shared_cflag ne "")
{
$cflags = "$shared_cflag $cflags";
}
- if (!$no_shared)
- {
- #$shared_mark = "\$(SHARED_LIBS)";
- }
}
-else
+
+if ($sys_id ne "")
{
- $no_shared = 1;
+ $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+ $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
}
if ($ranlib eq "")
@@ -939,7 +1191,8 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
while (<IN>)
@@ -949,7 +1202,7 @@ while (<IN>)
if ($sdirs) {
my $dir;
foreach $dir (@skip) {
- s/$dir//;
+ s/([ ])$dir /\1/;
}
}
$sdirs = 0 unless /\\$/;
@@ -968,6 +1221,7 @@ while (<IN>)
s/^OPTIONS=.*$/OPTIONS=$options/;
s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
s/^CC=.*$/CC= $cc/;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
@@ -983,7 +1237,9 @@ while (<IN>)
s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/;
+ s/^ARFLAGS=.*/ARFLAGS= $arflags/;
s/^PERL=.*/PERL= $perl/;
+ s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1010,6 +1266,8 @@ while (<IN>)
}
close(IN);
close(OUT);
+rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
print "CC =$cc\n";
print "CFLAG =$cflags\n";
@@ -1025,7 +1283,10 @@ print "SHA1_OBJ_ASM =$sha1_obj\n";
print "RMD160_OBJ_ASM=$rmd160_obj\n";
print "PROCESSOR =$processor\n";
print "RANLIB =$ranlib\n";
+print "ARFLAGS =$arflags\n";
print "PERL =$perl\n";
+print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
+ if $withargs{"krb5-include"} ne "";
my $des_ptr=0;
my $des_risc1=0;
@@ -1042,6 +1303,7 @@ my $rc4_chunk=0;
my $bf_ptr=0;
my @type=("char","short","int","long");
my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+my $export_var_as_fn=0;
my $des_int;
@@ -1071,26 +1333,47 @@ foreach (sort split(/\s+/,$bn_ops))
($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+ $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
}
open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
+unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
+open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
print OUT "/* opensslconf.h */\n";
print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
-$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n# define $1\n# endif/mg;
+my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
+$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
-$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n# define $1\n# endif/mg;
-$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n# define $1\n# endif/mg;
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n$openssl_algorithm_defines#endif\n";
-print OUT "#ifdef OPENSSL_THREAD_DEFINES\n$openssl_thread_defines#endif\n";
-print OUT "#ifdef OPENSSL_OTHER_DEFINES\n$openssl_other_defines#endif\n\n";
+$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+print OUT $openssl_sys_defines;
+print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
+print OUT $openssl_algorithm_defines;
+print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n";
+print OUT $openssl_thread_defines;
+print OUT $openssl_other_defines,"\n";
+
+print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
+print OUT " asks for it. This is a transient feature that is provided for those\n";
+print OUT " who haven't had the time to do the appropriate changes in their\n";
+print OUT " applications. */\n";
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
+print OUT $openssl_algorithm_defines_trans;
+print OUT "#endif\n\n";
while (<IN>)
{
if (/^#define\s+OPENSSLDIR/)
{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+ elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+ { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+ if $export_var_as_fn;
+ printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
+ ($export_var_as_fn)?"define":"undef"; }
elsif (/^#define\s+OPENSSL_UNISTD/)
{
$unistd = "<unistd.h>" if $unistd eq "";
@@ -1149,6 +1432,8 @@ while (<IN>)
}
close(IN);
close(OUT);
+rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
# Fix the date
@@ -1188,11 +1473,13 @@ if($IsWindows) {
EOF
close(OUT);
} else {
- (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
- if $symlink;
- ### (system 'make depend') == 0 or exit $? if $depflags ne "";
- # Run "make depend" manually if you want to be able to delete
- # the source code files of ciphers you left out.
+ my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+ my $make_targets = "";
+ $make_targets .= " links" if $symlink;
+ $make_targets .= " depend" if $depflags ne "" && $make_depend;
+ $make_targets .= " gentests" if $symlink;
+ (system $make_command.$make_targets) == 0 or exit $?
+ if $make_targets ne "";
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1202,7 +1489,16 @@ EOF
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
- }
+ }
+ if ($depflags ne "" && !$make_depend) {
+ print <<EOF;
+
+Since you've disabled at least one algorithm, you need to do the following
+before building:
+
+ make depend
+EOF
+ }
}
print <<EOF;
@@ -1289,11 +1585,11 @@ sub print_table_entry
{
my $target = shift;
- (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
- my $bn_obj,my $des_obj,my $bf_obj,
+ (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
+ my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
- my $shared_ldflag,my $shared_extension,my $ranlib)=
+ my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
print <<EOF
@@ -1303,6 +1599,7 @@ sub print_table_entry
\$cflags = $cflags
\$unistd = $unistd
\$thread_cflag = $thread_cflag
+\$sys_id = $sys_id
\$lflags = $lflags
\$bn_ops = $bn_ops
\$bn_obj = $bn_obj
@@ -1320,6 +1617,7 @@ sub print_table_entry
\$shared_ldflag = $shared_ldflag
\$shared_extension = $shared_extension
\$ranlib = $ranlib
+\$arflags = $arflags
EOF
}
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index f9cd7d2820a9..9d1b0bb6c1b5 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
* What is an 'engine' version?
+* How do I check the authenticity of the OpenSSL distribution?
[LEGAL] Legal questions
@@ -29,17 +30,22 @@ OpenSSL - Frequently Asked Questions
* Why can't I use OpenSSL certificates with SSL client authentication?
* Why does my browser give a warning about a mismatched hostname?
* How do I install a CA certificate into a browser?
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
[BUILD] Questions about building and testing OpenSSL
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
* What is special about OpenSSL on Redhat?
+* Why does the OpenSSL compilation fail on MacOS X?
* Why does the OpenSSL test suite fail on MacOS X?
+* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
+* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
[PROG] Questions about programming with OpenSSL
@@ -53,6 +59,7 @@ OpenSSL - Frequently Asked Questions
* Why can't the OpenSSH configure script detect OpenSSL?
* Can I use OpenSSL's SSL library with non-blocking I/O?
* Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
===============================================================================
@@ -61,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6g was released on 9 August 2002.
+OpenSSL 0.9.7 was released on December 31, 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -132,6 +139,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
+* How do I check the authenticity of the OpenSSL distribution?
+
+We provide MD5 digests and ASC signatures of each tarball.
+Use MD5 to check that a tarball from a mirror site is identical:
+
+ md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+
+You can check authenticity using pgp or gpg. You need the OpenSSL team
+member public key used to sign it (download it from a key server). Then
+just do:
+
+ pgp TARBALL.asc
+
[LEGAL] =======================================================================
* Do I need patent licenses to use OpenSSL?
@@ -222,6 +242,8 @@ support can be found at
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
However, be warned that /dev/random is usually a blocking device, which
may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+ http://www.cosy.sbg.ac.at/~andi/
* Why do I get an "unable to write 'random state'" error message?
@@ -348,6 +370,13 @@ DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing anyone to forge certificates in
whatever name they choose.
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+The ways to print out the oneline format of the DN (Distinguished Name) have
+been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
+interface, the "-nameopt" option could be introduded. See the manual
+page of the "openssl x509" commandline tool for details. The old behaviour
+has however been left as default for the sake of compatibility.
[BUILD] =======================================================================
@@ -392,6 +421,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it. This gets triggered when you run the
+test suite (using "make test"). The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
@@ -489,6 +529,18 @@ IDEA: 5,214,703 25/05/2010
RC5: 5,724,428 03/03/2015
+* Why does the OpenSSL compilation fail on MacOS X?
+
+If the failure happens when trying to build the "openssl" binary, with
+a large number of undefined symbols, it's very probable that you have
+OpenSSL 0.9.6b delivered with the operating system (you can find out by
+running '/usr/bin/openssl version') and that you were trying to build
+OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
+MacOS X has a misfeature that's quite difficult to go around.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+
* Why does the OpenSSL test suite fail on MacOS X?
If the failure happens when running 'make test' and the RC4 test fails,
@@ -502,6 +554,34 @@ libraries you just built.
Look in the file PROBLEMS for a more detailed explanation and for possible
solutions.
+* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
+
+Failure in BN_sqr test is most likely caused by a failure to configure the
+toolkit for current platform or lack of support for the platform in question.
+Run './config -t' and './apps/openssl version -p'. Do these platform
+identifiers match? If they don't, then you most likely failed to run
+./config and you're hereby advised to do so before filing a bug report.
