aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-01-10 06:22:05 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-01-10 06:22:05 +0000
commit74664626283603849f4acbd49e8c8288c08cff4d (patch)
treeb5683ff3d44c93978826763313683673904c6bd9 /crypto
parentf5952845872443119d7617dd3ef63397853419c1 (diff)
downloadsrc-74664626283603849f4acbd49e8c8288c08cff4d.tar.gz
src-74664626283603849f4acbd49e8c8288c08cff4d.zip
Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
infringement reasons.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=55714
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/CHANGES1624
-rw-r--r--crypto/openssl/CHANGES.SSLeay968
-rwxr-xr-xcrypto/openssl/Configure869
-rw-r--r--crypto/openssl/INSTALL387
-rw-r--r--crypto/openssl/LICENSE127
-rw-r--r--crypto/openssl/Makefile.org351
-rw-r--r--crypto/openssl/Makefile.ssl351
-rw-r--r--crypto/openssl/NEWS65
-rw-r--r--crypto/openssl/README205
-rwxr-xr-xcrypto/openssl/apps/CA.pl153
-rw-r--r--crypto/openssl/apps/CA.sh132
-rw-r--r--crypto/openssl/apps/Makefile.ssl727
-rw-r--r--crypto/openssl/apps/apps.c326
-rw-r--r--crypto/openssl/apps/apps.h141
-rw-r--r--crypto/openssl/apps/asn1pars.c309
-rw-r--r--crypto/openssl/apps/ca-cert.srl1
-rw-r--r--crypto/openssl/apps/ca-key.pem15
-rw-r--r--crypto/openssl/apps/ca-req.pem11
-rw-r--r--crypto/openssl/apps/ca.c2232
-rw-r--r--crypto/openssl/apps/cert.pem11
-rw-r--r--crypto/openssl/apps/ciphers.c194
-rw-r--r--crypto/openssl/apps/client.pem24
-rw-r--r--crypto/openssl/apps/crl.c299
-rw-r--r--crypto/openssl/apps/crl2p7.c333
-rw-r--r--crypto/openssl/apps/demoCA/cacert.pem14
-rw-r--r--crypto/openssl/apps/demoCA/index.txt39
-rw-r--r--crypto/openssl/apps/demoCA/private/cakey.pem24
-rw-r--r--crypto/openssl/apps/demoCA/serial1
-rw-r--r--crypto/openssl/apps/der_chop305
-rw-r--r--crypto/openssl/apps/der_chop.in305
-rw-r--r--crypto/openssl/apps/dgst.c219
-rw-r--r--crypto/openssl/apps/dh.c312
-rw-r--r--crypto/openssl/apps/dh1024.pem5
-rw-r--r--crypto/openssl/apps/dsa-ca.pem40
-rw-r--r--crypto/openssl/apps/dsa-pca.pem46
-rw-r--r--crypto/openssl/apps/dsa.c256
-rw-r--r--crypto/openssl/apps/dsa1024.pem9
-rw-r--r--crypto/openssl/apps/dsa512.pem6
-rw-r--r--crypto/openssl/apps/dsap.pem6
-rw-r--r--crypto/openssl/apps/dsaparam.c353
-rw-r--r--crypto/openssl/apps/eay.c131
-rw-r--r--crypto/openssl/apps/enc.c551
-rw-r--r--crypto/openssl/apps/errstr.c114
-rw-r--r--crypto/openssl/apps/gendh.c223
-rw-r--r--crypto/openssl/apps/gendsa.c232
-rw-r--r--crypto/openssl/apps/genrsa.c266
-rw-r--r--crypto/openssl/apps/nseq.c174
-rw-r--r--crypto/openssl/apps/oid.cnf6
-rw-r--r--crypto/openssl/apps/openssl.c373
-rw-r--r--crypto/openssl/apps/openssl.cnf214
-rw-r--r--crypto/openssl/apps/pca-cert.srl1
-rw-r--r--crypto/openssl/apps/pca-key.pem15
-rw-r--r--crypto/openssl/apps/pca-req.pem11
-rw-r--r--crypto/openssl/apps/pem_mail.c170
-rw-r--r--crypto/openssl/apps/pkcs12.c703
-rw-r--r--crypto/openssl/apps/pkcs7.c313
-rw-r--r--crypto/openssl/apps/pkcs8.c274
-rw-r--r--crypto/openssl/apps/privkey.pem18
-rw-r--r--crypto/openssl/apps/progs.h233
-rw-r--r--crypto/openssl/apps/progs.pl77
-rw-r--r--crypto/openssl/apps/req.c1197
-rw-r--r--crypto/openssl/apps/req.pem11
-rw-r--r--crypto/openssl/apps/rsa.c333
-rw-r--r--crypto/openssl/apps/rsa/01.pem15
-rw-r--r--crypto/openssl/apps/rsa/1.txt50
-rw-r--r--crypto/openssl/apps/rsa/SecureServer.pem47
-rw-r--r--crypto/openssl/apps/rsa/s.txt49
-rw-r--r--crypto/openssl/apps/rsa8192.pem101
-rw-r--r--crypto/openssl/apps/s1024key.pem15
-rw-r--r--crypto/openssl/apps/s1024req.pem11
-rw-r--r--crypto/openssl/apps/s512-key.pem9
-rw-r--r--crypto/openssl/apps/s512-req.pem8
-rw-r--r--crypto/openssl/apps/s_apps.h120
-rw-r--r--crypto/openssl/apps/s_cb.c238
-rw-r--r--crypto/openssl/apps/s_client.c840
-rw-r--r--crypto/openssl/apps/s_server.c1464
-rw-r--r--crypto/openssl/apps/s_socket.c674
-rw-r--r--crypto/openssl/apps/s_time.c694
-rw-r--r--crypto/openssl/apps/server.pem369
-rw-r--r--crypto/openssl/apps/server.srl1
-rw-r--r--crypto/openssl/apps/server2.pem376
-rw-r--r--crypto/openssl/apps/sess_id.c308
-rw-r--r--crypto/openssl/apps/set/set-g-ca.pem21
-rw-r--r--crypto/openssl/apps/set/set-m-ca.pem21
-rw-r--r--crypto/openssl/apps/set/set_b_ca.pem23
-rw-r--r--crypto/openssl/apps/set/set_c_ca.pem21
-rw-r--r--crypto/openssl/apps/set/set_d_ct.pem21
-rw-r--r--crypto/openssl/apps/set/set_root.pem21
-rw-r--r--crypto/openssl/apps/speed.c1205
-rw-r--r--crypto/openssl/apps/testCA.pem8
-rw-r--r--crypto/openssl/apps/testdsa.h148
-rw-r--r--crypto/openssl/apps/testrsa.h517
-rw-r--r--crypto/openssl/apps/tkca66
-rw-r--r--crypto/openssl/apps/verify.c229
-rw-r--r--crypto/openssl/apps/version.c130
-rw-r--r--crypto/openssl/apps/x509.c1086
-rw-r--r--crypto/openssl/bugs/MS7
-rw-r--r--crypto/openssl/bugs/SSLv341
-rw-r--r--crypto/openssl/bugs/VC16.bug18
-rw-r--r--crypto/openssl/bugs/alpha.c91
-rw-r--r--crypto/openssl/bugs/dggccbug.c45
-rw-r--r--crypto/openssl/bugs/sgiccbug.c57
-rw-r--r--crypto/openssl/bugs/sslref.dif26
-rw-r--r--crypto/openssl/bugs/stream.c131
-rw-r--r--crypto/openssl/bugs/ultrixcc.c45
-rw-r--r--crypto/openssl/certs/ICE-CA.pem59
-rw-r--r--crypto/openssl/certs/ICE-root.pem48
-rw-r--r--crypto/openssl/certs/ICE-user.pem63
-rw-r--r--crypto/openssl/certs/ICE.crl9
-rw-r--r--crypto/openssl/certs/ca-cert.pem31
-rw-r--r--crypto/openssl/certs/dsa-ca.pem43
-rw-r--r--crypto/openssl/certs/dsa-pca.pem49
-rw-r--r--crypto/openssl/certs/expired/ICE-CA.pem59
-rw-r--r--crypto/openssl/certs/expired/ICE-root.pem48
-rw-r--r--crypto/openssl/certs/expired/ICE-user.pem63
-rw-r--r--crypto/openssl/certs/expired/ICE.crl9
-rw-r--r--crypto/openssl/certs/factory.pem15
-rw-r--r--crypto/openssl/certs/nortelCA.pem16
-rw-r--r--crypto/openssl/certs/pca-cert.pem31
-rw-r--r--crypto/openssl/certs/rsa-cca.pem19
-rw-r--r--crypto/openssl/certs/rsa-ssca.pem19
-rw-r--r--crypto/openssl/certs/thawteCb.pem19
-rw-r--r--crypto/openssl/certs/thawteCp.pem19
-rw-r--r--crypto/openssl/certs/timCA.pem16
-rw-r--r--crypto/openssl/certs/tjhCA.pem15
-rw-r--r--crypto/openssl/certs/vsign1.pem17
-rw-r--r--crypto/openssl/certs/vsign2.pem18
-rw-r--r--crypto/openssl/certs/vsign3.pem18
-rw-r--r--crypto/openssl/certs/vsignss.pem17
-rw-r--r--crypto/openssl/certs/vsigntca.pem18
-rwxr-xr-xcrypto/openssl/config506
-rw-r--r--crypto/openssl/crypto/Makefile.ssl179
-rw-r--r--crypto/openssl/crypto/asn1/Makefile.ssl1090
-rw-r--r--crypto/openssl/crypto/asn1/a_bitstr.c222
-rw-r--r--crypto/openssl/crypto/asn1/a_bmp.c83
-rw-r--r--crypto/openssl/crypto/asn1/a_bool.c112
-rw-r--r--crypto/openssl/crypto/asn1/a_bytes.c322
-rw-r--r--crypto/openssl/crypto/asn1/a_d2i_fp.c195
-rw-r--r--crypto/openssl/crypto/asn1/a_digest.c87
-rw-r--r--crypto/openssl/crypto/asn1/a_dup.c83
-rw-r--r--crypto/openssl/crypto/asn1/a_enum.c326
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c224
-rw-r--r--crypto/openssl/crypto/asn1/a_hdr.c119
-rw-r--r--crypto/openssl/crypto/asn1/a_i2d_fp.c113
-rw-r--r--crypto/openssl/crypto/asn1/a_int.c416
-rw-r--r--crypto/openssl/crypto/asn1/a_meth.c84
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c304
-rw-r--r--crypto/openssl/crypto/asn1/a_octet.c83
-rw-r--r--crypto/openssl/crypto/asn1/a_print.c165
-rw-r--r--crypto/openssl/crypto/asn1/a_set.c217
-rw-r--r--crypto/openssl/crypto/asn1/a_sign.c145
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c123
-rw-r--r--crypto/openssl/crypto/asn1/a_type.c348
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c260
-rw-r--r--crypto/openssl/crypto/asn1/a_utf8.c83
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c116
-rw-r--r--crypto/openssl/crypto/asn1/a_vis.c83
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h945
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c331
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c413
-rw-r--r--crypto/openssl/crypto/asn1/asn1_mac.h546
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c411
-rw-r--r--crypto/openssl/crypto/asn1/asn_pack.c145
-rw-r--r--crypto/openssl/crypto/asn1/d2i_dhp.c101
-rw-r--r--crypto/openssl/crypto/asn1/d2i_dsap.c98
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pr.c114
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pu.c114
-rw-r--r--crypto/openssl/crypto/asn1/d2i_r_pr.c121
-rw-r--r--crypto/openssl/crypto/asn1/d2i_r_pu.c97
-rw-r--r--crypto/openssl/crypto/asn1/d2i_s_pr.c105
-rw-r--r--crypto/openssl/crypto/asn1/d2i_s_pu.c121
-rw-r--r--crypto/openssl/crypto/asn1/evp_asn1.c185
-rw-r--r--crypto/openssl/crypto/asn1/f.c80
-rw-r--r--crypto/openssl/crypto/asn1/f_enum.c207
-rw-r--r--crypto/openssl/crypto/asn1/f_int.c214
-rw-r--r--crypto/openssl/crypto/asn1/f_string.c212
-rw-r--r--crypto/openssl/crypto/asn1/i2d_dhp.c128
-rw-r--r--crypto/openssl/crypto/asn1/i2d_dsap.c117
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pr.c84
-rw-r--r--crypto/openssl/crypto/asn1/i2d_pu.c82
-rw-r--r--crypto/openssl/crypto/asn1/i2d_r_pr.c127
-rw-r--r--crypto/openssl/crypto/asn1/i2d_r_pu.c112
-rw-r--r--crypto/openssl/crypto/asn1/i2d_s_pr.c123
-rw-r--r--crypto/openssl/crypto/asn1/i2d_s_pu.c129
-rw-r--r--crypto/openssl/crypto/asn1/n_pkey.c341
-rw-r--r--crypto/openssl/crypto/asn1/nsseq.c118
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbe.c156
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbev2.c274
-rw-r--r--crypto/openssl/crypto/asn1/p7_dgst.c121
-rw-r--r--crypto/openssl/crypto/asn1/p7_enc.c111
-rw-r--r--crypto/openssl/crypto/asn1/p7_enc_c.c119
-rw-r--r--crypto/openssl/crypto/asn1/p7_evp.c119
-rw-r--r--crypto/openssl/crypto/asn1/p7_i_s.c111
-rw-r--r--crypto/openssl/crypto/asn1/p7_lib.c295
-rw-r--r--crypto/openssl/crypto/asn1/p7_recip.c125
-rw-r--r--crypto/openssl/crypto/asn1/p7_s_e.c145
-rw-r--r--crypto/openssl/crypto/asn1/p7_signd.c135
-rw-r--r--crypto/openssl/crypto/asn1/p7_signi.c150
-rw-r--r--crypto/openssl/crypto/asn1/p8_pkey.c129
-rw-r--r--crypto/openssl/crypto/asn1/pkcs8.c131
-rw-r--r--crypto/openssl/crypto/asn1/t_crl.c166
-rw-r--r--crypto/openssl/crypto/asn1/t_pkey.c361
-rw-r--r--crypto/openssl/crypto/asn1/t_req.c226
-rw-r--r--crypto/openssl/crypto/asn1/t_x509.c412
-rw-r--r--crypto/openssl/crypto/asn1/x_algor.c118
-rw-r--r--crypto/openssl/crypto/asn1/x_attrib.c165
-rw-r--r--crypto/openssl/crypto/asn1/x_cinf.c201
-rw-r--r--crypto/openssl/crypto/asn1/x_crl.c350
-rw-r--r--crypto/openssl/crypto/asn1/x_exten.c148
-rw-r--r--crypto/openssl/crypto/asn1/x_info.c113
-rw-r--r--crypto/openssl/crypto/asn1/x_name.c279
-rw-r--r--crypto/openssl/crypto/asn1/x_pkey.c151
-rw-r--r--crypto/openssl/crypto/asn1/x_pubkey.c254
-rw-r--r--crypto/openssl/crypto/asn1/x_req.c236
-rw-r--r--crypto/openssl/crypto/asn1/x_sig.c110
-rw-r--r--crypto/openssl/crypto/asn1/x_spki.c166
-rw-r--r--crypto/openssl/crypto/asn1/x_val.c109
-rw-r--r--crypto/openssl/crypto/asn1/x_x509.c151
-rw-r--r--crypto/openssl/crypto/bf/COPYRIGHT46
-rw-r--r--crypto/openssl/crypto/bf/INSTALL14
-rw-r--r--crypto/openssl/crypto/bf/Makefile.ssl116
-rw-r--r--crypto/openssl/crypto/bf/Makefile.uni157
-rw-r--r--crypto/openssl/crypto/bf/README8
-rw-r--r--crypto/openssl/crypto/bf/VERSION6
-rw-r--r--crypto/openssl/crypto/bf/asm/bf-586.pl136
-rw-r--r--crypto/openssl/crypto/bf/asm/bf-686.pl127
-rw-r--r--crypto/openssl/crypto/bf/asm/readme10
-rw-r--r--crypto/openssl/crypto/bf/bf_cbc.c143
-rw-r--r--crypto/openssl/crypto/bf/bf_cfb64.c121
-rw-r--r--crypto/openssl/crypto/bf/bf_ecb.c96
-rw-r--r--crypto/openssl/crypto/bf/bf_enc.c304
-rw-r--r--crypto/openssl/crypto/bf/bf_locl.h219
-rw-r--r--crypto/openssl/crypto/bf/bf_ofb64.c110
-rw-r--r--crypto/openssl/crypto/bf/bf_opts.c328
-rw-r--r--crypto/openssl/crypto/bf/bf_pi.h325
-rw-r--r--crypto/openssl/crypto/bf/bf_skey.c116
-rw-r--r--crypto/openssl/crypto/bf/bfs.cpp67
-rw-r--r--crypto/openssl/crypto/bf/bfspeed.c274
-rw-r--r--crypto/openssl/crypto/bf/bftest.c533
-rw-r--r--crypto/openssl/crypto/bf/blowfish.h123
-rw-r--r--crypto/openssl/crypto/bio/Makefile.ssl210
-rw-r--r--crypto/openssl/crypto/bio/b_dump.c128
-rw-r--r--crypto/openssl/crypto/bio/b_print.c87
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c703
-rw-r--r--crypto/openssl/crypto/bio/bf_buff.c485
-rw-r--r--crypto/openssl/crypto/bio/bf_nbio.c240
-rw-r--r--crypto/openssl/crypto/bio/bf_null.c168
-rw-r--r--crypto/openssl/crypto/bio/bio.h643
-rw-r--r--crypto/openssl/crypto/bio/bio_cb.c133
-rw-r--r--crypto/openssl/crypto/bio/bio_err.c139
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c496
-rw-r--r--crypto/openssl/crypto/bio/bss_acpt.c466
-rw-r--r--crypto/openssl/crypto/bio/bss_bio.c588
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c618
-rw-r--r--crypto/openssl/crypto/bio/bss_fd.c62
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c309
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c232
-rw-r--r--crypto/openssl/crypto/bio/bss_mem.c276
-rw-r--r--crypto/openssl/crypto/bio/bss_null.c149
-rw-r--r--crypto/openssl/crypto/bio/bss_rtcp.c293
-rw-r--r--crypto/openssl/crypto/bio/bss_sock.c423
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl276
-rw-r--r--crypto/openssl/crypto/bn/asm/README30
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.s1898
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.s.works533
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/add.pl119
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/div.pl144
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul.pl116
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl120
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl213
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl98
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl177
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl113
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl109
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl132
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.works/sub.pl108
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/add.pl118
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/div.pl144
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul.pl104
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_add.pl123
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl215
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl98
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl177
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sqr.pl113
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl109
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl132
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha/sub.pl108
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-586.pl384
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-alpha.pl571
-rw-r--r--crypto/openssl/crypto/bn/asm/ca.pl33
-rw-r--r--crypto/openssl/crypto/bn/asm/co-586.pl286
-rw-r--r--crypto/openssl/crypto/bn/asm/co-alpha.pl116
-rw-r--r--crypto/openssl/crypto/bn/asm/mips1.s539
-rw-r--r--crypto/openssl/crypto/bn/asm/mips3.s2138
-rw-r--r--crypto/openssl/crypto/bn/asm/pa-risc.s710
-rw-r--r--crypto/openssl/crypto/bn/asm/pa-risc2.s416
-rw-r--r--crypto/openssl/crypto/bn/asm/r3000.s646
-rw-r--r--crypto/openssl/crypto/bn/asm/sparcv8.S1458
-rw-r--r--crypto/openssl/crypto/bn/asm/sparcv8plus.S1535
-rw-r--r--crypto/openssl/crypto/bn/asm/x86.pl28
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/add.pl76
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/comba.pl277
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/div.pl15
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/f3
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/mul.pl77
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/mul_add.pl87
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/sqr.pl60
-rw-r--r--crypto/openssl/crypto/bn/asm/x86/sub.pl76
-rw-r--r--crypto/openssl/crypto/bn/bn.h467
-rw-r--r--crypto/openssl/crypto/bn/bn.mul19
-rw-r--r--crypto/openssl/crypto/bn/bn_add.c307
-rw-r--r--crypto/openssl/crypto/bn/bn_asm.c802
-rw-r--r--crypto/openssl/crypto/bn/bn_blind.c144
-rw-r--r--crypto/openssl/crypto/bn/bn_comba.c345
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c358
-rw-r--r--crypto/openssl/crypto/bn/bn_err.c116
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c549
-rw-r--r--crypto/openssl/crypto/bn/bn_exp2.c195
-rw-r--r--crypto/openssl/crypto/bn/bn_gcd.c204
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h268
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c787
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c407
-rw-r--r--crypto/openssl/crypto/bn/bn_mpi.c129
-rw-r--r--crypto/openssl/crypto/bn/bn_mul.c756
-rw-r--r--crypto/openssl/crypto/bn/bn_opts.c324
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.c447
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.h325
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.pl56
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c323
-rw-r--r--crypto/openssl/crypto/bn/bn_rand.c117
-rw-r--r--crypto/openssl/crypto/bn/bn_recp.c227
-rw-r--r--crypto/openssl/crypto/bn/bn_shift.c200
-rw-r--r--crypto/openssl/crypto/bn/bn_sqr.c281
-rw-r--r--crypto/openssl/crypto/bn/bn_word.c194
-rw-r--r--crypto/openssl/crypto/bn/bnspeed.c231
-rw-r--r--crypto/openssl/crypto/bn/bntest.c1016
-rw-r--r--crypto/openssl/crypto/bn/comba.pl285
-rw-r--r--crypto/openssl/crypto/bn/d.c72
-rw-r--r--crypto/openssl/crypto/bn/exp.c60
-rw-r--r--crypto/openssl/crypto/bn/expspeed.c213
-rw-r--r--crypto/openssl/crypto/bn/exptest.c172
-rw-r--r--crypto/openssl/crypto/bn/new23
-rw-r--r--crypto/openssl/crypto/bn/old/b_sqr.c199
-rw-r--r--crypto/openssl/crypto/bn/old/bn_com.c90
-rw-r--r--crypto/openssl/crypto/bn/old/bn_high.c135
-rw-r--r--crypto/openssl/crypto/bn/old/bn_ka.c567
-rw-r--r--crypto/openssl/crypto/bn/old/bn_low.c194
-rw-r--r--crypto/openssl/crypto/bn/old/bn_m.c139
-rw-r--r--crypto/openssl/crypto/bn/old/bn_mul.c.works219
-rw-r--r--crypto/openssl/crypto/bn/old/bn_wmul.c173
-rwxr-xr-xcrypto/openssl/crypto/bn/old/build3
-rw-r--r--crypto/openssl/crypto/bn/old/info22
-rw-r--r--crypto/openssl/crypto/bn/old/test.works205
-rw-r--r--crypto/openssl/crypto/bn/test.c241
-rw-r--r--crypto/openssl/crypto/bn/todo3
-rw-r--r--crypto/openssl/crypto/buffer/Makefile.ssl86
-rw-r--r--crypto/openssl/crypto/buffer/buf_err.c94
-rw-r--r--crypto/openssl/crypto/buffer/buffer.c144
-rw-r--r--crypto/openssl/crypto/buffer/buffer.h98
-rw-r--r--crypto/openssl/crypto/cast/Makefile.ssl124
-rw-r--r--crypto/openssl/crypto/cast/Makefile.uni124
-rw-r--r--crypto/openssl/crypto/cast/asm/cast-586.pl176
-rw-r--r--crypto/openssl/crypto/cast/asm/readme7
-rw-r--r--crypto/openssl/crypto/cast/c_cfb64.c122
-rw-r--r--crypto/openssl/crypto/cast/c_ecb.c80
-rw-r--r--crypto/openssl/crypto/cast/c_enc.c207
-rw-r--r--crypto/openssl/crypto/cast/c_ofb64.c111
-rw-r--r--crypto/openssl/crypto/cast/c_skey.c166
-rw-r--r--crypto/openssl/crypto/cast/cast.h103
-rw-r--r--crypto/openssl/crypto/cast/cast_lcl.h226
-rw-r--r--crypto/openssl/crypto/cast/cast_s.h585
-rw-r--r--crypto/openssl/crypto/cast/cast_spd.c275
-rw-r--r--crypto/openssl/crypto/cast/castopts.c339
-rw-r--r--crypto/openssl/crypto/cast/casts.cpp70
-rw-r--r--crypto/openssl/crypto/cast/casttest.c230
-rw-r--r--crypto/openssl/crypto/comp/Makefile.ssl99
-rw-r--r--crypto/openssl/crypto/comp/c_rle.c61
-rw-r--r--crypto/openssl/crypto/comp/c_zlib.c133
-rw-r--r--crypto/openssl/crypto/comp/comp.h60
-rw-r--r--crypto/openssl/crypto/comp/comp_err.c91
-rw-r--r--crypto/openssl/crypto/comp/comp_lib.c78
-rw-r--r--crypto/openssl/crypto/conf/Makefile.ssl92
-rw-r--r--crypto/openssl/crypto/conf/cnf_save.c105
-rw-r--r--crypto/openssl/crypto/conf/conf.c732
-rw-r--r--crypto/openssl/crypto/conf/conf.h114
-rw-r--r--crypto/openssl/crypto/conf/conf_err.c100
-rw-r--r--crypto/openssl/crypto/conf/conf_lcl.h116
-rw-r--r--crypto/openssl/crypto/conf/keysets.pl61
-rw-r--r--crypto/openssl/crypto/conf/ssleay.cnf78
-rw-r--r--crypto/openssl/crypto/conf/test.c92
-rw-r--r--crypto/openssl/crypto/cpt_err.c94
-rw-r--r--crypto/openssl/crypto/cryptlib.c300
-rw-r--r--crypto/openssl/crypto/cryptlib.h96
-rw-r--r--crypto/openssl/crypto/crypto.h335
-rw-r--r--crypto/openssl/crypto/cversion.c110
-rw-r--r--crypto/openssl/crypto/des/COPYRIGHT50
-rw-r--r--crypto/openssl/crypto/des/DES.pm19
-rw-r--r--crypto/openssl/crypto/des/DES.pod16
-rw-r--r--crypto/openssl/crypto/des/DES.xs268
-rw-r--r--crypto/openssl/crypto/des/FILES96
-rw-r--r--crypto/openssl/crypto/des/INSTALL69
-rw-r--r--crypto/openssl/crypto/des/Imakefile35
-rw-r--r--crypto/openssl/crypto/des/KERBEROS41
-rw-r--r--crypto/openssl/crypto/des/MODES.DES84
-rw-r--r--crypto/openssl/crypto/des/Makefile.PL14
-rw-r--r--crypto/openssl/crypto/des/Makefile.lit250
-rw-r--r--crypto/openssl/crypto/des/Makefile.ssl208
-rw-r--r--crypto/openssl/crypto/des/Makefile.uni251
-rw-r--r--crypto/openssl/crypto/des/PC128
-rw-r--r--crypto/openssl/crypto/des/PC257
-rw-r--r--crypto/openssl/crypto/des/README54
-rw-r--r--crypto/openssl/crypto/des/VERSION412
-rw-r--r--crypto/openssl/crypto/des/asm/crypt586.pl204
-rw-r--r--crypto/openssl/crypto/des/asm/des-586.pl253
-rw-r--r--crypto/openssl/crypto/des/asm/des686.pl230
-rw-r--r--crypto/openssl/crypto/des/asm/desboth.pl79
-rw-r--r--crypto/openssl/crypto/des/asm/readme131
-rw-r--r--crypto/openssl/crypto/des/cbc3_enc.c93
-rw-r--r--crypto/openssl/crypto/des/cbc_cksm.c97
-rw-r--r--crypto/openssl/crypto/des/cbc_enc.c61
-rw-r--r--crypto/openssl/crypto/des/cfb64ede.c141
-rw-r--r--crypto/openssl/crypto/des/cfb64enc.c121
-rw-r--r--crypto/openssl/crypto/des/cfb_enc.c165
-rw-r--r--crypto/openssl/crypto/des/des.c931
-rw-r--r--crypto/openssl/crypto/des/des.h249
-rw-r--r--crypto/openssl/crypto/des/des.man186
-rw-r--r--crypto/openssl/crypto/des/des.pl552
-rw-r--r--crypto/openssl/crypto/des/des3s.cpp67
-rw-r--r--crypto/openssl/crypto/des/des_crypt.man508
-rw-r--r--crypto/openssl/crypto/des/des_enc.c406
-rw-r--r--crypto/openssl/crypto/des/des_locl.h408
-rw-r--r--crypto/openssl/crypto/des/des_opts.c604
-rw-r--r--crypto/openssl/crypto/des/des_ver.h61
-rw-r--r--crypto/openssl/crypto/des/dess.cpp67
-rw-r--r--crypto/openssl/crypto/des/destest.c923
-rw-r--r--crypto/openssl/crypto/des/doIP46
-rw-r--r--crypto/openssl/crypto/des/doPC1110
-rw-r--r--crypto/openssl/crypto/des/doPC294
-rw-r--r--crypto/openssl/crypto/des/ecb3_enc.c82
-rw-r--r--crypto/openssl/crypto/des/ecb_enc.c122
-rw-r--r--crypto/openssl/crypto/des/ede_cbcm_enc.c197
-rw-r--r--crypto/openssl/crypto/des/enc_read.c228
-rw-r--r--crypto/openssl/crypto/des/enc_writ.c168
-rw-r--r--crypto/openssl/crypto/des/fcrypt.c181
-rw-r--r--crypto/openssl/crypto/des/fcrypt_b.c145
-rw-r--r--crypto/openssl/crypto/des/makefile.bc50
-rw-r--r--crypto/openssl/crypto/des/ncbc_enc.c143
-rw-r--r--crypto/openssl/crypto/des/ofb64ede.c124
-rw-r--r--crypto/openssl/crypto/des/ofb64enc.c110
-rw-r--r--crypto/openssl/crypto/des/ofb_enc.c134
-rw-r--r--crypto/openssl/crypto/des/options.txt39
-rw-r--r--crypto/openssl/crypto/des/pcbc_enc.c122
-rw-r--r--crypto/openssl/crypto/des/podd.h75
-rw-r--r--crypto/openssl/crypto/des/qud_cksm.c140
-rw-r--r--crypto/openssl/crypto/des/rand_key.c114
-rw-r--r--crypto/openssl/crypto/des/read2pwd.c84
-rw-r--r--crypto/openssl/crypto/des/read_pwd.c484
-rw-r--r--crypto/openssl/crypto/des/rpc_des.h131
-rw-r--r--crypto/openssl/crypto/des/rpc_enc.c98
-rw-r--r--crypto/openssl/crypto/des/rpw.c99
-rw-r--r--crypto/openssl/crypto/des/set_key.c234
-rw-r--r--crypto/openssl/crypto/des/shifts.pl198
-rw-r--r--crypto/openssl/crypto/des/sk.h204
-rw-r--r--crypto/openssl/crypto/des/speed.c310
-rw-r--r--crypto/openssl/crypto/des/spr.h204
-rw-r--r--crypto/openssl/crypto/des/str2key.c163
-rw-r--r--crypto/openssl/crypto/des/supp.c107
-rw-r--r--crypto/openssl/crypto/des/t/test27
-rw-r--r--crypto/openssl/crypto/des/testdes.pl167
-rw-r--r--crypto/openssl/crypto/des/times/486-50.sol16
-rw-r--r--crypto/openssl/crypto/des/times/586-100.lnx20
-rw-r--r--crypto/openssl/crypto/des/times/686-200.fre18
-rw-r--r--crypto/openssl/crypto/des/times/aix.cc26
-rw-r--r--crypto/openssl/crypto/des/times/alpha.cc18
-rw-r--r--crypto/openssl/crypto/des/times/hpux.cc17
-rw-r--r--crypto/openssl/crypto/des/times/sparc.gcc17
-rw-r--r--crypto/openssl/crypto/des/times/usparc.cc31
-rw-r--r--crypto/openssl/crypto/des/typemap34
-rw-r--r--crypto/openssl/crypto/des/xcbc_enc.c194
-rw-r--r--crypto/openssl/crypto/dh/Makefile.ssl108
-rw-r--r--crypto/openssl/crypto/dh/dh.h158
-rw-r--r--crypto/openssl/crypto/dh/dh1024.pem5
-rw-r--r--crypto/openssl/crypto/dh/dh192.pem3
-rw-r--r--crypto/openssl/crypto/dh/dh2048.pem16
-rw-r--r--crypto/openssl/crypto/dh/dh4096.pem14
-rw-r--r--crypto/openssl/crypto/dh/dh512.pem4
-rw-r--r--crypto/openssl/crypto/dh/dh_check.c118
-rw-r--r--crypto/openssl/crypto/dh/dh_err.c98
-rw-r--r--crypto/openssl/crypto/dh/dh_gen.c148
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c154
-rw-r--r--crypto/openssl/crypto/dh/dh_lib.c103
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c188
-rw-r--r--crypto/openssl/crypto/dh/example50
-rw-r--r--crypto/openssl/crypto/dh/generate65
-rw-r--r--crypto/openssl/crypto/dh/p1024.c92
-rw-r--r--crypto/openssl/crypto/dh/p192.c80
-rw-r--r--crypto/openssl/crypto/dh/p512.c85
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.ssl133
-rw-r--r--crypto/openssl/crypto/dsa/README4
-rw-r--r--crypto/openssl/crypto/dsa/dsa.h204
-rw-r--r--crypto/openssl/crypto/dsa/dsa_asn1.c96
-rw-r--r--crypto/openssl/crypto/dsa/dsa_err.c106
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c333
-rw-r--r--crypto/openssl/crypto/dsa/dsa_key.c112
-rw-r--r--crypto/openssl/crypto/dsa/dsa_lib.c184
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c211
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c160
-rw-r--r--crypto/openssl/crypto/dsa/dsagen.c111
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c220
-rw-r--r--crypto/openssl/crypto/dsa/fips186a.txt122
-rw-r--r--crypto/openssl/crypto/ebcdic.h17
-rw-r--r--crypto/openssl/crypto/err/Makefile.ssl110
-rw-r--r--crypto/openssl/crypto/err/err.c643
-rw-r--r--crypto/openssl/crypto/err/err.h263
-rw-r--r--crypto/openssl/crypto/err/err_all.c120
-rw-r--r--crypto/openssl/crypto/err/err_prn.c105
-rw-r--r--crypto/openssl/crypto/err/openssl.ec71
-rw-r--r--crypto/openssl/crypto/evp/Makefile.ssl1099
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c524
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c401
-rw-r--r--crypto/openssl/crypto/evp/bio_md.c244
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c552
-rw-r--r--crypto/openssl/crypto/evp/c_all.c193
-rw-r--r--crypto/openssl/crypto/evp/digest.c92
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_3d.c151
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_bf.c106
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_c.c107
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_d.c106
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_i.c119
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_r2.c216
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_r5.c108
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_3d.c155
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_bf.c108
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_c.c109
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_d.c110
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_i.c109
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_r2.c110
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_r5.c110
-rw-r--r--crypto/openssl/crypto/evp/e_dsa.c71
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_3d.c158
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_bf.c109
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_c.c110
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_d.c118
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_i.c121
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_r2.c111
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_r5.c111
-rw-r--r--crypto/openssl/crypto/evp/e_null.c97
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_3d.c152
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_bf.c109
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_c.c110
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_d.c107
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_i.c109
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_r2.c111
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_r5.c111
-rw-r--r--crypto/openssl/crypto/evp/e_rc4.c115
-rw-r--r--crypto/openssl/crypto/evp/e_xcbc_d.c112
-rw-r--r--crypto/openssl/crypto/evp/encode.c427
-rw-r--r--crypto/openssl/crypto/evp/evp.h720
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c270
-rw-r--r--crypto/openssl/crypto/evp/evp_err.c136
-rw-r--r--crypto/openssl/crypto/evp/evp_key.c156
-rw-r--r--crypto/openssl/crypto/evp/evp_lib.c138
-rw-r--r--crypto/openssl/crypto/evp/evp_pbe.c134
-rw-r--r--crypto/openssl/crypto/evp/evp_pkey.c298
-rw-r--r--crypto/openssl/crypto/evp/m_dss.c83
-rw-r--r--crypto/openssl/crypto/evp/m_dss1.c83
-rw-r--r--crypto/openssl/crypto/evp/m_md2.c83
-rw-r--r--crypto/openssl/crypto/evp/m_md5.c83
-rw-r--r--crypto/openssl/crypto/evp/m_mdc2.c83
-rw-r--r--crypto/openssl/crypto/evp/m_null.c88
-rw-r--r--crypto/openssl/crypto/evp/m_ripemd.c84
-rw-r--r--crypto/openssl/crypto/evp/m_sha.c83
-rw-r--r--crypto/openssl/crypto/evp/m_sha1.c83
-rw-r--r--crypto/openssl/crypto/evp/names.c118
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt.c146
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt2.c247
-rw-r--r--crypto/openssl/crypto/evp/p_dec.c87
-rw-r--r--crypto/openssl/crypto/evp/p_enc.c86
-rw-r--r--crypto/openssl/crypto/evp/p_lib.c275
-rw-r--r--crypto/openssl/crypto/evp/p_open.c113
-rw-r--r--crypto/openssl/crypto/evp/p_seal.c108
-rw-r--r--crypto/openssl/crypto/evp/p_sign.c112
-rw-r--r--crypto/openssl/crypto/evp/p_verify.c99
-rw-r--r--crypto/openssl/crypto/ex_data.c223
-rw-r--r--crypto/openssl/crypto/hmac/Makefile.ssl94
-rw-r--r--crypto/openssl/crypto/hmac/hmac.c150
-rw-r--r--crypto/openssl/crypto/hmac/hmac.h100
-rw-r--r--crypto/openssl/crypto/hmac/hmactest.c159
-rw-r--r--crypto/openssl/crypto/lhash/Makefile.ssl88
-rw-r--r--crypto/openssl/crypto/lhash/lh_stats.c271
-rw-r--r--crypto/openssl/crypto/lhash/lh_test.c89
-rw-r--r--crypto/openssl/crypto/lhash/lhash.c476
-rw-r--r--crypto/openssl/crypto/lhash/lhash.h144
-rw-r--r--crypto/openssl/crypto/lhash/num.pl17
-rw-r--r--crypto/openssl/crypto/md2/Makefile.ssl88
-rw-r--r--crypto/openssl/crypto/md2/md2.c124
-rw-r--r--crypto/openssl/crypto/md2/md2.h91
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c223
-rw-r--r--crypto/openssl/crypto/md2/md2_one.c93
-rw-r--r--crypto/openssl/crypto/md2/md2test.c135
-rw-r--r--crypto/openssl/crypto/md32_common.h594
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl126
-rw-r--r--crypto/openssl/crypto/md5/Makefile.uni110
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-586.pl306
-rw-r--r--crypto/openssl/crypto/md5/asm/md5-sparcv9.S1029
-rw-r--r--crypto/openssl/crypto/md5/md5.c127
-rw-r--r--crypto/openssl/crypto/md5/md5.h114
-rw-r--r--crypto/openssl/crypto/md5/md5_dgst.c317
-rw-r--r--crypto/openssl/crypto/md5/md5_locl.h169
-rw-r--r--crypto/openssl/crypto/md5/md5_one.c95
-rw-r--r--crypto/openssl/crypto/md5/md5s.cpp78
-rw-r--r--crypto/openssl/crypto/md5/md5test.c131
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile.ssl89
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2.h94
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2_one.c75
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2dgst.c195
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2test.c140
-rw-r--r--crypto/openssl/crypto/mem.c429
-rw-r--r--crypto/openssl/crypto/objects/Makefile.ssl109
-rw-r--r--crypto/openssl/crypto/objects/o_names.c243
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c653
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.pl269
-rw-r--r--crypto/openssl/crypto/objects/obj_err.c98
-rw-r--r--crypto/openssl/crypto/objects/obj_lib.c126
-rw-r--r--crypto/openssl/crypto/objects/objects.h968
-rw-r--r--crypto/openssl/crypto/objects/objects.txt40
-rw-r--r--crypto/openssl/crypto/opensslconf.h142
-rw-r--r--crypto/openssl/crypto/opensslconf.h.in142
-rw-r--r--crypto/openssl/crypto/opensslv.h21
-rw-r--r--crypto/openssl/crypto/pem/Makefile.ssl188
-rw-r--r--crypto/openssl/crypto/pem/message16
-rw-r--r--crypto/openssl/crypto/pem/pem.h625
-rw-r--r--crypto/openssl/crypto/pem/pem2.h60
-rw-r--r--crypto/openssl/crypto/pem/pem_all.c113
-rw-r--r--crypto/openssl/crypto/pem/pem_err.c127
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c353
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c803
-rw-r--r--crypto/openssl/crypto/pem/pem_seal.c178
-rw-r--r--crypto/openssl/crypto/pem/pem_sign.c102
-rw-r--r--crypto/openssl/crypto/pem/pkcs7.lis22
-rw-r--r--crypto/openssl/crypto/perlasm/alpha.pl434
-rw-r--r--crypto/openssl/crypto/perlasm/cbc.pl342
-rw-r--r--crypto/openssl/crypto/perlasm/readme124
-rw-r--r--crypto/openssl/crypto/perlasm/x86asm.pl116
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl358
-rw-r--r--crypto/openssl/crypto/perlasm/x86nasm.pl342
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl453
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile.ssl346
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_add.c214
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_attr.c238
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_bags.c192
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crpt.c122
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crt.c159
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_decr.c185
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_init.c98
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_key.c182
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_kiss.c238
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_lib.c111
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mac.c110
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mutl.c170
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_sbag.c227
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_utl.c118
-rw-r--r--crypto/openssl/crypto/pkcs12/pk12err.c136
-rw-r--r--crypto/openssl/crypto/pkcs12/pkcs12.h337
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile.ssl145
-rw-r--r--crypto/openssl/crypto/pkcs7/README5
-rw-r--r--crypto/openssl/crypto/pkcs7/bio_ber.c450
-rw-r--r--crypto/openssl/crypto/pkcs7/dec.c246
-rw-r--r--crypto/openssl/crypto/pkcs7/des.pem15
-rw-r--r--crypto/openssl/crypto/pkcs7/doc24
-rw-r--r--crypto/openssl/crypto/pkcs7/enc.c165
-rw-r--r--crypto/openssl/crypto/pkcs7/es1.pem66
-rw-r--r--crypto/openssl/crypto/pkcs7/example.c327
-rw-r--r--crypto/openssl/crypto/pkcs7/example.h57
-rw-r--r--crypto/openssl/crypto/pkcs7/info.pem57
-rw-r--r--crypto/openssl/crypto/pkcs7/infokey.pem9
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/a12
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/a21
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/cert.p7cbin0 -> 1728 bytes
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/smime.p7mbin0 -> 4894 bytes
-rw-r--r--crypto/openssl/crypto/pkcs7/p7/smime.p7sbin0 -> 2625 bytes
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_dgst.c66
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c922
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_enc.c76
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_lib.c449
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7.h417
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7err.c121
-rw-r--r--crypto/openssl/crypto/pkcs7/server.pem24
-rw-r--r--crypto/openssl/crypto/pkcs7/sign.c145
-rw-r--r--crypto/openssl/crypto/pkcs7/t/3des.pem16
-rw-r--r--crypto/openssl/crypto/pkcs7/t/3dess.pem32
-rw-r--r--crypto/openssl/crypto/pkcs7/t/c.pem48
-rw-r--r--crypto/openssl/crypto/pkcs7/t/ff32
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-e20
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-e.pem22
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-0162
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem66
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-0290
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem106
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-s-a-e91
-rw-r--r--crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem106
-rw-r--r--crypto/openssl/crypto/pkcs7/t/nav-smime157
-rw-r--r--crypto/openssl/crypto/pkcs7/t/s.pem57
-rw-r--r--crypto/openssl/crypto/pkcs7/t/server.pem57
-rw-r--r--crypto/openssl/crypto/pkcs7/verify.c253
-rw-r--r--crypto/openssl/crypto/rand/Makefile.ssl87
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c429
-rw-r--r--crypto/openssl/crypto/rand/rand.h89
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c98
-rw-r--r--crypto/openssl/crypto/rand/randfile.c179
-rw-r--r--crypto/openssl/crypto/rand/randtest.c207
-rw-r--r--crypto/openssl/crypto/rc2/Makefile.ssl90
-rw-r--r--crypto/openssl/crypto/rc2/Makefile.uni73
-rw-r--r--crypto/openssl/crypto/rc2/rc2.h99
-rw-r--r--crypto/openssl/crypto/rc2/rc2_cbc.c226
-rw-r--r--crypto/openssl/crypto/rc2/rc2_ecb.c88
-rw-r--r--crypto/openssl/crypto/rc2/rc2_locl.h156
-rw-r--r--crypto/openssl/crypto/rc2/rc2_skey.c138
-rw-r--r--crypto/openssl/crypto/rc2/rc2cfb64.c121
-rw-r--r--crypto/openssl/crypto/rc2/rc2ofb64.c110
-rw-r--r--crypto/openssl/crypto/rc2/rc2speed.c274
-rw-r--r--crypto/openssl/crypto/rc2/rc2test.c269
-rw-r--r--crypto/openssl/crypto/rc2/rrc2.doc219
-rw-r--r--crypto/openssl/crypto/rc2/tab.c86
-rw-r--r--crypto/openssl/crypto/rc2/version22
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.ssl113
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.uni103
-rw-r--r--crypto/openssl/crypto/rc4/asm/rc4-586.pl173
-rw-r--r--crypto/openssl/crypto/rc4/rc4.c192
-rw-r--r--crypto/openssl/crypto/rc4/rc4.h88
-rw-r--r--crypto/openssl/crypto/rc4/rc4_enc.c131
-rw-r--r--crypto/openssl/crypto/rc4/rc4_locl.h4
-rw-r--r--crypto/openssl/crypto/rc4/rc4_skey.c117
-rw-r--r--crypto/openssl/crypto/rc4/rc4s.cpp73
-rw-r--r--crypto/openssl/crypto/rc4/rc4speed.c250
-rw-r--r--crypto/openssl/crypto/rc4/rc4test.c201
-rw-r--r--crypto/openssl/crypto/rc4/rrc4.doc278
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.ssl112
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.uni73
-rw-r--r--crypto/openssl/crypto/rc5/asm/rc5-586.pl109
-rw-r--r--crypto/openssl/crypto/rc5/rc5.h113
-rw-r--r--crypto/openssl/crypto/rc5/rc5_ecb.c80
-rw-r--r--crypto/openssl/crypto/rc5/rc5_enc.c214
-rw-r--r--crypto/openssl/crypto/rc5/rc5_locl.h187
-rw-r--r--crypto/openssl/crypto/rc5/rc5_skey.c113
-rw-r--r--crypto/openssl/crypto/rc5/rc5cfb64.c121
-rw-r--r--crypto/openssl/crypto/rc5/rc5ofb64.c110
-rw-r--r--crypto/openssl/crypto/rc5/rc5s.cpp70
-rw-r--r--crypto/openssl/crypto/rc5/rc5speed.c274
-rw-r--r--crypto/openssl/crypto/rc5/rc5test.c384
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.ssl107
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.uni109
-rw-r--r--crypto/openssl/crypto/ripemd/README15
-rw-r--r--crypto/openssl/crypto/ripemd/asm/rips.cpp78
-rw-r--r--crypto/openssl/crypto/ripemd/asm/rmd-586.pl582
-rw-r--r--crypto/openssl/crypto/ripemd/ripemd.h94
-rw-r--r--crypto/openssl/crypto/ripemd/rmd160.c127
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_dgst.c515
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_locl.h222
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_one.c75
-rw-r--r--crypto/openssl/crypto/ripemd/rmdconst.h399
-rw-r--r--crypto/openssl/crypto/ripemd/rmdtest.c140
-rw-r--r--crypto/openssl/crypto/sha/Makefile.ssl111
-rw-r--r--crypto/openssl/crypto/sha/Makefile.uni122
-rw-r--r--crypto/openssl/crypto/sha/asm/README1
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-586.pl491
-rw-r--r--crypto/openssl/crypto/sha/sha.c124
-rw-r--r--crypto/openssl/crypto/sha/sha.h119
-rw-r--r--crypto/openssl/crypto/sha/sha1.c127
-rw-r--r--crypto/openssl/crypto/sha/sha1_one.c76
-rw-r--r--crypto/openssl/crypto/sha/sha1dgst.c498
-rw-r--r--crypto/openssl/crypto/sha/sha1s.cpp79
-rw-r--r--crypto/openssl/crypto/sha/sha1test.c168
-rw-r--r--crypto/openssl/crypto/sha/sha_dgst.c492
-rw-r--r--crypto/openssl/crypto/sha/sha_locl.h288
-rw-r--r--crypto/openssl/crypto/sha/sha_one.c76
-rw-r--r--crypto/openssl/crypto/sha/shatest.c168
-rw-r--r--crypto/openssl/crypto/stack/Makefile.ssl85
-rw-r--r--crypto/openssl/crypto/stack/safestack.h129
-rw-r--r--crypto/openssl/crypto/stack/stack.c311
-rw-r--r--crypto/openssl/crypto/stack/stack.h107
-rw-r--r--crypto/openssl/crypto/threads/mttest.c1062
-rw-r--r--crypto/openssl/crypto/threads/th-lock.c368
-rw-r--r--crypto/openssl/crypto/tmdiff.c229
-rw-r--r--crypto/openssl/crypto/tmdiff.h81
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile.ssl86
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.c383
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.h105
-rw-r--r--crypto/openssl/crypto/x509/Makefile.ssl416
-rw-r--r--crypto/openssl/crypto/x509/by_dir.c342
-rw-r--r--crypto/openssl/crypto/x509/by_file.c267
-rw-r--r--crypto/openssl/crypto/x509/x509.h989
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c293
-rw-r--r--crypto/openssl/crypto/x509/x509_d2.c107
-rw-r--r--crypto/openssl/crypto/x509/x509_def.c83
-rw-r--r--crypto/openssl/crypto/x509/x509_err.c134
-rw-r--r--crypto/openssl/crypto/x509/x509_ext.c174
-rw-r--r--crypto/openssl/crypto/x509/x509_lu.c411
-rw-r--r--crypto/openssl/crypto/x509/x509_obj.c223
-rw-r--r--crypto/openssl/crypto/x509/x509_r2x.c110
-rw-r--r--crypto/openssl/crypto/x509/x509_req.c115
-rw-r--r--crypto/openssl/crypto/x509/x509_set.c150
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c132
-rw-r--r--crypto/openssl/crypto/x509/x509_v3.c266
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c639
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.h346
-rw-r--r--crypto/openssl/crypto/x509/x509name.c321
-rw-r--r--crypto/openssl/crypto/x509/x509rset.c83
-rw-r--r--crypto/openssl/crypto/x509/x509type.c114
-rw-r--r--crypto/openssl/crypto/x509/x_all.c437
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile.ssl432
-rw-r--r--crypto/openssl/crypto/x509v3/README4
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akey.c249
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c402
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bcons.c164
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bitst.c147
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c366
-rw-r--r--crypto/openssl/crypto/x509v3/v3_cpols.c655
-rw-r--r--crypto/openssl/crypto/x509v3/v3_crld.c283
-rw-r--r--crypto/openssl/crypto/x509v3/v3_enum.c103
-rw-r--r--crypto/openssl/crypto/x509v3/v3_extku.c150
-rw-r--r--crypto/openssl/crypto/x509v3/v3_genn.c237
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ia5.c116
-rw-r--r--crypto/openssl/crypto/x509v3/v3_int.c79
-rw-r--r--crypto/openssl/crypto/x509v3/v3_lib.c177
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pku.c151
-rw-r--r--crypto/openssl/crypto/x509v3/v3_prn.c135
-rw-r--r--crypto/openssl/crypto/x509v3/v3_skey.c156
-rw-r--r--crypto/openssl/crypto/x509v3/v3_sxnet.c340
-rw-r--r--crypto/openssl/crypto/x509v3/v3_utl.c418
-rw-r--r--crypto/openssl/crypto/x509v3/v3conf.c128
-rw-r--r--crypto/openssl/crypto/x509v3/v3err.c171
-rw-r--r--crypto/openssl/crypto/x509v3/v3prin.c101
-rw-r--r--crypto/openssl/crypto/x509v3/x509v3.h532
-rw-r--r--crypto/openssl/demos/README9
-rw-r--r--crypto/openssl/demos/b64.c270
-rw-r--r--crypto/openssl/demos/b64.pl20
-rw-r--r--crypto/openssl/demos/bio/Makefile16
-rw-r--r--crypto/openssl/demos/bio/README3
-rw-r--r--crypto/openssl/demos/bio/saccept.c107
-rw-r--r--crypto/openssl/demos/bio/sconnect.c116
-rw-r--r--crypto/openssl/demos/bio/server.pem30
-rw-r--r--crypto/openssl/demos/eay/Makefile24
-rw-r--r--crypto/openssl/demos/eay/base64.c49
-rw-r--r--crypto/openssl/demos/eay/conn.c105
-rw-r--r--crypto/openssl/demos/eay/loadrsa.c53
-rw-r--r--crypto/openssl/demos/maurice/Makefile59
-rw-r--r--crypto/openssl/demos/maurice/README34
-rw-r--r--crypto/openssl/demos/maurice/cert.pem77
-rw-r--r--crypto/openssl/demos/maurice/example1.c200
-rw-r--r--crypto/openssl/demos/maurice/example2.c75
-rw-r--r--crypto/openssl/demos/maurice/example3.c85
-rw-r--r--crypto/openssl/demos/maurice/example4.c123
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.c77
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.h19
-rw-r--r--crypto/openssl/demos/maurice/privkey.pem27
-rw-r--r--crypto/openssl/demos/prime/Makefile20
-rw-r--r--crypto/openssl/demos/prime/prime.c101
-rw-r--r--crypto/openssl/demos/privkey.pem9
-rw-r--r--crypto/openssl/demos/selfsign.c168
-rw-r--r--crypto/openssl/demos/sign/Makefile15
-rw-r--r--crypto/openssl/demos/sign/cert.pem14
-rw-r--r--crypto/openssl/demos/sign/key.pem9
-rw-r--r--crypto/openssl/demos/sign/sig.txt158
-rw-r--r--crypto/openssl/demos/sign/sign.c153
-rw-r--r--crypto/openssl/demos/sign/sign.txt170
-rw-r--r--crypto/openssl/demos/spkigen.c160
-rw-r--r--crypto/openssl/demos/ssl/cli.cpp111
-rw-r--r--crypto/openssl/demos/ssl/inetdsrv.cpp98
-rw-r--r--crypto/openssl/demos/ssl/serv.cpp152
-rw-r--r--crypto/openssl/dep/crypto.txt1043
-rw-r--r--crypto/openssl/dep/files566
-rw-r--r--crypto/openssl/dep/gen.pl113
-rw-r--r--crypto/openssl/dep/ssl.txt156
-rw-r--r--crypto/openssl/doc/README10
-rw-r--r--crypto/openssl/doc/c-indentation.el36
-rw-r--r--crypto/openssl/doc/crypto.pod27
-rw-r--r--crypto/openssl/doc/openssl.pod304
-rw-r--r--crypto/openssl/doc/openssl.txt1174
-rw-r--r--crypto/openssl/doc/openssl_button.gifbin0 -> 2063 bytes
-rw-r--r--crypto/openssl/doc/openssl_button.html7
-rw-r--r--crypto/openssl/doc/ssl.pod633
-rw-r--r--crypto/openssl/doc/ssleay.txt7014
-rw-r--r--crypto/openssl/e_os.h376
-rw-r--r--crypto/openssl/e_os2.h38
-rw-r--r--crypto/openssl/mt/README14
-rw-r--r--crypto/openssl/mt/mttest.c1092
-rw-r--r--crypto/openssl/mt/profile.sh4
-rw-r--r--crypto/openssl/mt/pthread.sh9
-rw-r--r--crypto/openssl/mt/purify.sh4
-rw-r--r--crypto/openssl/mt/solaris.sh4
-rw-r--r--crypto/openssl/openssl.doxy7
-rw-r--r--crypto/openssl/perl/MANIFEST17
-rw-r--r--crypto/openssl/perl/Makefile.PL45
-rw-r--r--crypto/openssl/perl/OpenSSL.pm90
-rw-r--r--crypto/openssl/perl/OpenSSL.xs82
-rw-r--r--crypto/openssl/perl/README.1ST4
-rw-r--r--crypto/openssl/perl/openssl.h96
-rw-r--r--crypto/openssl/perl/openssl_bio.xs450
-rw-r--r--crypto/openssl/perl/openssl_bn.xs593
-rw-r--r--crypto/openssl/perl/openssl_cipher.xs154
-rw-r--r--crypto/openssl/perl/openssl_digest.xs84
-rw-r--r--crypto/openssl/perl/openssl_err.xs47
-rw-r--r--crypto/openssl/perl/openssl_ssl.xs483
-rw-r--r--crypto/openssl/perl/openssl_x509.xs75
-rw-r--r--crypto/openssl/perl/t/01-use.t13
-rw-r--r--crypto/openssl/perl/t/02-version.t10
-rw-r--r--crypto/openssl/perl/t/03-bio.t16
-rw-r--r--crypto/openssl/perl/typemap96
-rw-r--r--crypto/openssl/rsaref/Makefile.ssl98
-rw-r--r--crypto/openssl/rsaref/rsar_err.c118
-rw-r--r--crypto/openssl/rsaref/rsaref.c301
-rw-r--r--crypto/openssl/rsaref/rsaref.h180
-rw-r--r--crypto/openssl/shlib/README1
-rw-r--r--crypto/openssl/shlib/irix.sh7
-rwxr-xr-xcrypto/openssl/shlib/solaris-sc4.sh42
-rw-r--r--crypto/openssl/shlib/solaris.sh36
-rw-r--r--crypto/openssl/shlib/sun.sh8
-rw-r--r--crypto/openssl/ssl/Makefile.ssl828
-rw-r--r--crypto/openssl/ssl/bio_ssl.c555
-rw-r--r--crypto/openssl/ssl/s23_clnt.c465
-rw-r--r--crypto/openssl/ssl/s23_lib.c213
-rw-r--r--crypto/openssl/ssl/s23_meth.c92
-rw-r--r--crypto/openssl/ssl/s23_pkt.c117
-rw-r--r--crypto/openssl/ssl/s23_srvr.c503
-rw-r--r--crypto/openssl/ssl/s2_clnt.c971
-rw-r--r--crypto/openssl/ssl/s2_enc.c180
-rw-r--r--crypto/openssl/ssl/s2_lib.c424
-rw-r--r--crypto/openssl/ssl/s2_meth.c89
-rw-r--r--crypto/openssl/ssl/s2_pkt.c640
-rw-r--r--crypto/openssl/ssl/s2_srvr.c968
-rw-r--r--crypto/openssl/ssl/s3_both.c468
-rw-r--r--crypto/openssl/ssl/s3_clnt.c1729
-rw-r--r--crypto/openssl/ssl/s3_enc.c587
-rw-r--r--crypto/openssl/ssl/s3_lib.c1107
-rw-r--r--crypto/openssl/ssl/s3_meth.c88
-rw-r--r--crypto/openssl/ssl/s3_pkt.c1041
-rw-r--r--crypto/openssl/ssl/s3_srvr.c1683
-rw-r--r--crypto/openssl/ssl/ssl.h1484
-rw-r--r--crypto/openssl/ssl/ssl2.h265
-rw-r--r--crypto/openssl/ssl/ssl23.h83
-rw-r--r--crypto/openssl/ssl/ssl3.h459
-rw-r--r--crypto/openssl/ssl/ssl_algs.c103
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c327
-rw-r--r--crypto/openssl/ssl/ssl_cert.c716
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c835
-rw-r--r--crypto/openssl/ssl/ssl_err.c416
-rw-r--r--crypto/openssl/ssl/ssl_err2.c70
-rw-r--r--crypto/openssl/ssl/ssl_lib.c1947
-rw-r--r--crypto/openssl/ssl/ssl_locl.h499
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c815
-rw-r--r--crypto/openssl/ssl/ssl_sess.c637
-rw-r--r--crypto/openssl/ssl/ssl_stat.c454
-rw-r--r--crypto/openssl/ssl/ssl_task.c369
-rw-r--r--crypto/openssl/ssl/ssl_txt.c171
-rw-r--r--crypto/openssl/ssl/ssltest.c1163
-rw-r--r--crypto/openssl/ssl/t1_clnt.c90
-rw-r--r--crypto/openssl/ssl/t1_enc.c633
-rw-r--r--crypto/openssl/ssl/t1_lib.c145
-rw-r--r--crypto/openssl/ssl/t1_meth.c88
-rw-r--r--crypto/openssl/ssl/t1_srvr.c91
-rw-r--r--crypto/openssl/ssl/tls1.h153
-rw-r--r--crypto/openssl/test/CAss.cnf25
-rw-r--r--crypto/openssl/test/CAssdh.cnf24
-rw-r--r--crypto/openssl/test/CAssdsa.cnf23
-rw-r--r--crypto/openssl/test/CAssrsa.cnf24
-rw-r--r--crypto/openssl/test/Makefile.ssl388
-rw-r--r--crypto/openssl/test/Sssdsa.cnf27
-rw-r--r--crypto/openssl/test/Sssrsa.cnf26
-rw-r--r--crypto/openssl/test/Uss.cnf28
-rw-r--r--crypto/openssl/test/VMSca-response.11
-rw-r--r--crypto/openssl/test/VMSca-response.22
-rw-r--r--crypto/openssl/test/dsa-ca.pem43
-rw-r--r--crypto/openssl/test/dsa-pca.pem49
-rw-r--r--crypto/openssl/test/methtest.c105
-rw-r--r--crypto/openssl/test/pkcs7-1.pem15
-rw-r--r--crypto/openssl/test/pkcs7.pem54
-rw-r--r--crypto/openssl/test/r160test.c57
-rw-r--r--crypto/openssl/test/tcrl81
-rw-r--r--crypto/openssl/test/test.cnf88
-rw-r--r--crypto/openssl/test/testca44
-rw-r--r--crypto/openssl/test/testcrl.pem16
-rw-r--r--crypto/openssl/test/testenc54
-rw-r--r--crypto/openssl/test/testgen30
-rw-r--r--crypto/openssl/test/testp7.pem46
-rw-r--r--crypto/openssl/test/testreq2.pem7
-rw-r--r--crypto/openssl/test/testrsa.pem9
-rw-r--r--crypto/openssl/test/testsid.pem12
-rw-r--r--crypto/openssl/test/testss90
-rw-r--r--crypto/openssl/test/testssl75
-rw-r--r--crypto/openssl/test/testx509.pem10
-rw-r--r--crypto/openssl/test/times113
-rw-r--r--crypto/openssl/test/tpkcs751
-rw-r--r--crypto/openssl/test/tpkcs7d44
-rw-r--r--crypto/openssl/test/treq81
-rw-r--r--crypto/openssl/test/trsa81
-rw-r--r--crypto/openssl/test/tsid81
-rw-r--r--crypto/openssl/test/tx50981
-rw-r--r--crypto/openssl/test/v3-cert1.pem16
-rw-r--r--crypto/openssl/test/v3-cert2.pem16
-rw-r--r--crypto/openssl/times/090/586-100.nt32
-rw-r--r--crypto/openssl/times/091/486-50.nt30
-rw-r--r--crypto/openssl/times/091/586-100.lnx32
-rw-r--r--crypto/openssl/times/091/68000.bsd32
-rw-r--r--crypto/openssl/times/091/686-200.lnx32
-rw-r--r--crypto/openssl/times/091/alpha064.osf32
-rw-r--r--crypto/openssl/times/091/alpha164.lnx32
-rw-r--r--crypto/openssl/times/091/alpha164.osf31
-rw-r--r--crypto/openssl/times/091/mips-rel.pl21
-rw-r--r--crypto/openssl/times/091/r10000.irx37
-rw-r--r--crypto/openssl/times/091/r3000.ult32
-rw-r--r--crypto/openssl/times/091/r4400.irx32
-rw-r--r--crypto/openssl/times/100.lnx32
-rw-r--r--crypto/openssl/times/100.nt29
-rw-r--r--crypto/openssl/times/200.lnx30
-rw-r--r--crypto/openssl/times/486-66.dos22
-rw-r--r--crypto/openssl/times/486-66.nt22
-rw-r--r--crypto/openssl/times/486-66.w3123
-rw-r--r--crypto/openssl/times/5.lnx29
-rw-r--r--crypto/openssl/times/586-085i.nt29
-rw-r--r--crypto/openssl/times/586-100.LN326
-rw-r--r--crypto/openssl/times/586-100.NT226
-rw-r--r--crypto/openssl/times/586-100.dos24
-rw-r--r--crypto/openssl/times/586-100.ln426
-rw-r--r--crypto/openssl/times/586-100.lnx23
-rw-r--r--crypto/openssl/times/586-100.nt23
-rw-r--r--crypto/openssl/times/586-100.ntx30
-rw-r--r--crypto/openssl/times/586-100.w3127
-rw-r--r--crypto/openssl/times/586-1002.lnx26
-rw-r--r--crypto/openssl/times/586p-100.lnx26
-rw-r--r--crypto/openssl/times/686-200.bsd25
-rw-r--r--crypto/openssl/times/686-200.lnx26
-rw-r--r--crypto/openssl/times/686-200.nt24
-rw-r--r--crypto/openssl/times/L127
-rw-r--r--crypto/openssl/times/R10000.t24
-rw-r--r--crypto/openssl/times/R4400.t26
-rw-r--r--crypto/openssl/times/aix.t34
-rw-r--r--crypto/openssl/times/aixold.t23
-rw-r--r--crypto/openssl/times/alpha.t81
-rw-r--r--crypto/openssl/times/alpha400.t25
-rw-r--r--crypto/openssl/times/cyrix100.lnx22
-rw-r--r--crypto/openssl/times/dgux-x86.t23
-rw-r--r--crypto/openssl/times/dgux.t17
-rw-r--r--crypto/openssl/times/hpux-acc.t25
-rw-r--r--crypto/openssl/times/hpux-kr.t23
-rw-r--r--crypto/openssl/times/hpux.t86
-rw-r--r--crypto/openssl/times/p2.w9522
-rw-r--r--crypto/openssl/times/pent2.t24
-rw-r--r--crypto/openssl/times/readme11
-rw-r--r--crypto/openssl/times/s586-100.lnx25
-rw-r--r--crypto/openssl/times/s586-100.nt23
-rw-r--r--crypto/openssl/times/sgi.t29
-rw-r--r--crypto/openssl/times/sparc.t26
-rw-r--r--crypto/openssl/times/sparc221
-rw-r--r--crypto/openssl/times/sparcLX.t22
-rw-r--r--crypto/openssl/times/usparc.t25
-rw-r--r--crypto/openssl/times/x86/bfs.cpp67
-rw-r--r--crypto/openssl/times/x86/casts.cpp67
-rw-r--r--crypto/openssl/times/x86/des3s.cpp67
-rw-r--r--crypto/openssl/times/x86/dess.cpp67
-rw-r--r--crypto/openssl/times/x86/md5s.cpp78
-rw-r--r--crypto/openssl/times/x86/rc4s.cpp73
-rw-r--r--crypto/openssl/times/x86/sha1s.cpp79
-rw-r--r--crypto/openssl/tools/Makefile.ssl61
-rw-r--r--crypto/openssl/tools/c_hash9
-rw-r--r--crypto/openssl/tools/c_info12
-rw-r--r--crypto/openssl/tools/c_issuer10
-rw-r--r--crypto/openssl/tools/c_name10
-rw-r--r--crypto/openssl/tools/c_rehash61
-rw-r--r--crypto/openssl/tools/c_rehash.in61
-rwxr-xr-xcrypto/openssl/util/FreeBSD.sh6
-rwxr-xr-xcrypto/openssl/util/add_cr.pl123
-rwxr-xr-xcrypto/openssl/util/bat.sh132
-rwxr-xr-xcrypto/openssl/util/ck_errf.pl45
-rwxr-xr-xcrypto/openssl/util/clean-depend.pl38
-rwxr-xr-xcrypto/openssl/util/deleof.pl7
-rwxr-xr-xcrypto/openssl/util/do_ms.sh19
-rwxr-xr-xcrypto/openssl/util/domd11
-rwxr-xr-xcrypto/openssl/util/err-ins.pl33
-rwxr-xr-xcrypto/openssl/util/files.pl61
-rwxr-xr-xcrypto/openssl/util/fixNT.sh14
-rwxr-xr-xcrypto/openssl/util/install.sh108
-rwxr-xr-xcrypto/openssl/util/libeay.num1846
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl873
-rwxr-xr-xcrypto/openssl/util/mkcerts.sh220
-rwxr-xr-xcrypto/openssl/util/mkdef.pl426
-rwxr-xr-xcrypto/openssl/util/mkdir-p.pl33
-rw-r--r--crypto/openssl/util/mkerr.pl503
-rwxr-xr-xcrypto/openssl/util/mkfiles.pl110
-rwxr-xr-xcrypto/openssl/util/mklink.pl55
-rwxr-xr-xcrypto/openssl/util/perlpath.pl35
-rw-r--r--crypto/openssl/util/pl/BC-16.pl146
-rw-r--r--crypto/openssl/util/pl/BC-32.pl136
-rw-r--r--crypto/openssl/util/pl/Mingw32.pl79
-rw-r--r--crypto/openssl/util/pl/Mingw32f.pl73
-rw-r--r--crypto/openssl/util/pl/VC-16.pl173
-rw-r--r--crypto/openssl/util/pl/VC-32.pl140
-rw-r--r--crypto/openssl/util/pl/linux.pl100
-rw-r--r--crypto/openssl/util/pl/ultrix.pl38
-rw-r--r--crypto/openssl/util/pl/unix.pl96
-rwxr-xr-xcrypto/openssl/util/point.sh6
-rwxr-xr-xcrypto/openssl/util/sep_lib.sh34
-rwxr-xr-xcrypto/openssl/util/sp-diff.pl80
-rwxr-xr-xcrypto/openssl/util/speed.sh39
-rwxr-xr-xcrypto/openssl/util/src-dep.pl147
-rwxr-xr-xcrypto/openssl/util/ssleay.num217
-rwxr-xr-xcrypto/openssl/util/tab_num.pl17
-rwxr-xr-xcrypto/openssl/util/x86asm.sh42
1108 files changed, 223134 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
new file mode 100644
index 000000000000..d0db7eaf61bb
--- /dev/null
+++ b/crypto/openssl/CHANGES
@@ -0,0 +1,1624 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
+
+ *) Install libRSAglue.a when OpenSSL is built with RSAref.