+If ./config itself fails to run, then it's most likely problem with your
+local environment and you should turn to your system administrator (or
+similar). If identifiers match (and/or no alternative identifier is
+suggested by ./config script), then the platform is unsupported. There might
+or might not be a workaround. Most notably on SPARC64 platforms with GNU
+C compiler you should be able to produce a working build by running
+'./config -m32'. I understand that -m32 might not be what you want/need,
+but the build should be operational. For further details turn to
+<openssl-dev@openssl.org>.
+
+* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
+
+As of 0.9.7 assembler routines were overhauled for position independence
+of the machine code, which is essential for shared library support. For
+some reason OpenBSD is equipped with an out-of-date GNU assembler which
+finds the new code offensive. To work around the problem, configure with
+no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.
+For your convenience a pre-compiled replacement binary is provided at
+http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from
+binutils-2.8 released in 1997.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
@@ -667,5 +747,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
SSL_CTX_set_verify() function to enable the use of client certificates.
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
+versions, uniqueIdentifier was incorrectly used for X.509 certificates.
+The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
+Change your code to use the new name when compiling against OpenSSL 0.9.7.
+
+
===============================================================================
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index 75a843b15f4e..a427f12f6cba 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -2,8 +2,10 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
- in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+ is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+ This document describes installation on operating systems in the Unix
+ family.]
To install OpenSSL, you will need:
@@ -53,6 +55,15 @@
This will usually require additional system-dependent options!
See "Note on multi-threading" below.
+ no-zlib Don't try to build with support for zlib compression and
+ decompression.
+
+ zlib Build with support for zlib compression/decompression.
+
+ zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
+ when needed. This is only supported on systems where loading
+ of shared libraries is supported. This is the default choice.
+
no-shared Don't try to create shared libraries.
shared In addition to the usual static libraries, create shared
@@ -129,8 +140,8 @@
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
- via http://www.openssl.org/rt2.html and will be forwarded to a public
- mailing list). Include the output of "make report" in your message.
+ via http://www.openssl.org/support/rt2.html and will be forwarded to a
+ public mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
@@ -151,7 +162,7 @@
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
- http://www.openssl.org/rt2.html.
+ http://www.openssl.org/support/rt2.html.
4. If everything tests ok, install OpenSSL with
@@ -285,3 +296,15 @@
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 56e11a144b72..fa18de17eb7f 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -15,6 +15,11 @@ OPTIONS=
CONFIGURE_ARGS=
SHLIB_TARGET=
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@@ -24,7 +29,6 @@ INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
-# RSAref - Define if we are to link with RSAref.
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
@@ -60,11 +64,13 @@ DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
-AR=ar r
+ARFLAGS=
+AR=ar $(ARFLAGS) r
RANLIB= ranlib
PERL= perl
TAR= tar
TARFLAGS= --no-recursion
+MAKEDEPPROG=makedepend
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@@ -151,20 +157,27 @@ RMD160_ASM_OBJ= asm/rm86-out.o
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
+# KRB5 stuff
+KRB5_INCLUDES=
+
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
-DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
+DIRS= crypto ssl $(SHLIB_MARK) apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
- bn rsa dsa dh dso \
+ bn ec rsa dsa dh dso engine aes \
buffer bio stack lhash rand err objects \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
@@ -190,29 +203,24 @@ BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os.h e_os2.h
+EXHEADER= e_os2.h
HEADER= e_os.h
# When we're prepared to use shared libraries in the programs we link here
# we might remove 'clean-shared' from the targets to perform at this stage
-all: clean-shared Makefile.ssl sub_all
+all: Makefile.ssl sub_all openssl.pc
sub_all:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
- done; \
- if echo "$(DIRS)" | \
- egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
- [ -n "$(SHARED_LIBS)" ]; then \
- $(MAKE) $(SHARED_LIBS); \
- fi
+ done;
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -220,6 +228,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
+
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
@@ -237,7 +246,7 @@ clean-shared:
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
@@ -269,12 +278,7 @@ do_gnu-shared:
libs="$$libs -l$$i"; \
done
-DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
- collect2=`gcc -print-prog-name=collect2 2>&1` && \
- [ -n "$$collect2" ] && \
- my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
- [ -n "$$my_ld" ] && \
- $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
@@ -289,7 +293,7 @@ do_darwin-shared:
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- ( set -x; ${CC} -shared -o cyg$$i.dll \
+ ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
@@ -352,10 +356,13 @@ do_solaris-shared:
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
- -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ MINUSZ='-z '; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+ set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+ -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+ $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+ $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
@@ -414,26 +421,44 @@ do_irix-shared:
fi
# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+# by temporarily specifying "+s"!
+#
do_hpux-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ for i in ${SHLIBDIRS}; do \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- +vnocompatwarnings \
- -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ +vnocompatwarnings \
+ -b -z +s \
+ -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
- libs="$$libs -L. -l$$i"; \
+ -Fl lib$$i.a -ldld -lc ) || exit 1; \
+ chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
do_hpux64-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ for i in ${SHLIBDIRS}; do \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ -b -z \
+ -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
- libs="$$libs -L. -l$$i"; \
+ +forceload lib$$i.a -ldl -lc ) || exit 1; \
+ chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
# The following method is said to work on all platforms. Tests will
@@ -479,6 +504,33 @@ do_aix-shared:
libs="$$libs -l$$i"; \
done
+do_reliantunix-shared:
+ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+ ( set -x; \
+ ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+ cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+ ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+ ) || exit 1; \
+ cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+ ) || exit 1; \
+ rm -rf $$tmpdir ; \
+ libs="$$libs -l$$i"; \
+ done
+
+openssl.pc: Makefile.ssl
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@@ -497,6 +549,7 @@ clean:
rm -f $(LIBS); \
fi; \
done;
+ rm -f openssl.pc
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
@@ -525,10 +578,14 @@ links:
@for i in $(DIRS); do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making links in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
fi; \
done;
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
@@ -541,15 +598,25 @@ dclean:
rehash: rehash.time
rehash.time: certs
- @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+ @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+ if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
+ elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+ $(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
tests: rehash
@(cd test && echo "testing..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
- @apps/openssl version -a
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+ if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
+ elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+ apps/openssl version -a
report:
@$(PERL) util/selftest.pl
@@ -559,7 +626,7 @@ depend:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making dependencies $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+ $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
fi; \
done;
@@ -583,6 +650,7 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
+ (cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
@@ -593,9 +661,9 @@ util/libeay.num::
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
-crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
TABLE: Configure
@@ -610,6 +678,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
@@ -619,6 +690,14 @@ tar:
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@@ -631,6 +710,7 @@ dist_pem_h:
install: all install_docs
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -652,11 +732,12 @@ install: all install_docs
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
- done
+ done;
@if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
@@ -664,14 +745,17 @@ install: all install_docs
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
- c=`echo $$i | sed 's/^lib/cyg/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+ c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
@@ -680,6 +764,7 @@ install: all install_docs
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
fi
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -687,26 +772,43 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man=`cd util; ./pod2mantest ignore`; \
+ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+ filecase=-i; \
+ fi; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
- echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+ echo "installing man$$sec/$$fn.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+ $(PERL) util/extract-names.pl < $$i | \
+ grep -v $$filecase "^$$fn\$$" | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+ done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
- echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+ echo "installing man$$sec/$$fn.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+ $(PERL) util/extract-names.pl < $$i | \
+ grep -v $$filecase "^$$fn\$$" | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+ done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index 43b5ac39582b..b262f9d568f9 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -4,19 +4,24 @@
## Makefile for OpenSSL
##
-VERSION=0.9.6g
+VERSION=0.9.7
MAJOR=0
-MINOR=9.6
-SHLIB_VERSION_NUMBER=0.9.6
+MINOR=9.7
+SHLIB_VERSION_NUMBER=0.9.7
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
-SHLIB_MINOR=9.6
+SHLIB_MINOR=9.7
SHLIB_EXT=
PLATFORM=dist
-OPTIONS=
+OPTIONS= no-krb5
CONFIGURE_ARGS=dist
SHLIB_TARGET=
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@@ -26,7 +31,6 @@ INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
-# RSAref - Define if we are to link with RSAref.
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
@@ -57,16 +61,18 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -O
+CFLAG= -DOPENSSL_NO_KRB5 -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
-AR=ar r
+ARFLAGS=
+AR=ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --no-recursion
+MAKEDEPPROG=makedepend
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@@ -153,20 +159,27 @@ RMD160_ASM_OBJ=
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
+# KRB5 stuff
+KRB5_INCLUDES=
+
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
-DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
+DIRS= crypto ssl $(SHLIB_MARK) apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
- bn rsa dsa dh dso \
+ bn ec rsa dsa dh dso engine aes \
buffer bio stack lhash rand err objects \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
@@ -192,29 +205,24 @@ BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os.h e_os2.h
+EXHEADER= e_os2.h
HEADER= e_os.h
# When we're prepared to use shared libraries in the programs we link here
# we might remove 'clean-shared' from the targets to perform at this stage
-all: clean-shared Makefile.ssl sub_all
+all: Makefile.ssl sub_all openssl.pc
sub_all:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
- done; \
- if echo "$(DIRS)" | \
- egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
- [ -n "$(SHARED_LIBS)" ]; then \
- $(MAKE) $(SHARED_LIBS); \
- fi
+ done;
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -222,6 +230,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
+
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
@@ -239,7 +248,7 @@ clean-shared:
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
@@ -271,12 +280,7 @@ do_gnu-shared:
libs="$$libs -l$$i"; \
done
-DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
- collect2=`gcc -print-prog-name=collect2 2>&1` && \
- [ -n "$$collect2" ] && \
- my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
- [ -n "$$my_ld" ] && \
- $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
@@ -291,7 +295,7 @@ do_darwin-shared:
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- ( set -x; ${CC} -shared -o cyg$$i.dll \
+ ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
@@ -354,10 +358,13 @@ do_solaris-shared:
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
- -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ MINUSZ='-z '; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+ set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+ -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+ $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+ $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
@@ -416,26 +423,44 @@ do_irix-shared:
fi
# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+# by temporarily specifying "+s"!
+#
do_hpux-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ for i in ${SHLIBDIRS}; do \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- +vnocompatwarnings \
- -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ +vnocompatwarnings \
+ -b -z +s \
+ -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
- libs="$$libs -L. -l$$i"; \
+ -Fl lib$$i.a -ldld -lc ) || exit 1; \
+ chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
# This assumes that GNU utilities are *not* used
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
do_hpux64-shared:
- libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ for i in ${SHLIBDIRS}; do \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ -b -z \
+ -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- +forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
- chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
- libs="$$libs -L. -l$$i"; \
+ +forceload lib$$i.a -ldl -lc ) || exit 1; \
+ chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
# The following method is said to work on all platforms. Tests will
@@ -481,6 +506,33 @@ do_aix-shared:
libs="$$libs -l$$i"; \
done
+do_reliantunix-shared:
+ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+ ( set -x; \
+ ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+ cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
+ ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+ ) || exit 1; \
+ cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+ ) || exit 1; \
+ rm -rf $$tmpdir ; \
+ libs="$$libs -l$$i"; \
+ done
+
+openssl.pc: Makefile.ssl
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@@ -499,6 +551,7 @@ clean:
rm -f $(LIBS); \
fi; \
done;
+ rm -f openssl.pc
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
@@ -527,10 +580,14 @@ links:
@for i in $(DIRS); do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making links in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
fi; \
done;
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
@@ -543,15 +600,25 @@ dclean:
rehash: rehash.time
rehash.time: certs
- @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+ @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+ if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
+ elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+ $(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
tests: rehash
@(cd test && echo "testing..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
- @apps/openssl version -a
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+ if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
+ elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+ apps/openssl version -a
report:
@$(PERL) util/selftest.pl
@@ -561,7 +628,7 @@ depend:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making dependencies $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+ $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
fi; \
done;
@@ -585,6 +652,7 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
+ (cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
@@ -595,9 +663,9 @@ util/libeay.num::
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
-crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
TABLE: Configure
@@ -612,6 +680,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
@@ -621,6 +692,14 @@ tar:
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@@ -633,6 +712,7 @@ dist_pem_h:
install: all install_docs
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
@@ -654,11 +734,12 @@ install: all install_docs
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
- done
+ done;
@if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
@@ -666,14 +747,17 @@ install: all install_docs
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
- c=`echo $$i | sed 's/^lib/cyg/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+ c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
@@ -682,6 +766,7 @@ install: all install_docs
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
fi
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -689,26 +774,43 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man=`cd util; ./pod2mantest ignore`; \
+ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+ filecase=-i; \
+ fi; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
- echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+ echo "installing man$$sec/$$fn.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+ $(PERL) util/extract-names.pl < $$i | \
+ grep -v $$filecase "^$$fn\$$" | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+ done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
- echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+ echo "installing man$$sec/$$fn.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+ $(PERL) util/extract-names.pl < $$i | \
+ grep -v $$filecase "^$$fn\$$" | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$$sec $$n.$$sec; \
+ done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 577db09cff5e..28f42ce89c0f 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,66 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+
+ o New library section OCSP.
+ o Complete rewrite of ASN1 code.
+ o CRL checking in verify code and openssl utility.
+ o Extension copying in 'ca' utility.
+ o Flexible display options in 'ca' utility.
+ o Provisional support for international characters with UTF8.
+ o Support for external crypto devices ('engine') is no longer
+ a separate distribution.
+ o New elliptic curve library section.
+ o New AES (Rijndael) library section.
+ o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+ Linux x86_64, Linux 64-bit on Sparc v9
+ o Extended support for some platforms: VxWorks
+ o Enhanced support for shared libraries.
+ o Now only builds PIC code when shared library support is requested.
+ o Support for pkg-config.
+ o Lots of new manuals.
+ o Makes symbolic links to or copies of manuals to cover all described
+ functions.
+ o Change DES API to clean up the namespace (some applications link also
+ against libdes providing similar functions having the same name).
+ Provide macros for backward compatibility (will be removed in the
+ future).
+ o Unify handling of cryptographic algorithms (software and engine)
+ to be available via EVP routines for asymmetric and symmetric ciphers.
+ o NCONF: new configuration handling routines.
+ o Change API to use more 'const' modifiers to improve error checking
+ and help optimizers.
+ o Finally remove references to RSAref.
+ o Reworked parts of the BIGNUM code.
+ o Support for new engines: Broadcom ubsec, Accelerated Encryption
+ Processing, IBM 4758.
+ o A few new engines added in the demos area.
+ o Extended and corrected OID (object identifier) table.
+ o PRNG: query at more locations for a random device, automatic query for
+ EGD style random sources at several locations.
+ o SSL/TLS: allow optional cipher choice according to server's preference.
+ o SSL/TLS: allow server to explicitly set new session ids.
+ o SSL/TLS: support Kerberos cipher suites (RFC2712).
+ Only supports MIT Kerberos for now.
+ o SSL/TLS: allow more precise control of renegotiations and sessions.
+ o SSL/TLS: add callback to retrieve SSL/TLS messages.
+ o SSL/TLS: support AES cipher suites (RFC3268).
+
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+
+ o New configuration targets for Tandem OSS and A/UX.
+ o New OIDs for Microsoft attributes.
+ o Better handling of SSL session caching.
+ o Better comparison of distinguished names.
+ o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+ o Support assembler code with Borland C.
+ o Fixes for length problems.
+ o Fixes for uninitialised variables.
+ o Fixes for memory leaks, some unusual crashes and some race conditions.
+ o Fixes for smaller building problems.
+ o Updates of manuals, FAQ and other instructive documents.
+
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
o Important building fixes on Unix.
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
index 7e6af8ad4d87..4bf31303be99 100644
--- a/crypto/openssl/PROBLEMS
+++ b/crypto/openssl/PROBLEMS
@@ -1,5 +1,11 @@
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-[NOTE: This is currently undergoing tests, and may be removed soon]
+
+
+ NOTE: The problem described here only applies when OpenSSL isn't built
+ with shared library support (i.e. without the "shared" configuration
+ option). If you build with shared library support, you will have no
+ problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
+
This is really a misfeature in ld, which seems to look for .dylib libraries
along the whole library path before it bothers looking for .a libraries. This
@@ -40,3 +46,27 @@ scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
+
+
+* Bugs in gcc 3.0 triggered
+
+According to a problem report, there are bugs in gcc 3.0 that are
+triggered by some of the code in OpenSSL, more specifically in
+PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
+
+ header+=11;
+ if (*header != '4') return(0); header++;
+ if (*header != ',') return(0); header++;
+
+What happens is that gcc might optimize a little too agressively, and
+you end up with an extra incrementation when *header != '4'.
+
+We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
+
+As subject suggests SHA-1 might perform poorly (4 times slower)
+if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
+this seems to be the fact that compiler emits multiplication to
+perform shift operations:-( To work the problem around configure
+with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index da9015331f68..b74af83b0b96 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 0.9.6g 9 August 2002
+ OpenSSL 0.9.7 31 Dec 2002
Copyright (c) 1998-2002 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -154,7 +154,7 @@
- Stack Traceback (if the application dumps core)
Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:
openssl-bugs@openssl.org
diff --git a/crypto/openssl/README.ASN1 b/crypto/openssl/README.ASN1
new file mode 100644
index 000000000000..11bcfaf4ddb2
--- /dev/null
+++ b/crypto/openssl/README.ASN1
@@ -0,0 +1,187 @@
+
+OpenSSL ASN1 Revision
+=====================
+
+This document describes some of the issues relating to the new ASN1 code.