+ [Ralf S. Engelschall]
+
+ *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+ [Andrija Antonijevic <TheAntony2@bigfoot.com>]
+
+ *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+ program.
+ [Steve Henson]
+
+ *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+ DH parameters/keys (q is lost during that conversion, but the resulting
+ DH parameters contain its length).
+
+ For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+ much faster than DH_generate_parameters (which creates parameters
+ where p = 2*q + 1), and also the smaller q makes DH computations
+ much more efficient (160-bit exponentiation instead of 1024-bit
+ exponentiation); so this provides a convenient way to support DHE
+ ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
+ utter importance to use
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ or
+ SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ when such DH parameters are used, because otherwise small subgroup
+ attacks may become possible!
+ [Bodo Moeller]
+
+ *) Avoid memory leak in i2d_DHparams.
+ [Bodo Moeller]
+
+ *) Allow the -k option to be used more than once in the enc program:
+ this allows the same encrypted message to be read by multiple recipients.
+ [Steve Henson]
+
+ *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+ an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+ it will always use the numerical form of the OID, even if it has a short
+ or long name.
+ [Steve Henson]
+
+ *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+ method only got called if p,q,dmp1,dmq1,iqmp components were present,
+ otherwise bn_mod_exp was called. In the case of hardware keys for example
+ no private key components need be present and it might store extra data
+ in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+ RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+ operations.
+ [Steve Henson]
+
+ *) Added support for SPARC Linux.
+ [Andy Polyakov]
+
+ *) pem_password_cb function type incompatibly changed from
+ typedef int pem_password_cb(char *buf, int size, int rwflag);
+ to
+ ....(char *buf, int size, int rwflag, void *userdata);
+ so that applications can pass data to their callbacks:
+ The PEM[_ASN1]_{read,write}... functions and macros now take an
+ additional void * argument, which is just handed through whenever
+ the password callback is called.
+ [Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller]
+
+ New function SSL_CTX_set_default_passwd_cb_userdata.
+
+ Compatibility note: As many C implementations push function arguments
+ onto the stack in reverse order, the new library version is likely to
+ interoperate with programs that have been compiled with the old
+ pem_password_cb definition (PEM_whatever takes some data that
+ happens to be on the stack as its last argument, and the callback
+ just ignores this garbage); but there is no guarantee whatsoever that
+ this will work.
+
+ *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+ (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+ problems not only on Windows, but also on some Unix platforms.
+ To avoid problematic command lines, these definitions are now in an
+ auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+ for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+ [Bodo Moeller]
+
+ *) MIPS III/IV assembler module is reimplemented.
+ [Andy Polyakov]
+
+ *) More DES library cleanups: remove references to srand/rand and
+ delete an unused file.
+ [Ulf Möller]
+
+ *) Add support for the the free Netwide assembler (NASM) under Win32,
+ since not many people have MASM (ml) and it can be hard to obtain.
+ This is currently experimental but it seems to work OK and pass all
+ the tests. Check out INSTALL.W32 for info.
+ [Steve Henson]
+
+ *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+ without temporary keys kept an extra copy of the server key,
+ and connections with temporary keys did not free everything in case
+ of an error.
+ [Bodo Moeller]
+
+ *) New function RSA_check_key and new openssl rsa option -check
+ for verifying the consistency of RSA keys.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) Various changes to make Win32 compile work:
+ 1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+ 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+ comparison" warnings.
+ 3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+ [Steve Henson]
+
+ *) Add a debugging option to PKCS#5 v2 key generation function: when
+ you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+ derived keys are printed to stderr.
+ [Steve Henson]
+
+ *) Copy the flags in ASN1_STRING_dup().
+ [Roman E. Pavlov <pre@mo.msk.ru>]
+
+ *) The x509 application mishandled signing requests containing DSA
+ keys when the signing key was also DSA and the parameters didn't match.
+
+ It was supposed to omit the parameters when they matched the signing key:
+ the verifying software was then supposed to automatically use the CA's
+ parameters if they were absent from the end user certificate.
+
+ Omitting parameters is no longer recommended. The test was also
+ the wrong way round! This was probably due to unusual behaviour in
+ EVP_cmp_parameters() which returns 1 if the parameters match.
+ This meant that parameters were omitted when they *didn't* match and
+ the certificate was useless. Certificates signed with 'ca' didn't have
+ this bug.
+ [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+ *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+ The interface is as follows:
+ Applications can use
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+ "off" is now the default.
+ The library internally uses
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+ to disable memory-checking temporarily.
+
+ Some inconsistent states that previously were possible (and were
+ even the default) are now avoided.
+
+ -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+ with each memory chunk allocated; this is occasionally more helpful
+ than just having a counter.
+
+ -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+ -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+ extensions.
+ [Bodo Moeller]
+
+ *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+ which largely parallels "options", but is for changing API behaviour,
+ whereas "options" are about protocol behaviour.
+ Initial "mode" flags are:
+
+ SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when
+ a single record has been written.
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write
+ retries use the same buffer location.
+ (But all of the contents must be
+ copied!)
+ [Bodo Moeller]
+
+ *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
+ worked.
+
+ *) Fix problems with no-hmac etc.
+ [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+
+ *) New functions RSA_get_default_method(), RSA_set_method() and
+ RSA_get_method(). These allows replacement of RSA_METHODs without having
+ to mess around with the internals of an RSA structure.
+ [Steve Henson]
+
+ *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+ Also really enable memory leak checks in openssl.c and in some
+ test programs.
+ [Chad C. Mulligan, Bodo Moeller]
+
+ *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+ up the length of negative integers. This has now been simplified to just
+ store the length when it is first determined and use it later, rather
+ than trying to keep track of where data is copied and updating it to
+ point to the end.
+ [Steve Henson, reported by Brien Wheeler
+ <bwheeler@authentica-security.com>]
+
+ *) Add a new function PKCS7_signatureVerify. This allows the verification
+ of a PKCS#7 signature but with the signing certificate passed to the
+ function itself. This contrasts with PKCS7_dataVerify which assumes the
+ certificate is present in the PKCS#7 structure. This isn't always the
+ case: certificates can be omitted from a PKCS#7 structure and be
+ distributed by "out of band" means (such as a certificate database).
+ [Steve Henson]
+
+ *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+ function prototypes in pem.h, also change util/mkdef.pl to add the
+ necessary function names.
+ [Steve Henson]
+
+ *) mk1mf.pl (used by Windows builds) did not properly read the
+ options set by Configure in the top level Makefile, and Configure
+ was not even able to write more than one option correctly.
+ Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+ [Bodo Moeller]
+
+ *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+ file to be loaded from a BIO or FILE pointer. The BIO version will
+ for example allow memory BIOs to contain config info.
+ [Steve Henson]
+
+ *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+ Whoever hopes to achieve shared-library compatibility across versions
+ must use this, not the compile-time macro.
+ (Exercise 0.9.4: Which is the minimum library version required by
+ such programs?)
+ Note: All this applies only to multi-threaded programs, others don't
+ need locks.
+ [Bodo Moeller]
+
+ *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+ through a BIO pair triggered the default case, i.e.
+ SSLerr(...,SSL_R_UNKNOWN_STATE).
+ [Bodo Moeller]
+
+ *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+ can use the SSL library even if none of the specific BIOs is
+ appropriate.
+ [Bodo Moeller]
+
+ *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+ for the encoded length.
+ [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
+
+ *) Add initial documentation of the X509V3 functions.
+ [Steve Henson]
+
+ *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
+ PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+ PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+ secure PKCS#8 private key format with a high iteration count.
+ [Steve Henson]
+
+ *) Fix determination of Perl interpreter: A perl or perl5
+ _directory_ in $PATH was also accepted as the interpreter.
+ [Ralf S. Engelschall]
+
+ *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+ wrong with it but it was very old and did things like calling
+ PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+ unusual formatting.
+ [Steve Henson]
+
+ *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+ to use the new extension code.
+ [Steve Henson]
+
+ *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+ with macros. This should make it easier to change their form, add extra
+ arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+ constant.
+ [Steve Henson]
+
+ *) Add to configuration table a new entry that can specify an alternative
+ name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+ according to Mark Crispin <MRC@Panda.COM>.
+ [Bodo Moeller]
+
+#if 0
+ *) DES CBC did not update the IV. Weird.
+ [Ben Laurie]
+#else
+ des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+ Changing the behaviour of the former might break existing programs --
+ where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+ *) When bntest is run from "make test" it drives bc to check its
+ calculations, as well as internally checking them. If an internal check
+ fails, it needs to cause bc to give a non-zero result or make test carries
+ on without noticing the failure. Fixed.
+ [Ben Laurie]
+
+ *) DES library cleanups.
+ [Ulf Möller]
+
+ *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+ used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+ ciphers. NOTE: although the key derivation function has been verified
+ against some published test vectors it has not been extensively tested
+ yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+ of v2.0.
+ [Steve Henson]
+
+ *) Instead of "mkdir -p", which is not fully portable, use new
+ Perl script "util/mkdir-p.pl".
+ [Bodo Moeller]
+
+ *) Rewrite the way password based encryption (PBE) is handled. It used to
+ assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+ structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+ but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+ the 'parameter' field of the AlgorithmIdentifier is passed to the
+ underlying key generation function so it must do its own ASN1 parsing.
+ This has also changed the EVP_PBE_CipherInit() function which now has a
+ 'parameter' argument instead of literal salt and iteration count values
+ and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+ [Steve Henson]
+
+ *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+ and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+ Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+ KEY" because this clashed with PKCS#8 unencrypted string. Since this
+ value was just used as a "magic string" and not used directly its
+ value doesn't matter.
+ [Steve Henson]
+
+ *) Introduce some semblance of const correctness to BN. Shame C doesn't
+ support mutable.
+ [Ben Laurie]
+
+ *) "linux-sparc64" configuration (ultrapenguin).
+ [Ray Miller <ray.miller@oucs.ox.ac.uk>]
+ "linux-sparc" configuration.
+ [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
+
+ *) config now generates no-xxx options for missing ciphers.
+ [Ulf Möller]
+
+ *) Support the EBCDIC character set (work in progress).
+ File ebcdic.c not yet included because it has a different license.
+ [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+ *) Support BS2000/OSD-POSIX.
+ [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+ *) Make callbacks for key generation use void * instead of char *.
+ [Ben Laurie]
+
+ *) Make S/MIME samples compile (not yet tested).
+ [Ben Laurie]
+
+ *) Additional typesafe stacks.
+ [Ben Laurie]
+
+ *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+ [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a [29 May 1999]
+
+ *) New configuration variant "sco5-gcc".
+
+ *) Updated some demos.
+ [Sean O Riordain, Wade Scholine]
+
+ *) Add missing BIO_free at exit of pkcs12 application.
+ [Wu Zhigang]
+
+ *) Fix memory leak in conf.c.
+ [Steve Henson]
+
+ *) Updates for Win32 to assembler version of MD5.
+ [Steve Henson]
+
+ *) Set #! path to perl in apps/der_chop to where we found it
+ instead of using a fixed path.
+ [Bodo Moeller]
+
+ *) SHA library changes for irix64-mips4-cc.
+ [Andy Polyakov]
+
+ *) Improvements for VMS support.
+ [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3 [24 May 1999]
+
+ *) Bignum library bug fix. IRIX 6 passes "make test" now!
+ This also avoids the problems with SC4.2 and unpatched SC5.
+ [Andy Polyakov <appro@fy.chalmers.se>]
+
+ *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+ These are required because of the typesafe stack would otherwise break
+ existing code. If old code used a structure member which used to be STACK
+ and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+ sk_num or sk_value it would produce an error because the num, data members
+ are not present in STACK_OF. Now it just produces a warning. sk_set
+ replaces the old method of assigning a value to sk_value
+ (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+ that does this will no longer work (and should use sk_set instead) but
+ this could be regarded as a "questionable" behaviour anyway.
+ [Steve Henson]
+
+ *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+ correctly handle encrypted S/MIME data.
+ [Steve Henson]
+
+ *) Change type of various DES function arguments from des_cblock
+ (which means, in function argument declarations, pointer to char)
+ to des_cblock * (meaning pointer to array with 8 char elements),
+ which allows the compiler to do more typechecking; it was like
+ that back in SSLeay, but with lots of ugly casts.
+
+ Introduce new type const_des_cblock.
+ [Bodo Moeller]
+
+ *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+ problems: find RecipientInfo structure that matches recipient certificate
+ and initialise the ASN1 structures properly based on passed cipher.
+ [Steve Henson]
+
+ *) Belatedly make the BN tests actually check the results.
+ [Ben Laurie]
+
+ *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+ to and from BNs: it was completely broken. New compilation option
+ NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+ key elements as negative integers.
+ [Steve Henson]
+
+ *) Reorganize and speed up MD5.
+ [Andy Polyakov <appro@fy.chalmers.se>]
+
+ *) VMS support.
+ [Richard Levitte <richard@levitte.org>]
+
+ *) New option -out to asn1parse to allow the parsed structure to be
+ output to a file. This is most useful when combined with the -strparse
+ option to examine the output of things like OCTET STRINGS.
+ [Steve Henson]
+
+ *) Make SSL library a little more fool-proof by not requiring any longer
+ that SSL_set_{accept,connect}_state be called before
+ SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+ in many applications because usually everything *appeared* to work as
+ intended anyway -- now it really works as intended).
+ [Bodo Moeller]
+
+ *) Move openssl.cnf out of lib/.
+ [Ulf Möller]
+
+ *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+ -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+ -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
+ [Ralf S. Engelschall]
+
+ *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+ handle PKCS#7 enveloped data properly.
+ [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
+ *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+ copying pointers. The cert_st handling is changed by this in
+ various ways (and thus what used to be known as ctx->default_cert
+ is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+ any longer when s->cert does not give us what we need).
+ ssl_cert_instantiate becomes obsolete by this change.
+ As soon as we've got the new code right (possibly it already is?),
+ we have solved a couple of bugs of the earlier code where s->cert
+ was used as if it could not have been shared with other SSL structures.
+
+ Note that using the SSL API in certain dirty ways now will result
+ in different behaviour than observed with earlier library versions:
+ Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+ does not influence s as it used to.
+
+ In order to clean up things more thoroughly, inside SSL_SESSION
+ we don't use CERT any longer, but a new structure SESS_CERT
+ that holds per-session data (if available); currently, this is
+ the peer's certificate chain and, for clients, the server's certificate
+ and temporary key. CERT holds only those values that can have
+ meaningful defaults in an SSL_CTX.
+ [Bodo Moeller]
+
+ *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+ from the internal representation. Various PKCS#7 fixes: remove some
+ evil casts and set the enc_dig_alg field properly based on the signing
+ key type.
+ [Steve Henson]
+
+ *) Allow PKCS#12 password to be set from the command line or the
+ environment. Let 'ca' get its config file name from the environment
+ variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+ and 'x509').
+ [Steve Henson]
+
+ *) Allow certificate policies extension to use an IA5STRING for the
+ organization field. This is contrary to the PKIX definition but
+ VeriSign uses it and IE5 only recognises this form. Document 'x509'
+ extension option.
+ [Steve Henson]
+
+ *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+ without disallowing inline assembler and the like for non-pedantic builds.
+ [Ben Laurie]
+
+ *) Support Borland C++ builder.
+ [Janez Jere <jj@void.si>, modified by Ulf Möller]
+
+ *) Support Mingw32.
+ [Ulf Möller]
+
+ *) SHA-1 cleanups and performance enhancements.
+ [Andy Polyakov <appro@fy.chalmers.se>]
+
+ *) Sparc v8plus assembler for the bignum library.
+ [Andy Polyakov <appro@fy.chalmers.se>]
+
+ *) Accept any -xxx and +xxx compiler options in Configure.
+ [Ulf Möller]
+
+ *) Update HPUX configuration.
+ [Anonymous]
+
+ *) Add missing sk_<type>_unshift() function to safestack.h
+ [Ralf S. Engelschall]
+
+ *) New function SSL_CTX_use_certificate_chain_file that sets the
+ "extra_cert"s in addition to the certificate. (This makes sense
+ only for "PEM" format files, as chains as a whole are not
+ DER-encoded.)
+ [Bodo Moeller]
+
+ *) Support verify_depth from the SSL API.
+ x509_vfy.c had what can be considered an off-by-one-error:
+ Its depth (which was not part of the external interface)
+ was actually counting the number of certificates in a chain;
+ now it really counts the depth.
+ [Bodo Moeller]
+
+ *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+ instead of X509err, which often resulted in confusing error
+ messages since the error codes are not globally unique
+ (e.g. an alleged error in ssl3_accept when a certificate
+ didn't match the private key).
+
+ *) New function SSL_CTX_set_session_id_context that allows to set a default
+ value (so that you don't need SSL_set_session_id_context for each
+ connection using the SSL_CTX).
+ [Bodo Moeller]
+
+ *) OAEP decoding bug fix.
+ [Ulf Möller]
+
+ *) Support INSTALL_PREFIX for package builders, as proposed by
+ David Harris.
+ [Bodo Moeller]
+
+ *) New Configure options "threads" and "no-threads". For systems
+ where the proper compiler options are known (currently Solaris
+ and Linux), "threads" is the default.
+ [Bodo Moeller]
+
+ *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+ [Bodo Moeller]
+
+ *) Install various scripts to $(OPENSSLDIR)/misc, not to
+ $(INSTALLTOP)/bin -- they shouldn't clutter directories
+ such as /usr/local/bin.
+ [Bodo Moeller]
+
+ *) "make linux-shared" to build shared libraries.
+ [Niels Poppe <niels@netbox.org>]
+
+ *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+ [Ulf Möller]
+
+ *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+ extension adding in x509 utility.
+ [Steve Henson]
+
+ *) Remove NOPROTO sections and error code comments.
+ [Ulf Möller]
+
+ *) Partial rewrite of the DEF file generator to now parse the ANSI
+ prototypes.
+ [Steve Henson]
+
+ *) New Configure options --prefix=DIR and --openssldir=DIR.
+ [Ulf Möller]
+
+ *) Complete rewrite of the error code script(s). It is all now handled
+ by one script at the top level which handles error code gathering,
+ header rewriting and C source file generation. It should be much better
+ than the old method: it now uses a modified version of Ulf's parser to
+ read the ANSI prototypes in all header files (thus the old K&R definitions
+ aren't needed for error creation any more) and do a better job of
+ translating function codes into names. The old 'ASN1 error code imbedded
+ in a comment' is no longer necessary and it doesn't use .err files which
+ have now been deleted. Also the error code call doesn't have to appear all
+ on one line (which resulted in some large lines...).
+ [Steve Henson]
+
+ *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+ [Bodo Moeller]
+
+ *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+ 0 (which usually indicates a closed connection), but continue reading.
+ [Bodo Moeller]
+
+ *) Fix some race conditions.
+ [Bodo Moeller]
+
+ *) Add support for CRL distribution points extension. Add Certificate
+ Policies and CRL distribution points documentation.
+ [Steve Henson]
+
+ *) Move the autogenerated header file parts to crypto/opensslconf.h.
+ [Ulf Möller]
+
+ *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+ 8 of keying material. Merlin has also confirmed interop with this fix
+ between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+ [Merlin Hughes <merlin@baltimore.ie>]
+
+ *) Fix lots of warnings.
+ [Richard Levitte <levitte@stacken.kth.se>]
+
+ *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+ the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+ [Richard Levitte <levitte@stacken.kth.se>]
+
+ *) Fix problems with sizeof(long) == 8.
+ [Andy Polyakov <appro@fy.chalmers.se>]
+
+ *) Change functions to ANSI C.
+ [Ulf Möller]
+
+ *) Fix typos in error codes.
+ [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
+
+ *) Remove defunct assembler files from Configure.
+ [Ulf Möller]
+
+ *) SPARC v8 assembler BIGNUM implementation.
+ [Andy Polyakov <appro@fy.chalmers.se>]
+
+ *) Support for Certificate Policies extension: both print and set.
+ Various additions to support the r2i method this uses.
+ [Steve Henson]
+
+ *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+ return a const string when you are expecting an allocated buffer.
+ [Ben Laurie]
+
+ *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+ types DirectoryString and DisplayText.
+ [Steve Henson]
+
+ *) Add code to allow r2i extensions to access the configuration database,
+ add an LHASH database driver and add several ctx helper functions.
+ [Steve Henson]
+
+ *) Fix an evil bug in bn_expand2() which caused various BN functions to
+ fail when they extended the size of a BIGNUM.
+ [Steve Henson]
+
+ *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+ support typesafe stack.
+ [Steve Henson]
+
+ *) Fix typo in SSL_[gs]et_options().
+ [Nils Frostberg <nils@medcom.se>]
+
+ *) Delete various functions and files that belonged to the (now obsolete)
+ old X509V3 handling code.
+ [Steve Henson]
+
+ *) New Configure option "rsaref".
+ [Ulf Möller]
+
+ *) Don't auto-generate pem.h.
+ [Bodo Moeller]
+
+ *) Introduce type-safe ASN.1 SETs.
+ [Ben Laurie]
+
+ *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+ [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+ *) Introduce type-safe STACKs. This will almost certainly break lots of code
+ that links with OpenSSL (well at least cause lots of warnings), but fear
+ not: the conversion is trivial, and it eliminates loads of evil casts. A
+ few STACKed things have been converted already. Feel free to convert more.
+ In the fullness of time, I'll do away with the STACK type altogether.
+ [Ben Laurie]
+
+ *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+ specified in <certfile> by updating the entry in the index.txt file.
+ This way one no longer has to edit the index.txt file manually for
+ revoking a certificate. The -revoke option does the gory details now.
+ [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
+
+ *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+ `-text' option at all and this way the `-noout -text' combination was
+ inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+ [Ralf S. Engelschall]
+
+ *) Make sure a corresponding plain text error message exists for the
+ X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+ verify callback function determined that a certificate was revoked.
+ [Ralf S. Engelschall]
+
+ *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+ ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
+ all available cipers including rc5, which was forgotten until now.
+ In order to let the testing shell script know which algorithms
+ are available, a new (up to now undocumented) command
+ "openssl list-cipher-commands" is used.
+ [Bodo Moeller]
+
+ *) Bugfix: s_client occasionally would sleep in select() when
+ it should have checked SSL_pending() first.
+ [Bodo Moeller]
+
+ *) New functions DSA_do_sign and DSA_do_verify to provide access to
+ the raw DSA values prior to ASN.1 encoding.
+ [Ulf Möller]
+
+ *) Tweaks to Configure
+ [Niels Poppe <niels@netbox.org>]
+
+ *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+ yet...
+ [Steve Henson]
+
+ *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+ [Ulf Möller]
+
+ *) New config option to avoid instructions that are illegal on the 80386.
+ The default code is faster, but requires at least a 486.
+ [Ulf Möller]
+
+ *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+ SSL2_SERVER_VERSION (not used at all) macros, which are now the
+ same as SSL2_VERSION anyway.
+ [Bodo Moeller]
+
+ *) New "-showcerts" option for s_client.
+ [Bodo Moeller]
+
+ *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+ application. Various cleanups and fixes.
+ [Steve Henson]
+
+ *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+ modify error routines to work internally. Add error codes and PBE init
+ to library startup routines.
+ [Steve Henson]
+
+ *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+ packing functions to asn1 and evp. Changed function names and error
+ codes along the way.
+ [Steve Henson]
+
+ *) PKCS12 integration: and so it begins... First of several patches to
+ slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+ objects to objects.h
+ [Steve Henson]
+
+ *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+ and display support for Thawte strong extranet extension.
+ [Steve Henson]
+
+ *) Add LinuxPPC support.
+ [Jeff Dubrule <igor@pobox.org>]
+
+ *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+ bn_div_words in alpha.s.
+ [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+ *) Make sure the RSA OAEP test is skipped under -DRSAref because
+ OAEP isn't supported when OpenSSL is built with RSAref.
+ [Ulf Moeller <ulf@fitug.de>]
+
+ *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
+ so they no longer are missing under -DNOPROTO.
+ [Soren S. Jorvang <soren@t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b [22 Mar 1999]
+
+ *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+ doesn't work when the session is reused. Coming soon!
+ [Ben Laurie]
+
+ *) Fix a security hole, that allows sessions to be reused in the wrong
+ context thus bypassing client cert protection! All software that uses
+ client certs and session caches in multiple contexts NEEDS PATCHING to
+ allow session reuse! A fuller solution is in the works.
+ [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+ *) Some more source tree cleanups (removed obsolete files
+ crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+ permission on "config" script to be executable) and a fix for the INSTALL
+ document.
+ [Ulf Moeller <ulf@fitug.de>]
+
+ *) Remove some legacy and erroneous uses of malloc, free instead of
+ Malloc, Free.
+ [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+ *) Make rsa_oaep_test return non-zero on error.
+ [Ulf Moeller <ulf@fitug.de>]
+
+ *) Add support for native Solaris shared libraries. Configure
+ solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+ if someone would make that last step automatic.
+ [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+ *) ctx_size was not built with the right compiler during "make links". Fixed.
+ [Ben Laurie]
+
+ *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+ except NULL ciphers". This means the default cipher list will no longer
+ enable NULL ciphers. They need to be specifically enabled e.g. with
+ the string "DEFAULT:eNULL".
+ [Steve Henson]
+
+ *) Fix to RSA private encryption routines: if p < q then it would
+ occasionally produce an invalid result. This will only happen with
+ externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+ [Steve Henson]
+
+ *) Be less restrictive and allow also `perl util/perlpath.pl
+ /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+ because this way one can also use an interpreter named `perl5' (which is
+ usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+ installed as `perl').
+ [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+ *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+ [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+ *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+ advapi32.lib to Win32 build and change the pem test comparision
+ to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+ suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+ and crypto/des/ede_cbcm_enc.c.
+ [Steve Henson]
+
+ *) DES quad checksum was broken on big-endian architectures. Fixed.