+
+Previous OpenSSL ASN1 problems
+=============================
+
+OK why did the OpenSSL ASN1 code need revising in the first place? Well
+there are lots of reasons some of which are included below...
+
+1. The code is difficult to read and write. For every single ASN1 structure
+(e.g. SEQUENCE) four functions need to be written for new, free, encode and
+decode operations. This is a very painful and error prone operation. Very few
+people have ever written any OpenSSL ASN1 and those that have usually wish
+they hadn't.
+
+2. Partly because of 1. the code is bloated and takes up a disproportionate
+amount of space. The SEQUENCE encoder is particularly bad: it essentially
+contains two copies of the same operation, one to compute the SEQUENCE length
+and the other to encode it.
+
+3. The code is memory based: that is it expects to be able to read the whole
+structure from memory. This is fine for small structures but if you have a
+(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
+
+4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
+changing the tag to the expected one, attempting to read it, then changing it
+back again. This means that decode buffers have to be writable even though they
+are ultimately unchanged. This gets in the way of constification.
+
+5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
+the decoder and encoder for every EXPLICIT tag.
+
+6. APPLICATION and PRIVATE tags aren't even supported at all.
+
+7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
+types that are not OPTIONAL.
+
+8. Much of the code assumes that a tag will fit in a single octet. This is
+only true if the tag is 30 or less (mercifully tags over 30 are rare).
+
+9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
+macros that properly support it.
+
+10. Encoders have no concept of OPTIONAL and have no error checking. If the
+passed structure contains a NULL in a mandatory field it will not be encoded,
+resulting in an invalid structure.
+
+11. It is tricky to add ASN1 encoders and decoders to external applications.
+
+Template model
+==============
+
+One of the major problems with revision is the sheer volume of the ASN1 code.
+Attempts to change (for example) the IMPLICIT behaviour would result in a
+modification of *every* single decode function.
+
+I decided to adopt a template based approach. I'm using the term 'template'
+in a manner similar to SNACC templates: it has nothing to do with C++
+templates.
+
+A template is a description of an ASN1 module as several constant C structures.
+It describes in a machine readable way exactly how the ASN1 structure should
+behave. If this template contains enough detail then it is possible to write
+versions of new, free, encode, decode (and possibly others operations) that
+operate on templates.
+
+Instead of having to write code to handle each operation only a single
+template needs to be written. If new operations are needed (such as a 'print'
+operation) only a single new template based function needs to be written
+which will then automatically handle all existing templates.
+
+Plans for revision
+==================
+
+The revision will consist of the following steps. Other than the first two
+these can be handled in any order.
+
+o Design and write template new, free, encode and decode operations, initially
+memory based. *DONE*
+
+o Convert existing ASN1 code to template form. *IN PROGRESS*
+
+o Convert an existing ASN1 compiler (probably SNACC) to output templates
+in OpenSSL form.
+
+o Add support for BIO based ASN1 encoders and decoders to handle large
+structures, initially blocking I/O.
+
+o Add support for non blocking I/O: this is quite a bit harder than blocking
+I/O.
+
+o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
+certificates etc etc.
+
+Description of major changes
+============================
+
+The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
+absent. The meaning of absent depends on the context. If for example the
+boolean type is DEFAULT FALSE (as in the case of the critical flag for
+certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
+Usually the value will only ever be read via an API which will hide this from
+an application.
+
+There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
+SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
+old code would omit the structure if the STACK was NULL (which is fine) or if
+it had zero elements (which is NOT OK). This causes problems because an empty
+SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
+it is encoded it will be omitted resulting in different encodings. The new code
+only omits the encoding if the STACK is NULL, if it contains zero elements it
+is encoded and empty. There is an additional problem though: because an empty
+STACK was omitted, sometimes the corresponding *_new() function would
+initialize the STACK to empty so an application could immediately use it, if
+this is done with the new code (i.e. a NULL) it wont work. Therefore a new
+STACK should be allocated first. One instance of this is the X509_CRL list of
+revoked certificates: a helper function X509_CRL_add0_revoked() has been added
+for this purpose.
+
+The X509_ATTRIBUTE structure used to have an element called 'set' which took
+the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
+to the behaviour of CHOICE in the new code this has been changed to a field
+called 'single' which is 0 for a SET OF and 1 for single. The old field has
+been deleted to deliberately break source compatibility. Since this structure
+is normally accessed via higher level functions this shouldn't break too much.
+
+The X509_REQ_INFO certificate request info structure no longer has a field
+called 'req_kludge'. This used to be set to 1 if the attributes field was
+(incorrectly) omitted. You can check to see if the field is omitted now by
+checking if the attributes field is NULL. Similarly if you need to omit
+the field then free attributes and set it to NULL.
+
+The top level 'detached' field in the PKCS7 structure is no longer set when
+a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
+The behaviour of PKCS7_get_detached() is unaffected.
+
+The values of 'type' in the GENERAL_NAME structure have changed. This is
+because the old code use the ASN1 initial octet as the selector. The new
+code uses the index in the ASN1_CHOICE template.
+
+The DIST_POINT_NAME structure has changed to be a true CHOICE type.
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+ STACK_OF(GENERAL_NAME) *fullname;
+ STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+This means that name.fullname or name.relativename should be set
+and type reflects the option. That is if name.fullname is set then
+type is 0 and if name.relativename is set type is 1.
+
+With the old code using the i2d functions would typically involve:
+
+unsigned char *buf, *p;
+int len;
+/* Find length of encoding */
+len = i2d_SOMETHING(x, NULL);
+/* Allocate buffer */
+buf = OPENSSL_malloc(len);
+if(buf == NULL) {
+ /* Malloc error */
+}
+/* Use temp variable because &p gets updated to point to end of
+ * encoding.
+ */
+p = buf;
+i2d_SOMETHING(x, &p);
+
+
+Using the new i2d you can also do:
+
+unsigned char *buf = NULL;
+int len;
+len = i2d_SOMETHING(x, &buf);
+if(len < 0) {
+ /* Malloc error */
+}
+
+and it will automatically allocate and populate a buffer with the
+encoding. After this call 'buf' will point to the start of the
+encoding which is len bytes long.
diff --git a/crypto/openssl/README.ENGINE b/crypto/openssl/README.ENGINE
index 43e39d5b09be..0ff833370930 100644
--- a/crypto/openssl/README.ENGINE
+++ b/crypto/openssl/README.ENGINE
@@ -1,63 +1,289 @@
-
ENGINE
======
- With OpenSSL 0.9.6, a new component has been added to support external
- crypto devices, for example accelerator cards. The component is called
- ENGINE, and has still a pretty experimental status and almost no
- documentation. It's designed to be fairly easily extensible by the
- calling programs.
+ With OpenSSL 0.9.6, a new component was added to support alternative
+ cryptography implementations, most commonly for interfacing with external
+ crypto devices (eg. accelerator cards). This component is called ENGINE,
+ and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+ caused a little confusion as 0.9.6** releases were rolled in two
+ versions, a "standard" and an "engine" version. In development for 0.9.7,
+ the ENGINE code has been merged into the main branch and will be present
+ in the standard releases from 0.9.7 forwards.
- There's currently built-in support for the following crypto devices:
+ There are currently built-in ENGINE implementations for the following
+ crypto devices:
o CryptoSwift
o Compaq Atalla
o nCipher CHIL
+ o Nuron
+ o Broadcom uBSec
+
+ In addition, dynamic binding to external ENGINE implementations is now
+ provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+ section below for details.
+
+ At this stage, a number of things are still needed and are being worked on:
+
+ 1 Integration of EVP support.
+ 2 Configuration support.
+ 3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+ the ENGINE model so that alternative implementations of existing
+ algorithms/modes (or previously unimplemented ones) can be provided by
+ ENGINE implementations.
- A number of things are still needed and are being worked on:
+2 Configuration support currently exists in the ENGINE API itself, in the
+ form of "control commands". These allow an application to expose to the
+ user/admin the set of commands and parameter types a given ENGINE
+ implementation supports, and for an application to directly feed string
+ based input to those ENGINEs, in the form of name-value pairs. This is an
+ extensible way for ENGINEs to define their own "configuration" mechanisms
+ that are specific to a given ENGINE (eg. for a particular hardware
+ device) but that should be consistent across *all* OpenSSL-based
+ applications when they use that ENGINE. Work is in progress (or at least
+ in planning) for supporting these control commands from the CONF (or
+ NCONF) code so that applications using OpenSSL's existing configuration
+ file format can have ENGINE settings specified in much the same way.
+ Presently however, applications must use the ENGINE API itself to provide
+ such functionality. To see first hand the types of commands available
+ with the various compiled-in ENGINEs (see further down for dynamic
+ ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+ openssl engine -vvvv
- o An openssl utility command to handle or at least check available
- engines.
- o A better way of handling the methods that are handled by the
- engines.
- o Documentation!
+3 Documentation? Volunteers welcome! The source code is reasonably well
+ self-documenting, but some summaries and usage instructions are needed -
+ moreover, they are needed in the same POD format the existing OpenSSL
+ documentation is provided in. Any complete or incomplete contributions
+ would help make this happen.
+
+ STABILITY & BUG-REPORTS
+ =======================
What already exists is fairly stable as far as it has been tested, but
- the test base has been a bit small most of the time.
+ the test base has been a bit small most of the time. For the most part,
+ the vendors of the devices these ENGINEs support have contributed to the
+ development and/or testing of the implementations, and *usually* (with no
+ guarantees) have experience in using the ENGINE support to drive their
+ devices from common OpenSSL-based applications. Bugs and/or inexplicable
+ behaviour in using a specific ENGINE implementation should be sent to the
+ author of that implementation (if it is mentioned in the corresponding C
+ file), and in the case of implementations for commercial hardware
+ devices, also through whatever vendor support channels are available. If
+ none of this is possible, or the problem seems to be something about the
+ ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+ implementation) then you should mail complete details to the relevant
+ OpenSSL mailing list. For a definition of "complete details", refer to
+ the OpenSSL "README" file. As for which list to send it to;
- Because of this experimental status and what's lacking, the ENGINE
- component is not yet part of the default OpenSSL distribution. However,
- we have made a separate kit for those who want to try this out, to be
- found in the same places as the default OpenSSL distribution, but with
- "-engine-" being part of the kit file name. For example, version 0.9.6
- is distributed in the following two files:
+ openssl-users: if you are *using* the ENGINE abstraction, either in an
+ pre-compiled application or in your own application code.
- openssl-0.9.6.tar.gz
- openssl-engine-0.9.6.tar.gz
+ openssl-dev: if you are discussing problems with OpenSSL source code.
- NOTES
+ USAGE
=====
- openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
- not need to download both.
+ The default "openssl" ENGINE is always chosen when performing crypto
+ operations unless you specify otherwise. You must actively tell the
+ openssl utility commands to use anything else through a new command line
+ switch called "-engine". Also, if you want to use the ENGINE support in
+ your own code to do something similar, you must likewise explicitly
+ select the ENGINE implementation you want.
+
+ Depending on the type of hardware, system, and configuration, "settings"
+ may need to be applied to an ENGINE for it to function as expected/hoped.
+ The recommended way of doing this is for the application to support
+ ENGINE "control commands" so that each ENGINE implementation can provide
+ whatever configuration primitives it might require and the application
+ can allow the user/admin (and thus the hardware vendor's support desk
+ also) to provide any such input directly to the ENGINE implementation.
+ This way, applications do not need to know anything specific to any
+ device, they only need to provide the means to carry such user/admin
+ input through to the ENGINE in question. Ie. this connects *you* (and
+ your helpdesk) to the specific ENGINE implementation (and device), and
+ allows application authors to not get buried in hassle supporting
+ arbitrary devices they know (and care) nothing about.
+
+ A new "openssl" utility, "openssl engine", has been added in that allows
+ for testing and examination of ENGINE implementations. Basic usage
+ instructions are available by specifying the "-?" command line switch.
+
+ DYNAMIC ENGINES
+ ===============
+
+ The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+ implementations that aren't pre-compiled and linked into OpenSSL-based
+ applications. This could be because existing compiled-in implementations
+ have known problems and you wish to use a newer version with an existing
+ application. It could equally be because the application (or OpenSSL
+ library) you are using simply doesn't have support for the ENGINE you
+ wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+ you with a self-contained implementation in the form of a shared-library.
+ The other use-case for "dynamic" is with applications that wish to
+ maintain the smallest foot-print possible and so do not link in various
+ ENGINE implementations from OpenSSL, but instead leaves you to provide
+ them, if you want them, in the form of "dynamic"-loadable
+ shared-libraries. It should be possible for hardware vendors to provide
+ their own shared-libraries to support arbitrary hardware to work with
+ applications based on OpenSSL 0.9.7 or later. If you're using an
+ application based on 0.9.7 (or later) and the support you desire is only
+ announced for versions later than the one you need, ask the vendor to
+ backport their ENGINE to the version you need.
+
+ How does "dynamic" work?
+ ------------------------
+ The dynamic ENGINE has a special flag in its implementation such that
+ every time application code asks for the 'dynamic' ENGINE, it in fact
+ gets its own copy of it. As such, multi-threaded code (or code that
+ multiplexes multiple uses of 'dynamic' in a single application in any
+ way at all) does not get confused by 'dynamic' being used to do many
+ independent things. Other ENGINEs typically don't do this so there is
+ only ever 1 ENGINE structure of its type (and reference counts are used
+ to keep order). The dynamic ENGINE itself provides absolutely no
+ cryptographic functionality, and any attempt to "initialise" the ENGINE
+ automatically fails. All it does provide are a few "control commands"
+ that can be used to control how it will load an external ENGINE
+ implementation from a shared-library. To see these control commands,
+ use the command-line;
+
+ openssl engine -vvvv dynamic
+
+ The "SO_PATH" control command should be used to identify the
+ shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+ might possibly be useful if there is a minor version conflict and you
+ (or a vendor helpdesk) is convinced you can safely ignore it.
+ "ID" is probably only needed if a shared-library implements
+ multiple ENGINEs, but if you know the engine id you expect to be using,
+ it doesn't hurt to specify it (and this provides a sanity check if
+ nothing else). "LIST_ADD" is only required if you actually wish the
+ loaded ENGINE to be discoverable by application code later on using the
+ ENGINE's "id". For most applications, this isn't necessary - but some
+ application authors may have nifty reasons for using it. The "LOAD"
+ command is the only one that takes no parameters and is the command
+ that uses the settings from any previous commands to actually *load*
+ the shared-library ENGINE implementation. If this command succeeds, the
+ (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+ that has been loaded from the shared-library. As such, any control
+ commands supported by the loaded ENGINE could then be executed as per
+ normal. Eg. if ENGINE "foo" is implemented in the shared-library
+ "libfoo.so" and it supports some special control command "CMD_FOO", the
+ following code would load and use it (NB: obviously this code has no
+ error checking);
+
+ ENGINE *e = ENGINE_by_id("dynamic");
+ ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+ ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
+ ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+ ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+ For testing, the "openssl engine" utility can be useful for this sort
+ of thing. For example the above code excerpt would achieve much the
+ same result as;
+
+ openssl engine dynamic \
+ -pre SO_PATH:/lib/libfoo.so \
+ -pre ID:foo \
+ -pre LOAD \
+ -pre "CMD_FOO:some input data"
+
+ Or to simply see the list of commands supported by the "foo" ENGINE;
+
+ openssl engine -vvvv dynamic \
+ -pre SO_PATH:/lib/libfoo.so \
+ -pre ID:foo \
+ -pre LOAD
+
+ Applications that support the ENGINE API and more specifically, the
+ "control commands" mechanism, will provide some way for you to pass
+ such commands through to ENGINEs. As such, you would select "dynamic"
+ as the ENGINE to use, and the parameters/commands you pass would
+ control the *actual* ENGINE used. Each command is actually a name-value
+ pair and the value can sometimes be omitted (eg. the "LOAD" command).
+ Whilst the syntax demonstrated in "openssl engine" uses a colon to
+ separate the command name from the value, applications may provide
+ their own syntax for making that separation (eg. a win32 registry
+ key-value pair may be used by some applications). The reason for the
+ "-pre" syntax in the "openssl engine" utility is that some commands
+ might be issued to an ENGINE *after* it has been initialised for use.
+ Eg. if an ENGINE implementation requires a smart-card to be inserted
+ during initialisation (or a PIN to be typed, or whatever), there may be
+ a control command you can issue afterwards to "forget" the smart-card
+ so that additional initialisation is no longer possible. In
+ applications such as web-servers, where potentially volatile code may
+ run on the same host system, this may provide some arguable security
+ value. In such a case, the command would be passed to the ENGINE after
+ it has been initialised for use, and so the "-post" switch would be
+ used instead. Applications may provide a different syntax for
+ supporting this distinction, and some may simply not provide it at all
+ ("-pre" is almost always what you're after, in reality).
- openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
- crypto device. The internal OpenSSL functions are contained in the
- engine "openssl", and will be used by default.
+ How do I build a "dynamic" ENGINE?