+ [Ben Laurie]
+
+ *) Comment out two functions in bio.h that aren't implemented. Fix up the
+ Win32 test batch file so it (might) work again. The Win32 test batch file
+ is horrible: I feel ill....
+ [Steve Henson]
+
+ *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+ in e_os.h. Audit of header files to check ANSI and non ANSI
+ sections: 10 functions were absent from non ANSI section and not exported
+ from Windows DLLs. Fixed up libeay.num for new functions.
+ [Steve Henson]
+
+ *) Make `openssl version' output lines consistent.
+ [Ralf S. Engelschall]
+
+ *) Fix Win32 symbol export lists for BIO functions: Added
+ BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+ to ms/libeay{16,32}.def.
+ [Ralf S. Engelschall]
+
+ *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+ fine under Unix and passes some trivial tests I've now added. But the
+ whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+ added to make sure no one expects that this stuff really works in the
+ OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources
+ up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+ openssl_bio.xs.
+ [Ralf S. Engelschall]
+
+ *) Fix the generation of two part addresses in perl.
+ [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+ *) Add config entry for Linux on MIPS.
+ [John Tobey <jtobey@channel1.com>]
+
+ *) Make links whenever Configure is run, unless we are on Windoze.
+ [Ben Laurie]
+
+ *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+ Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+ in CRLs.
+ [Steve Henson]
+
+ *) Add a useful kludge to allow package maintainers to specify compiler and
+ other platforms details on the command line without having to patch the
+ Configure script everytime: One now can use ``perl Configure
+ <id>:<details>'', i.e. platform ids are allowed to have details appended
+ to them (seperated by colons). This is treated as there would be a static
+ pre-configured entry in Configure's %table under key <id> with value
+ <details> and ``perl Configure <id>'' is called. So, when you want to
+ perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+ assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+ now, which overrides the FreeBSD-elf entry on-the-fly.
+ [Ralf S. Engelschall]
+
+ *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+ [Ben Laurie]
+
+ *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+ on the `perl Configure ...' command line. This way one can compile
+ OpenSSL libraries with Position Independent Code (PIC) which is needed
+ for linking it into DSOs.
+ [Ralf S. Engelschall]
+
+ *) Remarkably, export ciphers were totally broken and no-one had noticed!
+ Fixed.
+ [Ben Laurie]
+
+ *) Cleaned up the LICENSE document: The official contact for any license
+ questions now is the OpenSSL core team under openssl-core@openssl.org.
+ And add a paragraph about the dual-license situation to make sure people
+ recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+ to the OpenSSL toolkit.
+ [Ralf S. Engelschall]
+
+ *) General source tree makefile cleanups: Made `making xxx in yyy...'
+ display consistent in the source tree and replaced `/bin/rm' by `rm'.
+ Additonally cleaned up the `make links' target: Remove unnecessary
+ semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+ to speed processing and no longer clutter the display with confusing
+ stuff. Instead only the actually done links are displayed.
+ [Ralf S. Engelschall]
+
+ *) Permit null encryption ciphersuites, used for authentication only. It used
+ to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+ It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+ encryption.
+ [Ben Laurie]
+
+ *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+ signed attributes when verifying signatures (this would break them),
+ the detached data encoding was wrong and public keys obtained using
+ X509_get_pubkey() weren't freed.
+ [Steve Henson]
+
+ *) Add text documentation for the BUFFER functions. Also added a work around
+ to a Win95 console bug. This was triggered by the password read stuff: the
+ last character typed gets carried over to the next fread(). If you were
+ generating a new cert request using 'req' for example then the last
+ character of the passphrase would be CR which would then enter the first
+ field as blank.
+ [Steve Henson]
+
+ *) Added the new `Includes OpenSSL Cryptography Software' button as
+ doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+ button and can be used by applications based on OpenSSL to show the
+ relationship to the OpenSSL project.
+ [Ralf S. Engelschall]
+
+ *) Remove confusing variables in function signatures in files
+ ssl/ssl_lib.c and ssl/ssl.h.
+ [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+ *) Don't install bss_file.c under PREFIX/include/
+ [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+ *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+ functions that return function pointers and has support for NT specific
+ stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+ #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+ unsigned to signed types: this was killing the Win32 compile.
+ [Steve Henson]
+
+ *) Add new certificate file to stack functions,
+ SSL_add_dir_cert_subjects_to_stack() and
+ SSL_add_file_cert_subjects_to_stack(). These largely supplant
+ SSL_load_client_CA_file(), and can be used to add multiple certs easily
+ to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+ This means that Apache-SSL and similar packages don't have to mess around
+ to add as many CAs as they want to the preferred list.
+ [Ben Laurie]
+
+ *) Experiment with doxygen documentation. Currently only partially applied to
+ ssl/ssl_lib.c.
+ See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+ openssl.doxy as the configuration file.
+ [Ben Laurie]
+
+ *) Get rid of remaining C++-style comments which strict C compilers hate.
+ [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+ *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+ compiled in by default: it has problems with large keys.
+ [Steve Henson]
+
+ *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+ DH private keys and/or callback functions which directly correspond to
+ their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+ is needed for applications which have to configure certificates on a
+ per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+ (e.g. s_server).
+ For the RSA certificate situation is makes no difference, but
+ for the DSA certificate situation this fixes the "no shared cipher"
+ problem where the OpenSSL cipher selection procedure failed because the
+ temporary keys were not overtaken from the context and the API provided
+ no way to reconfigure them.
+ The new functions now let applications reconfigure the stuff and they
+ are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+ SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
+ non-public-API function ssl_cert_instantiate() is used as a helper
+ function and also to reduce code redundancy inside ssl_rsa.c.
+ [Ralf S. Engelschall]
+
+ *) Move s_server -dcert and -dkey options out of the undocumented feature
+ area because they are useful for the DSA situation and should be
+ recognized by the users.
+ [Ralf S. Engelschall]
+
+ *) Fix the cipher decision scheme for export ciphers: the export bits are
+ *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+ SSL_EXP_MASK. So, the original variable has to be used instead of the
+ already masked variable.
+ [Richard Levitte <levitte@stacken.kth.se>]
+
+ *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+ [Richard Levitte <levitte@stacken.kth.se>]
+
+ *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+ from `int' to `unsigned int' because it's a length and initialized by
+ EVP_DigestFinal() which expects an `unsigned int *'.
+ [Richard Levitte <levitte@stacken.kth.se>]
+
+ *) Don't hard-code path to Perl interpreter on shebang line of Configure
+ script. Instead use the usual Shell->Perl transition trick.
+ [Ralf S. Engelschall]
+
+ *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+ (in addition to RSA certificates) to match the behaviour of `openssl dsa
+ -noout -modulus' as it's already the case for `openssl rsa -noout
+ -modulus'. For RSA the -modulus is the real "modulus" while for DSA
+ currently the public key is printed (a decision which was already done by
+ `openssl dsa -modulus' in the past) which serves a similar purpose.
+ Additionally the NO_RSA no longer completely removes the whole -modulus
+ option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+ now, too.
+ [Ralf S. Engelschall]
+
+ *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+ BIO. See the source (crypto/evp/bio_ok.c) for more info.
+ [Arne Ansper <arne@ats.cyber.ee>]
+
+ *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+ to be added. Now both 'req' and 'ca' can use new objects defined in the
+ config file.
+ [Steve Henson]
+
+ *) Add cool BIO that does syslog (or event log on NT).
+ [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
+
+ *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+ TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+ TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+ Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+ [Ben Laurie]
+
+ *) Add preliminary config info for new extension code.
+ [Steve Henson]
+
+ *) Make RSA_NO_PADDING really use no padding.
+ [Ulf Moeller <ulf@fitug.de>]
+
+ *) Generate errors when private/public key check is done.
+ [Ben Laurie]
+
+ *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+ for some CRL extensions and new objects added.
+ [Steve Henson]
+
+ *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+ key usage extension and fuller support for authority key id.
+ [Steve Henson]
+
+ *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+ padding method for RSA, which is recommended for new applications in PKCS
+ #1 v2.0 (RFC 2437, October 1998).
+ OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+ foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+ against Bleichbacher's attack on RSA.
+ [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
+ Ben Laurie]
+
+ *) Updates to the new SSL compression code
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Fix so that the version number in the master secret, when passed
+ via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+ (because the server will not accept higher), that the version number
+ is 0x03,0x01, not 0x03,0x00
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+ leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+ in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+ [Steve Henson]
+
+ *) Support for RAW extensions where an arbitrary extension can be
+ created by including its DER encoding. See apps/openssl.cnf for
+ an example.
+ [Steve Henson]
+
+ *) Make sure latest Perl versions don't interpret some generated C array
+ code as Perl array code in the crypto/err/err_genc.pl script.
+ [Lars Weber <3weber@informatik.uni-hamburg.de>]
+
+ *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+ not many people have the assembler. Various Win32 compilation fixes and
+ update to the INSTALL.W32 file with (hopefully) more accurate Win32
+ build instructions.
+ [Steve Henson]
+
+ *) Modify configure script 'Configure' to automatically create crypto/date.h
+ file under Win32 and also build pem.h from pem.org. New script
+ util/mkfiles.pl to create the MINFO file on environments that can't do a
+ 'make files': perl util/mkfiles.pl >MINFO should work.
+ [Steve Henson]
+
+ *) Major rework of DES function declarations, in the pursuit of correctness
+ and purity. As a result, many evil casts evaporated, and some weirdness,
+ too. You may find this causes warnings in your code. Zapping your evil
+ casts will probably fix them. Mostly.
+ [Ben Laurie]
+
+ *) Fix for a typo in asn1.h. Bug fix to object creation script
+ obj_dat.pl. It considered a zero in an object definition to mean
+ "end of object": none of the objects in objects.h have any zeros
+ so it wasn't spotted.
+ [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
+
+ *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+ Masking (CBCM). In the absence of test vectors, the best I have been able
+ to do is check that the decrypt undoes the encrypt, so far. Send me test
+ vectors if you have them.
+ [Ben Laurie]
+
+ *) Correct calculation of key length for export ciphers (too much space was
+ allocated for null ciphers). This has not been tested!
+ [Ben Laurie]
+
+ *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+ message is now correct (it understands "crypto" and "ssl" on its
+ command line). There is also now an "update" option. This will update
+ the util/ssleay.num and util/libeay.num files with any new functions.
+ If you do a:
+ perl util/mkdef.pl crypto ssl update
+ it will update them.
+ [Steve Henson]
+
+ *) Overhauled the Perl interface (perl/*):
+ - ported BN stuff to OpenSSL's different BN library
+ - made the perl/ source tree CVS-aware
+ - renamed the package from SSLeay to OpenSSL (the files still contain
+ their history because I've copied them in the repository)
+ - removed obsolete files (the test scripts will be replaced
+ by better Test::Harness variants in the future)
+ [Ralf S. Engelschall]
+
+ *) First cut for a very conservative source tree cleanup:
+ 1. merge various obsolete readme texts into doc/ssleay.txt
+ where we collect the old documents and readme texts.
+ 2. remove the first part of files where I'm already sure that we no
+ longer need them because of three reasons: either they are just temporary
+ files which were left by Eric or they are preserved original files where
+ I've verified that the diff is also available in the CVS via "cvs diff
+ -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+ the crypto/md/ stuff).
+ [Ralf S. Engelschall]
+
+ *) More extension code. Incomplete support for subject and issuer alt
+ name, issuer and authority key id. Change the i2v function parameters
+ and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+ what that's for :-) Fix to ASN1 macro which messed up
+ IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+ [Steve Henson]
+
+ *) Preliminary support for ENUMERATED type. This is largely copied from the
+ INTEGER code.
+ [Steve Henson]
+
+ *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Make sure `make rehash' target really finds the `openssl' program.
+ [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+ *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+ like to hear about it if this slows down other processors.
+ [Ben Laurie]
+
+ *) Add CygWin32 platform information to Configure script.
+ [Alan Batie <batie@aahz.jf.intel.com>]
+
+ *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+ [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
+
+ *) New program nseq to manipulate netscape certificate sequences
+ [Steve Henson]
+
+ *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+ few typos.
+ [Steve Henson]
+
+ *) Fixes to BN code. Previously the default was to define BN_RECURSION
+ but the BN code had some problems that would cause failures when
+ doing certificate verification and some other functions.
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Add ASN1 and PEM code to support netscape certificate sequences.
+ [Steve Henson]
+
+ *) Add ASN1 and PEM code to support netscape certificate sequences.
+ [Steve Henson]
+
+ *) Add several PKIX and private extended key usage OIDs.
+ [Steve Henson]
+
+ *) Modify the 'ca' program to handle the new extension code. Modify
+ openssl.cnf for new extension format, add comments.
+ [Steve Henson]
+
+ *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+ and add a sample to openssl.cnf so req -x509 now adds appropriate
+ CA extensions.
+ [Steve Henson]
+
+ *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+ error code, add initial support to X509_print() and x509 application.
+ [Steve Henson]
+
+ *) Takes a deep breath and start addding X509 V3 extension support code. Add
+ files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+ stuff is currently isolated and isn't even compiled yet.
+ [Steve Henson]
+
+ *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+ ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+ Removed the versions check from X509 routines when loading extensions:
+ this allows certain broken certificates that don't set the version
+ properly to be processed.
+ [Steve Henson]
+
+ *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+ Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+ can still be regenerated with "make depend".
+ [Ben Laurie]
+
+ *) Spelling mistake in C version of CAST-128.
+ [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
+
+ *) Changes to the error generation code. The perl script err-code.pl
+ now reads in the old error codes and retains the old numbers, only
+ adding new ones if necessary. It also only changes the .err files if new
+ codes are added. The makefiles have been modified to only insert errors
+ when needed (to avoid needlessly modifying header files). This is done
+ by only inserting errors if the .err file is newer than the auto generated
+ C file. To rebuild all the error codes from scratch (the old behaviour)
+ either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+ or delete all the .err files.
+ [Steve Henson]
+
+ *) CAST-128 was incorrectly implemented for short keys. The C version has
+ been fixed, but is untested. The assembler versions are also fixed, but
+ new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+ to regenerate it if needed.
+ [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+ Hagino <itojun@kame.net>]
+
+ *) File was opened incorrectly in randfile.c.
+ [Ulf Möller <ulf@fitug.de>]
+
+ *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+ functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+ GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+ al: it's just almost always a UTCTime. Note this patch adds new error
+ codes so do a "make errors" if there are problems.
+ [Steve Henson]
+
+ *) Correct Linux 1 recognition in config.
+ [Ulf Möller <ulf@fitug.de>]
+
+ *) Remove pointless MD5 hash when using DSA keys in ca.
+ [Anonymous <nobody@replay.com>]
+
+ *) Generate an error if given an empty string as a cert directory. Also
+ generate an error if handed NULL (previously returned 0 to indicate an
+ error, but didn't set one).
+ [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
+ *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+ [Ben Laurie]
+
+ *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+ parameters. This was causing a warning which killed off the Win32 compile.
+ [Steve Henson]
+
+ *) Remove C++ style comments from crypto/bn/bn_local.h.
+ [Neil Costigan <neil.costigan@celocom.com>]
+
+ *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+ based on a text string, looking up short and long names and finally
+ "dot" format. The "dot" format stuff didn't work. Added new function
+ OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
+ OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+ OID is not part of the table.
+ [Steve Henson]
+
+ *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+ X509_LOOKUP_by_alias().
+ [Ben Laurie]
+
+ *) Sort openssl functions by name.
+ [Ben Laurie]
+
+ *) Get the gendsa program working (hopefully) and add it to app list. Remove
+ encryption from sample DSA keys (in case anyone is interested the password
+ was "1234").
+ [Steve Henson]
+
+ *) Make _all_ *_free functions accept a NULL pointer.
+ [Frans Heymans <fheymans@isaserver.be>]
+
+ *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+ NULL pointers.
+ [Anonymous <nobody@replay.com>]
+
+ *) s_server should send the CAfile as acceptable CAs, not its own cert.
+ [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+ *) Don't blow it for numeric -newkey arguments to apps/req.
+ [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+ *) Temp key "for export" tests were wrong in s3_srvr.c.
+ [Anonymous <nobody@replay.com>]
+
+ *) Add prototype for temp key callback functions
+ SSL_CTX_set_tmp_{rsa,dh}_callback().
+ [Ben Laurie]
+
+ *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+ DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+ [Steve Henson]
+
+ *) X509_name_add_entry() freed the wrong thing after an error.
+ [Arne Ansper <arne@ats.cyber.ee>]
+
+ *) rsa_eay.c would attempt to free a NULL context.
+ [Arne Ansper <arne@ats.cyber.ee>]
+
+ *) BIO_s_socket() had a broken should_retry() on Windoze.
+ [Arne Ansper <arne@ats.cyber.ee>]
+
+ *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+ [Arne Ansper <arne@ats.cyber.ee>]
+
+ *) Make sure the already existing X509_STORE->depth variable is initialized
+ in X509_STORE_new(), but document the fact that this variable is still
+ unused in the certificate verification process.
+ [Ralf S. Engelschall]
+
+ *) Fix the various library and apps files to free up pkeys obtained from
+ X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+ [Steve Henson]
+
+ *) Fix reference counting in X509_PUBKEY_get(). This makes
+ demos/maurice/example2.c work, amongst others, probably.
+ [Steve Henson and Ben Laurie]
+
+ *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+ `openssl' and second, the shortcut symlinks for the `openssl <command>'
+ are no longer created. This way we have a single and consistent command
+ line interface `openssl <command>', similar to `cvs <command>'.
+ [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+ *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+ BIT STRING wrapper always have zero unused bits.
+ [Steve Henson]
+
+ *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+ [Steve Henson]
+
+ *) Make the top-level INSTALL documentation easier to understand.
+ [Paul Sutton]
+
+ *) Makefiles updated to exit if an error occurs in a sub-directory
+ make (including if user presses ^C) [Paul Sutton]
+
+ *) Make Montgomery context stuff explicit in RSA data structure.
+ [Ben Laurie]
+
+ *) Fix build order of pem and err to allow for generated pem.h.
+ [Ben Laurie]
+
+ *) Fix renumbering bug in X509_NAME_delete_entry().
+ [Ben Laurie]
+
+ *) Enhanced the err-ins.pl script so it makes the error library number
+ global and can add a library name. This is needed for external ASN1 and
+ other error libraries.
+ [Steve Henson]
+
+ *) Fixed sk_insert which never worked properly.
+ [Steve Henson]
+
+ *) Fix ASN1 macros so they can handle indefinite length construted
+ EXPLICIT tags. Some non standard certificates use these: they can now
+ be read in.
+ [Steve Henson]
+
+ *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+ into a single doc/ssleay.txt bundle. This way the information is still
+ preserved but no longer messes up this directory. Now it's new room for
+ the new set of documenation files.
+ [Ralf S. Engelschall]
+
+ *) SETs were incorrectly DER encoded. This was a major pain, because they
+ shared code with SEQUENCEs, which aren't coded the same. This means that
+ almost everything to do with SETs or SEQUENCEs has either changed name or
+ number of arguments.
+ [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
+
+ *) Fix test data to work with the above.
+ [Ben Laurie]
+
+ *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+ was already fixed by Eric for 0.9.1 it seems.
+ [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
+
+ *) Autodetect FreeBSD3.
+ [Ben Laurie]
+
+ *) Fix various bugs in Configure. This affects the following platforms:
+ nextstep
+ ncr-scde
+ unixware-2.0
+ unixware-2.0-pentium
+ sco5-cc.
+ [Ben Laurie]
+
+ *) Eliminate generated files from CVS. Reorder tests to regenerate files
+ before they are needed.
+ [Ben Laurie]
+
+ *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+ [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c [23-Dec-1998]
+
+ *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
+ changed SSLeay to OpenSSL in version strings.
+ [Ralf S. Engelschall]
+
+ *) Some fixups to the top-level documents.
+ [Paul Sutton]
+
+ *) Fixed the nasty bug where rsaref.h was not found under compile-time
+ because the symlink to include/ was missing.
+ [Ralf S. Engelschall]
+
+ *) Incorporated the popular no-RSA/DSA-only patches
+ which allow to compile a RSA-free SSLeay.
+ [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+ *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+ when "ssleay" is still not found.
+ [Ralf S. Engelschall]
+
+ *) Added more platforms to Configure: Cray T3E, HPUX 11,
+ [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
+ *) Updated the README file.
+ [Ralf S. Engelschall]
+
+ *) Added various .cvsignore files in the CVS repository subdirs
+ to make a "cvs update" really silent.
+ [Ralf S. Engelschall]
+
+ *) Recompiled the error-definition header files and added
+ missing symbols to the Win32 linker tables.
+ [Ralf S. Engelschall]
+
+ *) Cleaned up the top-level documents;
+ o new files: CHANGES and LICENSE
+ o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
+ o merged COPYRIGHT into LICENSE
+ o removed obsolete TODO file
+ o renamed MICROSOFT to INSTALL.W32
+ [Ralf S. Engelschall]
+
+ *) Removed dummy files from the 0.9.1b source tree:
+ crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+ crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+ crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+ crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+ util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+ [Ralf S. Engelschall]
+
+ *) Added various platform portability fixes.
+ [Mark J. Cox]
+
+ *) The Genesis of the OpenSSL rpject:
+ We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+ Young and Tim J. Hudson created while they were working for C2Net until
+ summer 1998.
+ [The OpenSSL Project]
+
+
+ Changes between 0.9.0b and 0.9.1b [not released]
+
+ *) Updated a few CA certificates under certs/
+ [Eric A. Young]
+
+ *) Changed some BIGNUM api stuff.
+ [Eric A. Young]
+
+ *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
+ DGUX x86, Linux Alpha, etc.
+ [Eric A. Young]
+
+ *) New COMP library [crypto/comp/] for SSL Record Layer Compression:
+ RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+ available).
+ [Eric A. Young]
+
+ *) Add -strparse option to asn1pars program which parses nested
+ binary structures
+ [Dr Stephen Henson <shenson@bigfoot.com>]
+
+ *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+ [Eric A. Young]
+
+ *) DSA fix for "ca" program.
+ [Eric A. Young]
+
+ *) Added "-genkey" option to "dsaparam" program.
+ [Eric A. Young]
+
+ *) Added RIPE MD160 (rmd160) message digest.
+ [Eric A. Young]
+
+ *) Added -a (all) option to "ssleay version" command.
+ [Eric A. Young]
+
+ *) Added PLATFORM define which is the id given to Configure.
+ [Eric A. Young]
+
+ *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+ [Eric A. Young]
+
+ *) Extended the ASN.1 parser routines.
+ [Eric A. Young]
+
+ *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+ [Eric A. Young]
+
+ *) Added a BN_CTX to the BN library.
+ [Eric A. Young]
+
+ *) Fixed the weak key values in DES library
+ [Eric A. Young]
+
+ *) Changed API in EVP library for cipher aliases.
+ [Eric A. Young]
+
+ *) Added support for RC2/64bit cipher.
+ [Eric A. Young]
+
+ *) Converted the lhash library to the crypto/mem.c functions.
+ [Eric A. Young]
+
+ *) Added more recognized ASN.1 object ids.
+ [Eric A. Young]
+
+ *) Added more RSA padding checks for SSL/TLS.
+ [Eric A. Young]
+
+ *) Added BIO proxy/filter functionality.
+ [Eric A. Young]
+
+ *) Added extra_certs to SSL_CTX which can be used
+ send extra CA certificates to the client in the CA cert chain sending
+ process. It can be configured with SSL_CTX_add_extra_chain_cert().
+ [Eric A. Young]
+
+ *) Now Fortezza is denied in the authentication phase because
+ this is key exchange mechanism is not supported by SSLeay at all.
+ [Eric A. Young]
+
+ *) Additional PKCS1 checks.
+ [Eric A. Young]
+
+ *) Support the string "TLSv1" for all TLS v1 ciphers.
+ [Eric A. Young]
+
+ *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+ ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+ [Eric A. Young]
+
+ *) Fixed a few memory leaks.
+ [Eric A. Young]
+
+ *) Fixed various code and comment typos.
+ [Eric A. Young]
+
+ *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
+ bytes sent in the client random.
+ [Edward Bishop <ebishop@spyglass.com>]
+
diff --git a/crypto/openssl/CHANGES.SSLeay b/crypto/openssl/CHANGES.SSLeay
new file mode 100644
index 000000000000..dbb80b003d81
--- /dev/null
+++ b/crypto/openssl/CHANGES.SSLeay
@@ -0,0 +1,968 @@
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+ SSLeay CHANGES
+ ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline. Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+ - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+ - Lots and lots of changes
+
+29-Jan-98
+ - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+ Goetz Babin-Ebell <babinebell@trustcenter.de>.
+ - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+ TLS1_VERSION.
+
+7-Jan-98
+ - Finally reworked the cipher string to ciphers again, so it
+ works correctly
+ - All the app_data stuff is now ex_data with funcion calls to access.
+ The index is supplied by a function and 'methods' can be setup
+ for the types that are called on XXX_new/XXX_free. This lets
+ applications get notified on creation and destruction. Some of
+ the RSA methods could be implemented this way and I may do so.
+ - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+ - Warning - the gethostbyname cache is not fully thread safe,
+ but it should work well enough.
+ - Major internal reworking of the app_data stuff. More functions
+ but if you were accessing ->app_data directly, things will
+ stop working.
+ - The perlv5 stuff is working. Currently on message digests,
+ ciphers and the bignum library.
+
+9-Dec-97
+ - Modified re-negotiation so that server initated re-neg
+ will cause a SSL_read() to return -1 should retry.
+ The danger otherwise was that the server and the
+ client could end up both trying to read when using non-blocking
+ sockets.
+
+4-Dec-97
+ - Lots of small changes
+ - Fix for binaray mode in Windows for the FILE BIO, thanks to
+ Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+ - Quite a few internal cleanups, (removal of errno, and using macros
+ defined in e_os.h).
+ - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+ the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+ - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
+ for x86.
+
+21-Oct-97
+ - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+ - cbc mode for blowfish/des/3des is now in assember. Blowfish asm
+ has also been improved. At this point in time, on the pentium,
+ md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+ des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+ is %62 faster.
+
+12-Oct-97
+ - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+ to the value we are 'growing' to. Think of MEM_BUF_grow() as the
+ way to set the length value correctly.
+
+10-Oct-97
+ - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+ This breaks things again :-(. This is efficent since I cache
+ the DER encoding of the RDN.
+ - The text DN now puts in the numeric OID instead of UNKNOWN.
+ - req can now process arbitary OIDs in the config file.
+ - I've been implementing md5 in x86 asm, much faster :-).
+ - Started sha1 in x86 asm, needs more work.
+ - Quite a few speedups in the BN stuff. RSA public operation
+ has been made faster by caching the BN_MONT_CTX structure.
+ The calulating of the Ai where A*Ai === 1 mod m was rather
+ expensive. Basically a 40-50% speedup on public operations.
+ The RSA speedup is now 15% on pentiums and %20 on pentium
+ pro.
+
+30-Sep-97
+ - After doing some profiling, I added x86 adm for bn_add_words(),
+ which just adds 2 arrays of longs together. A %10 speedup
+ for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+ - Converted the x86 bignum assembler to us the perl scripts
+ for generation.
+
+23-Sep-97
+ - If SSL_set_session() is passed a NULL session, it now clears the
+ current session-id.
+
+22-Sep-97
+ - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
+ certificates.
+ - Bug in crypto/evp/encode.c where by decoding of 65 base64
+ encoded lines, one line at a time (via a memory BIO) would report
+ EOF after the first line was decoded.
+ - Fix in X509_find_by_issuer_and_serial() from
+ Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+ - NO_FP_API and NO_STDIO added.
+ - Put in sh config command. It auto runs Configure with the correct
+ parameters.
+
+18-Sep-97
+ - Fix x509.c so if a DSA cert has different parameters to its parent,
+ they are left in place. Not tested yet.
+
+16-Sep-97
+ - ssl_create_cipher_list() had some bugs, fixes from
+ Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+ - Fixed a bug in the Base64 BIO, where it would return 1 instead
+ of -1 when end of input was encountered but should retry.
+ Basically a Base64/Memory BIO interaction problem.
+ - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+ - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+ - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+ by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+ - Ugly bug in ssl3_write_bytes(). Basically if application land
+ does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+ did not check the size and tried to copy the entire buffer.
+ This would tend to cause memory overwrites since SSLv3 has
+ a maximum packet size of 16k. If your program uses
+ buffers <= 16k, you would probably never see this problem.
+ - Fixed a new errors that were cause by malloc() not returning
+ 0 initialised memory..
+ - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+ since this flags stops SSLeay being able to handle client
+ cert requests correctly.
+
+08-Sep-97
+ - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
+ on, the SSL server routines will not use a SSL_SESSION that is
+ held in it's cache. This in intended to be used with the session-id
+ callbacks so that while the session-ids are still stored in the
+ cache, the decision to use them and how to look them up can be
+ done by the callbacks. The are the 'new', 'get' and 'remove'
+ callbacks. This can be used to determine the session-id
+ to use depending on information like which port/host the connection
+ is coming from. Since the are also SSL_SESSION_set_app_data() and
+ SSL_SESSION_get_app_data() functions, the application can hold
+ information against the session-id as well.
+
+03-Sep-97
+ - Added lookup of CRLs to the by_dir method,
+ X509_load_crl_file() also added. Basically it means you can
+ lookup CRLs via the same system used to lookup certificates.
+ - Changed things so that the X509_NAME structure can contain
+ ASN.1 BIT_STRINGS which is required for the unique
+ identifier OID.
+ - Fixed some problems with the auto flushing of the session-id
+ cache. It was not occuring on the server side.
+
+02-Sep-97
+ - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+ which is the maximum number of entries allowed in the
+ session-id cache. This is enforced with a simple FIFO list.
+ The default size is 20*1024 entries which is rather large :-).
+ The Timeout code is still always operating.
+
+01-Sep-97
+ - Added an argument to all the 'generate private key/prime`
+ callbacks. It is the last parameter so this should not
+ break existing code but it is needed for C++.
+ - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+ BIO. This lets the BIO read and write base64 encoded data
+ without inserting or looking for '\n' characters. The '-A'
+ flag turns this on when using apps/enc.c.
+ - RSA_NO_PADDING added to help BSAFE functionality. This is a
+ very dangerous thing to use, since RSA private key
+ operations without random padding bytes (as PKCS#1 adds) can
+ be attacked such that the private key can be revealed.
+ - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+ Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)
+ - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+ - RSA_flags() added allowing bypass of pub/priv match check
+ in ssl/ssl_rsa.c - Tim Hudson.
+ - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+ - Server side initated dynamic renegotiation is broken. I will fix
+ it when I get back from holidays.
+
+15-Jul-97
+ - Quite a few small changes.
+ - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+ - Added 2 new values to the SSL info callback.
+ SSL_CB_START which is passed when the SSL protocol is started
+ and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+ - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+ that related to DSA public/private keys.
+ - Added all the relevent PEM and normal IO functions to support
+ reading and writing RSAPublic keys.
+ - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+ - Error in ERR_remove_state() that would leave a dangling reference
+ to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+ - s_client now prints the X509_NAMEs passed from the server
+ when requesting a client cert.
+ - Added a ssl->type, which is one of SSL_ST_CONNECT or
+ SSL_ST_ACCEPT. I had to add it so I could tell if I was
+ a connect or an accept after the handshake had finished.
+ - SSL_get_client_CA_list(SSL *s) now returns the CA names
+ passed by the server if called by a client side SSL.
+
+05-Jul-97
+ - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+ 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+ - Fixed some things in X509_NAME_add_entry(), thanks to
+ Matthew Donald <matthew@world.net>.
+ - I had a look at the cipher section and though that it was a
+ bit confused, so I've changed it.
+ - I was not setting up the RC4-64-MD5 cipher correctly. It is
+ a MS special that appears in exported MS Money.
+ - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
+ spec. I was missing the two byte length header for the
+ ClientDiffieHellmanPublic value. This is a packet sent from
+ the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+ option will enable SSLeay server side SSLv3 accept either
+ the correct or my 080 packet format.
+ - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+ - Alias mapping for EVP_get_(digest|cipher)byname is now
+ performed before a lookup for actual cipher. This means
+ that an alias can be used to 're-direct' a cipher or a
+ digest.