+ ----------------------------------
+ This question is trickier - currently OpenSSL bundles various ENGINE
+ implementations that are statically built in, and any application that
+ calls the "ENGINE_load_builtin_engines()" function will automatically
+ have all such ENGINEs available (and occupying memory). Applications
+ that don't call that function have no ENGINEs available like that and
+ would have to use "dynamic" to load any such ENGINE - but on the other
+ hand such applications would only have the memory footprint of any
+ ENGINEs explicitly loaded using user/admin provided control commands.
+ The main advantage of not statically linking ENGINEs and only using
+ "dynamic" for hardware support is that any installation using no
+ "external" ENGINE suffers no unnecessary memory footprint from unused
+ ENGINEs. Likewise, installations that do require an ENGINE incur the
+ overheads from only *that* ENGINE once it has been loaded.
- No external crypto device is chosen unless you say so. You have actively
- tell the openssl utility commands to use it through a new command line
- switch called "-engine". And if you want to use the ENGINE library to
- do something similar, you must also explicitly choose an external crypto
- device, or the built-in crypto routines will be used, just as in the
- default OpenSSL distribution.
+ Sounds good? Maybe, but currently building an ENGINE implementation as
+ a shared-library that can be loaded by "dynamic" isn't automated in
+ OpenSSL's build process. It can be done manually quite easily however.
+ Such a shared-library can either be built with any OpenSSL code it
+ needs statically linked in, or it can link dynamically against OpenSSL
+ if OpenSSL itself is built as a shared library. The instructions are
+ the same in each case, but in the former (statically linked any
+ dependencies on OpenSSL) you must ensure OpenSSL is built with
+ position-independent code ("PIC"). The default OpenSSL compilation may
+ already specify the relevant flags to do this, but you should consult
+ with your compiler documentation if you are in any doubt.
+ This example will show building the "atalla" ENGINE in the
+ crypto/engine/ directory as a shared-library for use via the "dynamic"
+ ENGINE.
+ 1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+ source tree.
+ 2) Recompile at least one source file so you can see all the compiler
+ flags (and syntax) being used to build normally. Eg;
+ touch hw_atalla.c ; make
+ will rebuild "hw_atalla.o" using all such flags.
+ 3) Manually enter the same compilation line to compile the
+ "hw_atalla.c" file but with the following two changes;
+ (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+ (b) change the output file from "hw_atalla.o" to something new,
+ eg. "tmp_atalla.o"
+ 4) Link "tmp_atalla.o" into a shared-library using the top-level
+ OpenSSL libraries to resolve any dependencies. The syntax for doing
+ this depends heavily on your system/compiler and is a nightmare
+ known well to anyone who has worked with shared-library portability
+ before. 'gcc' on Linux, for example, would use the following syntax;
+ gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+ 5) Test your shared library using "openssl engine" as explained in the
+ previous section. Eg. from the top-level directory, you might try;
+ apps/openssl engine -vvvv dynamic \
+ -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+ If the shared-library loads successfully, you will see both "-pre"
+ commands marked as "SUCCESS" and the list of control commands
+ displayed (because of "-vvvv") will be the control commands for the
+ *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+ the "-t" switch to the utility if you want it to try and initialise
+ the atalla ENGINE for use to test any possible hardware/driver
+ issues.
PROBLEMS
========
- It seems like the ENGINE part doesn't work too well with CryptoSwift on
- Win32. A quick test done right before the release showed that trying
- "openssl speed -engine cswift" generated errors. If the DSO gets enabled,
- an attempt is made to write at memory address 0x00000002.
+ It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+ A quick test done right before the release showed that trying "openssl speed
+ -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+ to write at memory address 0x00000002.
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index f1ac7e772690..8b2ce7ea4248 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -5,7 +5,7 @@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
+# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
@@ -54,7 +54,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -143,7 +148,7 @@ foreach (@ARGV) {
}
} else {
print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in
index f1ac7e772690..8b2ce7ea4248 100644
--- a/crypto/openssl/apps/CA.pl.in
+++ b/crypto/openssl/apps/CA.pl.in
@@ -5,7 +5,7 @@
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
+# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
@@ -54,7 +54,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@ -66,6 +66,11 @@ foreach (@ARGV) {
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newreq-nodes$/) {
+ # create a certificate request
+ system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -143,7 +148,7 @@ foreach (@ARGV) {
}
} else {
print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index 0b3208f0de82..c75d0d2e77c3 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -5,21 +5,26 @@
DIR= apps
TOP= ..
CC= cc
-INCLUDES= -I../include
+INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
CFLAG= -g -static
INSTALL_PREFIX=
INSTALLTOP= /usr/local/ssl
OPENSSLDIR= /usr/local/ssl
MAKE= make -f Makefile.ssl
-MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile.ssl
PERL= perl
RM= rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
+SHLIB_TARGET=
+
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
@@ -39,7 +44,7 @@ E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
ca crl rsa rsautl dsa dsaparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
- pkcs8 spkac smime rand
+ pkcs8 spkac smime rand engine ocsp
PROGS= $(PROGRAM).c
@@ -55,14 +60,14 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
rsa.o rsautl.o dsa.o dsaparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
rsa.c rsautl.c dsa.c dsaparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
SRC=$(E_SRC)
@@ -93,17 +98,20 @@ install:
@for i in $(EXE); \
do \
(echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
done;
@for i in $(SCRIPTS); \
do \
(echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
done
- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+ @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
tags:
ctags $(SRC)
@@ -117,7 +125,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -128,15 +136,24 @@ clean:
rm -f req
$(DLIBSSL):
- (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=ssl all)
$(DLIBCRYPTO):
- (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=crypto all)
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(PROGRAM)
- $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
- -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+ if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+ else \
+ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+ fi
+ -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+ if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
+ elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+ $(PERL) tools/c_rehash certs)
progs.h: progs.pl
$(PERL) progs.pl $(E_EXE) >progs.h
@@ -144,567 +161,724 @@ progs.h: progs.pl
# DO NOT DELETE THIS LINE -- make depend depends on it.
-app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
-app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-app_rand.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
-app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h apps.h
-apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-apps.o: ../include/openssl/des.h ../include/openssl/dh.h
-apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
+app_rand.o: apps.h
+apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h
apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
-asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509_vfy.h apps.h
-ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: asn1pars.c
+ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509_vfy.h apps.h
-crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl.o: ../include/openssl/des.h ../include/openssl/dh.h
-crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/engine.h ../include/openssl/err.h
crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
-crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509_vfy.h apps.h
-dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
-dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dgst.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h
-dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509_vfy.h apps.h
-dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
-dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h
-enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-enc.o: ../include/openssl/des.h ../include/openssl/dh.h
-enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: dsaparam.c
+enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+engine.o: ../include/openssl/md4.h ../include/openssl/md5.h
+engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509_vfy.h apps.h
-gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
-gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h apps.h
-genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h
-nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
-nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-nseq.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509_vfy.h apps.h
-openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
-passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
-passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-passwd.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+passwd.o: passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509_vfy.h apps.h
-pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
-pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rand.o: ../include/openssl/des.h ../include/openssl/dh.h
-rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/des.h ../include/openssl/dh.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/des.h ../include/openssl/des_old.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
-rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h apps.h
-rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
-rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h
-s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
-s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
@@ -714,21 +888,24 @@ s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h
-s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
@@ -738,22 +915,26 @@ s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h
-s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h
s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -761,169 +942,200 @@ s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h
-s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h
s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
-sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h
sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
-sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509_vfy.h apps.h
-smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-smime.o: ../include/openssl/des.h ../include/openssl/dh.h
-smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+smime.o: ../include/openssl/cast.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509_vfy.h apps.h
-speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-speed.o: ../include/openssl/des.h ../include/openssl/dh.h
-speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/engine.h ../include/openssl/err.h
speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
-spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
-spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h apps.h
-verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-verify.o: ../include/openssl/des.h ../include/openssl/dh.h
-verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+verify.o: ../include/openssl/cast.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-version.o: ../include/openssl/des.h ../include/openssl/dh.h
-version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-version.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-version.o: ../include/openssl/md2.h ../include/openssl/md4.h
-version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/cast.h ../include/openssl/conf.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/engine.h ../include/openssl/err.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-x509.o: ../include/openssl/des.h ../include/openssl/dh.h
-x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+version.o: version.c
+x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+x509.o: ../include/openssl/cast.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
-x509.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
index 8a78e12eb732..b7b6128c1eb9 100644
--- a/crypto/openssl/apps/app_rand.c
+++ b/crypto/openssl/apps/app_rand.c
@@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
int consider_randfile = (file == NULL);
char buffer[200];
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e,"Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
@@ -142,18 +142,21 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
}
if (file == NULL || !RAND_load_file(file, -1))
{
- if (RAND_status() == 0 && !dont_warn)
+ if (RAND_status() == 0)
{
- BIO_printf(bio_e,"unable to load 'random state'\n");
- BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e,"with much random data.\n");
- if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ if (!dont_warn)
{
- BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ BIO_printf(bio_e,"unable to load 'random state'\n");
+ BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e,"with much random data.\n");
+ if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ {
+ BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ }
}
+ return 0;
}
- return 0;
}
seeded = 1;
return 1;
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 618e34c084e0..4a8c9263a7cc 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -55,25 +55,111 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
+#include <ctype.h>
#include <openssl/err.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
#include <openssl/safestack.h>
+#include <openssl/engine.h>
+
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+# ifdef NO_STRINGS_H
+ int strcasecmp();
+# else
+# include <strings.h>
+# endif /* NO_STRINGS_H */
+#endif
-#ifdef WINDOWS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+#ifdef OPENSSL_SYS_WINDOWS
# include "bss_file.c"
#endif
+typedef struct {
+ char *name;
+ unsigned long flag;
+ unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format);
+#endif
+
int app_init(long mesgwin);
#ifdef undef /* never finished - probably never will be :-) */
int args_from_file(char *file, int *argc, char **argv[])
@@ -170,11 +256,13 @@ int str2fmt(char *s)
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
+ else if ((*s == 'E') || (*s == 'e'))
+ return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}
-#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
void program_name(char *in, char *out, int size)
{
int i,n;
@@ -212,7 +300,7 @@ void program_name(char *in, char *out, int size)
out[n]='\0';
}
#else
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
void program_name(char *in, char *out, int size)
{
char *p=in, *q;
@@ -249,28 +337,65 @@ void program_name(char *in, char *out, int size)
p++;
else
p=in;
- strncpy(out,p,size-1);
- out[size-1]='\0';
+ BUF_strlcpy(out,p,size);
}
#endif
#endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
int WIN32_rename(char *from, char *to)
{
-#ifdef WINNT
- int ret;
-/* Note: MoveFileEx() doesn't work under Win95, Win98 */
-
- ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
- return(ret?0:-1);
+#ifndef OPENSSL_SYS_WINCE
+ /* Windows rename gives an error if 'to' exists, so delete it
+ * first and ignore file not found errror
+ */
+ if((remove(to) != 0) && (errno != ENOENT))
+ return -1;
+#undef rename
+ return rename(from, to);
#else
- unlink(to);
- return MoveFile(from, to);
+ /* convert strings to UNICODE */
+ {
+ BOOL result = FALSE;
+ WCHAR* wfrom;
+ WCHAR* wto;
+ int i;
+ wfrom = malloc((strlen(from)+1)*2);
+ wto = malloc((strlen(to)+1)*2);
+ if (wfrom != NULL && wto != NULL)
+ {
+ for (i=0; i<(int)strlen(from)+1; i++)
+ wfrom[i] = (short)from[i];
+ for (i=0; i<(int)strlen(to)+1; i++)
+ wto[i] = (short)to[i];
+ result = MoveFile(wfrom, wto);
+ }
+ if (wfrom != NULL)
+ free(wfrom);
+ if (wto != NULL)
+ free(wto);
+ return result;
+ }
#endif
}
#endif
+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+ {
+ while (*str1 && *str2)
+ {
+ int res = toupper(*str1) - toupper(*str2);
+ if (res) return res < 0 ? -1 : 1;
+ }
+ if (*str1)
+ return 1;
+ if (*str2)
+ return -1;
+ return 0;
+ }
+#endif
+
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
{
int num,len,i;
@@ -346,18 +471,175 @@ int app_init(long mesgwin)
int dump_cert_text (BIO *out, X509 *x)
{
- char buf[256];
- X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ char *p;
+
+ p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
BIO_puts(out,"subject=");
- BIO_puts(out,buf);
+ BIO_puts(out,p);
+ OPENSSL_free(p);
- X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
+ p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
+ BIO_puts(out,"\nissuer=");
+ BIO_puts(out,p);
BIO_puts(out,"\n");
- return 0;
+ OPENSSL_free(p);
+
+ return 0;
}
+static int ui_open(UI *ui)
+ {
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+ }
+static int ui_read(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password[0] != '\0')
+ {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+ }
+static int ui_write(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+ }
+static int ui_close(UI *ui)
+ {
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+ }
+int setup_ui_method(void)
+ {
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+ }
+void destroy_ui_method(void)
+ {
+ if(ui_method)
+ {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+ }
+int password_callback(char *buf, int bufsiz, int verify,
+ PW_CB_DATA *cb_tmp)
+ {
+ UI *ui = NULL;
+ int res = 0;
+ const char *prompt_info = NULL;
+ const char *password = NULL;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+ if (cb_data)
+ {
+ if (cb_data->password)
+ password = cb_data->password;
+ if (cb_data->prompt_info)
+ prompt_info = cb_data->prompt_info;
+ }
+
+ if (password)
+ {
+ res = strlen(password);
+ if (res > bufsiz)
+ res = bufsiz;
+ memcpy(buf, password, res);
+ return res;
+ }
+
+ ui = UI_new_method(ui_method);
+ if (ui)
+ {
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ char *prompt = NULL;
+
+ prompt = UI_construct_prompt(ui, "pass phrase",
+ cb_data->prompt_info);
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ ok = UI_add_input_string(ui,prompt,ui_flags,buf,
+ PW_MIN_LENGTH,BUFSIZ-1);
+ if (ok >= 0 && verify)
+ {
+ buff = (char *)OPENSSL_malloc(bufsiz);
+ ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
+ PW_MIN_LENGTH,BUFSIZ-1, buf);
+ }
+ if (ok >= 0)
+ do
+ {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (buff)
+ {
+ OPENSSL_cleanse(buff,(unsigned int)bufsiz);
+ OPENSSL_free(buff);
+ }
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1)
+ {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2)
+ {
+ BIO_printf(bio_err,"aborted!\n");
+ OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+ res = 0;
+ }
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ return res;
+ }
+
static char *app_get_pass(BIO *err, char *arg, int keepbio);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
@@ -433,14 +715,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
return BUF_strdup(tpass);
}
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
- if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
- if(!(sktmp = CONF_get_section(conf, p))) {
+ if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
+ {
+ ERR_clear_error();
+ return 1;
+ }
+ if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
@@ -455,7 +741,8 @@ int add_oid_section(BIO *err, LHASH *conf)
return 1;
}
-X509 *load_cert(BIO *err, char *file, int format)
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
{
ASN1_HEADER *ah=NULL;
BUF_MEM *buf=NULL;
@@ -469,12 +756,17 @@ X509 *load_cert(BIO *err, char *file, int format)
}
if (file == NULL)
+ {
+ setvbuf(stdin, NULL, _IONBF, 0);
BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+ }
else
{
if (BIO_read_filename(cert,file) <= 0)
{
- perror(file);
+ BIO_printf(err, "Error opening %s %s\n",
+ cert_descrip, file);
+ ERR_print_errors(err);
goto end;
}
}
@@ -525,7 +817,8 @@ X509 *load_cert(BIO *err, char *file, int format)