+ - ASN1_read_bio() had a bug that only showed up when using a
+ memory BIO. When EOF is reached in the memory BIO, it is
+ reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+ - Fixed an error in X509_verify_cert() caused by my
+ miss-understanding how 'do { contine } while(0);' works.
+ Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+ - Base64 decoding error. If the last data line did not end with
+ a '=', sometimes extra data would be returned.
+ - Another 'cut and paste' bug in x509.c related to setting up the
+ STDout BIO.
+
+27-Jun-97
+ - apps/ciphers.c was not printing due to an editing error.
+ - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+ a library build error in util/mk1mf.pl
+
+26-Jun-97
+ - Still did not have the auto 'experimental' code removal
+ script correct.
+ - A few header tweaks for Watcom 11.0 under Win32 from
+ Rolf Lindemann <Lindemann@maz-hh.de>
+ - 0 length OCTET_STRING bug in asn1_parse
+ - A minor fix with an non-existent function in the MS .def files.
+ - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+ SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+ Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+ use a temporary RSA key. This is experimental and needs some more work.
+ Fixed a few Win16 build problems.
+
+23-Jun-97
+ SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+ correctly. I was taking the SSL->ctx->default_cert when I should
+ have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+ X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+ rest of the library. Even though I had the code required to do
+ it correctly, apps/req.c was doing the wrong thing. I have fixed
+ and tested everything.
+
+ Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+ Fixed a bug in the SSLv2 server side first packet handling. When
+ using the non-blocking test BIO, the ssl->s2->first_packet flag
+ was being reset when a would-block failure occurred when reading
+ the first 5 bytes of the first packet. This caused the checking
+ logic to run at the wrong time and cause an error.
+
+ Fixed a problem with specifying cipher. If RC4-MD5 were used,
+ only the SSLv3 version would be picked up. Now this will pick
+ up both SSLv2 and SSLv3 versions. This required changing the
+ SSL_CIPHER->mask values so that they only mask the ciphers,
+ digests, authentication, export type and key-exchange algorithms.
+
+ I found that when a SSLv23 session is established, a reused
+ session, of type SSLv3 was attempting to write the SSLv2
+ ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
+ method has been modified so it will only write out cipher which
+ that method knows about.
+
+
+ Changes between 0.8.0 and 0.8.1
+
+ *) Mostly bug fixes.
+ There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future. Currently I'm just getting 080 out
+the door. Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+ too if you are working with BIO internal stuff (as distinct
+ from simply using the interface in an opaque manner)
+
+#include "bio.h" - required along with "buffer.h" if you write
+ your own BIO routines as the buffer and bio
+ stuff that was intermixed has been separated
+ out
+
+envelope.h -> evp.h (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new() - requires an extra method parameter
+ SSL_CTX_new(SSLv23_method())
+ SSL_CTX_new(SSLv2_method())
+ SSL_CTX_new(SSLv3_method())
+
+ OR to only have the server or the client code
+ SSL_CTX_new(SSLv23_server_method())
+ SSL_CTX_new(SSLv2_server_method())
+ SSL_CTX_new(SSLv3_server_method())
+ or
+ SSL_CTX_new(SSLv23_client_method())
+ SSL_CTX_new(SSLv2_client_method())
+ SSL_CTX_new(SSLv3_client_method())
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
+ or provide a buffer and size to copy the
+ result into
+
+X509_add_cert -> X509_STORE_add_cert (and you might want to read the
+ notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using
+ b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+ BIO_clear_retry_flags(b)
+
+ b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+ BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+ and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+
+ *) There have been lots of changes, mostly the addition of SSLv3.
+ There have been many additions from people and amongst
+ others, C2Net has assisted greatly.
+
+ Changes between 0.7.x and 0.7.x
+
+ *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+ From 191,000 per second on a pentium 100, I now get 281,000. The inner
+ loop and the IP/FP modifications are from
+ Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
+ contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+ DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
+ is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish. It is not used by SSL but all the other stuff that
+ deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+ There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
+ BF_PTR2 is pentium/x86 specific. The correct option is setup in
+ the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+ 'non-blocking'. If more details are required, let me know. It will
+ documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
+ now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
+
+After quite some time (3 months), the new release. I have been very busy
+for the last few months and so this is mostly bug fixes and improvments.
+
+The main additions are
+
+- assember for x86 DES. For all those gcc based systems, this is a big
+ improvement. From 117,000 DES operation a second on a pentium 100,
+ I now get 191,000. I have also reworked the C version so it
+ now gives 148,000 DESs per second.
+- As mentioned above, the inner DES macros now have some more variant that
+ sometimes help, sometimes hinder performance. There are now 3 options
+ DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
+ and DES_RISC (a more register intensive version of the inner macro).
+ The crypto/des/des_opts.c program, when compiled and run, will give
+ an indication of the correct options to use.
+- The BIO stuff has been improved. Read doc/bio.doc. There are now
+ modules for encryption and base64 encoding and a BIO_printf() function.
+- The CA program will accept simple one line X509v3 extensions in the
+ ssleay.cnf file. Have a look at the example. Currently this just
+ puts the text into the certificate as an OCTET_STRING so currently
+ the more advanced X509v3 data types are not handled but this is enough
+ for the netscape extensions.
+- There is the start of a nicer higher level interface to the X509
+ strucutre.
+- Quite a lot of bug fixes.
+- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
+ to define the malloc(), free() and realloc() routines to use
+ (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
+ using DLLs and mixing CRT libraries.
+
+In general, read the 'VERSION' file for changes and be aware that some of
+the new stuff may not have been tested quite enough yet, so don't just plonk
+in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
+
+SSLeay 0.6.4 30/08/96 eay
+
+I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
+Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
+
+The main changes in this release
+
+- Thread safe. have a read of doc/threads.doc and play in the mt directory.
+ For anyone using 0.6.3 with threads, I found 2 major errors so consider
+ moving to 0.6.4. I have a test program that builds under NT and
+ solaris.
+- The get session-id callback has changed. Have a read of doc/callback.doc.
+- The X509_cert_verify callback (the SSL_verify callback) now
+ has another argument. Have a read of doc/callback.doc
+- 'ca -preserve', sign without re-ordering the DN. Not tested much.
+- VMS support.
+- Compile time memory leak detection can now be built into SSLeay.
+ Read doc/memory.doc
+- CONF routines now understand '\', '\n', '\r' etc. What this means is that
+ the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
+- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
+- RC2 key setup is now compatable with Netscape.
+- Modifed server side of SSL implementation, big performance difference when
+ using session-id reuse.
+
+0.6.3
+
+Bug fixes and the addition of some nice stuff to the 'ca' program.
+Have a read of doc/ns-ca.doc for how hit has been modified so
+it can be driven from a CGI script. The CGI script is not provided,
+but that is just being left as an excersize for the reader :-).
+
+0.6.2
+
+This is most bug fixes and functionality improvements.
+
+Additions are
+- More thread debugging patches, the thread stuff is still being
+ tested, but for those keep to play with stuff, have a look in
+ crypto/cryptlib.c. The application needs to define 1 (or optionaly
+ a second) callback that is used to implement locking. Compiling
+ with LOCK_DEBUG spits out lots of locking crud :-).
+ This is what I'm currently working on.
+- SSL_CTX_set_default_passwd_cb() can be used to define the callback
+ function used in the SSL*_file() functions used to load keys. I was
+ always of the opinion that people should call
+ PEM_read_RSAPrivateKey() and pass the callback they want to use, but
+ it appears they just want to use the SSL_*_file() function() :-(.
+- 'enc' now has a -kfile so a key can be read from a file. This is
+ mostly used so that the passwd does not appear when using 'ps',
+ which appears imposible to stop under solaris.
+- X509v3 certificates now work correctly. I even have more examples
+ in my tests :-). There is now a X509_EXTENSION type that is used in
+ X509v3 certificates and CRLv2.
+- Fixed that signature type error :-(
+- Fixed quite a few potential memory leaks and problems when reusing
+ X509, CRL and REQ structures.
+- EVP_set_pw_prompt() now sets the library wide default password
+ prompt.
+- The 'pkcs7' command will now, given the -print_certs flag, output in
+ pem format, all certificates and CRL contained within. This is more
+ of a pre-emtive thing for the new verisign distribution method. I
+ should also note, that this also gives and example in code, of how
+ to do this :-), or for that matter, what is involved in going the
+ other way (list of certs and crl -> pkcs7).
+- Added RSA's DESX to the DES library. It is also available via the
+ EVP_desx_cbc() method and via 'enc desx'.
+
+SSLeay 0.6.1
+
+The main functional changes since 0.6.0 are as follows
+- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
+ that from now on, I'll keep the .def numbers the same so they will be.
+- RSA private key operations are about 2 times faster that 0.6.0
+- The SSL_CTX now has more fields so default values can be put against
+ it. When an SSL structure is created, these default values are used
+ but can be overwritten. There are defaults for cipher, certificate,
+ private key, verify mode and callback. This means SSL session
+ creation can now be
+ ssl=SSL_new()
+ SSL_set_fd(ssl,sock);
+ SSL_accept(ssl)
+ ....
+ All the other uglyness with having to keep a global copy of the
+ private key and certificate/verify mode in the server is now gone.
+- ssl/ssltest.c - one process talking SSL to its self for testing.
+- Storage of Session-id's can be controled via a session_cache_mode
+ flag. There is also now an automatic default flushing of
+ old session-id's.
+- The X509_cert_verify() function now has another parameter, this
+ should not effect most people but it now means that the reason for
+ the failure to verify is now available via SSL_get_verify_result(ssl).
+ You don't have to use a global variable.
+- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
+ application data against the SSL structure. It is upto the application
+ to free the data. I don't use it, but it is available.
+- SSL_CTX_set_cert_verify_callback() can be used to specify a
+ verify callback function that completly replaces my certificate
+ verification code. Xcert should be able to use this :-).
+ The callback is of the form int app_verify_callback(arg,ssl,cert).
+ This needs to be documented more.
+- I have started playing with shared library builds, have a look in
+ the shlib directory. It is very simple. If you need a numbered
+ list of functions, have a look at misc/crypto.num and misc/ssl.num.
+- There is some stuff to do locking to make the library thread safe.
+ I have only started this stuff and have not finished. If anyone is
+ keen to do so, please send me the patches when finished.
+
+So I have finally made most of the additions to the SSL interface that
+I thought were needed.
+
+There will probably be a pause before I make any non-bug/documentation
+related changes to SSLeay since I'm feeling like a bit of a break.
+
+eric - 12 Jul 1996
+I saw recently a comment by some-one that we now seem to be entering
+the age of perpetual Beta software.
+Pioneered by packages like linux but refined to an art form by
+netscape.
+
+I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
+
+There are quite a large number of sections that are 'works in
+progress' in this package. I will also list the major changes and
+what files you should read.
+
+BIO - this is the new IO structure being used everywhere in SSLeay. I
+started out developing this because of microsoft, I wanted a mechanism
+to callback to the application for all IO, so Windows 3.1 DLL
+perversion could be hidden from me and the 15 different ways to write
+to a file under NT would also not be dictated by me at library build
+time. What the 'package' is is an API for a data structure containing
+functions. IO interfaces can be written to conform to the
+specification. This in not intended to hide the underlying data type
+from the application, but to hide it from SSLeay :-).
+I have only really finished testing the FILE * and socket/fd modules.
+There are also 'filter' BIO's. Currently I have only implemented
+message digests, and it is in use in the dgst application. This
+functionality will allow base64/encrypto/buffering modules to be
+'push' into a BIO without it affecting the semantics. I'm also
+working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
+from an event loop which uses the interface.
+It is also possible to 'attach' callbacks to a BIO so they get called
+before and after each operation, alowing extensive debug output
+to be generated (try running dgst with -d).
+
+Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
+functions that used to take FILE *, now take BIO *.
+The wrappers are easy to write
+
+function_fp(fp,x)
+FILE *fp;
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=function_bio(b,x);
+ BIO_free(b);
+ return(ret);
+ }
+Remember, there are no functions that take FILE * in SSLeay when
+compiled for Windows 3.1 DLL's.
+
+--
+I have added a general EVP_PKEY type that can hold a public/private
+key. This is now what is used by the EVP_ functions and is passed
+around internally. I still have not done the PKCS#8 stuff, but
+X509_PKEY is defined and waiting :-)
+
+--
+For a full function name listings, have a look at ms/crypt32.def and
+ms/ssl32.def. These are auto-generated but are complete.
+Things like ASN1_INTEGER_get() have been added and are in here if you
+look. I have renamed a few things, again, have a look through the
+function list and you will probably find what you are after. I intend
+to at least put a one line descrition for each one.....
+
+--
+Microsoft - thats what this release is about, read the MICROSOFT file.
+
+--
+Multi-threading support. I have started hunting through the code and
+flaging where things need to be done. In a state of work but high on
+the list.
+
+--
+For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
+be be you random data device, otherwise 'RFILE' in e_os.h
+will be used, in your home directory. It will be updated
+periodically. The environment variable RANDFILE will override this
+choice and read/write to that file instead. DEVRANDOM is used in
+conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
+number generator, pick on one of these files.
+
+--
+
+The list of things to read and do
+
+dgst -d
+s_client -state (this uses a callback placed in the SSL state loop and
+ will be used else-where to help debug/monitor what
+ is happening.)
+
+doc/why.doc
+doc/bio.doc <- hmmm, needs lots of work.
+doc/bss_file.doc <- one that is working :-)
+doc/session.doc <- it has changed
+doc/speed.doc
+ also play with ssleay version -a. I have now added a SSLeay()
+ function that returns a version number, eg 0600 for this release
+ which is primarily to be used to check DLL version against the
+ application.
+util/* Quite a few will not interest people, but some may, like
+ mk1mf.pl, mkdef.pl,
+util/do_ms.sh
+
+try
+cc -Iinclude -Icrypto -c crypto/crypto.c
+cc -Iinclude -Issl -c ssl/ssl.c
+You have just built the SSLeay libraries as 2 object files :-)
+
+Have a general rummage around in the bin stall directory and look at
+what is in there, like CA.sh and c_rehash
+
+There are lots more things but it is 12:30am on a Friday night and I'm
+heading home :-).
+
+eric 22-Jun-1996
+This version has quite a few major bug fixes and improvements. It DOES NOT
+do SSLv3 yet.
+
+The main things changed
+- A Few days ago I added the s_mult application to ssleay which is
+ a demo of an SSL server running in an event loop type thing.
+ It supports non-blocking IO, I have finally gotten it right, SSL_accept()
+ can operate in non-blocking IO mode, look at the code to see how :-).
+ Have a read of doc/s_mult as well. This program leaks memory and
+ file descriptors everywhere but I have not cleaned it up yet.
+ This is a demo of how to do non-blocking IO.
+- The SSL session management has been 'worked over' and there is now
+ quite an expansive set of functions to manipulate them. Have a read of
+ doc/session.doc for some-things I quickly whipped up about how it now works.
+ This assume you know the SSLv2 protocol :-)
+- I can now read/write the netscape certificate format, use the
+ -inform/-outform 'net' options to the x509 command. I have not put support
+ for this type in the other demo programs, but it would be easy to add.
+- asn1parse and 'enc' have been modified so that when reading base64
+ encoded files (pem format), they do not require '-----BEGIN' header lines.
+ The 'enc' program had a buffering bug fixed, it can be used as a general
+ base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
+ respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
+ into a form of 'cat'.
+- The 'x509' and 'req' programs have been fixed and modified a little so
+ that they generate self-signed certificates correctly. The test
+ script actually generates a 'CA' certificate and then 'signs' a
+ 'user' certificate. Have a look at this shell script (test/sstest)
+ to see how things work, it tests most possible combinations of what can
+ be done.
+- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
+ of SSL_set_cipher_list() is now the correct API (stops confusion :-).
+ If this function is used in the client, only the specified ciphers can
+ be used, with preference given to the order the ciphers were listed.
+ For the server, if this is used, only the specified ciphers will be used
+ to accept connections. If this 'option' is not used, a default set of
+ ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
+ list for all ciphers started against the SSL_CTX. So the order is
+ SSL cipher_list, if not present, SSL_CTX cipher list, if not
+ present, then the library default.
+ What this means is that normally ciphers like
+ NULL-MD5 will never be used. The only way this cipher can be used
+ for both ends to specify to use it.
+ To enable or disable ciphers in the library at build time, modify the
+ first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
+ This file also contains the 'pref_cipher' list which is the default
+ cipher preference order.
+- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
+ options work. They should, and they enable loading and writing the
+ netscape rsa private key format. I will be re-working this section of
+ SSLeay for the next version. What is currently in place is a quick and
+ dirty hack.
+- I've re-written parts of the bignum library. This gives speedups
+ for all platforms. I now provide assembler for use under Windows NT.
+ I have not tested the Windows 3.1 assembler but it is quite simple code.
+ This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
+ and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
+ Basically the times available under linux/solaris x86 can be achieve under
+ Windows NT. I still don't know how these times compare to RSA's BSAFE
+ library but I have been emailing with people and with their help, I should
+ be able to get my library's quite a bit faster still (more algorithm changes).
+ The object file crypto/bn/asm/x86-32.obj should be used when linking
+ under NT.
+- 'make makefile.one' in the top directory will generate a single makefile
+ called 'makefile.one' This makefile contains no perl references and
+ will build the SSLeay library into the 'tmp' and 'out' directories.
+ util/mk1mf.pl >makefile.one is how this makefile is
+ generated. The mk1mf.pl command take several option to generate the
+ makefile for use with cc, gcc, Visual C++ and Borland C++. This is
+ still under development. I have only build .lib's for NT and MSDOS
+ I will be working on this more. I still need to play with the
+ correct compiler setups for these compilers and add some more stuff but
+ basically if you just want to compile the library
+ on a 'non-unix' platform, this is a very very good file to start with :-).
+ Have a look in the 'microsoft' directory for my current makefiles.
+ I have not yet modified things to link with sockets under Windows NT.
+ You guys should be able to do this since this is actually outside of the
+ SSLeay scope :-). I will be doing it for myself soon.
+ util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
+ to build without RC2/RC4, to require RSAref for linking, and to
+ build with no socket code.
+
+- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
+ that was posted to sci.crypt has been added to the library and SSL.
+ I take the view that if RC2 is going to be included in a standard,
+ I'll include the cipher to make my package complete.
+ There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
+ at compile time. I have not tested this recently but it should all work
+ and if you are in the USA and don't want RSA threatening to sue you,
+ you could probably remove the RC4/RC2 code inside these sections.
+ I may in the future include a perl script that does this code
+ removal automatically for those in the USA :-).
+- I have removed all references to sed in the makefiles. So basically,
+ the development environment requires perl and sh. The build environment
+ does not (use the makefile.one makefile).
+ The Configure script still requires perl, this will probably stay that way
+ since I have perl for Windows NT :-).
+
+eric (03-May-1996)
+
+PS Have a look in the VERSION file for more details on the changes and
+ bug fixes.
+I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
+things up. This version will be quite stable, mostly because I'm on
+holidays until 10-March-1996. For any problems in the interum, send email
+to Tim Hudson <tjh@mincom.oz.au>.
+
+SSLeay 0.5.0
+
+12-12-95
+This is going out before it should really be released.
+
+I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
+this for 11 weeks or get things out. It is still going to change a
+lot in the next week so if you do grab this version, please test and
+give me feed back ASAP, inculuding questions on how to do things with
+the library. This will prompt me to write documentation so I don't
+have to answer the same question again :-).
+
+This 'pre' release version is for people who are interested in the
+library. The applications will have to be changed to use
+the new version of the SSL interface. I intend to finish more
+documentation before I leave but until then, look at the programs in
+the apps directory. As far as code goes, it is much much nicer than
+the old version.
+
+The current library works, has no memory leaks (as far as I can tell)
+and is far more bug free that 0.4.5d. There are no global variable of
+consequence (I believe) and I will produce some documentation that
+tell where to look for those people that do want to do multi-threaded
+stuff.
+
+There should be more documentation. Have a look in the
+doc directory. I'll be adding more before I leave, it is a start
+by mostly documents the crypto library. Tim Hudson will update
+the web page ASAP. The spelling and grammar are crap but
+it is better than nothing :-)
+
+Reasons to start playing with version 0.5.0
+- All the programs in the apps directory build into one ssleay binary.
+- There is a new version of the 'req' program that generates certificate
+ requests, there is even documentation for this one :-)
+- There is a demo certification authorithy program. Currently it will
+ look at the simple database and update it. It will generate CRL from
+ the data base. You need to edit the database by hand to revoke a
+ certificate, it is my aim to use perl5/Tk but I don't have time to do
+ this right now. It will generate the certificates but the management
+ scripts still need to be written. This is not a hard task.
+- Things have been cleaned up alot.
+- Have a look at the enc and dgst programs in the apps directory.
+- It supports v3 of x509 certiticates.
+
+
+Major things missing.
+- I have been working on (and thinging about) the distributed x509
+ hierachy problem. I have not had time to put my solution in place.
+ It will have to wait until I come back.
+- I have not put in CRL checking in the certificate verification but
+ it would not be hard to do. I was waiting until I could generate my
+ own CRL (which has only been in the last week) and I don't have time
+ to put it in correctly.
+- Montgomery multiplication need to be implemented. I know the
+ algorithm, just ran out of time.
+- PKCS#7. I can load and write the DER version. I need to re-work
+ things to support BER (if that means nothing, read the ASN1 spec :-).
+- Testing of the higher level digital envelope routines. I have not
+ played with the *_seal() and *_open() type functions. They are
+ written but need testing. The *_sign() and *_verify() functions are
+ rock solid.
+- PEM. Doing this and PKCS#7 have been dependant on the distributed
+ x509 heirachy problem. I started implementing my ideas, got
+ distracted writing a CA program and then ran out of time. I provide
+ the functionality of RSAref at least.
+- Re work the asm. code for the x86. I've changed by low level bignum
+ interface again, so I really need to tweak the x86 stuff. gcc is
+ good enough for the other boxes.
+
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
new file mode 100755
index 000000000000..fdad0c238c1a
--- /dev/null
+++ b/crypto/openssl/Configure
@@ -0,0 +1,869 @@
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+ if $running_under_some_shell;
+##
+## Configure -- OpenSSL source tree configuration script
+##
+
+require 5.000;
+use strict;
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+
+# Options:
+#
+# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+# --prefix option is given; /usr/local/ssl otherwise)
+# --prefix prefix for the OpenSSL include, lib and bin directories
+# (Default: the OPENSSLDIR directory)
+#
+# --install_prefix Additional prefix for package builders (empty by
+# default). This needn't be set in advance, you can
+# just as well use "make INSTALL_PREFIX=/whatever install".
+#
+# rsaref use RSAref
+# [no-]threads [don't] try to create a library that is suitable for
+# multithreaded applications (default is "threads" if we
+# know how to do it)
+# no-asm do not use assembler
+# 386 generate 80386 code
+# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through
+#
+# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
+# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
+# dependancies but needs to more registers, good for RISC CPU's
+# DES_RISC2 A different RISC variant.
+# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
+# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
+# This is used on the DEC Alpha where long is 8 bytes
+# and int is 4
+# BN_LLONG use the type 'long long' in crypto/bn/bn.h
+# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
+# array lookups instead of pointer use.
+# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
+# BF_PTR2 intel specific version (generic version is more efficient).
+# MD5_ASM use some extra md5 assember,
+# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM use some extra ripemd160 assember,
+
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+
+# MD2_CHAR slags pentium pros
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
+
+# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
+# Don't worry about these normally
+
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
+#$bits1="SIXTEEN_BIT ";
+#$bits2="THIRTY_TWO_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
+
+my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+
+# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
+
+#config-string CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
+# des_asm:bf_asm
+my %table=(
+#"b", "$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
+#"bl-4c-2c", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
+#"bl-4c-ri", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
+#"b2-is-ri-dp", "$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+
+# Our development configs
+"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
+"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
+"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dist", "cc:-O::(unknown):::::",
+
+# Basic configs that should work on any box
+"gcc", "gcc:-O3::(unknown)::BN_LLONG:::",
+"cc", "cc:-O::(unknown):::::",
+
+#### Solaris x86 setups
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+
+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+# but keep the assembler modules.
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
+####
+"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
+
+#### SPARC Solaris with Sun C setups
+# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+
+#### SPARC Linux setups
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::",
+# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+# !!!Folowing can't be even tested yet!!!
+# We have to wait till 64-bit glibc for SPARC is operational!!!
+#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+
+# Sunos configs, assuming sparc for the gcc one.
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
+
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-[g]cc' manually.
+# -mips4 flag is added by ./config when appropriate.
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+
+# HPUX 9.X config.
+# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
+# egcs. gcc 2.8.1 is also broken.
+
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+# please report your OS and compiler version to the bugs@openssl.org
+# mailing list.
+"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+
+"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux-gcc fails, try this one:
+"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+
+# HPUX 10.X config. Supports threads.
+"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux10-gcc fails, try this one:
+"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+
+# HPUX 11.X from www.globus.org.
+# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+
+# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
+# the new compiler
+# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+
+# assembler versions -- currently defunct:
+##"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
+##"alpha-cc", "cc:-tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"alpha164-cc", "cc:-tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+
+# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
+# bn86-elf.o file file since it is hand tweaked assembler.
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::",
+"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
+"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+
+# UnixWare 2.0
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# IBM's AIX.
+"aix-cc", "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+
+#
+# Cray T90 (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined. The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede@SDSC.EDU>)
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
+# another use. Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+# DGUX, 88100.
+"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+# SCO cc.
+"sco5-cc", "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
+"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# Windows NT, Microsoft Visual C++ 4.0
+
+"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+
+# Borland C++ 4.5
+"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::",
+"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+
+# CygWin32
+# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
+# and its library files in util/pl/*)
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+
+# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+
+# Some OpenBSD from Bob Beck <beck@obtuse.com>
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
+
+);
+
+my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+ BC-16 CygWin32 Mingw32);
+
+my $prefix="";
+my $openssldir="";
+my $install_prefix="";
+my $no_threads=0;
+my $threads=0;
+my $no_asm=0;
+my @skip=();
+my $Makefile="Makefile.ssl";
+my $des_locl="crypto/des/des_locl.h";
+my $des ="crypto/des/des.h";
+my $bn ="crypto/bn/bn.h";
+my $md2 ="crypto/md2/md2.h";
+my $rc4 ="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea ="crypto/idea/idea.h";
+my $rc2 ="crypto/rc2/rc2.h";
+my $bf ="crypto/bf/bf_locl.h";
+my $bn_asm ="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $bf_enc ="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
+my $processor="";
+my $ranlib;
+my $perl;
+
+$ranlib=&which("ranlib") or $ranlib="true";
+$perl=&which("perl5") or $perl=&which("perl") or $perl="perl";
+
+&usage if ($#ARGV < 0);
+
+my $flags="";
+my $depflags="";
+my $libs="";
+my $target="";
+my $options="";
+foreach (@ARGV)
+ {
+ if (/^no-asm$/)
+ {
+ $no_asm=1;
+ $flags .= "-DNO_ASM ";
+ }
+ elsif (/^no-threads$/)
+ { $no_threads=1; }
+ elsif (/^threads$/)
+ { $threads=1; }
+ elsif (/^no-(.+)$/)
+ {
+ my $algo=$1;
+ push @skip,$algo;
+ $algo =~ tr/[a-z]/[A-Z]/;
+ $flags .= "-DNO_$algo ";
+ $depflags .= "-DNO_$algo ";
+ if ($algo eq "DES")
+ {
+ $options .= " no-mdc2";
+ $flags .= "-DNO_MDC2 ";
+ $depflags .= "-DNO_MDC2 ";
+ }
+ }
+ elsif (/^386$/)
+ { $processor=386; }
+ elsif (/^rsaref$/)
+ {
+ $libs.= "-lRSAglue -lrsaref ";
+ $flags.= "-DRSAref ";
+ }
+ elsif (/^[-+]/)
+ {
+ if (/^-[lL](.*)$/)
+ {
+ $libs.=$_." ";
+ }
+ elsif (/^-[^-]/ or /^\+/)
+ {
+ $flags.=$_." ";
+ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+ }
+ elsif (/^--openssldir=(.*)$/)
+ {
+ $openssldir=$1;
+ }
+ elsif (/^--install.prefix=(.*)$/)
+ {
+ $install_prefix=$1;
+ }
+ else
+ {
+ print STDERR $usage;
+ exit(1);
+ }
+ }
+ elsif ($_ =~ /^([^:]+):(.+)$/)
+ {
+ eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+ $target=$1;
+ }
+ else
+ {
+ die "target already defined - $target\n" if ($target ne "");
+ $target=$_;
+ }
+ unless ($_ eq $target) {
+ if ($options eq "") {
+ $options = $_;
+ } else {
+ $options .= " ".$_;
+ }
+ }
+}
+
+if ($target eq "TABLE") {
+ foreach $target (sort keys %table) {
+ print_table_entry($target);
+ }
+ exit 0;
+}
+
+&usage if (!defined($table{$target}));
+
+my $IsWindows=scalar grep /^$target$/,@WinTargets;
+
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+$prefix=$openssldir if $prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /\/$/;
+
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+
+
+print "IsWindows=$IsWindows\n";
+
+(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+ split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+$cflags="$flags$cflags" if ($flags ne "");
+
+my $thread_cflags;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+ {
+ # If we know how to do it, support threads by default.
+ $threads = 1;
+ }
+if ($thread_cflag eq "(unknown)")
+ {
+ # If the user asked for "threads", hopefully they also provided
+ # any system-dependent compiler options that are necessary.
+ $thread_cflags="-DTHREADS $cflags"
+ }
+else
+ {
+ $thread_cflags="-DTHREADS $thread_cflag $cflags"
+ }
+
+$lflags="$libs$lflags"if ($libs ne "");
+
+if ($no_asm)
+ {
+ $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+ $sha1_obj=$md5_obj=$rmd160_obj="";
+ }
+
+if ($threads)
+ {
+ $cflags=$thread_cflags;
+ }
+
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
+
+$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+ {
+# $sha1_obj=$sha1_enc;
+ $cflags.=" -DSHA1_ASM";
+ }
+if ($md5_obj =~ /\.o$/)
+ {
+# $md5_obj=$md5_enc;
+ $cflags.=" -DMD5_ASM";
+ }
+if ($rmd160_obj =~ /\.o$/)
+ {
+# $rmd160_obj=$rmd160_enc;
+ $cflags.=" -DRMD160_ASM";
+ }
+
+my $version = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+ {
+ $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+ }
+close(IN);
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+ {
+ $major=$1;
+ $minor=$2;
+ }
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+my $sdirs=0;
+while (<IN>)
+ {
+ chop;
+ $sdirs = 1 if /^SDIRS=/;
+ if ($sdirs) {
+ my $dir;
+ foreach $dir (@skip) {
+ s/$dir//;
+ }
+ }
+ $sdirs = 0 unless /\\$/;
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
+ s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+ s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+ s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+ s/^PLATFORM=.*$/PLATFORM=$target/;
+ s/^OPTIONS=.*$/OPTIONS=$options/;
+ s/^CC=.*$/CC= $cc/;
+ s/^CFLAG=.*$/CFLAG= $cflags/;
+ s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
+ s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+ s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
+ s/^DES_ENC=.*$/DES_ENC= $des_obj/;
+ s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+ s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+ s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+ s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+ s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+ s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+ s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+ s/^PROCESSOR=.*/PROCESSOR= $processor/;
+ s/^RANLIB=.*/RANLIB= $ranlib/;
+ s/^PERL=.*/PERL= $perl/;
+ print OUT $_."\n";
+ }
+close(IN);
+close(OUT);
+
+print "CC =$cc\n";
+print "CFLAG =$cflags\n";
+print "EX_LIBS =$lflags\n";
+print "BN_ASM =$bn_obj\n";
+print "DES_ENC =$des_obj\n";
+print "BF_ENC =$bf_obj\n";
+print "CAST_ENC =$cast_obj\n";
+print "RC4_ENC =$rc4_obj\n";
+print "RC5_ENC =$rc5_obj\n";
+print "MD5_OBJ_ASM =$md5_obj\n";
+print "SHA1_OBJ_ASM =$sha1_obj\n";
+print "RMD160_OBJ_ASM=$rmd160_obj\n";
+print "PROCESSOR =$processor\n";
+print "RANLIB =$ranlib\n";
+print "PERL =$perl\n";
+
+my $des_ptr=0;
+my $des_risc1=0;
+my $des_risc2=0;
+my $des_unroll=0;
+my $bn_ll=0;
+my $def_int=2;
+my $rc4_int=$def_int;
+my $md2_int=$def_int;
+my $idea_int=$def_int;
+my $rc2_int=$def_int;
+my $rc4_idx=0;
+my $bf_ptr=0;
+my @type=("char","short","int","long");
+my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+
+my $des_int;
+
+foreach (sort split(/\s+/,$bn_ops))
+ {
+ $des_ptr=1 if /DES_PTR/;
+ $des_risc1=1 if /DES_RISC1/;
+ $des_risc2=1 if /DES_RISC2/;
+ $des_unroll=1 if /DES_UNROLL/;
+ $des_int=1 if /DES_INT/;
+ $bn_ll=1 if /BN_LLONG/;
+ $rc4_int=0 if /RC4_CHAR/;
+ $rc4_int=3 if /RC4_LONG/;
+ $rc4_idx=1 if /RC4_INDEX/;
+ $md2_int=0 if /MD2_CHAR/;
+ $md2_int=3 if /MD2_LONG/;
+ $idea_int=1 if /IDEA_SHORT/;
+ $idea_int=3 if /IDEA_LONG/;
+ $rc2_int=1 if /RC2_SHORT/;
+ $rc2_int=3 if /RC2_LONG/;
+ $bf_ptr=1 if $_ eq "BF_PTR";
+ $bf_ptr=2 if $_ eq "BF_PTR2";
+ ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
+ ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
+ ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
+ ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
+ ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+ }
+
+open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
+open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
+while (<IN>)
+ {
+ if (/^#define\s+OPENSSLDIR/)
+ { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+ elsif (/^#define\s+OPENSSL_UNISTD/)
+ {
+ $unistd = "<unistd.h>" if $unistd eq "";
+ print OUT "#define OPENSSL_UNISTD $unistd\n";
+ }
+ elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+ { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
+ { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
+ { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/)
+ { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+EIGHT_BIT/)
+ { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
+ elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
+ { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
+ elsif (/^\#define\s+DES_LONG\s+.*/)
+ { printf OUT "#define DES_LONG unsigned %s\n",
+ ($des_int)?'int':'long'; }
+ elsif (/^\#(define|undef)\s+DES_PTR/)
+ { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
+ elsif (/^\#(define|undef)\s+DES_RISC1/)
+ { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
+ elsif (/^\#(define|undef)\s+DES_RISC2/)
+ { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
+ elsif (/^\#(define|undef)\s+DES_UNROLL/)
+ { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
+ elsif (/^#define\s+RC4_INT\s/)
+ { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
+ elsif (/^#((define)|(undef))\s+RC4_INDEX/)
+ { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
+ elsif (/^#(define|undef)\s+I386_ONLY/)
+ { printf OUT "#%s I386_ONLY\n", ($processor == 386)?