ah->data=NULL;
}
else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+ x=PEM_read_bio_X509_AUX(cert,NULL,
+ (pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
@@ -535,7 +828,8 @@ X509 *load_cert(BIO *err, char *file, int format)
p12 = NULL;
}
else {
- BIO_printf(err,"bad input format specified for input cert\n");
+ BIO_printf(err,"bad input format specified for %s\n",
+ cert_descrip);
goto end;
}
end:
@@ -550,35 +844,62 @@ end:
return(x);
}
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
+ PW_CB_DATA cb_data;
- if (file == NULL)
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_private_key(e, file,
+ ui_method, &cb_data);
+ goto end;
+ }
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
- if (BIO_read_filename(key,file) <= 0)
+ if (file == NULL && maybe_stdin)
{
- perror(file);
- goto end;
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key,stdin,BIO_NOCLOSE);
}
+ else
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
if (format == FORMAT_ASN1)
{
pkey=d2i_PrivateKey_bio(key, NULL);
}
else if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
+ pkey=PEM_read_bio_PrivateKey(key,NULL,
+ (pem_password_cb *)password_callback, &cb_data);
}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
@@ -589,36 +910,58 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
}
else
{
- BIO_printf(err,"bad input format specified for key\n");
+ BIO_printf(err,"bad input format specified for key file\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
- BIO_printf(err,"unable to load Private Key\n");
+ BIO_printf(err,"unable to load %s\n", key_descrip);
return(pkey);
}
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
+ PW_CB_DATA cb_data;
- if (file == NULL)
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
{
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_public_key(e, file,
+ ui_method, &cb_data);
+ goto end;
+ }
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
- if (BIO_read_filename(key,file) <= 0)
+ if (file == NULL && maybe_stdin)
{
- perror(file);
- goto end;
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key,stdin,BIO_NOCLOSE);
+ }
+ else
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ BIO_printf(err, "Error opening %s %s\n",
+ key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
}
if (format == FORMAT_ASN1)
{
@@ -626,27 +969,83 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
}
else if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
+ pkey=PEM_read_bio_PUBKEY(key,NULL,
+ (pem_password_cb *)password_callback, &cb_data);
}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
else
{
- BIO_printf(err,"bad input format specified for key\n");
+ BIO_printf(err,"bad input format specified for key file\n");
goto end;
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
- BIO_printf(err,"unable to load Public Key\n");
+ BIO_printf(err,"unable to load %s\n", key_descrip);
return(pkey);
}
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format)
+ {
+ EVP_PKEY *pkey;
+ BUF_MEM *buf;
+ RSA *rsa;
+ const unsigned char *p;
+ int size, i;
+
+ buf=BUF_MEM_new();
+ pkey = EVP_PKEY_new();
+ size = 0;
+ if (buf == NULL || pkey == NULL)
+ goto error;
+ for (;;)
+ {
+ if (!BUF_MEM_grow_clean(buf,size+1024*10))
+ goto error;
+ i = BIO_read(key, &(buf->data[size]), 1024*10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0)
+ {
+ BIO_printf(err, "Error reading %s %s",
+ key_descrip, file);
+ goto error;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+ (format == FORMAT_IISSGC ? 1 : 0));
+ if (rsa == NULL)
+ goto error;
+ BUF_MEM_free(buf);
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ return pkey;
+error:
+ BUF_MEM_free(buf);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+#endif /* ndef OPENSSL_NO_RC4 */
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
{
BIO *certs;
int i;
STACK_OF(X509) *othercerts = NULL;
STACK_OF(X509_INFO) *allcerts = NULL;
X509_INFO *xi;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
if((certs = BIO_new(BIO_s_file())) == NULL)
{
@@ -660,7 +1059,9 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
{
if (BIO_read_filename(certs,file) <= 0)
{
- perror(file);
+ BIO_printf(err, "Error opening %s %s\n",
+ cert_descrip, file);
+ ERR_print_errors(err);
goto end;
}
}
@@ -674,7 +1075,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
othercerts = NULL;
goto end;
}
- allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+ allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+ (pem_password_cb *)password_callback, &cb_data);
for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
{
xi = sk_X509_INFO_value (allcerts, i);
@@ -687,7 +1089,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
goto end;
}
else {
- BIO_printf(err,"bad input format specified for input cert\n");
+ BIO_printf(err,"bad input format specified for %s\n",
+ cert_descrip);
goto end;
}
end:
@@ -701,16 +1104,49 @@ end:
return(othercerts);
}
-typedef struct {
- char *name;
- unsigned long flag;
- unsigned long mask;
-} NAME_EX_TBL;
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+ X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL cert_tbl[] = {
+ { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ { "ca_default", X509_FLAG_CA, 0xffffffffl},
+ { "no_header", X509_FLAG_NO_HEADER, 0},
+ { "no_version", X509_FLAG_NO_VERSION, 0},
+ { "no_serial", X509_FLAG_NO_SERIAL, 0},
+ { "no_signame", X509_FLAG_NO_SIGNAME, 0},
+ { "no_validity", X509_FLAG_NO_VALIDITY, 0},
+ { "no_subject", X509_FLAG_NO_SUBJECT, 0},
+ { "no_issuer", X509_FLAG_NO_ISSUER, 0},
+ { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ { "no_aux", X509_FLAG_NO_AUX, 0},
+ { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+ { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ { NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, cert_tbl);
+}
int set_name_ex(unsigned long *flags, const char *arg)
{
- char c;
- const NAME_EX_TBL *ptbl, ex_tbl[] = {
+ static const NAME_EX_TBL ex_tbl[] = {
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -730,15 +1166,95 @@ int set_name_ex(unsigned long *flags, const char *arg)
{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ { "align", XN_FLAG_FN_ALIGN, 0},
{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
{ "space_eq", XN_FLAG_SPC_EQ, 0},
{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{ NULL, 0, 0}
};
+ return set_multi_opts(flags, arg, ex_tbl);
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+ if (!strcasecmp(arg, "none"))
+ *copy_type = EXT_COPY_NONE;
+ else if (!strcasecmp(arg, "copy"))
+ *copy_type = EXT_COPY_ADD;
+ else if (!strcasecmp(arg, "copyall"))
+ *copy_type = EXT_COPY_ALL;
+ else
+ return 0;
+ return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+ X509_EXTENSION *ext, *tmpext;
+ ASN1_OBJECT *obj;
+ int i, idx, ret = 0;
+ if (!x || !req || (copy_type == EXT_COPY_NONE))
+ return 1;
+ exts = X509_REQ_get_extensions(req);
+
+ for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ext = sk_X509_EXTENSION_value(exts, i);
+ obj = X509_EXTENSION_get_object(ext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ /* Does extension exist? */
+ if (idx != -1) {
+ /* If normal copy don't override existing extension */
+ if (copy_type == EXT_COPY_ADD)
+ continue;
+ /* Delete all extensions of same type */
+ do {
+ tmpext = X509_get_ext(x, idx);
+ X509_delete_ext(x, idx);
+ X509_EXTENSION_free(tmpext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ } while (idx != -1);
+ }
+ if (!X509_add_ext(x, ext, -1))
+ goto end;
+ }
+
+ ret = 1;
+ end:
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+ return ret;
+}
+
+
+
+
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ STACK_OF(CONF_VALUE) *vals;
+ CONF_VALUE *val;
+ int i, ret = 1;
+ if(!arg) return 0;
+ vals = X509V3_parse_list(arg);
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ val = sk_CONF_VALUE_value(vals, i);
+ if (!set_table_opts(flags, val->name, in_tbl))
+ ret = 0;
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+ char c;
+ const NAME_EX_TBL *ptbl;
c = arg[0];
if(c == '-') {
@@ -749,8 +1265,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
arg++;
} else c = 1;
- for(ptbl = ex_tbl; ptbl->name; ptbl++) {
- if(!strcmp(arg, ptbl->name)) {
+ for(ptbl = in_tbl; ptbl->name; ptbl++) {
+ if(!strcasecmp(arg, ptbl->name)) {
*flags &= ~ptbl->mask;
if(c) *flags |= ptbl->flag;
else *flags &= ~ptbl->flag;
@@ -765,6 +1281,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
char *buf;
char mline = 0;
int indent = 0;
+
if(title) BIO_puts(out, title);
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mline = 1;
@@ -782,3 +1299,122 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
}
}
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if(!(store = X509_STORE_new())) goto end;
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (CAfile) {
+ if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (CApath) {
+ if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
+
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = ENGINE_by_id("dynamic");
+ if (e)
+ {
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+ {
+ ENGINE_free(e);
+ e = NULL;
+ }
+ }
+ return e;
+ }
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = NULL;
+
+ if (engine)
+ {
+ if(strcmp(engine, "auto") == 0)
+ {
+ BIO_printf(err,"enabling auto ENGINE support\n");
+ ENGINE_register_all_complete();
+ return NULL;
+ }
+ if((e = ENGINE_by_id(engine)) == NULL
+ && (e = try_load_engine(err, engine, debug)) == NULL)
+ {
+ BIO_printf(err,"invalid engine \"%s\"\n", engine);
+ ERR_print_errors(err);
+ return NULL;
+ }
+ if (debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, err, 0);
+ }
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(err,"can't use that engine\n");
+ ERR_print_errors(err);
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+ return e;
+ }
+
+int load_config(BIO *err, CONF *cnf)
+ {
+ if (!cnf)
+ cnf = config;
+ if (!cnf)
+ return 1;
+
+ OPENSSL_load_builtin_modules();
+
+ if (CONF_modules_load(cnf, NULL, 0) <= 0)
+ {
+ BIO_printf(err, "Error configuring OpenSSL\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ return 1;
+ }
+
+char *make_config_name()
+ {
+ const char *t=X509_get_default_cert_area();
+ char *p;
+
+ p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+ strcpy(p,t);
+#ifndef OPENSSL_SYS_VMS
+ strcat(p,"/");
+#endif
+ strcat(p,OPENSSL_CONF);
+
+ return p;
+ }
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 82587b977056..7b1f8ded787d 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -55,11 +55,64 @@
* copied and put under another distribution licence
* [including the GNU Public