+ "define":"undef"; }
+ elsif (/^#define\s+MD2_INT\s/)
+ { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
+ elsif (/^#define\s+IDEA_INT\s/)
+ {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
+ elsif (/^#define\s+RC2_INT\s/)
+ {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
+ elsif (/^#(define|undef)\s+BF_PTR/)
+ {
+ printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
+ printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
+ printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
+ }
+ else
+ { print OUT $_; }
+ }
+close(IN);
+close(OUT);
+
+
+# Fix the date
+
+print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
+print "SIXTY_FOUR_BIT mode\n" if $b64;
+print "THIRTY_TWO_BIT mode\n" if $b32;
+print "SIXTEEN_BIT mode\n" if $b16;
+print "EIGHT_BIT mode\n" if $b8;
+print "DES_PTR used\n" if $des_ptr;
+print "DES_RISC1 used\n" if $des_risc1;
+print "DES_RISC2 used\n" if $des_risc2;
+print "DES_UNROLL used\n" if $des_unroll;
+print "DES_INT used\n" if $des_int;
+print "BN_LLONG mode\n" if $bn_ll;
+print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
+print "RC4_INDEX mode\n" if $rc4_idx;
+print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
+print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
+print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
+print "BF_PTR used\n" if $bf_ptr == 1;
+print "BF_PTR2 used\n" if $bf_ptr == 2;
+
+if($IsWindows) {
+ open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+ printf OUT <<EOF;
+#ifndef MK1MF_BUILD
+ /* auto-generated by Configure for crypto/cversion.c:
+ * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+ * Windows builds (and other mk1mf builds) compile cversion.c with
+ * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
+ #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
+#endif
+EOF
+ close(OUT);
+
+ system "perl crypto/objects/obj_dat.pl <crypto\\objects\\objects.h >crypto\\objects\\obj_dat.h";
+} else {
+ (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
+ ### (system 'make depend') == 0 or exit $? if $depflags ne "";
+ # Run "make depend" manually if you want to be able to delete
+ # the source code files of ciphers you left out.
+ &dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',);
+ if ( $perl =~ m@^/@) {
+ &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+ } else {
+ # No path for Perl known ...
+ &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+ }
+}
+
+my $pwd;
+
+if($IsWindows) {
+ $pwd="(current directory)";
+} else {
+ $pwd =`pwd`;
+ chop($pwd);
+}
+print <<EOF;
+
+NOTE: The OpenSSL header files have been moved from include/*.h
+to include/openssl/*.h. To include OpenSSL header files, now
+directives of the form
+ #include <openssl/foo.h>
+should be used instead of #include <foo.h>.
+These new file locations allow installing the OpenSSL header
+files in /usr/local/include/openssl/ and should help avoid
+conflicts with other libraries.
+
+To compile programs that use the old form <foo.h>,
+usually an additional compiler option will suffice: E.g., add
+ -I$prefix/include/openssl
+or
+ -I$pwd/include/openssl
+to the CFLAGS in the Makefile of the program that you want to compile
+(and leave all the original -I...'s in place!).
+
+Please make sure that no old OpenSSL header files are around:
+The include directory should now be empty except for the openssl
+subdirectory.
+
+EOF
+
+print <<\EOF if (!$no_threads && !$threads);
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+
+EOF
+
+exit(0);
+
+sub usage
+ {
+ print STDERR $usage;
+ print STDERR "pick os/compiler from:";
+ my $j=0;
+ my $i;
+ foreach $i (sort keys %table)
+ {
+ next if $i =~ /^debug/;
+ print STDERR "\n" if ($j++ % 4) == 0;
+ printf(STDERR "%-18s ",$i);
+ }
+ foreach $i (sort keys %table)
+ {
+ next if $i !~ /^debug/;
+ print STDERR "\n" if ($j++ % 4) == 0;
+ printf(STDERR "%-18s ",$i);
+ }
+ print STDERR "\n";
+ exit(1);
+ }
+
+sub which
+ {
+ my($name)=@_;
+ my $path;
+ foreach $path (split /:/, $ENV{PATH})
+ {
+ if (-f "$path/$name" and -x _)
+ {
+ return "$path/$name" unless ($name eq "perl" and
+ system("$path/$name -e " . '\'exit($]<5.0);\''));
+ }
+ }
+ }
+
+sub dofile
+ {
+ my $f; my $p; my %m; my @a; my $k; my $ff;
+ ($f,$p,%m)=@_;
+
+ open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
+ @a=<IN>;
+ close(IN);
+ foreach $k (keys %m)
+ {
+ grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
+ }
+ ($ff=$f) =~ s/\..*$//;
+ open(OUT,">$ff.new") || die "unable to open $f:$!\n";
+ print OUT @a;
+ close(OUT);
+ rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
+ rename("$ff.new",$f) || die "unable to rename $ff.new\n";
+ }
+
+sub print_table_entry
+ {
+ my $target = shift;
+
+ (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
+ my $bn_obj,my $des_obj,my $bf_obj,
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+ split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+
+ print <<EOF
+
+*** $target
+\$cc = $cc
+\$cflags = $cflags
+\$unistd = $unistd
+\$thread_cflag = $thread_cflag
+\$lflags = $lflags
+\$bn_ops = $bn_ops
+\$bn_obj = $bn_obj
+\$des_obj = $des_obj
+\$bf_obj = $bf_obj
+\$md5_obj = $md5_obj
+\$sha1_obj = $sha1_obj
+\$cast_obj = $cast_obj
+\$rc4_obj = $rc4_obj
+\$rmd160_obj = $rmd160_obj
+\$rc5_obj = $rc5_obj
+EOF
+ }
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
new file mode 100644
index 000000000000..6066fddc4a15
--- /dev/null
+++ b/crypto/openssl/INSTALL
@@ -0,0 +1,387 @@
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
+ and INSTALL.VMS for installing on OpenVMS systems.]
+
+ To install OpenSSL, you will need:
+
+ * Perl 5
+ * an ANSI C compiler
+ * a supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+ $ ./config
+ $ make
+ $ make test
+ $ make install
+
+ [If any of these steps fails, see section Installation in Detail below.]
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
+
+ $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config to customize the build:
+
+ --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
+ Configuration files used by OpenSSL will be in DIR/ssl
+ or the directory specified by --openssldir.
+
+ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+ the library files and binaries are also installed there.
+
+ rsaref Build with RSADSI's RSAREF toolkit (this assumes that
+ librsaref.a is in the library search path).
+
+ no-threads Don't try to build with support for multi-threaded
+ applications.
+
+ threads Build with support for multi-threaded applications.
+ This will usually require additional system-dependent options!
+ See "Note on multi-threading" below.
+
+ no-asm Do not use assembler code.
+
+ 386 Use the 80386 instruction set only (the default x86 code is
+ more efficient, but requires at least a 486).
+
+ no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
+ hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+ The crypto/<cipher> directory can be removed after running
+ "make depend".
+
+ -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+ be passed through to the compiler to allow you to
+ define preprocessor symbols, specify additional libraries,
+ library directories or other compiler options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+ $ ./config [options]
+
+ This guesses at your operating system (and compiler, if necessary) and
+ configures OpenSSL based on this guess. Run ./config -t to see
+ if it guessed correctly. If it did not get it correct or you want to
+ use a different compiler then go to step 1b. Otherwise go to step 2.
+
+ On some systems, you can include debugging information as follows:
+
+ $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+ OpenSSL knows about a range of different operating system, hardware and
+ compiler combinations. To see the ones it knows about, run
+
+ $ ./Configure
+
+ Pick a suitable name from the list that matches your system. For most
+ operating systems there is a choice between using "cc" or "gcc". When
+ you have identified your system (and if necessary compiler) use this name
+ as the argument to ./Configure. For example, a "linux-elf" user would
+ run:
+
+ $ ./Configure linux-elf [options]
+
+ If your system is not available, you will have to edit the Configure
+ program and add the correct configuration for your system. The
+ generic configurations "cc" or "gcc" should usually work.
+
+ Configure creates the file Makefile.ssl from Makefile.org and
+ defines various macros in crypto/opensslconf.h (generated from
+ crypto/opensslconf.h.in).
+
+ 2. Build OpenSSL by running:
+
+ $ make
+
+ This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+ OpenSSL binary ("openssl"). The libraries will be built in the top-level
+ directory, and the binary will be in the "apps" directory.
+
+ If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
+ Include the output of "./config -t" and the OpenSSL version
+ number in your message.
+
+ [If you encounter assembler error messages, try the "no-asm"
+ configuration option as an immediate fix. Note that on Solaris x86
+ (not on Sparcs!) you may have to install the GNU assembler to use
+ OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
+
+ Compiling parts of OpenSSL with gcc and others with the system
+ compiler will result in unresolved symbols on some systems.
+
+ 3. After a successful build, the libraries should be tested. Run:
+
+ $ make test
+
+ If a test fails, try removing any compiler optimization flags from
+ the CFLAGS line in Makefile.ssl and run "make clean; make". Please
+ send a bug report to <openssl-bugs@openssl.org>, including the
+ output of "openssl version -a" and of the failed test.
+
+ 4. If everything tests ok, install OpenSSL with
+
+ $ make install
+
+ This will create the installation directory (if it does not exist) and
+ then the following subdirectories:
+
+ certs Initially empty, this is the default location
+ for certificate files.
+ misc Various scripts.
+ private Initially empty, this is the default location
+ for private key files.
+
+ If you didn't chose a different installation prefix, the
+ following additional subdirectories will be created:
+
+ bin Contains the openssl binary and a few other
+ utility programs.
+ include/openssl Contains the header files needed if you want to
+ compile programs with libcrypto or libssl.
+ lib Contains the OpenSSL library files themselves.
+
+ Package builders who want to configure the library for standard
+ locations, but have the package installed somewhere else so that
+ it can easily be packaged, can use
+
+ $ make INSTALL_PREFIX=/tmp/package-root install
+
+ (or specify "--install_prefix=/tmp/package-root" as a configure
+ option). The specified prefix will be prepended to all
+ installation target filenames.
+
+
+ NOTE: The header files used to reside directly in the include
+ directory, but have now been moved to include/openssl so that
+ OpenSSL can co-exist with other libraries which use some of the
+ same filenames. This means that applications that use OpenSSL
+ should now use C preprocessor directives of the form
+
+ #include <openssl/ssl.h>
+
+ instead of "#include <ssl.h>", which was used with library versions
+ up to OpenSSL 0.9.2b.
+
+ If you install a new version of OpenSSL over an old library version,
+ you should delete the old header files in the include directory.
+
+ Compatibility issues:
+
+ * COMPILING existing applications
+
+ To compile an application that uses old filenames -- e.g.
+ "#include <ssl.h>" --, it will usually be enough to find
+ the CFLAGS definition in the application's Makefile and
+ add a C option such as
+
+ -I/usr/local/ssl/include/openssl
+
+ to it.
+
+ But don't delete the existing -I option that points to
+ the ..../include directory! Otherwise, OpenSSL header files
+ could not #include each other.
+
+ * WRITING applications
+
+ To write an application that is able to handle both the new
+ and the old directory layout, so that it can still be compiled
+ with library versions up to OpenSSL 0.9.2b without bothering
+ the user, you can proceed as follows:
+
+ - Always use the new filename of OpenSSL header files,
+ e.g. #include <openssl/ssl.h>.
+
+ - Create a directory "incl" that contains only a symbolic
+ link named "openssl", which points to the "include" directory
+ of OpenSSL.
+ For example, your application's Makefile might contain the
+ following rule, if OPENSSLDIR is a pathname (absolute or
+ relative) of the directory where OpenSSL resides:
+
+ incl/openssl:
+ -mkdir incl
+ cd $(OPENSSLDIR) # Check whether the directory really exists
+ -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+ You will have to add "incl/openssl" to the dependencies
+ of those C files that include some OpenSSL header file.
+
+ - Add "-Iincl" to your CFLAGS.
+
+ With these additions, the OpenSSL header files will be available
+ under both name variants if an old library version is used:
+ Your application can reach them under names like <openssl/foo.h>,
+ while the header files still are able to #include each other
+ with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications. On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.) The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+--------------------------------------------------------------------------------
+The orignal Unix build instructions from SSLeay follow.
+Note: some of this may be out of date and no longer applicable
+--------------------------------------------------------------------------------
+
+# When bringing the SSLeay distribution back from the evil intel world
+# of Windows NT, do the following to make it nice again under unix :-)
+# You don't normally need to run this.
+sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
+
+# If you have perl, and it is not in /usr/local/bin, you can run
+perl util/perlpath.pl /new/path
+# and this will fix the paths in all the scripts. DO NOT put
+# /new/path/perl, just /new/path. The build
+# environment always run scripts as 'perl perlscript.pl' but some of the
+# 'applications' are easier to usr with the path fixed.
+
+# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
+# to set the install locations if you don't like
+# the default location of /usr/local/ssl
+# Do this by running
+perl util/ssldir.pl /new/ssl/home
+# if you have perl, or by hand if not.
+
+# If things have been stuffed up with the sym links, run
+make -f Makefile.ssl links
+# This will re-populate lib/include with symlinks and for each
+# directory, link Makefile to Makefile.ssl
+
+# Setup the machine dependent stuff for the top level makefile
+# and some select .h files
+# If you don't have perl, this will bomb, in which case just edit the
+# top level Makefile.ssl
+./Configure 'system type'
+
+# The 'Configure' command contains default configuration parameters
+# for lots of machines. Configure edits 5 lines in the top level Makefile
+# It modifies the following values in the following files
+Makefile.ssl CC CFLAG EX_LIBS BN_MULW
+crypto/des/des.h DES_LONG
+crypto/des/des_locl.h DES_PTR
+crypto/md2/md2.h MD2_INT
+crypto/rc4/rc4.h RC4_INT
+crypto/rc4/rc4_enc.c RC4_INDEX
+crypto/rc2/rc2.h RC2_INT
+crypto/bf/bf_locl.h BF_INT
+crypto/idea/idea.h IDEA_INT
+crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
+ SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
+ SIXTEEN_BIT or EIGHT_BIT)
+Please remember that all these files are actually copies of the file with
+a .org extention. So if you change crypto/des/des.h, the next time
+you run Configure, it will be runover by a 'configured' version of
+crypto/des/des.org. So to make the changer the default, change the .org
+files. The reason these files have to be edited is because most of
+these modifications change the size of fundamental data types.
+While in theory this stuff is optional, it often makes a big
+difference in performance and when using assember, it is importaint
+for the 'Bignum bits' match those required by the assember code.
+A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
+flag to use the hardware multiply instruction which was not present in
+earlier versions of the sparc CPU. I define it by default. If you
+have an old sparc, and it crashes, try rebuilding with this flag
+removed. I am leaving this flag on by default because it makes
+things run 4 times faster :-)
+
+# clean out all the old stuff
+make clean
+
+# Do a make depend only if you have the makedepend command installed
+# This is not needed but it does make things nice when developing.
+make depend
+
+# make should build everything
+make
+
+# fix up the demo certificate hash directory if it has been stuffed up.
+make rehash
+
+# test everything
+make test
+
+# install the lot
+make install
+
+# It is worth noting that all the applications are built into the one
+# program, ssleay, which is then has links from the other programs
+# names to it.
+# The applicatons can be built by themselves, just don't define the
+# 'MONOLITH' flag. So to build the 'enc' program stand alone,
+gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
+
+# Other useful make options are
+make makefile.one
+# which generate a 'makefile.one' file which will build the complete
+# SSLeay distribution with temp. files in './tmp' and 'installable' files
+# in './out'
+
+# Have a look at running
+perl util/mk1mf.pl help
+# this can be used to generate a single makefile and is about the only
+# way to generate makefiles for windows.
+
+# There is actually a final way of building SSLeay.
+gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
+gcc -O2 -c -Issl -Iinclude ssl/ssl.c
+# and you now have the 2 libraries as single object files :-).
+# If you want to use the assember code for your particular platform
+# (DEC alpha/x86 are the main ones, the other assember is just the
+# output from gcc) you will need to link the assember with the above generated
+# object file and also do the above compile as
+gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
+
+This last option is probably the best way to go when porting to another
+platform or building shared libraries. It is not good for development so
+I don't normally use it.
+
+To build shared libararies under unix, have a look in shlib, basically
+you are on your own, but it is quite easy and all you have to do
+is compile 2 (or 3) files.
+
+For mult-threading, have a read of doc/threads.doc. Again it is quite
+easy and normally only requires some extra callbacks to be defined
+by the application.
+The examples for solaris and windows NT/95 are in the mt directory.
+
+have fun
+
+eric 25-Jun-1997
+
+IRIX 5.x will build as a 32 bit system with mips1 assember.
+IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
+to n32 standards. In theory you can compile the 64 bit assember under
+IRIX 5.x but you will have to have the correct system software installed.
diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE
new file mode 100644
index 000000000000..b9e18d5e7bf3
--- /dev/null
+++ b/crypto/openssl/LICENSE
@@ -0,0 +1,127 @@
+
+ LICENSE ISSUES
+ ==============
+
+ The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+ the OpenSSL License and the original SSLeay license apply to the toolkit.
+ See below for the actual license texts. Actually both licenses are BSD-style
+ Open Source licenses. In case of any license issues related to OpenSSL
+ please contact openssl-core@openssl.org.
+
+ OpenSSL License
+ ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
new file mode 100644
index 000000000000..2def579c264e
--- /dev/null
+++ b/crypto/openssl/Makefile.org
@@ -0,0 +1,351 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+PLATFORM=dist
+OPTIONS=
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# RSAref - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+# SSLv3 anon-DH ciphers.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+DEPFLAG=
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS=
+AR=ar r
+RANLIB= ranlib
+PERL= perl
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o # elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o # SGI MIPS cpu
+#BN_ASM= asm/sparc.o # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
+
+DIRS= crypto ssl rsaref apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS= \
+ md2 md5 sha mdc2 hmac ripemd \
+ des rc2 rc4 rc5 idea bf cast \
+ bn rsa dsa dh \
+ buffer bio stack lhash rand err objects \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+
+MAKEFILE= Makefile.ssl
+MAKE= make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os.h e_os2.h
+HEADER= e_os.h
+
+all: Makefile.ssl
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making all in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ done
+ -@# cd perl; $(PERL) Makefile.PL; make
+
+sub_all:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making all in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ done;
+
+linux-shared:
+ for i in ${SHLIBDIRS}; do \
+ rm -f lib$$i.a lib$$i.so \
+ lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+ ${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+ ( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+ -Wl,-S,-soname=lib$$i.so.${MAJOR} \
+ -Wl,--whole-archive lib$$i.a \
+ -Wl,--no-whole-archive -lc ) || exit 1; \
+ rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+ done;
+ @set -x; \
+ for i in ${SHLIBDIRS}; do \
+ ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
+ ln -s lib$$i.so.${MAJOR} lib$$i.so; \
+ done;
+
+Makefile.ssl: Makefile.org
+ @echo "Makefile.ssl is older than Makefile.org."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.a */lib */*/lib
+
+clean:
+ rm -f shlib/*.o *.o core a.out fluff *.map
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making clean in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+ rm -f $(LIBS); \
+ done;
+ rm -f *.a *.o speed.* *.map *.so .pure core
+ rm -f $(TARFILE)
+ @for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making 'files' in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+ done;
+
+links:
+ @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @for i in $(DIRS); do \
+ (cd $$i && echo "making links in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+ done;
+
+dclean:
+ rm -f *.bak
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making dclean in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+ done;
+
+rehash:
+ @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+ @apps/openssl version -a
+
+depend:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making dependencies $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+ done;
+
+lint:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making lint $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+ done;
+
+tags:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making tags $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+ done;
+
+errors:
+ perl util/mkerr.pl -recurse -write
+
+util/libeay.num::
+ perl util/mkdef.pl crypto update
+
+util/ssleay.num::
+ perl util/mkdef.pl ssl update
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ perl Configure TABLE) > TABLE
+
+update: depend errors util/libeay.num util/ssleay.num TABLE
+
+tar:
+ @tar --norecurse -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ ls -l ../$(TARFILE).gz
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/lib
+ @for i in $(EXHEADER) ;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i; echo "installing $$i..."; \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+ done
+ @for i in $(LIBS) ;\
+ do \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
new file mode 100644
index 000000000000..a72cbbb40c83
--- /dev/null
+++ b/crypto/openssl/Makefile.ssl
@@ -0,0 +1,351 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=0.9.4
+MAJOR=0
+MINOR=9.4
+PLATFORM=dist
+OPTIONS=
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# RSAref - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+# SSLv3 anon-DH ciphers.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= cc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -O
+DEPFLAG=
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS=
+AR=ar r
+RANLIB= /usr/bin/ranlib
+PERL= /usr/local/bin/perl5
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o # elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o # SGI MIPS cpu
+#BN_ASM= asm/sparc.o # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= des_enc.o fcrypt_b.o
+#DES_ENC= des_enc.o fcrypt_b.o # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= bf_enc.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= c_enc.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= rc4_enc.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= rc5_enc.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ=
+#MD5_ASM_OBJ= asm/mx86-elf.o # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ=
+#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ=
+#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
+
+DIRS= crypto ssl rsaref apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS= \
+ md2 md5 sha mdc2 hmac ripemd \
+ des rc2 rc4 rc5 idea bf cast \
+ bn rsa dsa dh \
+ buffer bio stack lhash rand err objects \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+
+MAKEFILE= Makefile.ssl
+MAKE= make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os.h e_os2.h
+HEADER= e_os.h
+
+all: Makefile.ssl
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making all in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ done
+ -@# cd perl; $(PERL) Makefile.PL; make
+
+sub_all:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making all in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ done;
+
+linux-shared:
+ for i in ${SHLIBDIRS}; do \
+ rm -f lib$$i.a lib$$i.so \
+ lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+ ${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+ ( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+ -Wl,-S,-soname=lib$$i.so.${MAJOR} \
+ -Wl,--whole-archive lib$$i.a \
+ -Wl,--no-whole-archive -lc ) || exit 1; \
+ rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+ done;
+ @set -x; \
+ for i in ${SHLIBDIRS}; do \
+ ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
+ ln -s lib$$i.so.${MAJOR} lib$$i.so; \
+ done;
+
+Makefile.ssl: Makefile.org
+ @echo "Makefile.ssl is older than Makefile.org."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.a */lib */*/lib
+
+clean:
+ rm -f shlib/*.o *.o core a.out fluff *.map
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making clean in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+ rm -f $(LIBS); \
+ done;
+ rm -f *.a *.o speed.* *.map *.so .pure core
+ rm -f $(TARFILE)
+ @for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making 'files' in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+ done;
+
+links:
+ @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @for i in $(DIRS); do \
+ (cd $$i && echo "making links in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+ done;
+
+dclean:
+ rm -f *.bak
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making dclean in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+ done;
+
+rehash:
+ @(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+ @apps/openssl version -a
+
+depend:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making dependencies $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+ done;
+
+lint:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making lint $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+ done;
+
+tags:
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i && echo "making tags $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+ done;
+
+errors:
+ perl util/mkerr.pl -recurse -write
+
+util/libeay.num::
+ perl util/mkdef.pl crypto update
+
+util/ssleay.num::
+ perl util/mkdef.pl ssl update
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ perl Configure TABLE) > TABLE
+
+update: depend errors util/libeay.num util/ssleay.num TABLE
+
+tar:
+ @tar --norecurse -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ ls -l ../$(TARFILE).gz
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/lib
+ @for i in $(EXHEADER) ;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @for i in $(DIRS) ;\
+ do \
+ (cd $$i; echo "installing $$i..."; \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+ done
+ @for i in $(LIBS) ;\
+ do \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
new file mode 100644
index 000000000000..c152b7155d8f
--- /dev/null
+++ b/crypto/openssl/NEWS
@@ -0,0 +1,65 @@
+
+ NEWS
+ ====
+
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
+ Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+
+ o Transparent support for PKCS#8 format private keys: these are used
+ by several software packages and are more secure than the standard
+ form
+ o PKCS#5 v2.0 implementation
+ o Password callbacks have a new void * argument for application data
+ o Avoid various memory leaks
+ o New pipe-like BIO that allows using the SSL library when actual I/O
+ must be handled by the application (BIO pair)
+
+ Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+ o Lots of enhancements and cleanups to the Configuration mechanism
+ o RSA OEAP related fixes
+ o Added `openssl ca -revoke' option for revoking a certificate
+ o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+ o Source tree cleanups: removed lots of obsolete files
+ o Thawte SXNet, certificate policies and CRL distribution points
+ extension support
+ o Preliminary (experimental) S/MIME support
+ o Support for ASN.1 UTF8String and VisibleString
+ o Full integration of PKCS#12 code
+ o Sparc assembler bignum implementation, optimized hash functions
+ o Option to disable selected ciphers
+
+ Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+ o Fixed a security hole related to session resumption
+ o Fixed RSA encryption routines for the p < q case
+ o "ALL" in cipher lists now means "everything except NULL ciphers"
+ o Support for Triple-DES CBCM cipher
+ o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+ o First support for new TLSv1 ciphers
+ o Added a few new BIOs (syslog BIO, reliable BIO)
+ o Extended support for DSA certificate/keys.
+ o Extended support for Certificate Signing Requests (CSR)
+ o Initial support for X.509v3 extensions
+ o Extended support for compression inside the SSL record layer
+ o Overhauled Win32 builds
+ o Cleanups and fixes to the Big Number (BN) library
+ o Support for ASN.1 GeneralizedTime
+ o Splitted ASN.1 SETs from SEQUENCEs
+ o ASN1 and PEM support for Netscape Certificate Sequences
+ o Overhauled Perl interface
+ o Lots of source tree cleanups.
+ o Lots of memory leak fixes.
+ o Lots of bug fixes.
+
+ Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+ o Integration of the popular NO_RSA/NO_DSA patches
+ o Initial support for compression inside the SSL record layer
+ o Added BIO proxy and filtering functionality
+ o Extended Big Number (BN) library
+ o Added RIPE MD160 message digest
+ o Addeed support for RC2/64bit cipher
+ o Extended ASN.1 parser routines
+ o Adjustations of the source tree for CVS
+ o Support for various new platforms
+
diff --git a/crypto/openssl/README b/crypto/openssl/README
new file mode 100644
index 000000000000..d7682e8a2f64
--- /dev/null
+++ b/crypto/openssl/README
@@ -0,0 +1,205 @@
+
+ OpenSSL 0.9.4 09 Aug 1999
+
+ Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL toolkit and its related documentation.
+
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+ Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+ both SSLv2, SSLv3 and TLSv1 in the one server and client.
+
+ libcrypto.a:
+ General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+ actually logically part of it. It includes routines for the following:
+
+ Ciphers
+ libdes - EAY's libdes DES encryption package which has been floating
+ around the net for a few years. It includes 15
+ 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+ cbc, cfb and ofb; pcbc and a more general form of cfb and
+ ofb) including desx in cbc mode, a fast crypt(3), and
+ routines to read passwords from the keyboard.
+ RC4 encryption,
+ RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
+
+ Digests
+ MD5 and MD2 message digest algorithms, fast implementations,
+ SHA (SHA-0) and SHA-1 message digest algorithms,
+ MDC2 message digest. A DES based hash that is popular on smart cards.
+
+ Public Key
+ RSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ DSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ Diffie-Hellman key-exchange/key generation.
+ There is no limit on the number of bits.
+
+ X.509v3 certificates
+ X509 encoding/decoding into/from binary ASN1 and a PEM
+ based ascii-binary encoding which supports encryption with a
+ private key. Program to generate RSA and DSA certificate
+ requests and to generate RSA and DSA certificates.
+
+ Systems
+ The normal digital envelope routines and base64 encoding. Higher
+ level access to ciphers and digests by name. New ciphers can be
+ loaded at run time. The BIO io system which is a simple non-blocking
+ IO abstraction. Current methods supported are file descriptors,
+ sockets, socket accept, socket connect, memory buffer, buffering, SSL
+ client/server, file pointer, encryption, digest, non-blocking testing
+ and null.
+
+ Data structures
+ A dynamically growing hashing system
+ A simple stack.
+ A Configuration loader that uses a format similar to MS .ini files.
+
+ openssl:
+ A command line tool which provides the following functions:
+
+ enc - a general encryption program that can encrypt/decrypt using
+ one of 17 different cipher/mode combinations. The
+ input/output can also be converted to/from base64
+ ascii encoding.
+ dgst - a generate message digesting program that will generate
+ message digests for any of md2, md5, sha (sha-0 or sha-1)
+ or mdc2.
+ asn1parse - parse and display the structure of an asn1 encoded
+ binary file.
+ rsa - Manipulate RSA private keys.
+ dsa - Manipulate DSA private keys.
+ dh - Manipulate Diffie-Hellman parameter files.
+ dsaparam- Manipulate and generate DSA parameter files.
+ crl - Manipulate certificate revocation lists.
+ crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+ x509 - Manipulate x509 certificates, self-sign certificates.
+ req - Manipulate PKCS#10 certificate requests and also
+ generate certificate requests.
+ genrsa - Generates an arbitrary sized RSA private key.
+ gendsa - Generates DSA parameters.
+ gendh - Generates a set of Diffie-Hellman parameters, the prime
+ will be a strong prime.
+ ca - Create certificates from PKCS#10 certificate requests.
+ This program also maintains a database of certificates
+ issued.
+ verify - Check x509 certificate signatures.
+ speed - Benchmark OpenSSL's ciphers.
+ s_server- A test SSL server.
+ s_client- A test SSL client.
+ s_time - Benchmark SSL performance of SSL server programs.
+ errstr - Convert from OpenSSL hex error codes to a readable form.
+ nseq - Netscape certificate sequence utility
+
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country. The file contains some of the patents that we know about or are
+ rumoured to exist. This is not a definitive list.
+
+ RSA Data Security holds software patents on the RSA and RC5 algorithms. If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licensing conditions. Their web page is
+ http://www.rsa.com/.
+
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission.
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
+ be contacted if that algorithm is to be used, their web page is
+ http://www.ascom.ch/.
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file. For
+ a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
+ INSTALL.VMS.
+
+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
+
+ Read the documentation in the doc/ directory. It is quite rough, but it
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.
+
+ SUPPORT
+ -------
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+ - Remove ASM versions of libraries
+ - Remove compiler optimisation flags
+ - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
+ before you try to debug things)
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+ OpenSSL Details
+ - Version, most of these details can be got from the
+ 'openssl version -a' command.
+ Operating System Details
+ - On Unix systems: Output of './config -t'
+ - OS Name, Version
+ - Hardware platform
+ Compiler Details
+ - Name
+ - Version
+ Application Details
+ - Name
+ - Version
+ Problem Description
+ - include steps that will reproduce the problem (if known)
+ Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+ openssl-bugs@openssl.org
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org.
+ Please be sure to include a textual explanation of what your patch
+ does.
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -urN openssl-orig openssl-work > mydiffs.patch
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
new file mode 100755
index 000000000000..7c023ae71f66
--- /dev/null
+++ b/crypto/openssl/apps/CA.pl
@@ -0,0 +1,153 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+ system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Certificate (and private key) is in newreq.pem\n"
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newca$/) {
+ # if explictly asked for or it doesn't exist then setup the
+ # directory structure that Eric likes to manage things
+ $NEW="1";
+ if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+ # create the directory hierarchy
+ mkdir $CATOP, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/serial";
+ print OUT "01\n";
+ close OUT;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ }
+ if ( ! -f "${CATOP}/private/$CAKEY" ) {
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = <STDIN>;
+
+ chop $FILE;
+
+ # ask user for existing CA certificate
+ if ($FILE) {
+ cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ $RET=$?;
+ } else {
+ print "Making CA certificate ...\n";
+ system ("$REQ -new -x509 -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+ $RET=$?;
+ }
+ }
+ } elsif (/^-xsign$/) {
+ system ("$CA -policy policy_anything -infiles newreq.pem");
+ $RET=$?;
+ } elsif (/^(-sign|-signreq)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles newreq.pem");
+ $RET=$?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-signcert$/) {
+ system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+ "-out tmp.pem");
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles tmp.pem");
+ $RET = $?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-verify$/) {
+ if (shift) {
+ foreach $j (@ARGV) {
+ system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+ $RET=$? if ($? != 0);
+ }
+ exit $RET;
+ } else {
+ system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+ $RET=$?;
+ exit 0;
+ }
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 1;
+ }
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+ $flag = 1 if (/^-----BEGIN.*$bound/) ;
+ print OUT $_ if ($flag);
+ if (/^-----END.*$bound/) {
+ close IN;
+ close OUT;
+ return;
+ }
+}
+}
+
diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh
new file mode 100644
index 000000000000..728f5bf4d84e
--- /dev/null
+++ b/crypto/openssl/apps/CA.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+DAYS="-days 365"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"
+
+CATOP=./demoCA
+CAKEY=./cakey.pem
+CACERT=./cacert.pem
+
+for i
+do
+case $i in
+-\?|-h|-help)
+ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
+ exit 0
+ ;;
+-newcert)
+ # create a certificate
+ $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+ RET=$?
+ echo "Certificate (and private key) is in newreq.pem"
+ ;;
+-newreq)
+ # create a certificate request
+ $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+ RET=$?
+ echo "Request (and private key) is in newreq.pem"
+ ;;
+-newca)
+ # if explictly asked for or it doesn't exist then setup the directory
+ # structure that Eric likes to manage things
+ NEW="1"
+ if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
+ # create the directory hierarchy
+ mkdir ${CATOP}
+ mkdir ${CATOP}/certs
+ mkdir ${CATOP}/crl
+ mkdir ${CATOP}/newcerts
+ mkdir ${CATOP}/private
+ echo "01" > ${CATOP}/serial
+ touch ${CATOP}/index.txt
+ fi
+ if [ ! -f ${CATOP}/private/$CAKEY ]; then
+ echo "CA certificate filename (or enter to create)"
+ read FILE
+
+ # ask user for existing CA certificate
+ if [ "$FILE" ]; then
+ cp $FILE ${CATOP}/private/$CAKEY
+ RET=$?
+ else
+ echo "Making CA certificate ..."
+ $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
+ -out ${CATOP}/$CACERT $DAYS
+ RET=$?
+ fi
+ fi
+ ;;
+-xsign)
+ $CA -policy policy_anything -infiles newreq.pem
+ RET=$?
+ ;;
+-sign|-signreq)
+ $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+ RET=$?
+ cat newcert.pem
+ echo "Signed certificate is in newcert.pem"
+ ;;
+-signcert)
+ echo "Cert passphrase will be requested twice - bug?"
+ $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+ $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+ cat newcert.pem
+ echo "Signed certificate is in newcert.pem"
+ ;;
+-verify)
+ shift
+ if [ -z "$1" ]; then
+ $VERIFY -CAfile $CATOP/$CACERT newcert.pem
+ RET=$?
+ else
+ for j
+ do
+ $VERIFY -CAfile $CATOP/$CACERT $j
+ if [ $? != 0 ]; then
+ RET=$?
+ fi
+ done
+ fi
+ exit 0
+ ;;
+*)
+ echo "Unknown arg $i";
+ exit 1
+ ;;
+esac
+done
+exit $RET
+
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
new file mode 100644
index 000000000000..8363ec901823
--- /dev/null
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -0,0 +1,727 @@
+#
+# apps/Makefile.ssl
+#
+
+DIR= apps
+TOP= ..
+CC= cc
+INCLUDES= -I../include
+CFLAG= -g -static
+INSTALL_PREFIX=
+INSTALLTOP= /usr/local/ssl
+OPENSSLDIR= /usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEFILE= Makefile.ssl
+RM= rm -f
+
+PEX_LIBS=
+EX_LIBS=
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile makeapps.com install.com
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+PROGRAM= openssl
+
+SCRIPTS=CA.sh CA.pl der_chop
+
+EXE= $(PROGRAM)
+
+E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \
+ rsa dsa dsaparam \
+ x509 genrsa gendsa s_server s_client speed \
+ s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+ pkcs8
+
+PROGS= $(PROGRAM).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ= s_cb.o s_socket.o
+S_SRC= s_cb.c s_socket.c
+
+E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
+ pkcs7.o crl2p7.o crl.o \
+ rsa.o dsa.o dsaparam.o \
+ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+ s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
+ ciphers.o nseq.o pkcs12.o pkcs8.o
+
+# pem_mail.o
+
+E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+ pkcs7.c crl2p7.c crl.c \
+ rsa.c dsa.c dsaparam.c \
+ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+ s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
+ ciphers.c nseq.c pkcs12.c pkcs8.c
+
+# pem_mail.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER= apps.h progs.h s_apps.h \
+ testdsa.h testrsa.h \
+ $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: exe
+
+exe: $(EXE)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+ $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+sreq.o: req.c
+ $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+install:
+ @for i in $(EXE); \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ done;
+ @for i in $(SCRIPTS); \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+ chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ done
+ @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+ chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+links:
+ @$(TOP)/util/point.sh Makefile.ssl Makefile
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+ rm -f req
+
+$(DLIBSSL):
+ (cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+ (cd ../crypto; $(MAKE))
+
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+ $(RM) $(PROGRAM)
+ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+ @(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+progs.h:
+ $(PERL) ./progs.pl $(E_EXE) >progs.h
+ $(RM) $(PROGRAM).o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/stack.h apps.h progs.h
+asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: progs.h
+ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h progs.h
+ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ciphers.o: progs.h
+crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h progs.h
+crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: progs.h
+dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h
+enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+errstr.o: progs.h
+gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h
+gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h progs.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: s_apps.h
+s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: progs.h s_apps.h
+s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: progs.h s_apps.h
+s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_time.o: progs.h s_apps.h
+sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+sess_id.o: progs.h
+speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h progs.h
+verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+verify.o: progs.h
+version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
+x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h progs.h
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
new file mode 100644
index 000000000000..8fb5e8aaa736
--- /dev/null
+++ b/crypto/openssl/apps/apps.c
@@ -0,0 +1,326 @@
+/* apps/apps.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+#ifdef WINDOWS
+# include "bss_file.c"
+#endif
+
+int app_init(long mesgwin);
+#ifdef undef /* never finished - probably never will be :-) */
+int args_from_file(char *file, int *argc, char **argv[])
+ {
+ FILE *fp;
+ int num,i;
+ unsigned int len;
+ static char *buf=NULL;
+ static char **arg=NULL;
+ char *p;
+ struct stat stbuf;
+
+ if (stat(file,&stbuf) < 0) return(0);
+
+ fp=fopen(file,"r");
+ if (fp == NULL)
+ return(0);
+
+ *argc=0;
+ *argv=NULL;
+
+ len=(unsigned int)stbuf.st_size;
+ if (buf != NULL) Free(buf);
+ buf=(char *)Malloc(len+1);
+ if (buf == NULL) return(0);
+
+ len=fread(buf,1,len,fp);
+ if (len <= 1) return(0);
+ buf[len]='\0';
+
+ i=0;
+ for (p=buf; *p; p++)
+ if (*p == '\n') i++;
+ if (arg != NULL) Free(arg);
+ arg=(char **)Malloc(sizeof(char *)*(i*2));
+
+ *argv=arg;
+ num=0;
+ p=buf;
+ for (;;)
+ {
+ if (!*p) break;
+ if (*p == '#') /* comment line */
+ {
+ while (*p && (*p != '\n')) p++;
+ continue;
+ }
+ /* else we have a line */
+ *(arg++)=p;
+ num++;
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+ if (!*p) break;
+ if (*p == '\n')
+ {
+ *(p++)='\0';
+ continue;
+ }
+ /* else it is a tab or space */
+ p++;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p) break;
+ if (*p == '\n')
+ {
+ p++;
+ continue;
+ }
+ *(arg++)=p++;
+ num++;
+ while (*p && (*p != '\n')) p++;
+ if (!*p) break;
+ /* else *p == '\n' */
+ *(p++)='\0';
+ }
+ *argc=num;
+ return(1);
+ }
+#endif
+
+int str2fmt(char *s)
+ {
+ if ((*s == 'D') || (*s == 'd'))
+ return(FORMAT_ASN1);
+ else if ((*s == 'T') || (*s == 't'))
+ return(FORMAT_TEXT);
+ else if ((*s == 'P') || (*s == 'p'))
+ return(FORMAT_PEM);
+ else if ((*s == 'N') || (*s == 'n'))
+ return(FORMAT_NETSCAPE);
+ else
+ return(FORMAT_UNDEF);
+ }
+
+#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
+void program_name(char *in, char *out, int size)
+ {
+ int i,n;
+ char *p=NULL;
+
+ n=strlen(in);
+ /* find the last '/', '\' or ':' */
+ for (i=n-1; i>0; i--)
+ {
+ if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
+ {
+ p= &(in[i+1]);
+ break;
+ }
+ }
+ if (p == NULL)
+ p=in;
+ n=strlen(p);
+ /* strip off trailing .exe if present. */
+ if ((n > 4) && (p[n-4] == '.') &&
+ ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
+ ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
+ ((p[n-1] == 'e') || (p[n-1] == 'E')))
+ n-=4;
+ if (n > size-1)
+ n=size-1;
+
+ for (i=0; i<n; i++)
+ {
+ if ((p[i] >= 'A') && (p[i] <= 'Z'))
+ out[i]=p[i]-'A'+'a';
+ else
+ out[i]=p[i];
+ }
+ out[n]='\0';
+ }
+#else
+#ifdef VMS
+void program_name(char *in, char *out, int size)
+ {
+ char *p=in, *q;
+ char *chars=":]>";
+
+ while(*chars != '\0')
+ {
+ q=strrchr(p,*chars);
+ if (q > p)
+ p = q + 1;
+ chars++;
+ }
+
+ q=strrchr(p,'.');
+ if (q == NULL)
+ q = in+size;
+ strncpy(out,p,q-p);
+ out[q-p]='\0';
+ }
+#else
+void program_name(char *in, char *out, int size)
+ {
+ char *p;
+
+ p=strrchr(in,'/');
+ if (p != NULL)
+ p++;
+ else
+ p=in;
+ strncpy(out,p,size-1);
+ out[size-1]='\0';
+ }
+#endif
+#endif
+
+#ifdef WIN32
+int WIN32_rename(char *from, char *to)
+ {
+#ifdef WINNT
+ int ret;
+/* Note: MoveFileEx() doesn't work under Win95, Win98 */
+
+ ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
+ return(ret?0:-1);
+#else
+ unlink(to);
+ return MoveFile(from, to);
+#endif
+ }
+#endif
+
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
+ {
+ int num,len,i;
+ char *p;
+
+ *argc=0;
+ *argv=NULL;
+
+ len=strlen(buf);
+ i=0;
+ if (arg->count == 0)
+ {
+ arg->count=20;
+ arg->data=(char **)Malloc(sizeof(char *)*arg->count);
+ }
+ for (i=0; i<arg->count; i++)
+ arg->data[i]=NULL;
+
+ num=0;
+ p=buf;
+ for (;;)
+ {
+ /* first scan over white space */
+ if (!*p) break;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p) break;
+
+ /* The start of something good :-) */
+ if (num >= arg->count)
+ {
+ arg->count+=20;
+ arg->data=(char **)Realloc(arg->data,
+ sizeof(char *)*arg->count);
+ if (argc == 0) return(0);
+ }
+ arg->data[num++]=p;
+
+ /* now look for the end of this */
+ if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
+ {
+ i= *(p++);
+ arg->data[num-1]++; /* jump over quote */
+ while (*p && (*p != i))
+ p++;
+ *p='\0';
+ }
+ else
+ {
+ while (*p && ((*p != ' ') &&
+ (*p != '\t') && (*p != '\n')))
+ p++;
+
+ if (*p == '\0')
+ p--;
+ else
+ *p='\0';
+ }
+ p++;
+ }
+ *argc=num;
+ *argv=arg->data;
+ return(1);
+ }
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+ {
+ return(1);
+ }
+#endif
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
new file mode 100644
index 000000000000..063f9c65be72
--- /dev/null
+++ b/crypto/openssl/apps/apps.h
@@ -0,0 +1,141 @@
+/* apps/apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_APPS_H
+#define HEADER_APPS_H
+
+#include "openssl/e_os.h"
+
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include "progs.h"
+
+#ifdef NO_STDIO
+BIO_METHOD *BIO_s_file();
+#endif
+
+#ifdef WIN32
+#define rename(from,to) WIN32_rename((from),(to))
+int WIN32_rename(char *oldname,char *newname);
+#endif
+
+#ifndef MONOLITH
+
+#define MAIN(a,v) main(a,v)
+
+#ifndef NON_MAIN
+BIO *bio_err=NULL;
+#else
+extern BIO *bio_err;
+#endif
+
+#else
+
+#define MAIN(a,v) PROG(a,v)
+#include <openssl/conf.h>
+extern LHASH *config;
+extern char *default_config_file;
+extern BIO *bio_err;
+
+#endif
+
+#include <signal.h>
+
+#ifdef SIGPIPE
+#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
+#else
+#define do_pipe_sig()
+#endif
+
+#if defined(MONOLITH) && !defined(SSLEAY)
+# define apps_startup() do_pipe_sig()
+#else
+# if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ SSLeay_add_all_algorithms()
+# else
+# define apps_startup() \
+ _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ SSLeay_add_all_algorithms()
+# endif
+# else
+# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms();
+# endif
+#endif
+
+typedef struct args_st
+ {
+ char **data;
+ int count;
+ } ARGS;
+
+int should_retry(int i);
+int args_from_file(char *file, int *argc, char **argv[]);
+int str2fmt(char *s);
+void program_name(char *in,char *out,int size);
+int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+#define FORMAT_NETSCAPE 4
+
+#endif
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
new file mode 100644
index 000000000000..1b272b29770a
--- /dev/null
+++ b/crypto/openssl/apps/asn1pars.c
@@ -0,0 +1,309 @@
+/* apps/asn1pars.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to
+ * add the -strparse option which parses nested binary structures
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -in arg - input file - default stdin
+ * -i - indent the details by depth
+ * -offset - where in the file to start
+ * -length - how many bytes to use
+ * -oid file - extra oid decription file
+ */
+
+#undef PROG
+#define PROG asn1parse_main
+
+int MAIN(int argc, char **argv)
+ {
+ int i,badops=0,offset=0,ret=1,j;
+ unsigned int length=0;
+ long num,tmplen;
+ BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
+ int informat,indent=0;
+ char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
+ unsigned char *tmpbuf;
+ BUF_MEM *buf=NULL;
+ STACK *osk=NULL;
+ ASN1_TYPE *at=NULL;
+
+ informat=FORMAT_PEM;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ if ((osk=sk_new_null()) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto end;
+ }
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ derfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-i") == 0)
+ {
+ indent=1;
+ }
+ else if (strcmp(*argv,"-oid") == 0)
+ {
+ if (--argc < 1) goto bad;
+ oidfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-offset") == 0)
+ {
+ if (--argc < 1) goto bad;
+ offset= atoi(*(++argv));
+ }
+ else if (strcmp(*argv,"-length") == 0)
+ {
+ if (--argc < 1) goto bad;
+ length= atoi(*(++argv));
+ if (length == 0) goto bad;
+ }
+ else if (strcmp(*argv,"-strparse") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sk_push(osk,*(++argv));
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -offset arg offset into file\n");
+ BIO_printf(bio_err," -length arg lenth of section in file\n");
+ BIO_printf(bio_err," -i indent entries\n");
+ BIO_printf(bio_err," -oid file file of extra oid definitions\n");
+ BIO_printf(bio_err," -strparse offset\n");
+ BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
+ BIO_printf(bio_err," ASN1 blob wrappings\n");
+ BIO_printf(bio_err," -out filename output DER encoding to file\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ if (oidfile != NULL)
+ {
+ if (BIO_read_filename(in,oidfile) <= 0)
+ {
+ BIO_printf(bio_err,"problems opening %s\n",oidfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ OBJ_create_objects(in);
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (derfile) {
+ if(!(derout = BIO_new_file(derfile, "wb"))) {
+ BIO_printf(bio_err,"problems opening %s\n",derfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((buf=BUF_MEM_new()) == NULL) goto end;
+ if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
+
+ if (informat == FORMAT_PEM)
+ {
+ BIO *tmp;
+
+ if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ BIO_push(b64,in);
+ tmp=in;
+ in=b64;
+ b64=tmp;
+ }
+
+ num=0;
+ for (;;)
+ {
+ if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+ i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+ if (i <= 0) break;
+ num+=i;
+ }
+ str=buf->data;
+
+ /* If any structs to parse go through in sequence */
+
+ if (sk_num(osk))
+ {
+ tmpbuf=(unsigned char *)str;
+ tmplen=num;
+ for (i=0; i<sk_num(osk); i++)
+ {
+ ASN1_TYPE *atmp;
+ j=atoi(sk_value(osk,i));
+ if (j == 0)
+ {
+ BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+ continue;
+ }
+ tmpbuf+=j;
+ tmplen-=j;
+ atmp = at;
+ at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
+ ASN1_TYPE_free(atmp);
+ if(!at)
+ {
+ BIO_printf(bio_err,"Error parsing structure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ /* hmm... this is a little evil but it works */
+ tmpbuf=at->value.asn1_string->data;
+ tmplen=at->value.asn1_string->length;
+ }
+ str=(char *)tmpbuf;
+ num=tmplen;
+ }
+
+ if (length == 0) length=(unsigned int)num;
+ if(derout) {
+ if(BIO_write(derout, str + offset, length) != (int)length) {
+ BIO_printf(bio_err, "Error writing output\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ BIO_free(derout);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (b64 != NULL) BIO_free(b64);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (buf != NULL) BUF_MEM_free(buf);
+ if (at != NULL) ASN1_TYPE_free(at);
+ if (osk != NULL) sk_free(osk);
+ OBJ_cleanup();
+ EXIT(ret);
+ }
+
diff --git a/crypto/openssl/apps/ca-cert.srl b/crypto/openssl/apps/ca-cert.srl
new file mode 100644
index 000000000000..eeee65ec419f
--- /dev/null
+++ b/crypto/openssl/apps/ca-cert.srl
@@ -0,0 +1 @@
+05
diff --git a/crypto/openssl/apps/ca-key.pem b/crypto/openssl/apps/ca-key.pem
new file mode 100644
index 000000000000..3a520b238f5b
--- /dev/null
+++ b/crypto/openssl/apps/ca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/ca-req.pem b/crypto/openssl/apps/ca-req.pem
new file mode 100644
index 000000000000..77bf7ec308b5
--- /dev/null
+++ b/crypto/openssl/apps/ca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
+bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
+FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
+cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
+cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
+5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
+kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
+-----END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
new file mode 100644
index 000000000000..9ed100dd3c1c
--- /dev/null
+++ b/crypto/openssl/apps/ca.c
@@ -0,0 +1,2232 @@
+/* apps/ca.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+
+#ifndef W_OK
+# ifdef VMS
+# if defined(__DECC)
+# include <unistd.h>
+# else
+# include <unixlib.h>
+# endif
+# else
+# include <sys/file.h>
+# endif
+#endif
+
+#ifndef W_OK
+# define F_OK 0
+# define X_OK 1
+# define W_OK 2
+# define R_OK 4
+#endif
+
+#undef PROG
+#define PROG ca_main
+
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "openssl.cnf"
+
+#define ENV_DEFAULT_CA "default_ca"
+
+#define ENV_DIR "dir"
+#define ENV_CERTS "certs"
+#define ENV_CRL_DIR "crl_dir"
+#define ENV_CA_DB "CA_DB"
+#define ENV_NEW_CERTS_DIR "new_certs_dir"
+#define ENV_CERTIFICATE "certificate"
+#define ENV_SERIAL "serial"
+#define ENV_CRL "crl"
+#define ENV_PRIVATE_KEY "private_key"
+#define ENV_RANDFILE "RANDFILE"
+#define ENV_DEFAULT_DAYS "default_days"
+#define ENV_DEFAULT_STARTDATE "default_startdate"
+#define ENV_DEFAULT_ENDDATE "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
+#define ENV_DEFAULT_MD "default_md"
+#define ENV_PRESERVE "preserve"
+#define ENV_POLICY "policy"
+#define ENV_EXTENSIONS "x509_extensions"
+#define ENV_CRLEXT "crl_extensions"
+#define ENV_MSIE_HACK "msie_hack"
+
+#define ENV_DATABASE "database"
+
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique for active */
+#define DB_NUMBER 6
+
+#define DB_TYPE_REV 'R'
+#define DB_TYPE_EXP 'E'
+#define DB_TYPE_VAL 'V'
+
+static char *ca_usage[]={
+"usage: ca args\n",
+"\n",
+" -verbose - Talk alot while doing things\n",
+" -config file - A config file\n",
+" -name arg - The particular CA definition to use\n",
+" -gencrl - Generate a new CRL\n",
+" -crldays days - Days is when the next CRL is due\n",
+" -crlhours hours - Hours is when the next CRL is due\n",
+" -days arg - number of days to certify the certificate for\n",
+" -md arg - md to use, one of md2, md5, sha or sha1\n",
+" -policy arg - The CA 'policy' to support\n",
+" -keyfile arg - PEM private key file\n",
+" -key arg - key to decode the private key if it is encrypted\n",
+" -cert file - The CA certificate\n",
+" -in file - The input PEM encoded certificate request(s)\n",
+" -out file - Where to put the output file(s)\n",
+" -outdir dir - Where to put output certificates\n",
+" -infiles .... - The last argument, requests to process\n",
+" -spkac file - File contains DN and signed public key and challenge\n",
+" -ss_cert file - File contains a self signed cert to sign\n",
+" -preserveDN - Don't re-order the DN\n",
+" -batch - Don't ask questions\n",
+" -msie_hack - msie modifications to handle all those universal strings\n",
+" -revoke file - Revoke a certificate (given in file)\n",
+NULL
+};
+
+#ifdef EFENCE
+extern int EF_PROTECT_FREE;
+extern int EF_PROTECT_BELOW;
+extern int EF_ALIGNMENT;
+#endif
+
+static int add_oid_section(LHASH *conf);
+static void lookup_fail(char *name,char *tag);
+static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
+static unsigned long index_serial_hash(char **a);
+static int index_serial_cmp(char **a, char **b);
+static unsigned long index_name_hash(char **a);
+static int index_name_qual(char **a);
+static int index_name_cmp(char **a,char **b);
+static BIGNUM *load_serial(char *serialfile);
+static int save_serial(char *serialfile, BIGNUM *serial);
+static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
+ BIGNUM *serial, char *startdate,char *enddate, int days,
+ int batch, char *ext_sect, LHASH *conf,int verbose);
+static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+ TXT_DB *db, BIGNUM *serial,char *startdate,
+ char *enddate, int days, int batch, char *ext_sect,
+ LHASH *conf,int verbose);
+static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+ TXT_DB *db, BIGNUM *serial,char *startdate,
+ char *enddate, int days, char *ext_sect,LHASH *conf,
+ int verbose);
+static int fix_data(int nid, int *type);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+ STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
+ char *startdate, char *enddate, int days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, LHASH *conf);
+static int do_revoke(X509 *x509, TXT_DB *db);
+static int check_time_format(char *str);
+static LHASH *conf;
+static char *key=NULL;
+static char *section=NULL;
+
+static int preserve=0;
+static int msie_hack=0;
+
+int MAIN(int argc, char **argv)
+ {
+ int total=0;
+ int total_done=0;
+ int badops=0;
+ int ret=1;
+ int req=0;
+ int verbose=0;
+ int gencrl=0;
+ int dorevoke=0;
+ long crldays=0;
+ long crlhours=0;
+ long errorline= -1;
+ char *configfile=NULL;
+ char *md=NULL;
+ char *policy=NULL;
+ char *keyfile=NULL;
+ char *certfile=NULL;
+ char *infile=NULL;
+ char *spkac_file=NULL;
+ char *ss_cert_file=NULL;
+ EVP_PKEY *pkey=NULL;
+ int output_der = 0;
+ char *outfile=NULL;
+ char *outdir=NULL;
+ char *serialfile=NULL;
+ char *extensions=NULL;
+ char *crl_ext=NULL;
+ BIGNUM *serial=NULL;
+ char *startdate=NULL;
+ char *enddate=NULL;
+ int days=0;
+ int batch=0;
+ X509 *x509=NULL;
+ X509 *x=NULL;
+ BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
+ char *dbfile=NULL;
+ TXT_DB *db=NULL;
+ X509_CRL *crl=NULL;
+ X509_CRL_INFO *ci=NULL;
+ X509_REVOKED *r=NULL;
+ char **pp,*p,*f;
+ int i,j;
+ long l;
+ const EVP_MD *dgst=NULL;
+ STACK_OF(CONF_VALUE) *attribs=NULL;
+ STACK *cert_sk=NULL;
+ BIO *hex=NULL;
+#undef BSIZE
+#define BSIZE 256
+ MS_STATIC char buf[3][BSIZE];
+
+#ifdef EFENCE
+EF_PROTECT_FREE=1;
+EF_PROTECT_BELOW=1;
+EF_ALIGNMENT=0;
+#endif
+
+ apps_startup();
+
+ X509V3_add_standard_extensions();
+
+ preserve=0;
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-verbose") == 0)
+ verbose=1;
+ else if (strcmp(*argv,"-config") == 0)
+ {
+ if (--argc < 1) goto bad;
+ configfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-name") == 0)
+ {
+ if (--argc < 1) goto bad;
+ section= *(++argv);
+ }
+ else if (strcmp(*argv,"-startdate") == 0)
+ {
+ if (--argc < 1) goto bad;
+ startdate= *(++argv);
+ }
+ else if (strcmp(*argv,"-enddate") == 0)
+ {
+ if (--argc < 1) goto bad;
+ enddate= *(++argv);
+ }
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days=atoi(*(++argv));
+ }
+ else if (strcmp(*argv,"-md") == 0)
+ {
+ if (--argc < 1) goto bad;
+ md= *(++argv);
+ }
+ else if (strcmp(*argv,"-policy") == 0)
+ {
+ if (--argc < 1) goto bad;
+ policy= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key= *(++argv);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ certfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-outdir") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outdir= *(++argv);
+ }
+ else if (strcmp(*argv,"-batch") == 0)
+ batch=1;
+ else if (strcmp(*argv,"-preserveDN") == 0)
+ preserve=1;
+ else if (strcmp(*argv,"-gencrl") == 0)
+ gencrl=1;
+ else if (strcmp(*argv,"-msie_hack") == 0)
+ msie_hack=1;
+ else if (strcmp(*argv,"-crldays") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crldays= atol(*(++argv));
+ }
+ else if (strcmp(*argv,"-crlhours") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crlhours= atol(*(++argv));
+ }
+ else if (strcmp(*argv,"-infiles") == 0)
+ {
+ argc--;
+ argv++;
+ req=1;
+ break;
+ }
+ else if (strcmp(*argv, "-ss_cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ss_cert_file = *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv, "-spkac") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spkac_file = *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv,"-revoke") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ dorevoke=1;
+ }
+ else
+ {
+bad:
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+ for (pp=ca_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,*pp);
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ /*****************************************************************/
+ if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+ if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
+ if (configfile == NULL)
+ {
+ /* We will just use 'buf[0]' as a temporary buffer. */
+#ifdef VMS
+ strncpy(buf[0],X509_get_default_cert_area(),
+ sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+#else
+ strncpy(buf[0],X509_get_default_cert_area(),
+ sizeof(buf[0])-2-sizeof(CONFIG_FILE));
+ strcat(buf[0],"/");
+#endif
+ strcat(buf[0],CONFIG_FILE);
+ configfile=buf[0];
+ }
+
+ BIO_printf(bio_err,"Using configuration from %s\n",configfile);
+ if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err,"error loading the config file '%s'\n",
+ configfile);
+ else
+ BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
+ ,errorline,configfile);
+ goto err;
+ }
+
+ /* Lets get the config section we are using */
+ if (section == NULL)
+ {
+ section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ if (section == NULL)
+ {
+ lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
+ goto err;
+ }
+ }
+
+ if (conf != NULL)
+ {
+ p=CONF_get_string(conf,NULL,"oid_file");
+ if (p != NULL)
+ {
+ BIO *oid_bio;
+
+ oid_bio=BIO_new_file(p,"r");
+ if (oid_bio == NULL)
+ {
+ /*
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
+ ERR_clear_error();
+ }
+ else
+ {
+ OBJ_create_objects(oid_bio);
+ BIO_free(oid_bio);
+ }
+ }
+ }
+ if(!add_oid_section(conf)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ Sout=BIO_new(BIO_s_file());
+ Cout=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we definitly need an public key, so lets get it */
+
+ if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+ section,ENV_PRIVATE_KEY)) == NULL))
+ {
+ lookup_fail(section,ENV_PRIVATE_KEY);
+ goto err;
+ }
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ BIO_printf(bio_err,"trying to load CA private key\n");
+ goto err;
+ }
+ if (key == NULL)
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
+ else
+ {
+ pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
+ memset(key,0,strlen(key));
+ }
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CA private key\n");
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we need a certificate */
+ if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+ section,ENV_CERTIFICATE)) == NULL))
+ {
+ lookup_fail(section,ENV_CERTIFICATE);
+ goto err;
+ }
+ if (BIO_read_filename(in,certfile) <= 0)
+ {
+ perror(certfile);
+ BIO_printf(bio_err,"trying to load CA certificate\n");
+ goto err;
+ }
+ x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ if (x509 == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CA certificate\n");
+ goto err;
+ }
+
+ if (!X509_check_private_key(x509,pkey))
+ {
+ BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+ goto err;
+ }
+
+ f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ preserve=1;
+ f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ msie_hack=1;
+
+ /*****************************************************************/
+ /* lookup where to write new certificates */
+ if ((outdir == NULL) && (req))
+ {
+ struct stat sb;
+
+ if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ == NULL)
+ {
+ BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
+ goto err;
+ }
+#ifdef VMS
+ /* For technical reasons, VMS misbehaves with X_OK */
+ if (access(outdir,R_OK|W_OK) != 0)
+#else
+ if (access(outdir,R_OK|W_OK|X_OK) != 0)
+#endif
+ {
+ BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+
+ if (stat(outdir,&sb) != 0)
+ {
+ BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+ if (!(sb.st_mode & S_IFDIR))
+ {
+ BIO_printf(bio_err,"%s need to be a directory\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+ }
+
+ /*****************************************************************/
+ /* we need to load the database file */
+ if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ {
+ lookup_fail(section,ENV_DATABASE);
+ goto err;
+ }
+ if (BIO_read_filename(in,dbfile) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ db=TXT_DB_read(in,DB_NUMBER);
+ if (db == NULL) goto err;
+
+ /* Lets check some fields */
+ for (i=0; i<sk_num(db->data); i++)
+ {
+ pp=(char **)sk_value(db->data,i);
+ if ((pp[DB_type][0] != DB_TYPE_REV) &&
+ (pp[DB_rev_date][0] != '\0'))
+ {
+ BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
+ goto err;
+ }
+ if ((pp[DB_type][0] == DB_TYPE_REV) &&
+ !check_time_format(pp[DB_rev_date]))
+ {
+ BIO_printf(bio_err,"entry %d: invalid revocation date\n",
+ i+1);
+ goto err;
+ }
+ if (!check_time_format(pp[DB_exp_date]))
+ {
+ BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
+ goto err;
+ }
+ p=pp[DB_serial];
+ j=strlen(p);
+ if ((j&1) || (j < 2))
+ {
+ BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
+ goto err;
+ }
+ while (*p)
+ {
+ if (!( ((*p >= '0') && (*p <= '9')) ||
+ ((*p >= 'A') && (*p <= 'F')) ||
+ ((*p >= 'a') && (*p <= 'f'))) )
+ {
+ BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
+ goto err;
+ }
+ p++;
+ }
+ }
+ if (verbose)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+ TXT_DB_write(out,db);
+ BIO_printf(bio_err,"%d entries loaded from the database\n",
+ db->data->num);
+ BIO_printf(bio_err,"generating indexs\n");
+ }
+
+ if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
+ index_serial_cmp))
+ {
+ BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
+ goto err;
+ }
+
+ if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
+ index_name_cmp))
+ {
+ BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+ db->error,db->arg1,db->arg2);
+ goto err;
+ }
+
+ /*****************************************************************/
+ if (req || gencrl)
+ {
+ if (outfile != NULL)
+ {
+
+ if (BIO_write_filename(Sout,outfile) <= 0)
+ {
+ perror(outfile);
+ goto err;
+ }
+ }
+ else
+ BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+ }
+
+ if (req)
+ {
+ if ((md == NULL) && ((md=CONF_get_string(conf,
+ section,ENV_DEFAULT_MD)) == NULL))
+ {
+ lookup_fail(section,ENV_DEFAULT_MD);
+ goto err;
+ }
+ if ((dgst=EVP_get_digestbyname(md)) == NULL)
+ {
+ BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err,"message digest is %s\n",
+ OBJ_nid2ln(dgst->type));
+ if ((policy == NULL) && ((policy=CONF_get_string(conf,
+ section,ENV_POLICY)) == NULL))
+ {
+ lookup_fail(section,ENV_POLICY);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err,"policy is %s\n",policy);
+
+ if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+ == NULL)
+ {
+ lookup_fail(section,ENV_SERIAL);
+ goto err;
+ }
+
+ extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+ if(extensions) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_conf_lhash(&ctx, conf);
+ if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ ret = 1;
+ goto err;
+ }
+ }
+
+ if (startdate == NULL)
+ {
+ startdate=CONF_get_string(conf,section,
+ ENV_DEFAULT_STARTDATE);
+ }
+ if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+ {
+ BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+ goto err;
+ }
+ if (startdate == NULL) startdate="today";
+
+ if (enddate == NULL)
+ {
+ enddate=CONF_get_string(conf,section,
+ ENV_DEFAULT_ENDDATE);
+ }
+ if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+ {
+ BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+ goto err;
+ }
+
+ if (days == 0)
+ {
+ days=(int)CONF_get_number(conf,section,
+ ENV_DEFAULT_DAYS);
+ }
+ if (!enddate && (days == 0))
+ {
+ BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
+ goto err;
+ }
+
+ if ((serial=load_serial(serialfile)) == NULL)
+ {
+ BIO_printf(bio_err,"error while loading serial number\n");
+ goto err;
+ }
+ if (verbose)
+ {
+ if ((f=BN_bn2hex(serial)) == NULL) goto err;
+ BIO_printf(bio_err,"next serial number is %s\n",f);
+ Free(f);
+ }
+
+ if ((attribs=CONF_get_section(conf,policy)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
+ goto err;
+ }
+
+ if ((cert_sk=sk_new_null()) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ if (spkac_file != NULL)
+ {
+ total++;
+ j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
+ serial,startdate,enddate, days,extensions,conf,
+ verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ if (outfile)
+ {
+ output_der = 1;
+ batch = 1;
+ }
+ }
+ }
+ if (ss_cert_file != NULL)
+ {
+ total++;
+ j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
+ db,serial,startdate,enddate,days,batch,
+ extensions,conf,verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ }
+ if (infile != NULL)
+ {
+ total++;
+ j=certify(&x,infile,pkey,x509,dgst,attribs,db,
+ serial,startdate,enddate,days,batch,
+ extensions,conf,verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ }
+ for (i=0; i<argc; i++)
+ {
+ total++;
+ j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
+ serial,startdate,enddate,days,batch,
+ extensions,conf,verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ }
+ /* we have a stack of newly certified certificates
+ * and a data base and serial number that need
+ * updating */
+
+ if (sk_num(cert_sk) > 0)
+ {
+ if (!batch)
+ {
+ BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
+ (void)BIO_flush(bio_err);
+ buf[0][0]='\0';
+ fgets(buf[0],10,stdin);
+ if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
+ {
+ BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
+ ret=0;
+ goto err;
+ }
+ }
+
+ BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
+
+ strncpy(buf[0],serialfile,BSIZE-4);
+
+#ifdef VMS
+ strcat(buf[0],"-new");
+#else
+ strcat(buf[0],".new");
+#endif
+
+ if (!save_serial(buf[0],serial)) goto err;
+
+ strncpy(buf[1],dbfile,BSIZE-4);
+
+#ifdef VMS
+ strcat(buf[1],"-new");
+#else
+ strcat(buf[1],".new");
+#endif
+
+ if (BIO_write_filename(out,buf[1]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ l=TXT_DB_write(out,db);
+ if (l <= 0) goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,"writing new certificates\n");
+ for (i=0; i<sk_num(cert_sk); i++)
+ {
+ int k;
+ unsigned char *n;
+
+ x=(X509 *)sk_value(cert_sk,i);
+
+ j=x->cert_info->serialNumber->length;
+ p=(char *)x->cert_info->serialNumber->data;
+
+ strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+
+#ifndef VMS
+ strcat(buf[2],"/");
+#endif
+
+ n=(unsigned char *)&(buf[2][strlen(buf[2])]);
+ if (j > 0)
+ {
+ for (k=0; k<j; k++)
+ {
+ sprintf((char *)n,"%02X",(unsigned char)*(p++));
+ n+=2;
+ }
+ }
+ else
+ {
+ *(n++)='0';
+ *(n++)='0';
+ }
+ *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
+ *n='\0';
+ if (verbose)
+ BIO_printf(bio_err,"writing %s\n",buf[2]);
+
+ if (BIO_write_filename(Cout,buf[2]) <= 0)
+ {
+ perror(buf[2]);
+ goto err;
+ }
+ write_new_certificate(Cout,x, 0);
+ write_new_certificate(Sout,x, output_der);
+ }
+
+ if (sk_num(cert_sk))
+ {
+ /* Rename the database and the serial file */
+ strncpy(buf[2],serialfile,BSIZE-4);
+
+#ifdef VMS
+ strcat(buf[2],"-old");
+#else
+ strcat(buf[2],".old");
+#endif
+
+ BIO_free(in);
+ BIO_free(out);
+ in=NULL;
+ out=NULL;
+ if (rename(serialfile,buf[2]) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ serialfile,buf[2]);
+ perror("reason");
+ goto err;
+ }
+ if (rename(buf[0],serialfile) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ buf[0],serialfile);
+ perror("reason");
+ rename(buf[2],serialfile);
+ goto err;
+ }
+
+ strncpy(buf[2],dbfile,BSIZE-4);
+
+#ifdef VMS
+ strcat(buf[2],"-old");
+#else
+ strcat(buf[2],".old");
+#endif
+
+ if (rename(dbfile,buf[2]) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ dbfile,buf[2]);
+ perror("reason");
+ goto err;
+ }
+ if (rename(buf[1],dbfile) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ buf[1],dbfile);
+ perror("reason");
+ rename(buf[2],dbfile);
+ goto err;
+ }
+ BIO_printf(bio_err,"Data Base Updated\n");
+ }
+ }
+
+ /*****************************************************************/
+ if (gencrl)
+ {
+ crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ if(crl_ext) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_conf_lhash(&ctx, conf);
+ if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading CRL extension section %s\n",
+ crl_ext);
+ ret = 1;
+ goto err;
+ }
+ }
+ if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
+
+ if (!crldays && !crlhours)
+ {
+ crldays=CONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS);
+ crlhours=CONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS);
+ }
+ if ((crldays == 0) && (crlhours == 0))
+ {
+ BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+ goto err;
+ }
+
+ if (verbose) BIO_printf(bio_err,"making CRL\n");
+ if ((crl=X509_CRL_new()) == NULL) goto err;
+ ci=crl->crl;
+ X509_NAME_free(ci->issuer);
+ ci->issuer=X509_NAME_dup(x509->cert_info->subject);
+ if (ci->issuer == NULL) goto err;
+
+ X509_gmtime_adj(ci->lastUpdate,0);
+ if (ci->nextUpdate == NULL)
+ ci->nextUpdate=ASN1_UTCTIME_new();
+ X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
+
+ for (i=0; i<sk_num(db->data); i++)
+ {
+ pp=(char **)sk_value(db->data,i);
+ if (pp[DB_type][0] == DB_TYPE_REV)
+ {
+ if ((r=X509_REVOKED_new()) == NULL) goto err;
+ ASN1_STRING_set((ASN1_STRING *)
+ r->revocationDate,
+ (unsigned char *)pp[DB_rev_date],
+ strlen(pp[DB_rev_date]));
+ /* strcpy(r->revocationDate,pp[DB_rev_date]);*/
+
+ (void)BIO_reset(hex);
+ if (!BIO_puts(hex,pp[DB_serial]))
+ goto err;
+ if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
+ buf[0],BSIZE)) goto err;
+
+ sk_X509_REVOKED_push(ci->revoked,r);
+ }
+ }
+ /* sort the data so it will be written in serial
+ * number order */
+ sk_X509_REVOKED_sort(ci->revoked);
+ for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
+ {
+ r=sk_X509_REVOKED_value(ci->revoked,i);
+ r->sequence=i;
+ }
+
+ /* we now have a CRL */
+ if (verbose) BIO_printf(bio_err,"signing CRL\n");
+ if (md != NULL)
+ {
+ if ((dgst=EVP_get_digestbyname(md)) == NULL)
+ {
+ BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ goto err;
+ }
+ }
+ else
+ {
+#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst=EVP_dss1();
+ else
+#endif
+ dgst=EVP_md5();
+ }
+
+ /* Add any extensions asked for */
+
+ if(crl_ext) {
+ X509V3_CTX crlctx;
+ if (ci->version == NULL)
+ if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
+ ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
+ X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+ X509V3_set_conf_lhash(&crlctx, conf);
+
+ if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+ crl_ext, crl)) goto err;
+ }
+
+ if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
+
+ PEM_write_bio_X509_CRL(Sout,crl);
+ }
+ /*****************************************************************/
+ if (dorevoke)
+ {
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (infile == NULL)
+ {
+ BIO_printf(bio_err,"no input files\n");
+ goto err;
+ }
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
+ goto err;
+ }
+ x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ if (x509 == NULL)
+ {
+ BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
+ goto err;
+ }
+ j=do_revoke(x509,db);
+
+ strncpy(buf[0],dbfile,BSIZE-4);
+ strcat(buf[0],".new");
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ j=TXT_DB_write(out,db);
+ if (j <= 0) goto err;
+ BIO_free(in);
+ BIO_free(out);
+ in=NULL;
+ out=NULL;
+ strncpy(buf[1],dbfile,BSIZE-4);
+ strcat(buf[1],".old");
+ if (rename(dbfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ if (rename(buf[0],dbfile) < 0)
+ {
+ BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+ perror("reason");
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ BIO_printf(bio_err,"Data Base Updated\n");
+ }
+ }
+ /*****************************************************************/
+ ret=0;
+err:
+ BIO_free(hex);
+ BIO_free(Cout);
+ BIO_free(Sout);
+ BIO_free(out);
+ BIO_free(in);
+
+ sk_pop_free(cert_sk,X509_free);
+
+ if (ret) ERR_print_errors(bio_err);
+ BN_free(serial);
+ TXT_DB_free(db);
+ EVP_PKEY_free(pkey);
+ X509_free(x509);
+ X509_CRL_free(crl);
+ CONF_free(conf);
+ X509V3_EXT_cleanup();
+ OBJ_cleanup();
+ EXIT(ret);
+ }
+
+static void lookup_fail(char *name, char *tag)
+ {
+ BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
+ }
+
+static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
+ {
+ int i;
+
+ if (key == NULL) return(0);
+ i=strlen(key);
+ i=(i > len)?len:i;
+ memcpy(buf,key,i);
+ return(i);
+ }
+
+static unsigned long index_serial_hash(char **a)
+ {
+ char *n;
+
+ n=a[DB_serial];
+ while (*n == '0') n++;
+ return(lh_strhash(n));
+ }
+
+static int index_serial_cmp(char **a, char **b)
+ {
+ char *aa,*bb;
+
+ for (aa=a[DB_serial]; *aa == '0'; aa++);
+ for (bb=b[DB_serial]; *bb == '0'; bb++);
+ return(strcmp(aa,bb));
+ }
+
+static unsigned long index_name_hash(char **a)
+ { return(lh_strhash(a[DB_name])); }
+
+static int index_name_qual(char **a)
+ { return(a[0][0] == 'V'); }
+
+static int index_name_cmp(char **a, char **b)
+ { return(strcmp(a[DB_name],
+ b[DB_name])); }
+
+static BIGNUM *load_serial(char *serialfile)
+ {
+ BIO *in=NULL;
+ BIGNUM *ret=NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai=NULL;
+
+ if ((in=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in,serialfile) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+ ai=ASN1_INTEGER_new();
+ if (ai == NULL) goto err;
+ if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+ {
+ BIO_printf(bio_err,"unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret=ASN1_INTEGER_to_BN(ai,NULL);
+ if (ret == NULL)
+ {
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+ goto err;
+ }
+err:
+ if (in != NULL) BIO_free(in);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+static int save_serial(char *serialfile, BIGNUM *serial)
+ {
+ BIO *out;
+ int ret=0;
+ ASN1_INTEGER *ai=NULL;
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out,serialfile) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out,ai);
+ BIO_puts(out,"\n");
+ ret=1;
+err:
+ if (out != NULL) BIO_free(out);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ BIGNUM *serial, char *startdate, char *enddate, int days,
+ int batch, char *ext_sect, LHASH *lconf, int verbose)
+ {
+ X509_REQ *req=NULL;
+ BIO *in=NULL;
+ EVP_PKEY *pktmp=NULL;
+ int ok= -1,i;
+
+ in=BIO_new(BIO_s_file());
+
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto err;
+ }
+ if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"Error reading certificate request in %s\n",
+ infile);
+ goto err;
+ }
+ if (verbose)
+ X509_REQ_print(bio_err,req);
+
+ BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+ if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto err;
+ }
+ i=X509_REQ_verify(req,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature verification problems....\n");
+ goto err;
+ }
+ if (i == 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ goto err;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate,
+ days,batch,verbose,req,ext_sect,lconf);
+
+err:
+ if (req != NULL) X509_REQ_free(req);
+ if (in != NULL) BIO_free(in);
+ return(ok);
+ }
+
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ BIGNUM *serial, char *startdate, char *enddate, int days,
+ int batch, char *ext_sect, LHASH *lconf, int verbose)
+ {
+ X509 *req=NULL;
+ X509_REQ *rreq=NULL;
+ BIO *in=NULL;
+ EVP_PKEY *pktmp=NULL;
+ int ok= -1,i;
+
+ in=BIO_new(BIO_s_file());
+
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto err;
+ }
+ if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+ goto err;
+ }
+ if (verbose)
+ X509_print(bio_err,req);
+
+ BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+ if ((pktmp=X509_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto err;
+ }
+ i=X509_verify(req,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature verification problems....\n");
+ goto err;
+ }
+ if (i == 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature did not match the certificate\n");
+ goto err;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
+ goto err;
+
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days,
+ batch,verbose,rreq,ext_sect,lconf);
+
+err:
+ if (rreq != NULL) X509_REQ_free(rreq);
+ if (req != NULL) X509_free(req);
+ if (in != NULL) BIO_free(in);
+ return(ok);
+ }
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+ STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
+ char *startdate, char *enddate, int days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, LHASH *lconf)
+ {
+ X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
+ ASN1_UTCTIME *tm,*tmptm;
+ ASN1_STRING *str,*str2;
+ ASN1_OBJECT *obj;
+ X509 *ret=NULL;
+ X509_CINF *ci;
+ X509_NAME_ENTRY *ne;
+ X509_NAME_ENTRY *tne,*push;
+ EVP_PKEY *pktmp;
+ int ok= -1,i,j,last,nid;
+ char *p;
+ CONF_VALUE *cv;
+ char *row[DB_NUMBER],**rrow,**irow=NULL;
+ char buf[25],*pbuf;
+
+ tmptm=ASN1_UTCTIME_new();
+ if (tmptm == NULL)
+ {
+ BIO_printf(bio_err,"malloc error\n");
+ return(0);
+ }
+
+ for (i=0; i<DB_NUMBER; i++)
+ row[i]=NULL;
+
+ BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n");
+ name=X509_REQ_get_subject_name(req);
+ for (i=0; i<X509_NAME_entry_count(name); i++)
+ {
+ ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i);
+ obj=X509_NAME_ENTRY_get_object(ne);
+ j=i2a_ASN1_OBJECT(bio_err,obj);
+ str=X509_NAME_ENTRY_get_data(ne);
+ pbuf=buf;
+ for (j=22-j; j>0; j--)
+ *(pbuf++)=' ';
+ *(pbuf++)=':';
+ *(pbuf++)='\0';
+ BIO_puts(bio_err,buf);
+
+ if (msie_hack)
+ {
+ /* assume all type should be strings */
+ nid=OBJ_obj2nid(ne->object);
+
+ if (str->type == V_ASN1_UNIVERSALSTRING)
+ ASN1_UNIVERSALSTRING_to_string(str);
+
+ if ((str->type == V_ASN1_IA5STRING) &&
+ (nid != NID_pkcs9_emailAddress))
+ str->type=V_ASN1_T61STRING;
+
+ if ((nid == NID_pkcs9_emailAddress) &&
+ (str->type == V_ASN1_PRINTABLESTRING))
+ str->type=V_ASN1_IA5STRING;
+ }
+
+ if (str->type == V_ASN1_PRINTABLESTRING)
+ BIO_printf(bio_err,"PRINTABLE:'");
+ else if (str->type == V_ASN1_T61STRING)
+ BIO_printf(bio_err,"T61STRING:'");
+ else if (str->type == V_ASN1_IA5STRING)
+ BIO_printf(bio_err,"IA5STRING:'");
+ else if (str->type == V_ASN1_UNIVERSALSTRING)
+ BIO_printf(bio_err,"UNIVERSALSTRING:'");
+ else
+ BIO_printf(bio_err,"ASN.1 %2d:'",str->type);
+
+ /* check some things */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+ (str->type != V_ASN1_IA5STRING))
+ {
+ BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
+ goto err;
+ }
+ j=ASN1_PRINTABLE_type(str->data,str->length);
+ if ( ((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING)))
+ {
+ BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
+
+ p=(char *)str->data;
+ for (j=str->length; j>0; j--)
+ {
+ if ((*p >= ' ') && (*p <= '~'))
+ BIO_printf(bio_err,"%c",*p);
+ else if (*p & 0x80)
+ BIO_printf(bio_err,"\\0x%02X",*p);
+ else if ((unsigned char)*p == 0xf7)
+ BIO_printf(bio_err,"^?");
+ else BIO_printf(bio_err,"^%c",*p+'@');
+ p++;
+ }
+ BIO_printf(bio_err,"'\n");
+ }
+
+ /* Ok, now we check the 'policy' stuff. */
+ if ((subject=X509_NAME_new()) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ /* take a copy of the issuer name before we mess with it. */
+ CAname=X509_NAME_dup(x509->cert_info->subject);
+ if (CAname == NULL) goto err;
+ str=str2=NULL;
+
+ for (i=0; i<sk_CONF_VALUE_num(policy); i++)
+ {
+ cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
+ if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
+ {
+ BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
+ goto err;
+ }
+ obj=OBJ_nid2obj(j);
+
+ last= -1;
+ for (;;)
+ {
+ /* lookup the object in the supplied name list */
+ j=X509_NAME_get_index_by_OBJ(name,obj,last);
+ if (j < 0)
+ {
+ if (last != -1) break;
+ tne=NULL;
+ }
+ else
+ {
+ tne=X509_NAME_get_entry(name,j);
+ }
+ last=j;
+
+ /* depending on the 'policy', decide what to do. */
+ push=NULL;
+ if (strcmp(cv->value,"optional") == 0)
+ {
+ if (tne != NULL)
+ push=tne;
+ }
+ else if (strcmp(cv->value,"supplied") == 0)
+ {
+ if (tne == NULL)
+ {
+ BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
+ goto err;
+ }
+ else
+ push=tne;
+ }
+ else if (strcmp(cv->value,"match") == 0)
+ {
+ int last2;
+
+ if (tne == NULL)
+ {
+ BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
+ goto err;
+ }
+
+ last2= -1;
+
+again2:
+ j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
+ if ((j < 0) && (last2 == -1))
+ {
+ BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
+ goto err;
+ }
+ if (j >= 0)
+ {
+ push=X509_NAME_get_entry(CAname,j);
+ str=X509_NAME_ENTRY_get_data(tne);
+ str2=X509_NAME_ENTRY_get_data(push);
+ last2=j;
+ if (ASN1_STRING_cmp(str,str2) != 0)
+ goto again2;
+ }
+ if (j < 0)
+ {
+ BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
+ goto err;
+ }
+ }
+ else
+ {
+ BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
+ goto err;
+ }
+
+ if (push != NULL)
+ {
+ if (!X509_NAME_add_entry(subject,push,
+ X509_NAME_entry_count(subject),0))
+ {
+ if (push != NULL)
+ X509_NAME_ENTRY_free(push);
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ if (j < 0) break;
+ }
+ }
+
+ if (preserve)
+ {
+ X509_NAME_free(subject);
+ subject=X509_NAME_dup(X509_REQ_get_subject_name(req));
+ if (subject == NULL) goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+
+ row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+ row[DB_serial]=BN_bn2hex(serial);
+ if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ rrow=TXT_DB_get_by_index(db,DB_name,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ else
+ {
+ rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err," check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,
+ "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p="Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p="Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p="Valid";
+ else
+ p="\ninvalid type, Data base error\n";
+ BIO_printf(bio_err,"Type :%s\n",p);;
+ if (rrow[DB_type][0] == 'R')
+ {
+ p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Was revoked on:%s\n",p);
+ }
+ p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Expires on :%s\n",p);
+ p=rrow[DB_serial]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Serial Number :%s\n",p);
+ p=rrow[DB_file]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"File name :%s\n",p);
+ p=rrow[DB_name]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Subject Name :%s\n",p);
+ ok= -1; /* This is now a 'bad' error. */
+ goto err;
+ }
+
+ /* We are now totaly happy, lets make and sign the certificate */
+ if (verbose)
+ BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
+
+ if ((ret=X509_new()) == NULL) goto err;
+ ci=ret->cert_info;
+
+#ifdef X509_V3
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(x509,2)) goto err;
+#endif
+
+ if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
+ goto err;
+ if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
+ goto err;
+
+ BIO_printf(bio_err,"Certificate is to be certified until ");
+ if (strcmp(startdate,"today") == 0)
+ X509_gmtime_adj(X509_get_notBefore(ret),0);
+ else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+
+ if (enddate == NULL)
+ X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+ else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+
+ ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+ if(days) BIO_printf(bio_err," (%d days)",days);
+ BIO_printf(bio_err, "\n");
+
+ if (!X509_set_subject_name(ret,subject)) goto err;
+
+ pktmp=X509_REQ_get_pubkey(req);
+ i = X509_set_pubkey(ret,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i) goto err;
+
+ /* Lets add the extensions, if there are any */
+ if (ext_sect)
+ {
+ X509V3_CTX ctx;
+ if (ci->version == NULL)
+ if ((ci->version=ASN1_INTEGER_new()) == NULL)
+ goto err;
+ ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
+
+ /* Free the current entries if any, there should not
+ * be any I belive */
+ if (ci->extensions != NULL)
+ sk_X509_EXTENSION_pop_free(ci->extensions,
+ X509_EXTENSION_free);
+
+ ci->extensions = NULL;
+
+ X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+ X509V3_set_conf_lhash(&ctx, lconf);
+
+ if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
+
+ }
+
+
+ if (!batch)
+ {
+ BIO_printf(bio_err,"Sign the certificate? [y/n]:");
+ (void)BIO_flush(bio_err);
+ buf[0]='\0';
+ fgets(buf,sizeof(buf)-1,stdin);
+ if (!((buf[0] == 'y') || (buf[0] == 'Y')))
+ {
+ BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
+ ok=0;
+ goto err;
+ }
+ }
+
+
+#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
+ pktmp=X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp,pkey);
+ EVP_PKEY_free(pktmp);
+#endif
+
+ if (!X509_sign(ret,pkey,dgst))
+ goto err;
+
+ /* We now just add it to the database */
+ row[DB_type]=(char *)Malloc(2);
+
+ tm=X509_get_notAfter(ret);
+ row[DB_exp_date]=(char *)Malloc(tm->length+1);
+ memcpy(row[DB_exp_date],tm->data,tm->length);
+ row[DB_exp_date][tm->length]='\0';
+
+ row[DB_rev_date]=NULL;
+
+ /* row[DB_serial] done already */
+ row[DB_file]=(char *)Malloc(8);
+ /* row[DB_name] done already */
+
+ if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_file] == NULL))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ strcpy(row[DB_file],"unknown");
+ row[DB_type][0]='V';
+ row[DB_type][1]='\0';
+
+ if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ irow[i]=row[i];
+ row[i]=NULL;
+ }
+ irow[DB_NUMBER]=NULL;
+
+ if (!TXT_DB_insert(db,irow))
+ {
+ BIO_printf(bio_err,"failed to update database\n");
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+ goto err;
+ }
+ ok=1;
+err:
+ for (i=0; i<DB_NUMBER; i++)
+ if (row[i] != NULL) Free(row[i]);
+
+ if (CAname != NULL)
+ X509_NAME_free(CAname);
+ if (subject != NULL)
+ X509_NAME_free(subject);
+ if (ok <= 0)
+ {
+ if (ret != NULL) X509_free(ret);
+ ret=NULL;
+ }
+ else
+ *xret=ret;
+ return(ok);
+ }
+
+static void write_new_certificate(BIO *bp, X509 *x, int output_der)
+ {
+ char *f;
+ char buf[256];
+
+ if (output_der)
+ {
+ (void)i2d_X509_bio(bp,x);
+ return;
+ }
+
+ f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+ BIO_printf(bp,"issuer :%s\n",f);
+
+ f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ BIO_printf(bp,"subject:%s\n",f);
+
+ BIO_puts(bp,"serial :");
+ i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
+ BIO_puts(bp,"\n\n");
+ X509_print(bp,x);
+ BIO_puts(bp,"\n");
+ PEM_write_bio_X509(bp,x);
+ BIO_puts(bp,"\n");
+ }
+
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ BIGNUM *serial, char *startdate, char *enddate, int days,
+ char *ext_sect, LHASH *lconf, int verbose)
+ {
+ STACK_OF(CONF_VALUE) *sk=NULL;
+ LHASH *parms=NULL;
+ X509_REQ *req=NULL;
+ CONF_VALUE *cv=NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ unsigned char *spki_der = NULL,*p;
+ X509_REQ_INFO *ri;
+ char *type,*buf;
+ EVP_PKEY *pktmp=NULL;
+ X509_NAME *n=NULL;
+ X509_NAME_ENTRY *ne=NULL;
+ int ok= -1,i,j;
+ long errline;
+ int nid;
+
+ /*
+ * Load input file into a hash table. (This is just an easy
+ * way to read and parse the file, then put it into a convenient
+ * STACK format).
+ */
+ parms=CONF_load(NULL,infile,&errline);
+ if (parms == NULL)
+ {
+ BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ sk=CONF_get_section(parms, "default");
+ if (sk_CONF_VALUE_num(sk) == 0)
+ {
+ BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+ CONF_free(parms);
+ goto err;
+ }
+
+ /*
+ * Now create a dummy X509 request structure. We don't actually
+ * have an X509 request, but we have many of the components
+ * (a public key, various DN components). The idea is that we
+ * put these components into the right X509 request structure
+ * and we can use the same code as if you had a real X509 request.
+ */
+ req=X509_REQ_new();
+ if (req == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*
+ * Build up the subject name set.
+ */
+ ri=req->req_info;
+ n = ri->subject;
+
+ for (i = 0; ; i++)
+ {
+ if (sk_CONF_VALUE_num(sk) <= i) break;
+
+ cv=sk_CONF_VALUE_value(sk,i);
+ type=cv->name;
+ buf=cv->value;
+
+ if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ {
+ if (strcmp(type, "SPKAC") == 0)
+ {
+ spki_der=(unsigned char *)Malloc(
+ strlen(cv->value)+1);
+ if (spki_der == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value,
+ strlen(cv->value));
+ if (j <= 0)
+ {
+ BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n");
+ goto err;
+ }
+
+ p=spki_der;
+ spki = d2i_NETSCAPE_SPKI(&spki, &p, j);
+ Free(spki_der);
+ spki_der = NULL;
+ if (spki == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+ continue;
+ }
+
+ j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+ if (fix_data(nid, &j) == 0)
+ {
+ BIO_printf(bio_err,
+ "invalid characters in string %s\n",buf);
+ goto err;
+ }
+
+ if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
+ (unsigned char *)buf,
+ strlen(buf))) == NULL)
+ goto err;
+
+ if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
+ goto err;
+ }
+ if (spki == NULL)
+ {
+ BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
+ infile);
+ goto err;
+ }
+
+ /*
+ * Now extract the key from the SPKI structure.
+ */
+
+ BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
+
+ if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking SPKAC public key\n");
+ goto err;
+ }
+
+ j = NETSCAPE_SPKI_verify(spki, pktmp);
+ if (j <= 0)
+ {
+ BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"Signature ok\n");
+
+ X509_REQ_set_pubkey(req,pktmp);
+ EVP_PKEY_free(pktmp);
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,
+ days,1,verbose,req,ext_sect,lconf);
+err:
+ if (req != NULL) X509_REQ_free(req);
+ if (parms != NULL) CONF_free(parms);
+ if (spki_der != NULL) Free(spki_der);
+ if (spki != NULL) NETSCAPE_SPKI_free(spki);
+ if (ne != NULL) X509_NAME_ENTRY_free(ne);
+
+ return(ok);
+ }
+
+static int fix_data(int nid, int *type)
+ {
+ if (nid == NID_pkcs9_emailAddress)
+ *type=V_ASN1_IA5STRING;
+ if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+ *type=V_ASN1_T61STRING;
+ if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
+ *type=V_ASN1_T61STR